1. إستبعاد الملاحظة
  2. الإدارة العامة

    صفحة منتديات زيزووم للأمن والحماية

  3. الإدارة العامة

    الصفحة الرسمية لمنتديات زيزووم للأمن والحماية الفيس بوك

  4. الإدارة العامة

    الصفحة الرسمية لمنتديات زيزووم للأمن والحماية التلكرام

يشباب اذا سويت تقرير يطلع لي برنامج بسم Vga Time واحذفه ويروح ويرد مره ثانيه باللون الاحمر

الموضوع في 'منتدى مشاكـل وحلول الحـاسب' بواسطة Knight Lord, بتاريخ ‏مايو 31, 2008.

  1. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7


    السلام عليكم

    هذ1 تقرير شووفه باللون الاحمر اسمه Vga Time وشهو ذا اعتقد انه فيروس وكل مااحذفه يرد
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:52:00 م, on 31/05/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Vga Time] C:\DOCUME~1\user\APPLIC~1\BASHSP~1\Shim Free.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) - http://qtr5.talkok.com/imscp/talkc38.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://209.11.244.10/talk.cab
    O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) - http://chat1.alfaten4voice.com:1997/faten2/files/talk3.cab
    O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) - http://qtr5.talkok.com/imscp/talka.cab
    O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) - http://209.11.242.27/imscp/talks2.cab
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    --
    End of file - 6733 bytes
    ولي رده
     
  2. boob77

    boob77 زيزوومى فضى

    إنضم إلينا في:
    ‏يوليو 23, 2007
    المشاركات:
    6,816
    الإعجابات :
    98
    نقاط الجائزة:
    840
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    احذف التالي

    O4 - HKCU\..\Run: [Vga Time] C:\DOCUME~1\user\APPLIC~1\BASHSP~1\Shim Free.exe

    O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) - http://qtr5.talkok.com/imscp/talkc38.cab

    O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) - http://chat1.alfaten4voice.com:1997/...iles/talk3.cab

    O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) - http://qtr5.talkok.com/imscp/talka.cab

    O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) - http://209.11.242.27/imscp/talks2.cab

    http://www.atribune.org/ccount/click.php?id=1

    [​IMG]
     
  3. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    يعطيك العافيه بوب

    هذ1 تقريري ثاني
    كود:
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:31:34 م, on 31/05/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Vga Time] C:\DOCUME~1\user\APPLIC~1\BASHSP~1\Shim Free.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video  with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) - [URL]http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[/URL]
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL]
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [URL]http://downloads.ewido.net/ewidoOnlineScan.cab[/URL]
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://209.11.244.10/talk.cab[/URL]
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    --
    End of file - 6309 bytes
    
    
     
  4. هاوي النت

    هاوي النت زيزوومى فضى

    إنضم إلينا في:
    ‏ديسمبر 8, 2007
    المشاركات:
    8,351
    الإعجابات :
    257
    نقاط الجائزة:
    870
    الجنس:
    ذكر
    الإقامة:
    مـوزنـبـيـق
    برامج الحماية:
    Avira
    نظام التشغيل:
    Windows XP
    احذف القيمه هذي يالغااالي
    O4 - HKCU\..\Run: [Vga Time] C:\DOCUME~1\user\APPLIC~1\BASHSP~1\Shim Free.exe​
     
  5. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    قلت لك اخوي هاي ماتروح ابدا وش الحل
     
  6. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    نفس الشي
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:13:01 م, on 31/05/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SplitCam\SplitCam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Vga Time] C:\DOCUME~1\user\APPLIC~1\BASHSP~1\Shim Free.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://209.11.244.10/talk.cab
    O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://67.198.203.34/ReadUid.CAB
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    --
    End of file - 6432 bytes
     
  7. هاوي النت

    هاوي النت زيزوومى فضى

    إنضم إلينا في:
    ‏ديسمبر 8, 2007
    المشاركات:
    8,351
    الإعجابات :
    257
    نقاط الجائزة:
    870
    الجنس:
    ذكر
    الإقامة:
    مـوزنـبـيـق
    برامج الحماية:
    Avira
    نظام التشغيل:
    Windows XP
    مانتبهت يالغااالي المعذره اخوووي النوفي اكيد فيه حل الاخوان ماراح يقصرون ​
     
  8. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
  9. boob77

    boob77 زيزوومى فضى

    إنضم إلينا في:
    ‏يوليو 23, 2007
    المشاركات:
    6,816
    الإعجابات :
    98
    نقاط الجائزة:
    840
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    روح ابدا تشغيل واكتب msconfig ثم بدا التشغيل وعطل القيمة لا تعمل ريستارت

    نزل هالاداة

    http://www.zshare.net/download/4829352c0c2221/

    طبق الحذف على هالملف Shim Free.exe ولا تنسى تظهر الملفات المخفية وتبحث بمحرك البحث ايضاا

    [​IMG]
     
  10. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    msconfig<<مو في بدا التشغيل؟
     
  11. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:23:06 م, on 31/05/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Vga Time] C:\DOCUME~1\user\APPLIC~1\BASHSP~1\Shim Free.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Show all images in original quality - C:\Program Files\www.cproxy.com\originalAll.htm
    O8 - Extra context menu item: Show image in original quality - C:\Program Files\www.cproxy.com\original.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://209.11.244.10/talk.cab
    O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://67.198.203.34/ReadUid.CAB
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    --
    End of file - 6670 bytes
     
  12. LINEZERO

    LINEZERO زيزوومى محترف

    إنضم إلينا في:
    ‏يوليو 23, 2007
    المشاركات:
    2,916
    الإعجابات :
    377
    نقاط الجائزة:
    820
    الجنس:
    ذكر
    الإقامة:
    KSA-Dammam
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Mac OS

    عطل جميع برامج الحماية ,,
    وحمل هذه الاداة واحفظها على سطح المكتب
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
    بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

    انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
    وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
    انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

    --------------------------------------------

    ( 2)

    واعمل تقرير للهايجاك
    http://download.hijackthis.eu/hijackthis_199.zip

    اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
    لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

    بانتظاررك
     
  13. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    هذ1 تقرير الاداه
    ComboFix 08-05-29.1 - user 06/01/2008 18:57:58.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.571 [GMT 3:00]
    Running from: C:\Documents and Settings\user\سطح المكتب\ComboFix.exe
    * Created a new restore point
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\autorun.inf
    C:\WINDOWS\system32\kakle.dll
    .
    ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
    .
    No new files created in this timespan
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-01 16:01 --------- d-----w C:\Documents and Settings\user\Application Data\DMCache
    2008-06-01 15:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-31 18:53 13,824 ----a-w C:\WINDOWS\system32\drivers\splitcam.sys
    2008-05-31 18:53 --------- d-----w C:\Program Files\SplitCam
    2008-05-31 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-31 15:47 197 --sha-w C:\Program Files\Common Files\maxtreme.dat
    2008-05-31 15:45 --------- d-----w C:\Documents and Settings\user\Application Data\Webcammax
    2008-05-30 19:39 --------- d-----w C:\Documents and Settings\user\Application Data\Grisoft
    2008-05-30 19:36 --------- d-----w C:\Program Files\Hotspot Shield
    2008-05-30 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-29 14:29 --------- d-----w C:\Program Files\Popup Blocker
    2008-05-28 11:29 --------- d-----w C:\Documents and Settings\user\Application Data\Bash Spam Bin
    2008-05-28 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
    2008-05-28 11:28 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-05-28 11:28 --------- d-----w C:\Program Files\Circle Developement
    2008-05-28 11:28 --------- d-----w C:\Program Files\Bash Spam Bin
    2008-05-26 18:50 --------- d-----w C:\Program Files\Internet Download Manager
    2008-05-26 17:55 --------- d-----w C:\Program Files\Your Uninstaller 2008
    2008-05-26 17:52 --------- d-----w C:\Documents and Settings\user\Application Data\URSoft
    2008-05-26 17:49 --------- d-----w C:\Documents and Settings\user\Application Data\IDM
    2008-05-25 21:02 --------- d-----w C:\Program Files\Common Files\delet
    2008-05-25 17:38 --------- d-----w C:\Program Files\myproxy
    2008-05-24 16:53 --------- d-----w C:\Program Files\COMODO
    2008-05-24 16:53 --------- d-----w C:\Documents and Settings\user\Application Data\Comodo
    2008-05-24 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
    2008-05-23 15:49 --------- d-----w C:\Program Files\Ashampoo
    2008-05-23 15:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-23 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo
    2008-05-23 06:45 --------- d-----w C:\Documents and Settings\user\Application Data\Thinstall
    2008-05-22 16:18 --------- d-----w C:\Program Files\FastProxySwitch
    2008-05-22 16:15 --------- d-----w C:\Documents and Settings\user\Application Data\FastProxySwitch
    2008-05-22 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\FastProxySwitch
    2008-05-22 16:14 --------- d-----w C:\Program Files\Common Files\Download Manager
    2008-05-22 11:13 --------- d-----w C:\Program Files\MSECache
    2008-05-22 10:12 --------- d-----w C:\Documents and Settings\user\Application Data\Ahead
    2008-05-22 10:00 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-05-22 08:54 --------- d-----w C:\Program Files\Nero
    2008-05-22 08:54 --------- d-----w C:\Program Files\Common Files\Nero
    2008-05-21 19:24 --------- d-----w C:\Documents and Settings\user\Application Data\MiniDm
    2008-05-21 17:52 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-05-21 11:49 --------- d-----w C:\Documents and Settings\user\Application Data\IEPro
    2008-05-19 21:18 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-05-19 21:18 --------- d-----w C:\Program Files\Common Files\Real
    2008-05-19 18:07 --------- d-----w C:\Program Files\Paltalk Messenger
    2008-05-19 18:07 --------- d-----w C:\Documents and Settings\user\Application Data\Paltalk
    2008-05-15 20:09 --------- d-----w C:\Program Files\No-IP
    2008-05-15 15:38 --------- d-----w C:\Program Files\Google
    2008-05-15 15:30 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-15 14:57 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
    2008-05-15 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-05-14 12:03 --------- d-----w C:\Program Files\Faronics
    2008-05-12 18:46 --------- d-----w C:\Documents and Settings\user\Application Data\Nero
    2008-05-12 16:51 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-05-12 16:51 --------- d-----w C:\Program Files\AskPBar
    2008-05-11 21:16 --------- d-----w C:\Program Files\g1g
    2008-05-11 10:58 241,664 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll
    2008-05-09 20:08 --------- d-----w C:\Documents and Settings\user\Application Data\TeamViewer
    2008-05-08 12:23 --------- d-----w C:\Documents and Settings\user\Application Data\ieSpell
    2008-05-05 18:11 --------- d-----w C:\Program Files\LtUcx
    2008-05-04 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-05-02 16:21 --------- d-----w C:\Documents and Settings\user\Application Data\Zyzoom_Autorun_Viruses_cleaner
    2008-05-01 18:43 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer Pro
    2008-05-01 10:35 --------- d-----w C:\Program Files\XericDesign
    2008-04-27 19:02 --------- d-----w C:\Program Files\MSBuild
    2008-04-27 19:00 --------- d-----w C:\Program Files\Reference Assemblies
    2008-04-25 15:23 --------- d-----w C:\Program Files\JLC's Software
    2008-04-25 15:07 --------- d-----w C:\Documents and Settings\user\Application Data\JLC's Software
    2008-04-25 14:22 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
    2008-04-25 07:42 --------- d-----w C:\Program Files\Registry Compressor
    2008-04-25 07:22 --------- d-----w C:\Program Files\Registry Fast
    2008-04-20 14:47 --------- d-----w C:\Program Files\ESET
    2008-04-19 09:00 --------- d-----w C:\Program Files\MSXML 6.0
    2008-04-18 16:33 --------- d-----w C:\Documents and Settings\user\Application Data\ESET
    2008-04-18 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
    2008-04-18 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-04-18 10:49 --------- d-----w C:\Program Files\Conduit
    2008-04-17 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-04-16 10:40 --------- d-----w C:\Program Files\Common Files\BitDefender
    2008-04-16 08:34 --------- d-----w C:\Program Files\Windows Doctor
    2008-04-16 07:52 --------- d-----w C:\Documents and Settings\user\Application Data\Smart PC Solutions
    2008-04-15 14:52 --------- d-----w C:\Program Files\SlimBrowser
    2008-04-15 14:50 --------- d-----w C:\Documents and Settings\user\Application Data\SlimBrowser
    2008-04-14 16:00 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
    2008-04-14 16:00 32,866 ------w C:\WINDOWS\slrundll.exe
    2008-04-14 16:00 284,160 ----a-w C:\WINDOWS\winhlp32.exe
    2008-04-14 16:00 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
    2008-04-14 16:00 146,944 ----a-w C:\WINDOWS\regedit.exe
    2008-04-14 16:00 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
    2008-04-14 16:00 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
    2008-04-14 15:43 79,872 ----a-w C:\WINDOWS\system32\drivers\parport.sys
    2008-04-14 15:43 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
    2008-04-14 15:43 68,480 ----a-w C:\WINDOWS\system32\drivers\pci.sys
    2008-04-14 15:43 46,464 ----a-w C:\WINDOWS\system32\drivers\p3.sys
    2008-04-14 15:43 119,936 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
    2008-04-14 15:40 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
    2008-04-14 15:40 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
    2008-04-14 15:40 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
    2008-04-14 15:40 153,600 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
    2008-04-14 15:39 40,448 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
    2008-04-14 15:39 40,064 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/13/2008 04:48 PM 1443072]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/20/2008 12:18 AM 185896]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [11/03/2007 04:50 AM 6731312]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "raVe"="" []
    "Driver32"="" []
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"= 0 (0x0)
    "NoDispScrSavPage"= 0 (0x0)
    "NoDispSettingsPage"= 0 (0x0)
    "NoConfigPage"= 0 (0x0)
    "NoDevMgrPage"= 0 (0x0)
    "NoFileSysPage"= 0 (0x0)
    "NoVirtMemPage"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)
    "NoFolderOptions"= 0 (0x0)
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoClose"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
    antiwpa.dll 07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.vp31"= vp31vfw.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
    path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
    backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^user^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma.lnk]
    path=C:\Documents and Settings\user\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 10/23/2006 01:48 AM 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 10/28/2005 04:25 PM 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 04/14/2008 06:59 PM 15360 C:\WINDOWS\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    --a------ 05/26/2008 07:54 PM 2536880 C:\Program Files\Internet Download Manager\IDMan.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMDetect MSN Sniffer]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Karen]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 04/14/2003 07:30 PM 1491216 C:\Program Files\Messenger\MSMSGS.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v2]
    --a------ 05/31/2005 10:31 PM 483328 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raVe]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startIE]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemInit]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 05/20/2008 12:18 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
    C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win32BaseServiceMOD]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\myproxy\\MyProxy.exe"=
    R3 tosrfec;Bluetooth ACPI;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [10/23/2006 04:32 PM]
    S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM]
    .
    s of the 'Scheduled Tasks' folder
    "2008-06-01 11:00:00 C:\WINDOWS\Tasks\A9A35C0A91CCCF6E.job"
    - c:\docume~1\user\applic~1\bashsp~1\SixthBeepPlay.exe
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-01 19:01:21
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    .
    **************************************************************************
    .
    Completion time: 06/01/2008 19:04:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-01 16:04:36
    Pre-Run: 52,335,206,400 bytes free
    Post-Run: 52,251,942,912 bytes free
    237 --- E O F --- 2008-05-14 12:17:43
     
  14. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    وهذ1 تقرير الهايجاك
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:06:07 م, on 01/06/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Vga Time] C:\DOCUME~1\user\APPLIC~1\BASHSP~1\Shim Free.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://209.11.244.10/talk.cab
    O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://67.198.203.34/ReadUid.CAB
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    --
    End of file - 6039 bytes
     
  15. LINEZERO

    LINEZERO زيزوومى محترف

    إنضم إلينا في:
    ‏يوليو 23, 2007
    المشاركات:
    2,916
    الإعجابات :
    377
    نقاط الجائزة:
    820
    الجنس:
    ذكر
    الإقامة:
    KSA-Dammam
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Mac OS
    حلو حلو

    الان

    تحميل الاداة


    متوافق مع Xp & Vista



    (1)

    لعمل تقرير ببرامج بدء التشغيل

    قم بتشغيل الاداة ثم اتبع التالي

    [​IMG]

    ثم قم بضغط التقرير ورفعه على سيرفر المنتدى
    http://www.zyzoom.net/vb_up/index.php
     
  16. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
  17. LINEZERO

    LINEZERO زيزوومى محترف

    إنضم إلينا في:
    ‏يوليو 23, 2007
    المشاركات:
    2,916
    الإعجابات :
    377
    نقاط الجائزة:
    820
    الجنس:
    ذكر
    الإقامة:
    KSA-Dammam
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Mac OS
    عطل ثم احذف القيمه التاليه
    Vga Time

    كالتالي


    لتعطيل احد البرامج من بدء التشغيل

    قم بتشغيل الاداة ثم اتبع التالي

    [​IMG]





    لمسح احد قيم بدء التشغيل

    قم بتشغيل الاداة ثم اتبع التالي

    [​IMG]

    [​IMG]

    [​IMG]

    ثم اعمل اعادة تشغيل للجهاز

    ثم قم بعمل تقرير بالاداة السابقه للتاكد من حذف القيمه

    ثم قم بضغط التقرير ورفعه على سيرفر المنتدى
    http://www.zyzoom.net/vb_up/index.php

    وعمل تقرير هايجاك جديد

    بالانتظار..​
     
  18. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    اعتقد ماراحت اخوي ما رضت سويت كل شي بس ما راحت

    الموهم هذا تقرير الاداه الاولى
    http://www.zyzoom.net/vb_up/view.php?file=98fe1a77ac

    وهذ1 تقرير هايجاك
    Logfile of Trend Micro HijackThis v2.0.2
    كود:
     
    
    Scan saved at 09:27:05 م, on 01/06/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Vga Time] C:\DOCUME~1\user\APPLIC~1\BASHSP~1\Shim Free.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video  with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) - [URL]http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[/URL]
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL]
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - [URL]http://downloads.ewido.net/ewidoOnlineScan.cab[/URL]
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://209.11.244.10/talk.cab[/URL]
    O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) - [URL]http://voice2.emkanat.com/cp/files/talk3.cab[/URL]
    O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - [URL]http://67.198.203.34/ReadUid.CAB[/URL]
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    --
    End of file - 6129 bytes
    
    
     
  19. LINEZERO

    LINEZERO زيزوومى محترف

    إنضم إلينا في:
    ‏يوليو 23, 2007
    المشاركات:
    2,916
    الإعجابات :
    377
    نقاط الجائزة:
    820
    الجنس:
    ذكر
    الإقامة:
    KSA-Dammam
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Mac OS
    يارجال لاتشيل هم وراها وراها الين نطيرها

    :)
     
  20. Knight Lord

    Knight Lord زيزوومى محترف

    إنضم إلينا في:
    ‏مارس 1, 2008
    المشاركات:
    4,623
    الإعجابات :
    33
    نقاط الجائزة:
    830
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7

مشاركة هذه الصفحة

جاري تحميل الصفحة...