صادف مشكلة ويجب اغلاقة ارجو الحل

أ

أبوخيال

زيزوومي جديد
إنضم
27 يناير 2008
المشاركات
2
مستوى التفاعل
0
النقاط
0
غير متصل
السلام عليكم
اذا جيت على على قرص السي تجيني صادف مشكلة

وهذا التقرير


Logfile of HijackThis v1.99.1
Scan saved at 05:46:43 ص, on 04/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\Idman.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CC\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\Idman.exe /onboot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبي فقط



شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
000.png





001.png



وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png




عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم





















 
تأييد 0
اعمل هذي الخطوه اولا من اخينا ماسك

عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
أنقر للتوسيع...
ثم تقرير هاي جاك
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
هذا التقرير
ComboFix 08-09-03.03 - CC 09/05/2008 7:03:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1541 [GMT 3:00]
Running from: C:\Documents and Settings\CC\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\kk3.bat
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 04:05 --------- d-----w C:\Documents and Settings\CC\Application Data\DMCache
2008-09-05 01:54 --------- d-----w C:\Program Files\lg_fwupdate
2008-09-04 02:10 --------- d-----w C:\Documents and Settings\CC\Application Data\Uniblue
2008-09-04 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-04 00:47 --------- d-----w C:\Program Files\Lavasoft
2008-09-04 00:19 --------- d-----w C:\Documents and Settings\CC\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-03 02:19 --------- d-----w C:\Program Files\AskBarDis
2008-09-02 21:06 --------- d-----w C:\Program Files\Unrelated Inventions
2008-09-02 17:53 --------- d-----w C:\Documents and Settings\CC\Application Data\CyberLink
2008-09-02 17:53 --------- d-----w C:\Documents and Settings\CC\Application Data\Ahead
2008-09-02 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-02 00:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-02 00:28 --------- d-----w C:\Program Files\Sun
2008-09-02 00:28 --------- d-----w C:\Program Files\Java
2008-09-01 23:50 --------- d-----w C:\Program Files\Common Files\Java
2008-09-01 22:30 --------- d-----w C:\Program Files\ESET
2008-09-01 22:12 --------- d-----w C:\Program Files\Paltalk Messenger
2008-09-01 22:12 --------- d-----w C:\Documents and Settings\CC\Application Data\Paltalk
2008-08-31 20:37 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-31 20:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-31 20:27 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-31 20:27 --------- d-----w C:\Program Files\CONEXANT
2008-08-31 20:27 --------- d-----w C:\Documents and Settings\CC\Application Data\IDM
2008-08-31 20:25 --------- d-----w C:\Documents and Settings\CC\Application Data\COWON
2008-08-31 20:22 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-08-31 20:22 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-08-31 20:22 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-08-31 20:21 --------- d-----w C:\Program Files\MSN Messenger
2008-08-31 20:20 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-08-31 20:20 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-31 20:20 --------- d-----w C:\Program Files\ACD Systems
2008-08-31 20:20 --------- d-----w C:\Documents and Settings\CC\Application Data\ACD Systems
2008-08-31 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-31 20:19 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-08-31 20:19 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-31 20:18 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-08-31 20:18 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-31 20:18 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-08-31 20:18 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-08-31 20:18 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-08-31 20:18 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-08-31 20:18 172,032 ------w C:\WINDOWS\Setup1.exe
2008-08-31 20:18 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-08-31 20:18 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-08-31 20:18 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-08-31 20:18 --------- d-----w C:\Program Files\Real_SC
2008-08-31 20:18 --------- d-----w C:\Program Files\Macromedia
2008-08-31 20:17 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-08-31 20:17 --------- d-----w C:\Program Files\mpegable
2008-08-31 20:17 --------- d-----w C:\Program Files\JetAudio
2008-08-31 20:17 --------- d-----w C:\Program Files\Common Files\COWON
2008-08-31 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-31 20:13 --------- d-----w C:\Program Files\Microsoft Works
2008-08-31 20:12 --------- d-----w C:\Program Files\Yahoo!
2008-08-31 20:12 --------- d-----w C:\Program Files\MSBuild
2008-08-31 20:12 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-31 19:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-31 19:51 --------- d-----w C:\Program Files\Real
2008-08-31 19:51 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-31 19:50 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-31 19:50 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-31 19:50 --------- d-----w C:\Program Files\Common Files\Real
2008-08-31 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-31 19:48 --------- d-----w C:\Program Files\Nero
2008-08-31 19:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-31 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-31 19:47 --------- d-----w C:\Program Files\CyberLink
2008-08-31 19:36 745,472 ----a-r C:\WINDOWS\system32\NETw4c32.dll
2008-08-31 19:36 2,777,088 ----a-r C:\WINDOWS\system32\NETw4r32.dll
2008-08-31 19:36 2,236,032 ----a-r C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-08-31 19:32 --------- d-----w C:\Program Files\Intel
2008-08-31 19:31 376,832 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2008-08-31 19:25 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-08-31 19:25 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-08-31 19:25 --------- d-----w C:\Documents and Settings\CC\Application Data\Intel
2008-08-31 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-08-31 19:17 --------- d-----w C:\Program Files\TOSHIBA
2008-08-31 19:14 --------- d-----w C:\Program Files\ATI
2008-08-31 19:10 --------- d-----w C:\Program Files\O2Micro Flash Memory Card Driver
2008-08-31 18:52 --------- d-----w C:\Program Files\Synaptics
2008-08-31 18:52 --------- d-----w C:\Program Files\Camera Assistant Software for Toshiba
2008-08-31 18:52 --------- d-----w C:\Documents and Settings\CC\Application Data\InstallShield
2008-08-31 18:51 --------- d-----w C:\Program Files\Marvell
2008-08-31 18:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-31 18:50 --------- d-----w C:\Documents and Settings\CC\Application Data\TMP
2008-08-31 18:50 --------- d-----w C:\Documents and Settings\CC\Application Data\ATI
2008-08-31 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-08-31 18:48 --------- d-----w C:\Program Files\ATI Technologies
2008-08-31 18:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-21 14:13 1,547,776 ----a-w C:\WINDOWS\system32\sfcfiles.dll
2008-08-21 14:12 982,528 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-08-21 14:12 277,784 ----a-w C:\WINDOWS\system32\drivers\iaStor.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
07/17/2008 05:20 PM 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [07/17/2008 05:20 PM 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [07/17/2008 05:20 PM 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\Idman.exe" [02/04/2006 03:09 PM 832512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/30/2007 04:31 AM 1024000]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [10/25/2007 05:41 PM 413696]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [09/01/2008 07:02 PM 249856]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 03:55 PM 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 03:55 PM 1057328]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/31/2008 10:50 PM 185896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [08/31/2008 11:22 PM 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\WINDOWS\system32\drivers\CHDAud.sys [02/02/2008 12:18 AM 732160]
R3 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [01/15/2008 11:34 AM 48472]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKCU-Run-Uniblue RegistryBooster 2009 - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-Device Detector - DevDetect.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O8 -: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-05 07:05:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/05/2008 7:05:38
ComboFix-quarantined-files.txt 2008-09-05 04:05:32
Pre-Run: 74,866,634,752 bytes free
Post-Run: 74,913,013,760 bytes free
195
 
تأييد 0
المعذرة

اخوي ارفع تقرير اخر للهايجاك للتأكد من سلامته ؟؟؟


وشغل هذه الأداة في الوضع الأمن (( سيف مود ))\

شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png






بالأنتظار للتقريرين ؟؟؟؟
 
توقيع : AbOdy
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى