اريد تفصيل كامل لهذا البرنامج الذي كل يوم يصادفني

خ

خالد الوصارة

زيزوومى محترف
إنضم
17 أبريل 2008
المشاركات
2,355
مستوى التفاعل
26
النقاط
730
الإقامة
ليبيا
غير متصل
السلام عليكم ورحمة الله وبركاته
:km-0y00001 (105): ارحب بكل اعضاء وزوار ومشرفي هذا المنتدى الطيب :km-0y00001 (105):
وانا اتصفح في النت تأتيني صفحة بها هذا البرنامج الخفيف الواضح انه برنامج حماية .
بحثت عنه في النت لم اجد له مثيل وحملته بجهازي ثم حذفته ..
وكل يوم اتصبح واتمسى عليه حتى انه اصبح يجعزني .
فضلا .. لا .. امراً.. اريد .. حل .. اوتفصيل لهذا البرنامج
وهذه صورة لإيقونته ..

45bc5.png


:getsmile.tmp0019545 ردو بسرعة قبل لااروح فيها
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
الظاهر ان عندك برنامج دعائي ..

اعمل التالي لاهنت

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------

(2)

واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png


--------------------------------------------


( 3)

واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

بانتظاررك
 
توقيع : LINEZERO
تأييد 0
بارك الله فيك على ردك السريع وزاد حبي لكم 90 درجة وقابل للزيادة ..
(( 1 ))
الخطوة الاولى تمت بظهور الرسالتين الاثنين

66nd1.png


وضغطت على موافق ..
بعدها بقليل ظهرت لي هذه الرسالة ..

44io9.png


ولم انقر على البالون ...
ثم اردت ان افتح صفحة ويب فجأة اختفاء سطح المكتب وعملت له اعادة تشغيل .
اما التقرير الاول هو الاتي :-
ComboFix 08-06-01.6 - bc 06/02/2008 15:11:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.423 [GMT 3:00]
Running from: C:\Documents and Settings\bc\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\bc\Application Data\FunWebProducts
C:\Documents and Settings\bc\Local Settings\Application Data\bpgofq.dat
c:\documents and settings\bc\local settings\application data\bpgofq.exe
c:\Documents and Settings\bc\Local Settings\Application Data\bpgofq_nav.dat
C:\Documents and Settings\bc\Local Settings\Application Data\bpgofq_navps.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Installr\4.bin\F3EZSETP.DLL
C:\Program Files\FunWebProducts\ScreenSaver\Cache\0198BCF6.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
C:\Program Files\FunWebProducts\ScreenSaver\Images\0197112A.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\0198BB60.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\019C7105.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\005B0ECA.bin
C:\Program Files\MyWebSearch\bar\Cache\005B1B8C.bin
C:\Program Files\MyWebSearch\bar\Cache\005B1FD1.bin
C:\Program Files\MyWebSearch\bar\Cache\005B23E8.bin
C:\Program Files\MyWebSearch\bar\Cache\005B27D0.bin
C:\Program Files\MyWebSearch\bar\Cache\00680FB5
C:\Program Files\MyWebSearch\bar\Cache\0195EFDC
C:\Program Files\MyWebSearch\bar\Cache\0195F589.bin
C:\Program Files\MyWebSearch\bar\Cache\01960170.bin
C:\Program Files\MyWebSearch\bar\Cache\01961100.bin
C:\Program Files\MyWebSearch\bar\Cache\0196407D.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\ML.DLL
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 12:15 8,162,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-02 12:15 450,848 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-02 12:15 --------- d-----w C:\Documents and Settings\bc\Application Data\DMCache
2008-06-02 12:14 47,420 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-02 12:14 118,652 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-02 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 14:24 --------- d-----w C:\Program Files\Microsoft Firewall Client 2004
2008-06-01 12:21 --------- d-----w C:\Documents and Settings\bc\Application Data\Nuotex
2008-05-31 13:33 --------- d-----w C:\Program Files\3D Blocks
2008-05-31 12:45 --------- d-----w C:\Program Files\Elcomsoft
2008-05-30 10:42 --------- d-----w C:\Program Files\الموسوعة الطبية
2008-05-30 10:20 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-29 21:53 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-29 21:53 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-29 21:53 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-29 20:13 --------- d-----w C:\Documents and Settings\bc\Application Data\AvaFind Data
2008-05-29 11:54 --------- d-----w C:\Program Files\Absolute Memory
2008-05-28 15:08 --------- d-----w C:\Documents and Settings\bc\Application Data\PC Suite
2008-05-27 10:51 --------- d-----w C:\Documents and Settings\bc\Application Data\Thinstall
2008-05-26 20:26 --------- d-----w C:\Documents and Settings\bc\Application Data\MyProxy
2008-05-21 09:27 0 ----a-w C:\Odesa.exe
2008-05-19 10:12 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-18 10:16 --------- d-----w C:\Program Files\MobiMB Mobile Media Browser
2008-05-18 10:16 --------- d-----w C:\Program Files\Common Files\LogoManager
2008-05-17 13:53 --------- d-----w C:\Documents and Settings\bc\Application Data\IDM
2008-05-15 17:10 --------- d-----w C:\Program Files\CakeMania_at
2008-05-14 12:02 --------- d-----w C:\Documents and Settings\bc\Application Data\Godlike
2008-05-13 14:45 --------- d-----w C:\Program Files\AvaFind
2008-05-12 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-05-12 18:32 --------- d-----w C:\Program Files\Daniusoft
2008-05-12 18:01 --------- d-----w C:\Documents and Settings\bc\Application Data\XTND_BTUIs
2008-05-12 17:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 17:57 --------- d-----w C:\Program Files\Extended Systems
2008-05-12 12:14 --------- d-----w C:\Program Files\VerbAce
2008-05-11 13:27 24,976 ----a-w C:\WINDOWS\twain_16.dll
2008-05-11 12:29 --------- d-----w C:\Program Files\Sarkophage
2008-05-10 22:42 1,048,064 ----a-w C:\WINDOWS\system32\Sarkophage.exe
2008-05-10 22:25 --------- d-----w C:\Program Files\Quran_in_Word
2008-05-10 11:42 --------- d-----w C:\Program Files\MDM Flash Studio PRO v2 Trial
2008-05-10 11:28 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-10 11:28 --------- d-----w C:\Program Files\Common Files\Real
2008-05-08 22:09 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-05-08 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-08 21:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 14:06 --------- d-----w C:\Program Files\PowerDataRecovery
2008-05-05 20:23 --------- d-----w C:\Documents and Settings\bc\Application Data\Nokia
2008-05-04 10:09 --------- d-----w C:\Program Files\TechSmith
2008-05-03 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-03 15:29 --------- d-----w C:\Program Files\Yahoo!
2008-05-03 15:29 --------- d-----w C:\Program Files\Ashampoo
2008-05-02 22:39 --------- d-----w C:\Program Files\ImageShackToolbar
2008-05-02 21:54 --------- d-----w C:\Program Files\MSN Messenger
2008-05-02 19:21 --------- d-----w C:\Program Files\JetAudio
2008-05-02 19:21 --------- d-----w C:\Documents and Settings\bc\Application Data\COWON
2008-05-02 14:02 --------- d-----w C:\Program Files\CyberLink
2008-05-02 13:36 --------- d-----w C:\Program Files\Google
2008-05-02 13:27 --------- d-----w C:\Program Files\Real
2008-05-02 13:08 --------- d-----w C:\Program Files\QuickWiz
2008-05-02 13:06 --------- d-----w C:\Program Files\Common Files\GuruNet Shared
2008-05-02 13:06 --------- d-----w C:\Program Files\Common Files\Accent Shared
2008-05-02 12:59 61,440 ----a-w C:\WINDOWS\Uninstal.exe
2008-05-02 12:59 --------- d-----w C:\Program Files\Ontrack
2008-05-02 12:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-02 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-01 12:31 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-05-01 12:31 --------- d-----w C:\Program Files\الموسوعة القرآنية الشاملة
2008-04-30 22:08 --------- d-----w C:\Program Files\Panicware
2008-04-30 16:32 --------- d-----w C:\Program Files\Internet Download Manager
2008-04-30 16:31 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-30 16:31 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-29 21:38 --------- d-----w C:\Program Files\AirXonix
2008-04-29 20:52 --------- d-----w C:\Program Files\Combat Engineer
2008-04-29 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-29 17:50 --------- d-----w C:\Program Files\MSBuild
2008-04-29 17:50 --------- d-----w C:\Program Files\Microsoft Works
2008-04-29 17:38 --------- d-----w C:\Program Files\Nokia
2008-04-29 17:38 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-29 17:38 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-29 17:37 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-29 13:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-29 13:50 --------- d-----w C:\Program Files\Ahead
2008-04-29 09:49 --------- d-----w C:\Documents and Settings\bc\Application Data\Nokia Multimedia Player
2008-04-28 22:54 --------- d-----w C:\Program Files\Power Email Harvester
2008-04-28 18:36 --------- d-----w C:\Program Files\ALLCapture 2.0 Trial
2008-04-28 17:43 --------- d-----w C:\Documents and Settings\bc\Application Data\ALLCapture
2008-04-28 17:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-28 12:03 --------- d-----w C:\Program Files\DIFX
2008-04-28 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-28 11:31 --------- d-----w C:\Program Files\USB Keyboard Driver
2008-04-28 11:22 --------- d-----w C:\Program Files\BuddyCheck
2008-04-27 22:33 --------- d-----w C:\Program Files\PhotoZoom Pro 2
2008-04-26 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-04-26 16:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-26 16:09 172,032 ------w C:\WINDOWS\Setup1.exe
2008-04-26 16:09 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-04-26 15:58 --------- d-----w C:\Program Files\Prayer Time
2008-04-26 15:58 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-04-26 11:09 --------- d-----w C:\Program Files\Vimicro
2008-04-26 11:05 --------- d-----w C:\Program Files\INTEX Video Power
2008-04-26 10:44 --------- d-----w C:\Program Files\PLANET WL-U356A
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/23/2004 03:00 PM 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [05/15/2008 09:25 PM 3096576]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [12/11/2007 03:55 PM 2565552]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [04/16/2008 01:53 PM 1079808]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [03/26/2008 07:41 PM 1232896]
"AvaFind"="C:\Program Files\AvaFind\AvaFind.exe" [10/02/2003 01:36 AM 665600]
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [08/10/2007 10:21 AM 16384000 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [08/03/2007 08:22 AM 1826816 C:\WINDOWS\SkyTel.exe]
"SiSPower"="SiSPower.dll" [06/25/2007 11:46 AM 53248 C:\WINDOWS\system32\SiSPower.dll]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 05:51 PM 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 08:28 PM 155648]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [06/23/2005 12:13 PM 61440]
"SystemInit"="" []
"Karen"="" []
"raVe"="" []
"Win32BaseServiceMOD"="" []
"startIE"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [05/23/2004 03:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM 31016]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/10/2008 02:27 PM 180269]
"VerbAce"="C:\Program Files\VerbAce\VerbAce.exe" [05/12/2008 03:14 PM 139264]
"BTUSRBDG"="BtUsrBdg.exe" [11/05/2003 10:21 PM 53248 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [04/15/2003 10:48 AM 36864 C:\WINDOWS\system32\BTSetBootKey.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"raVe"="" []
"Driver32"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [05/23/2004 03:00 PM 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/26/2008 07:41 PM 1232896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AL Maathen.lnk - C:\Program Files\Prayer Time\Libya\AlMaathen.exe [2008-04-26 18:58:15 918528]
Microsoft Firewall Client Management.lnk - C:\WINDOWS\Installer\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe [2008-06-01 17:24:44 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
PLANET WL-U356A Utility.lnk - C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe [2008-04-26 13:44:27 483328]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 12:11:48 6395464]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-04-24 15:07:13 262144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R2 FwcAgent;Firewall Client Agent;"C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe" [06/10/2004 05:00 AM]
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [09/28/2004 04:18 PM]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [03/18/2003 11:31 AM]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [06/30/2005 12:57 PM]
R3 ZD1211BU(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [10/28/2005 12:38 PM]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe []
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [06/28/2005 07:46 PM]
S3 FXDrv32;FXDrv32;G:\FXDrv32.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [09/17/2007 04:53 PM]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [11/29/2007 11:39 AM]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [11/29/2007 11:39 AM]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-06-02 15:15:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\VerbAce\HookDll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 06/02/2008 15:17:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 12:17:06
Pre-Run: 25,367,187,456 bytes free
Post-Run: 25,523,982,336 bytes free
367
ـــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ

(( 2 ))
الخطوة الثانية تمت بنجاح وهذا التقرير ....
SmitFraudFix v2.323
Scan done at 15:41:20.35, Mon 06/02/2008
Run from C:\Documents and Settings\bc\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: PLANET WL-U356A - Packet Scheduler Miniport
DNS Server Search Order: 62.145.72.41
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E472BBDF-13ED-499E-B345-034B3FD56666}: NameServer=62.145.72.41
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E472BBDF-13ED-499E-B345-034B3FD56666}: NameServer=62.145.72.41
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E472BBDF-13ED-499E-B345-034B3FD56666}: NameServer=62.145.72.41

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

ـــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ

(( 3 ))

تمت بنجاح وهذا التقرير ....
Logfile of HijackThis v1.99.1
Scan saved at 15:53:34, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VerbAce\VerbAce.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Prayer Time\Libya\AlMaathen.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\bc\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server-ede:8080
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VerbAce] C:\Program Files\VerbAce\VerbAce.exe -AutoRun
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - Global Startup: AL Maathen.lnk = C:\Program Files\Prayer Time\Libya\AlMaathen.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{E472BBDF-13ED-499E-B345-034B3FD56666}: NameServer = 62.145.72.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

واخيرا تمت الخطوات وفي انتظار النتيجة والله يستر
 
تأييد 0
حلو .. حلو ..

(1)

الان اعمل فحص هايجاك جديد بالاداة المرفقه بالرد الاول الخطوه (3)

وحدد القيم التاليه ثم اضغط Fix

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF​

O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{E472BBDF-13ED-499E-B345-034B3FD56666}: NameServer =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)​

طريقة الحذف


mg%20%283%29.png


mg%20%284%29.png

(2)

ثم اذهب الى اضافة وازالة البرامج من لوحة التحكم ..

وقم بمسح اي تولبار موجود عندك ..​

(3)

نزل هذه الاداة واتبع الشرح التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لكي هذه الشاشه ,, انتظري ( وتابعي مع الصور )

000.png

001.png

وعند ظهور هذه الشاشه ,, اضغطي على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png


(4)

قم باعادة تشغيل للجهاز

(5)

تقرير هايجاك جديد والصقه بردك القادم
 
توقيع : LINEZERO
تأييد 0
بارك الله فيك اخي ومعلمي ...
الان التمس منك العذر عندي شغل واكمل الباقي بالليل إن شاءالله ..
على اني اشوف الامر دخل الى الصعوبة والله يستر ..
ولك مني دعوة في ظهر الغيب احلى هدية اقدمها لك
والسلام عليكم على امل اللقاء
 
تأييد 0
ملف سبايوير وتابع مع الغالي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
وان شاء الله يروح الملف اذا ماراح لازم تنزل برنامج مضاد سبايوير
 
تأييد 0
السلام عليكم ورحمة الله وبركاته
معلمي انا تأخرت عليك ومنك السماح ..
نعم انا اتبعت طريقتك وكله تمام ماعدا..


نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


هذا البرنامج لم افلح في تنزيله كنت على وشك ان احمله ثم توقف على 99 ولم يكمل التحميل وحاولت ان احمله من جديد دون فائدة .
........
وتطلع لي هذه ...

61559957ez3.png
 
تأييد 0
خالد الوصارة قال:
السلام عليكم ورحمة الله وبركاته
معلمي انا تأخرت عليك ومنك السماح ..
نعم انا اتبعت طريقتك وكله تمام ماعدا..


نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

هذا البرنامج لم افلح في تنزيله كنت على وشك ان احمله ثم توقف على 99 ولم يكمل التحميل وحاولت ان احمله من جديد دون فائدة .
........
وتطلع لي هذه ...​


61559957ez3.png
أنقر للتوسيع...


لاهنت حمل بدون برامج تحميل

موقع الميديا فاير عله

:d:
 
توقيع : LINEZERO
تأييد 0
فضلا اعطيني رابط غير هذا لاني لم استطع ان احمله من هذا الرابط
 
تأييد 0
تأييد 0
تأييد 0
وهذا التقرير الاخير وان شاءالله خير

Logfile of HijackThis v1.99.1
Scan saved at 02:18:16, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VerbAce\VerbAce.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Prayer Time\Libya\AlMaathen.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\bc\LOCALS~1\Temp\Rar$EX00.531\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server-ede:8080
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VerbAce] C:\Program Files\VerbAce\VerbAce.exe -AutoRun
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\bc\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\bc\Application Data\CyberScrub\Privacy Suite"
O4 - Global Startup: AL Maathen.lnk = C:\Program Files\Prayer Time\Libya\AlMaathen.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
 
تأييد 0
احذف القيم التاليه
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\bc\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\bc\Application Data\CyberScrub\Privacy Suite"

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)​
 
تأييد 0
هاوي النت قال:
احذف القيم التاليه

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)​

O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\bc\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\bc\Application Data\CyberScrub\Privacy Suite"​


O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)​
أنقر للتوسيع...

بارك الله فيك

واخبرنا هل انتهت المشكله ..
 
توقيع : LINEZERO
تأييد 0
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\bc\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\bc\Application Data\CyberScrub\Privacy Suite"

هذه القيمة لم اجدها فما الحل....؟؟
 
تأييد 0
خالد الوصارة قال:
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\bc\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\bc\Application Data\CyberScrub\Privacy Suite"

هذه القيمة لم اجدها فما الحل....؟؟
أنقر للتوسيع...


هذه القيمه هي قيمة اداة التنضيف طنشها ..
:q:
 
توقيع : LINEZERO
تأييد 0
Logfile of HijackThis v1.99.1
Scan saved at 13:57:14, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VerbAce\VerbAce.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Prayer Time\Libya\AlMaathen.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\bc\LOCALS~1\Temp\Rar$EX00.140\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server-ede:8080
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VerbAce] C:\Program Files\VerbAce\VerbAce.exe -AutoRun
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - Global Startup: AL Maathen.lnk = C:\Program Files\Prayer Time\Libya\AlMaathen.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

هذا التقرير الاخير وبارك الله فيك على ردك السريع تسلم من كل شر
 
تأييد 0
هل المشكله مازالت مستمره

تبقى هذه القيمه

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)

احذفها من الوضع الامن ..

بانتظارك ..
 
توقيع : LINEZERO
تأييد 0
لااعرف كيف اجازيك بس خليها علي ..
الى الان الامور تمام وإن شاءالله على طول تمام .. اكثر تواجدي معكم واخبرك اذا صار جديد
تسلم يالغالي من كل شر
تحياتي
 
تأييد 0
طريقة الحذف

zyzoom-7fff03bfdc.jpg


zyzoom-cdb6d6b53c.jpg


zyzoom-49bd48088d.jpg


القيمه هي

C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe

واذا خلصت عطنا تقرير جديد
 
توقيع : LINEZERO
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى