ظهور موقع فجاة وانا اتصفح المواقع

  • بادئ الموضوع بادئ الموضوع rolex
  • تاريخ البدء تاريخ البدء
R

rolex

زيزوومى مميز
إنضم
27 يناير 2008
المشاركات
258
مستوى التفاعل
96
النقاط
480
غير متصل
السلام عليكم ورحمة الله وبركاته

كل عام وانتم بخير اولاً

اخواني الاعزاء اعاني من مشكله غريبه وهي ظهور موقع فجاة وانا اتصفح المواقع بمعنى عندما انتقل لموقع او صفحة اخرى يظهر هذا الموقع بين فترة وفترة عنوان هذا الموقع هو:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



وعجزت عن حلها وكذلك اعاني من عدم استطاعتي لحفظ صفحات بعض المواقع وهذا تقريري:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:01:58 ص, on 29/08/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\cafe\cafeAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\User\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

(file missing)
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{BE6C4DCF-4A03-44C3-B351-80FB84F1803E}: NameServer = 84.23.102.172 84.23.102.173
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - c:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7796 bytes


بأنتظار ردكم مع خالص شكري وتقديري،،،
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
احذف القيم
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

(file missing)

O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - (no file)

واخوي عندك برنامج كل قيمه او اكثرها مشبوهه يعني لو تحذفه اذا ماتستعمله cafeAgent
 
توقيع : sdook
تأييد 0
اخوي واحذف هالقيمه
O13 - Gopher Prefix:


طرقة حذف القيم



طريقة الحذف


zyzoom-47abf39087.gif



zyzoom-dc3770ae68.gif
 
توقيع : sdook
تأييد 0
( 1 )


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------

( 2 )

واعمل تقرير جديد للهايجاك

 
التعديل الأخير بواسطة المشرف:
توقيع : KinXG BlacK
تأييد 0
اخي العزيز

انتهت الاداءة ولم يعمل ريستارت وهذا تقريرها:
ComboFix 08-08-28.06 - User 08/29/2008 15:29:05.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1256.1.1033.18.1198 [GMT 3:00]
Running from: C:\Users\User\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 12:32 --------- d-----w C:\Users\User\AppData\Roaming\DMCache
2008-08-29 12:29 --------- d-----w C:\Program Files\Common Files\Akamai
2008-08-29 12:27 29,594,912 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-29 11:42 --------- d-----w C:\Users\User\AppData\Roaming\cafe
2008-08-29 10:24 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-29 09:03 404,480 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-29 01:44 --------- d-----w C:\Users\User\AppData\Roaming\IDM
2008-08-29 01:17 --------- d-----w C:\Users\User\AppData\Roaming\Thinstall
2008-08-29 00:42 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-29 00:42 --------- d-----w C:\Program Files\Common Files\Real
2008-08-28 00:49 --------- d-----w C:\Users\User\AppData\Roaming\Kaspersky_Key_Finder_(KKF
2008-08-27 19:25 3,326 ----a-w C:\Windows\System32\tmp.reg
2008-08-27 19:23 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-27 19:03 --------- d-----w C:\Users\User\AppData\Roaming\Grisoft
2008-08-27 19:03 --------- d-----w C:\ProgramData\Grisoft
2008-08-27 11:38 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-26 11:27 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-25 23:39 --------- d-----w C:\Users\User\AppData\Roaming\TeamViewer
2008-08-21 11:01 --------- d-----w C:\Program Files\Java
2008-08-21 10:30 --------- d-----w C:\Program Files\Common Files\Java
2008-08-20 09:43 --------- d-----w C:\Program Files\BandRich
2008-08-17 08:44 --------- d-----w C:\Users\User\AppData\Roaming\Paltalk
2008-08-17 08:25 --------- d-----w C:\Program Files\Paltalk Messenger
2008-08-14 22:29 --------- d-----w C:\Program Files\Yahoo!
2008-08-14 00:40 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 23:58 --------- d-----w C:\Program Files\vghd
2008-08-08 20:55 --------- d-----w C:\Program Files\Common Files\Rtools
2008-08-08 17:42 --------- d-----w C:\Users\User\AppData\Roaming\Nero
2008-08-08 17:40 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-08 17:38 --------- d-----w C:\ProgramData\Nero
2008-08-08 17:38 --------- d-----w C:\Program Files\Nero
2008-08-06 16:43 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-08-06 05:59 --------- d-----w C:\Program Files\IVT Corporation
2008-08-05 23:04 --------- d-----w C:\Program Files\Counter-strike
2008-08-04 19:35 --------- d-----w C:\ProgramData\NVIDIA
2008-08-04 09:48 --------- d-----w C:\Program Files\BitLocker
2008-08-04 09:47 --------- d-----w C:\Program Files\Microsoft Games
2008-08-04 00:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-03 17:05 --------- d-----w C:\Program Files\DynGate
2008-08-02 01:56 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-02 01:45 --------- d-----w C:\Users\User\AppData\Roaming\Microsoft Games
2008-08-02 00:14 --------- d-----w C:\ProgramData\cafe
2008-08-02 00:12 --------- d-----w C:\Program Files\cafe
2008-07-31 20:58 --------- d-----w C:\Users\User\AppData\Roaming\elefundesktops
2008-07-31 20:58 --------- d-----w C:\Program Files\EleFun Desktops
2008-07-31 20:30 --------- d-----w C:\Program Files\Real
2008-07-31 15:42 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-31 14:56 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-31 14:41 --------- d-----w C:\Users\User\AppData\Roaming\Media Player Classic
2008-07-31 14:37 --------- d-----w C:\Program Files\Google
2008-07-31 08:24 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-31 08:24 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-07-31 08:02 15,600 ----a-w C:\Windows\gdrv.sys
2008-07-31 07:19 --------- d-----w C:\ProgramData\Messenger Plus!
2008-07-31 07:17 --------- d-----w C:\Program Files\Dictionary
2008-07-31 07:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-31 07:15 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-31 07:15 --------- d-----w C:\Program Files\Firefox 2.0.0.13
2008-07-31 07:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-31 07:11 --------- d-----w C:\Program Files\Windows Live
2008-07-31 07:05 --------- d-----w C:\Program Files\Realtek
2008-07-31 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 07:04 --------- d-----w C:\Users\User\AppData\Roaming\InstallShield
2008-07-31 07:02 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-31 07:01 315,392 ----a-w C:\Windows\HideWin.exe
2008-07-31 07:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-31 06:58 155,995 ----a-w C:\Windows\Java\Packages\73XBTVBB.ZIP
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Journal
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Defender
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Calendar
2008-07-31 06:58 --------- d-----w C:\Program Files\Intel
2008-07-31 06:46 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-29 15:46 128,840 ----a-w C:\Windows\System32\cafe.scr
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-04 15:30 9,728 ----a-w C:\Windows\System32\BsMonUI.dll
2008-06-04 15:30 57,430 ----a-w C:\Windows\System32\btfunc.dll
2008-06-04 15:30 53,248 ----a-w C:\Windows\System32\HtmPrintHelper.dll
2008-06-04 15:30 405,589 ----a-w C:\Windows\System32\BsUI.dll
2008-06-04 15:30 278,647 ----a-w C:\Windows\System32\outlookAddin.dll
2008-06-04 15:30 18,432 ----a-w C:\Windows\System32\BsMonSvr.dll
2008-06-04 15:29 622,693 ----a-w C:\Windows\System32\BSShell.dll
2008-06-04 15:29 540,758 ----a-w C:\Windows\System32\Bscdlg.dll
2008-06-04 15:29 114,788 ----a-w C:\Windows\System32\BsProfileFunc.dll
2008-06-04 15:29 114,774 ----a-w C:\Windows\System32\versit.dll
2008-06-04 15:28 94,314 ----a-w C:\Windows\System32\BsHelpCSps.dll
2008-06-04 15:28 520,307 ----a-w C:\Windows\System32\BlueSoleilCSps.dll
2008-06-04 15:28 143,450 ----a-w C:\Windows\System32\BsCommon.dll
2008-06-04 15:27 98,403 ----a-w C:\Windows\System32\Bs2Res.dll
2008-06-04 15:27 28,766 ----a-w C:\Windows\System32\PlayerCtrl.dll
2008-06-04 15:27 28,672 ----a-w C:\Windows\System32\BsMobileCSps.dll
2008-06-04 15:27 225,364 ----a-w C:\Windows\System32\BsSDK.dll
2008-06-04 15:27 118,880 ----a-w C:\Windows\System32\BsMobileSDK.dll
.

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/21/2008 05:21 AM 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [08/16/2007 04:19 PM 5728112]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [12/21/2007 07:08 AM 931760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 03:35 PM 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/21/2008 05:23 AM 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [01/21/2008 05:21 AM 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [09/12/2007 05:28 AM 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/12/2007 05:28 AM 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [09/12/2007 05:28 AM 81920]
"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [06/05/2008 05:50 PM 231424]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM 1836328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"!AVG Anti-Spyware"="C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe" [10/03/2007 04:00 AM 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/29/2008 03:41 AM 185896]
"RtHDVCpl"="RtHDVCpl.exe" [07/06/2007 06:06 AM 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [06/15/2007 11:45 AM 1826816 C:\Windows\SkyTel.exe]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
cafe.lnk - C:\Program Files\cafe\cafeAgent.exe [2008-06-29 18:46:27 145736]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
cafe.lnk - C:\Program Files\cafe\cafeAgent.exe [2008-06-29 18:46:27 145736]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2008-05-09 01:17:29 10452992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BECB7C77-E757-4E17-9B0A-CA0077670929}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D52A226D-29B9-410E-90B2-D291AC8831AE}"= UDP:9420:Akamai Network Manager
"{E01A04A3-EF02-46C5-A960-59015FCF2423}"= TCP:5000:Akamai Network Manager
"{3181F77A-D252-4F41-8D6C-68C38B92199D}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{FA55C007-937E-488A-BF7B-CF0E509E0B04}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{C8C16F42-C2CE-4D31-8544-507FCBD4209C}"= UDP:C:\Program Files\Paltalk Messenger\paltalk.exe:PaltalkScene
"{BB239972-572C-4AA7-AFC6-E0A25EFCACA8}"= TCP:C:\Program Files\Paltalk Messenger\paltalk.exe:PaltalkScene
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys [01/21/2008 07:28 PM]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [04/04/2007 02:59 PM]
R2 Akamai;Akamai;C:\Windows\System32\svchost.exe [01/21/2008 05:21 AM]
R2 Apache2.2;Apache2.2;C:\AppServ\Apache2.2\bin\httpd.exe [01/17/2008 08:37 PM]
R2 BandLuxe_Service;BandLuxe Service;C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [06/03/2008 10:12 AM]
R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [06/05/2008 05:50 PM]
R2 BsMobileCS;BsMobileCS;C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [06/04/2008 06:26 PM]
R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [06/04/2008 06:28 PM]
R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys [01/21/2008 07:28 PM]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\Windows\system32\DRIVERS\br3gmdm.sys [03/14/2008 10:31 AM]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [01/21/2008 05:21 AM]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [01/21/2008 05:21 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b9c5e0-6f7b-11dd-9fcf-101111111111}]
\shell\AutoRun\command - semo2x.exe
\shell\explore\Command - semo2x.exe
\shell\open\Command - semo2x.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e290584-6565-11dd-9eec-101111111111}]
\shell\Auto\command - auto.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\shell\explore\Command - I:\oufddh.exe
\shell\open\Command - I:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45afc057-5ecb-11dd-a17b-806e6f6e6963}]
\shell\AutoRun\command - H:\Autorun\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e275b127-6e83-11dd-aa5a-101111111111}]
\shell\AutoRun\command - I:\AUTORUN_BANDLUXE.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e275b247-6e83-11dd-aa5a-101111111111}]
\shell\AutoRun\command - I:\AUTORUN_BANDLUXE.EXE
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R1 -: HKCU-Internet Settings,ProxyServer = proxy.awalnet.net.sa:8080
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
C:\Windows\Downloaded Program Files\SysReqLab3.osd
C:\Windows\Downloaded Program Files\sysreqlab3.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2008-08-29 15:32:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\BsMobileSDK.dll
-> C:\Windows\system32\BsLangInDepRes.dll
.
Completion time: 08/29/2008 15:33:30
ComboFix-quarantined-files.txt 2008-08-29 12:33:16
Pre-Run: 37,639,180,288 bytes free
Post-Run: 37,775,753,216 bytes free
235 --- E O F --- 2008-08-27 09:44:33


وهذا تقرير جديد للهايجاك:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:39:16, on 29/08/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\cafe\cafeAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\User\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{BE6C4DCF-4A03-44C3-B351-80FB84F1803E}: NameServer = 84.23.102.172 84.23.102.173
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - c:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7514 bytes
 
تأييد 0
احذف التالي

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




طريقة الحذف مشروحه اعلاه


ثم من اضافة وازالة البرامج احذف التالي

Google Toolbar

ثم نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



wh_15149054.png



اعد التشغيل واعمل تقريرجديد للهايجاك​
 
توقيع : KinXG BlacK
تأييد 0
هذا التقرير بعد الحذف واتوقع بأنه لم يحذف جميع القيم:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:26:56, on 29/08/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\cafe\cafeAgent.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\User\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.awalnet.net.sa:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - c:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7919 bytes
 
تأييد 0
من التقرير احذف هالقيم

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O13 - Gopher Prefix:

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




اعمل هذي الخطوه

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


والأفضل احذف برنامج
cafeAgent



بعدها اعد التشغيل واعمل تقرير جديد​
 
توقيع : KinXG BlacK
تأييد 0
المعذرة ...

اعمل التالي لاهنت في الوضع الأمن (( سيف مود ))



شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png
 
توقيع : AbOdy
تأييد 0
اخي العزيز

القيم ماهي راضيه تنحذف وهذا التقرير بعد حذف Google Toolbar
وبالنسبة للبرنامج cafeAgent ماهو موجود في قائمة اضافة وازالة البرامج

التقرير بعد عمل السابق والقيم لاتوقع انها حذفت:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:46:12, on 29/08/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\cafe\cafeAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\User\AppData\Roaming\Thinstall\Mozilla Firefox (3.0.1)\1000000800002i\svchost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\User\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.awalnet.net.sa:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{BE6C4DCF-4A03-44C3-B351-80FB84F1803E}: NameServer = 84.23.102.172 84.23.102.173
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - c:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7849 bytes


الان سوف اقوم بعمل اخر خطوة شرحتها واكتب لك وش حصل

وشكراً لك،،،
 
تأييد 0
اخي العزيز

هذا التقرير الاخير مع اخر اداة قمت بشرحها:

SmitFraudFix v2.342
Scan done at 19:07:41.03, Fri 08/29/2008
Run from C:\Users\User\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}"="Windows DreamScene"
[HKEY_CLASSES_ROOT\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{235C72BF-D3B4-42D2-AC91-3428E291AF6B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BE6C4DCF-4A03-44C3-B351-80FB84F1803E}: NameServer=84.23.102.172 84.23.102.173
HKLM\SYSTEM\CS1\Services\Tcpip\..\{235C72BF-D3B4-42D2-AC91-3428E291AF6B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BE6C4DCF-4A03-44C3-B351-80FB84F1803E}: NameServer=84.23.102.172 84.23.102.173
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}"="Windows DreamScene"
[HKEY_CLASSES_ROOT\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"

»»»»»»»»»»»»»»»»»»»»»»»» End

في انتظار ردك مع خالص شكري وتقديري،،،
 
تأييد 0
طيب الحين كيف الوضع عندك
 
توقيع : AbOdy
تأييد 0
مازالت مشكلة الموقع اللعين تجي
 
تأييد 0
اعمل التالي مرة اخرى ....



==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم




بالأنتظار للتقارير
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
عذرا اخي العزيز بتعديل العنوان الى المناسب

بالتوفيق
 
تأييد 0
توقيع : ابـــو عــبــد الــلــه
تأييد 0
هذا تقرير الاداة الاولى:
ComboFix 08-08-28.06 - User 08/30/2008 0:49:15.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1256.1.1033.18.976 [GMT 3:00]
Running from: C:\Users\User\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 21:51 --------- d-----w C:\Users\User\AppData\Roaming\DMCache
2008-08-29 21:49 29,951,520 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-29 21:40 --------- d-----w C:\ProgramData\PrevxCSI
2008-08-29 21:28 17,408 ----a-w C:\Windows\system32\drivers\pxark.sys
2008-08-29 21:28 --------- d-----w C:\Program Files\PrevxCSI
2008-08-29 21:18 --------- d-----w C:\ProgramData\Prevx
2008-08-29 21:09 --------- d-----w C:\Users\User\AppData\Roaming\cafe
2008-08-29 21:07 --------- d-----w C:\Program Files\Common Files\Akamai
2008-08-29 17:01 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-29 16:59 410,144 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-29 16:07 691 ----a-w C:\Users\User\AppData\Roaming\GetValue.vbs
2008-08-29 16:07 35 ----a-w C:\Users\User\AppData\Roaming\SetValue.bat
2008-08-29 16:07 2,832 ----a-w C:\Windows\System32\tmp.reg
2008-08-29 15:04 --------- d-----w C:\Program Files\Google
2008-08-29 01:44 --------- d-----w C:\Users\User\AppData\Roaming\IDM
2008-08-29 01:17 --------- d-----w C:\Users\User\AppData\Roaming\Thinstall
2008-08-29 00:42 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-29 00:42 --------- d-----w C:\Program Files\Common Files\Real
2008-08-28 00:49 --------- d-----w C:\Users\User\AppData\Roaming\Kaspersky_Key_Finder_(KKF
2008-08-27 19:23 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-27 19:03 --------- d-----w C:\Users\User\AppData\Roaming\Grisoft
2008-08-27 19:03 --------- d-----w C:\ProgramData\Grisoft
2008-08-27 11:38 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-26 11:27 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-25 23:39 --------- d-----w C:\Users\User\AppData\Roaming\TeamViewer
2008-08-21 11:01 --------- d-----w C:\Program Files\Java
2008-08-21 10:30 --------- d-----w C:\Program Files\Common Files\Java
2008-08-20 09:43 --------- d-----w C:\Program Files\BandRich
2008-08-17 08:44 --------- d-----w C:\Users\User\AppData\Roaming\Paltalk
2008-08-17 08:25 --------- d-----w C:\Program Files\Paltalk Messenger
2008-08-14 22:29 --------- d-----w C:\Program Files\Yahoo!
2008-08-14 00:40 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 23:58 --------- d-----w C:\Program Files\vghd
2008-08-08 20:55 --------- d-----w C:\Program Files\Common Files\Rtools
2008-08-08 17:42 --------- d-----w C:\Users\User\AppData\Roaming\Nero
2008-08-08 17:40 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-08 17:38 --------- d-----w C:\ProgramData\Nero
2008-08-08 17:38 --------- d-----w C:\Program Files\Nero
2008-08-06 16:43 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-08-06 05:59 --------- d-----w C:\Program Files\IVT Corporation
2008-08-05 23:04 --------- d-----w C:\Program Files\Counter-strike
2008-08-04 19:35 --------- d-----w C:\ProgramData\NVIDIA
2008-08-04 09:48 --------- d-----w C:\Program Files\BitLocker
2008-08-04 09:47 --------- d-----w C:\Program Files\Microsoft Games
2008-08-04 00:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-03 17:05 --------- d-----w C:\Program Files\DynGate
2008-08-02 01:56 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-02 01:45 --------- d-----w C:\Users\User\AppData\Roaming\Microsoft Games
2008-08-02 00:14 --------- d-----w C:\ProgramData\cafe
2008-08-02 00:12 --------- d-----w C:\Program Files\cafe
2008-07-31 20:58 --------- d-----w C:\Users\User\AppData\Roaming\elefundesktops
2008-07-31 20:58 --------- d-----w C:\Program Files\EleFun Desktops
2008-07-31 20:30 --------- d-----w C:\Program Files\Real
2008-07-31 15:42 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-31 14:56 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-31 14:41 --------- d-----w C:\Users\User\AppData\Roaming\Media Player Classic
2008-07-31 08:24 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-31 08:24 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-07-31 08:02 15,600 ----a-w C:\Windows\gdrv.sys
2008-07-31 07:19 --------- d-----w C:\ProgramData\Messenger Plus!
2008-07-31 07:17 --------- d-----w C:\Program Files\Dictionary
2008-07-31 07:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-31 07:15 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-31 07:15 --------- d-----w C:\Program Files\Firefox 2.0.0.13
2008-07-31 07:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-31 07:11 --------- d-----w C:\Program Files\Windows Live
2008-07-31 07:05 --------- d-----w C:\Program Files\Realtek
2008-07-31 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 07:04 --------- d-----w C:\Users\User\AppData\Roaming\InstallShield
2008-07-31 07:02 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-31 07:01 315,392 ----a-w C:\Windows\HideWin.exe
2008-07-31 07:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-31 06:58 155,995 ----a-w C:\Windows\Java\Packages\73XBTVBB.ZIP
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Journal
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Defender
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-31 06:58 --------- d-----w C:\Program Files\Windows Calendar
2008-07-31 06:58 --------- d-----w C:\Program Files\Intel
2008-07-31 06:46 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-29 15:46 128,840 ----a-w C:\Windows\System32\cafe.scr
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-04 15:30 9,728 ----a-w C:\Windows\System32\BsMonUI.dll
2008-06-04 15:30 57,430 ----a-w C:\Windows\System32\btfunc.dll
2008-06-04 15:30 53,248 ----a-w C:\Windows\System32\HtmPrintHelper.dll
2008-06-04 15:30 405,589 ----a-w C:\Windows\System32\BsUI.dll
2008-06-04 15:30 278,647 ----a-w C:\Windows\System32\outlookAddin.dll
2008-06-04 15:30 18,432 ----a-w C:\Windows\System32\BsMonSvr.dll
2008-06-04 15:29 622,693 ----a-w C:\Windows\System32\BSShell.dll
2008-06-04 15:29 540,758 ----a-w C:\Windows\System32\Bscdlg.dll
2008-06-04 15:29 114,788 ----a-w C:\Windows\System32\BsProfileFunc.dll
2008-06-04 15:29 114,774 ----a-w C:\Windows\System32\versit.dll
2008-06-04 15:28 94,314 ----a-w C:\Windows\System32\BsHelpCSps.dll
2008-06-04 15:28 520,307 ----a-w C:\Windows\System32\BlueSoleilCSps.dll
.

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


((((((((((((((((((((((((((((( snapshot@Fri 08-29-2008_15.33.03.88 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-09 12:01:48 118,784 ----a-w C:\Windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 12:01:48 53,248 ----a-w C:\Windows\BDOSCAN8\ipsupd.dll
- 2008-08-29 10:23:44 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-29 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-29 10:23:44 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-29 17:00:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-29 10:24:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-29 17:00:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-29 10:25:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-29 17:01:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-21 02:23:20 166,912 ----a-w C:\Windows\System32\CIADMIN.DLL
+ 2008-01-21 02:23:20 14,336 ----a-w C:\Windows\System32\CIDAEMON.EXE
+ 2008-01-21 02:23:20 75,264 ----a-w C:\Windows\System32\ciodm.dll
+ 2008-01-21 02:23:20 11,264 ----a-w C:\Windows\System32\CISVC.EXE
- 2008-08-29 10:23:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-29 17:00:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-29 10:23:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
+ 2008-08-29 17:00:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
- 2008-08-29 10:23:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\s\index.dat
+ 2008-08-29 17:00:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\s\index.dat
+ 2006-11-02 12:34:30 120,320 ----a-w C:\Windows\System32\idq.dll
+ 2008-01-21 02:23:20 14,848 ----a-w C:\Windows\System32\isintsup.exe
+ 2008-01-21 02:23:20 59,392 ----a-w C:\Windows\System32\ixsso.dll
+ 2007-07-27 11:49:02 196,683 ----a-w C:\Windows\System32\lnod32apiA.dll
+ 2007-07-27 11:49:02 225,355 ----a-w C:\Windows\System32\lnod32apiW.dll
+ 2005-12-05 16:25:22 139,264 ----a-w C:\Windows\System32\lnod32umc.dll
+ 2005-12-05 09:37:10 106,496 ----a-w C:\Windows\System32\lnod32upd.dll
+ 2008-02-11 06:39:26 253,952 ----a-w C:\Windows\System32\OnlineScannerDLLA.dll
+ 2008-02-11 06:39:18 237,568 ----a-w C:\Windows\System32\OnlineScannerDLLW.dll
+ 2008-02-08 10:53:46 110,592 ----a-w C:\Windows\System32\OnlineScannerLang.dll
+ 2008-02-05 05:48:04 77,824 ----a-w C:\Windows\System32\OnlineScannerUninstaller.exe
- 2008-08-29 10:31:07 78,292 ----a-w C:\Windows\System32\perfc001.dat
+ 2008-08-29 17:06:47 79,562 ----a-w C:\Windows\System32\perfc001.dat
- 2008-08-29 10:31:07 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-29 17:06:47 102,322 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-29 10:31:07 439,008 ----a-w C:\Windows\System32\perfh001.dat
+ 2008-08-29 17:06:47 441,602 ----a-w C:\Windows\System32\perfh001.dat
- 2008-08-29 10:31:07 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-29 17:06:47 589,490 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-19 15:28:55 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-08-29 16:59:54 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2004-12-07 07:11:34 258,352 ----a-w C:\Windows\System32\unicows.dll
- 2008-08-29 10:25:34 7,550 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-832319157-1484226640-4272999239-1000_UserData.bin
+ 2008-08-29 17:02:41 8,162 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-832319157-1484226640-4272999239-1000_UserData.bin
- 2008-08-29 10:25:34 61,522 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-29 17:02:41 62,098 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-29 10:25:33 37,128 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-29 17:02:40 37,702 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-21 02:23:20 47,104 ----a-w C:\Windows\System32\WEBHITS.DLL
- 2008-08-19 11:23:39 90,610,208 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-08-29 16:59:43 130,053,207 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/21/2008 05:21 AM 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [08/16/2007 04:19 PM 5728112]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [12/21/2007 07:08 AM 931760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 03:35 PM 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/21/2008 05:23 AM 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [01/21/2008 05:21 AM 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [09/12/2007 05:28 AM 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [09/12/2007 05:28 AM 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [09/12/2007 05:28 AM 81920]
"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [06/05/2008 05:50 PM 231424]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 09:51 AM 1836328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"!AVG Anti-Spyware"="C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe" [10/03/2007 04:00 AM 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/29/2008 03:41 AM 185896]
"RtHDVCpl"="RtHDVCpl.exe" [07/06/2007 06:06 AM 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [06/15/2007 11:45 AM 1826816 C:\Windows\SkyTel.exe]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
cafe.lnk - C:\Program Files\cafe\cafeAgent.exe [2008-06-29 18:46:27 145736]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
cafe.lnk - C:\Program Files\cafe\cafeAgent.exe [2008-06-29 18:46:27 145736]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2008-05-09 01:17:29 10452992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BECB7C77-E757-4E17-9B0A-CA0077670929}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D52A226D-29B9-410E-90B2-D291AC8831AE}"= UDP:9420:Akamai Network Manager
"{E01A04A3-EF02-46C5-A960-59015FCF2423}"= TCP:5000:Akamai Network Manager
"{3181F77A-D252-4F41-8D6C-68C38B92199D}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{FA55C007-937E-488A-BF7B-CF0E509E0B04}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{C8C16F42-C2CE-4D31-8544-507FCBD4209C}"= UDP:C:\Program Files\Paltalk Messenger\paltalk.exe:PaltalkScene
"{BB239972-572C-4AA7-AFC6-E0A25EFCACA8}"= TCP:C:\Program Files\Paltalk Messenger\paltalk.exe:PaltalkScene
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys [01/21/2008 07:28 PM]
R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [08/30/2008 12:28 AM]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [04/04/2007 02:59 PM]
R2 Akamai;Akamai;C:\Windows\System32\svchost.exe [01/21/2008 05:21 AM]
R2 Apache2.2;Apache2.2;C:\AppServ\Apache2.2\bin\httpd.exe [01/17/2008 08:37 PM]
R2 BandLuxe_Service;BandLuxe Service;C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [06/03/2008 10:12 AM]
R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [06/05/2008 05:50 PM]
R2 BsMobileCS;BsMobileCS;C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [06/04/2008 06:26 PM]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [08/30/2008 12:28 AM]
R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [06/04/2008 06:28 PM]
R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys [01/21/2008 07:28 PM]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\Windows\system32\DRIVERS\br3gmdm.sys [03/14/2008 10:31 AM]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [01/21/2008 05:21 AM]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [01/21/2008 05:21 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\AUTORUN_BANDLUXE.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b9c5e0-6f7b-11dd-9fcf-101111111111}]
\shell\AutoRun\command - semo2x.exe
\shell\explore\Command - semo2x.exe
\shell\open\Command - semo2x.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e290584-6565-11dd-9eec-101111111111}]
\shell\Auto\command - auto.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\shell\explore\Command - I:\oufddh.exe
\shell\open\Command - I:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45afc057-5ecb-11dd-a17b-806e6f6e6963}]
\shell\AutoRun\command - H:\Autorun\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e275b127-6e83-11dd-aa5a-101111111111}]
\shell\AutoRun\command - I:\AUTORUN_BANDLUXE.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e275b247-6e83-11dd-aa5a-101111111111}]
\shell\AutoRun\command - I:\AUTORUN_BANDLUXE.EXE
*Newly Created Service* - PXARK
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
C:\Windows\Downloaded Program Files\SysReqLab3.osd
C:\Windows\Downloaded Program Files\sysreqlab3.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2008-08-30 00:51:48
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\BsMobileSDK.dll
-> C:\Windows\system32\BsLangInDepRes.dll
.
Completion time: 08/30/2008 0:52:44
ComboFix-quarantined-files.txt 2008-08-29 21:52:40
ComboFix2.txt 2008-08-29 12:33:30
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 40,924,667,904 bytes free
296 --- E O F --- 2008-08-29 21:18:48
وهذا تقرير الهايجك:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:59:24, on 30/08/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\cafe\cafeAgent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Windows\Explorer.exe
C:\Users\User\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.awalnet.net.sa:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - c:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7039 bytes

والى الان لم تنتهي المشكلة:y:
 
تأييد 0
حدد القيم واحذفها


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)




O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)




O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)




O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي








طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png




واخبرنا بالنتيجه لاهنت​
 
توقيع : AbOdy
تأييد 0
المعذرة على التأخير

قم بعمل التالي



ادخل على خيارات الأنترنت وتابع الصورة

zyzoom-094b651ff1.GIF



وانتظر حتى يكتمل وثم احذف القيم المشار اليها ومن ثم استخدم اداه التنظيف

لاهنت يا الذيب​
 
توقيع : AbOdy
تأييد 0
اخي العزيز abOdy

انا عارف اني تعبتك معي
سويت اللي قلت عليه بالنسبة لاعادة التعيين في المتصفح وحاولت اني احذف القيم ولم تحذف وسوف ارفق لك التقرير ، عملت دخول بالsafe mode وان احذفها ولكن دون جدوى اما للاداءة الاخرى فقد اشتغلت بالسيف مود مع العلم بأن الويندوز لدي فيستا التميت وعملت scan الى ظهور Done فعملت close حسب شرحك.
اتركك الان مع التقرير بعد كل ذا:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:33:33, on 30/08/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\cafe\cafeAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\User\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: cafe.lnk = C:\Program Files\cafe\cafeAgent.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{BE6C4DCF-4A03-44C3-B351-80FB84F1803E}: NameServer = 84.23.102.172 84.23.102.173
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - c:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7223 bytes

ولاتنسى الويندوز لدي فيستا التميت

مع خالص شكري وتقديري لك،،،
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى