أداة SmitfraudFix _ لفحص وتنظيف الجهاز من الدعايات المزعجه ( شرح بالصور )

[مهاوي وبس]

بارك الله فيكم

هذا التقرير

SmitFraudFix v2.289
Scan done at 18:45:28.21, Tue 04/01/2008
Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

127.0.0.1 winantivirus.com

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\Tasks\At?.job Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945BG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[مهاوي وبس]

بارك الله فيك

وهذا التقرير

SmitFraudFix v2.289
Scan done at 18:45:28.21, Tue 04/01/2008
Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

127.0.0.1 winantivirus.com

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
127.0.0.1

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\Tasks\At?.job Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945BG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[ابومشاري22]

لفحص وتنظيف الجهاز من الدعايات المزعجه مشكور وماقصرت

 

[الوليد المنصوري]

الله عليك يا زيزوم

مشكور لولا الله ثم الاداة هذي لما تمكنت من حل مشكلتي

وشرح وافي وكافي

جزاك الله خير

تحياتي لك​

 

[الشهاب المضيء]

جزاك الله خيرا أخي الحبيب وهذا تقريري
SmitFraudFix v2.314

Scan done at 15:32:01.45, Thu 04/17/2008
Run from C:\Users\alshehab\Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B3003088-8454-45E4-9B9D-63C5F48EFC63}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B3003088-8454-45E4-9B9D-63C5F48EFC63}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B3003088-8454-45E4-9B9D-63C5F48EFC63}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» End



أسأل الله الكريم رب العرش العظيم أن يرحم والديك

 

[غروري ضروري]

SmitFraudFix v2.320
Scan done at 23:42:35.01, Thu 05/15/2008
Run from C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1ED7AF87-E0AF-4530-84FB-697B188F99DF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1ED7AF87-E0AF-4530-84FB-697B188F99DF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1ED7AF87-E0AF-4530-84FB-697B188F99DF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

شوف لي حل يا زيزووووم وربي جننتني الاعلانات أذا جاتني اليوووم برفق لك صوره من الاعلان
وهذي الصوره يا اخوان ساعدووووني

 

[عصام ابوهيبه]

جزاك الله خيرا​

 

[مؤمن من]

مشكووووور كتيييير يا معلم
اداه روعة

 

[هاوي النت]

الله يجزاك خير اخوي تركي الله يوفقك ويرحم والديك​

 

[حطمتني]

الله يعـطيك العــآفيه

زيزوم والله يرحم والديك

على مجهودكـ الرـآئع k:

والله لا يحرمك الأجر امين

=========

هذآ التقـرير بعد إذنك


SmitFraudFix v2.320
Scan done at 14:50:32.20, Fri 05/16/2008
Run from C:\Program Files\ê¤é§ ¤§ï§\Avant Browser\Skins\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 195.226.228.72
DNS Server Search Order: 195.226.228.74
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3773ED7B-687C-44A9-8B35-102D9A92E776}: NameServer=195.226.228.72 195.226.228.74
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3773ED7B-687C-44A9-8B35-102D9A92E776}: NameServer=195.226.228.72 195.226.228.74

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End



======


والله لا يهـينك يآ زيزوم بـرفق تقريري الهـآيجآك والله احس انى جهازي مـدووج

=========


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:57:19 م, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVANTB~1\avant.exe
C:\PROGRA~1\AVANTB~1\avant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\AirLive\Bluetooth Softw\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Bin\Zanda.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\داونلود\Internet Download Manager\IEMonitor.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\مجلد جديد\Avant Browser\avant.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MRT.exe
D:\برامج\تعريب البرامج\برنامج ResHacker\أنقليزي\ResHacker.exe
D:\برامج\تعريب البرامج\برنامج ResHacker\ResHacker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
D:\برامج\برامج منوعه\الهايجاك\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\داونلود\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\gram beep.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [save amen] C:\DOCUME~1\Winxp\APPLIC~1\DRAWSU~1\One blah.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\داونلود\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\AirLive\Bluetooth Softw\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\داونلود\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\داونلود\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\داونلود\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Softw\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Softw\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3773ED7B-687C-44A9-8B35-102D9A92E776}: NameServer = 195.226.228.72 195.226.228.74
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\AirLive\Bluetooth Softw\bin\btwdins.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
--
End of file - 6952 bytes

=========

والله عطيك العافيه وصـحه

نـآطرك

 

[alaswedy]

مشكور اخي علي الشرح

 

[زيزوووم]

هلا والله وغلا فيكم ... وتسلمووون ياغالين

أحبائي أسعدني وشرفني حضوركم العطر

شــاكر لطف ردودكم ... وربي يعطيكم العافية

 

[زيزوووم]

عذرا حبايبي على التأخير ...

وجميع التقارير سليمة​

 

[زيزوووم]

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

( 1 )​

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

--------------------------------------------​

( 2 )​

واعمل تقرير للهايجاك​

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log ​

لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[زيزوووم]

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

ويرحم والديك ويبارك فيك

قفل متصفح الانترنت
وباستخدام البرنامج Hijack This اللي عملت فيه التقرير
اعمل فحص جديد واشر على هذه القيم >>> واضغط على Fix Checked

O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\gram beep.exe


O4 - HKCU\..\Run: [save amen] C:\DOCUME~1\Winxp\APPLIC~1\DRAWSU~1\One blah.exe

وهذا شرح للعمليه (( القيم غير حقيقيه اللهم للشرح ))

​

 

[غروري ضروري]

مشكوووووووووور على رحابة صدرك ومساعدتك لي ولكل الاعضاء
هذا تقرير الهيجك
Logfile of HijackThis v1.99.1
Scan saved at 01:29:13 ص, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\documents and settings\microsoft\local settings\application data\xtbvqc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Documents and Settings\Microsoft\My Documents\Downloads\Compressed\لتحويل شكل الدرايفرات\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [xtbvqc] c:\documents and settings\microsoft\local settings\application data\xtbvqc.exe xtbvqc
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Microsoft\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Microsoft\Application Data\CyberScrub\Privacy Suite"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
وهذا تقرير الاداه
ومشكوووووور مره اخرى
ورحم الله والديك ووالدي جميع المسلمين
ComboFix 08-05-15.3 - Microsoft 05/17/2008 1:32:27.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.166 [GMT 3:00]
Running from: C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc.dat
C:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc.exe
c:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc_nav.dat
c:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc_navps.dat
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 22:35 3,276 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-16 22:35 16,416 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-16 22:35 146,976 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-16 22:35 1,136 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-16 20:50 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\CyberScrub
2008-05-16 20:50 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\cleaner
2008-05-15 20:42 2,396 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-11 01:26 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Nokia Multimedia Player
2008-05-09 19:02 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\PC Suite
2008-05-09 19:02 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Nokia
2008-05-09 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-09 19:01 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-09 19:01 --------- d-----w C:\Program Files\DIFX
2008-05-09 19:01 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-09 19:01 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-09 19:00 --------- d-----w C:\Program Files\Nokia
2008-05-09 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-05-09 17:42 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-09 17:42 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-09 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-08 20:29 --------- d-----w C:\Program Files\Java
2008-05-08 20:29 --------- d-----w C:\Program Files\Common Files\Java
2008-05-08 02:23 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-08 01:51 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-07 11:38 --------- d-----w C:\Program Files\iVocalize Web Conference 4
2008-05-05 23:46 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-05 23:46 --------- d-----w C:\Program Files\Real
2008-05-05 23:46 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 19:16 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\CyberLink
2008-05-05 18:14 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\ACD Systems
2008-05-05 18:06 64,801 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-05 18:06 6,118 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-05 18:06 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-05 18:06 218,624 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-05-05 17:41 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\IDM
2008-05-05 17:41 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\DMCache
2008-05-05 17:15 --------- d-----w C:\Program Files\ClocX
2008-05-05 17:14 --------- d-----w C:\Program Files\KMPlayer
2008-05-05 17:13 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-05 17:13 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-05 17:13 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\SiteAdvisor
2008-05-05 17:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-05 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-05 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-05 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-05 16:19 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-05 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-05 16:16 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-05 16:16 --------- d-----w C:\Program Files\CyberLink
2008-05-05 16:14 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-05-05 16:14 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-05-05 16:14 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-05-05 16:14 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-05-05 16:14 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-05-05 16:14 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-05-05 16:14 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-05-05 16:14 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-05-05 16:14 --------- d-----w C:\Program Files\Real_SC
2008-05-05 16:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-05 15:45 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\BSplayer Pro
2008-05-05 15:44 --------- d-----w C:\Program Files\Webteh
2008-05-05 15:44 --------- d-----w C:\Program Files\Paltalk Messenger
2008-05-05 15:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-05 15:44 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Paltalk
2008-05-05 15:43 --------- d-----w C:\Program Files\Windows Live
2008-05-05 15:42 --------- d-----w C:\Program Files\Yahoo!
2008-05-05 15:42 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-05 15:42 --------- d-----w C:\Program Files\ACD Systems
2008-05-05 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-05 15:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-05 15:33 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-05 15:33 --------- d-----w C:\Program Files\Ahead
2008-05-05 15:32 155,995 ----a-w C:\WINDOWS\java\Packages\2B57R9Z7.ZIP
2008-05-05 15:28 --------- d-----w C:\Program Files\Microsoft Works
2008-05-05 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-05 15:16 --------- d-----w C:\Program Files\Apoint
2008-05-05 15:03 --------- d-----w C:\Program Files\Dell
2008-05-05 14:51 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Toshiba
2008-05-05 14:49 --------- d-----w C:\Program Files\Toshiba
2008-05-05 14:48 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Intel
2008-05-05 14:47 17,056 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-05 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-05-05 14:44 --------- d-----w C:\Program Files\Broadcom
2008-05-05 14:42 --------- d-----w C:\Program Files\CONEXANT
2008-05-05 14:31 --------- d-----w C:\Program Files\SigmaTel
2008-05-05 14:29 --------- d-----w C:\Program Files\Intel
2008-05-05 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 14:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-05 14:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-25 15:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-25 15:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-16 11:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-03-25 17:07 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:49 158,496 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:49 158,496 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:04 1,845,120 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:04 1,845,120 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2006-06-27 02:40 571,184 --sha-r C:\WINDOWS\system32\legitcheckcontrol.dll
2004-08-03 21:56 59,904 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM 15360]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [04/13/2004 05:12 PM 103936]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [05/05/2008 08:13 PM 932864]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [03/26/2008 06:41 PM 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [04/16/2008 12:53 PM 1079808]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="C:\Documents and Settings\Microsoft\Application Data\cleaner\CSPSeraser.exe" [11/20/2007 02:19 PM 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 09:56 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM 385024]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2005 11:26 AM 606208]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 11:33 AM 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/15/2005 09:02 AM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/15/2005 09:02 AM 126976]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"Device Detector"="DevDetect.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [12/05/2007 12:03 AM 36640]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [04/13/2004 05:12 PM 103936]
"Vistadrv"="C:\Documents and Settings\Microsoft\My Documents\Downloads\Compressed\لتحويل شكل الدرايفرات\vsdrv.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM 83608]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/15/2008 12:21 AM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 09:56 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Paltalk Messenger\\PALTALK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3130:UDP"= 3130:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"3131:UDP"= 3131:UDP:Windows Media Format SDK (IEXPLORE.EXE)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [09/17/2007 03:53 PM]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-05-17 01:36:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\WLKEEPER.EXE
C:\PROGRAM FILES\DELL\NICCONFIGSVC\NICCONFIGSVC.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\SITEADVISOR\6253\SASERVICE.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\ZCFGSVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\ACD SYSTEMS\EN\DEVDETECT.EXE
C:\PROGRAM FILES\APOINT\APNTEX.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\BRICOPACKS\VISTA INSPIRAT 2\ROCKETDOCK\ROCKETDOCK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 05/17/2008 1:38:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 22:38:42
Pre-Run: 21,152,989,184 bytes free
Post-Run: 21,101,543,424 bytes free
236 --- E O F --- 2008-05-16 03:33:42​

 

[زيزوووم]

الله يبارك فيك ويسلمك
وجد عندك ملفات خبيثه :hh: وتم حذفها

هل اختف الرسائل ؟؟

لاهنت اعمل تقرير هايجاك جديد​

 

[غروري ضروري]

الله يجزك خير يا الغالي
وما ادري لانه ما تظهر بستمرار ولاكن من بعد التحليل الي برد السابق ما جات
ان شاء الله انها انحذفة لأنها قلق بصراحه
وهذا التحليل الجديد
ومشكوووووووووووور على رحابة صدرك يا الغالي
Logfile of HijackThis v1.99.1
Scan saved at 09:48:22 ص, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Documents and Settings\Microsoft\My Documents\Downloads\Compressed\لتحويل شكل الدرايفرات\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Microsoft\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Microsoft\Application Data\CyberScrub\Privacy Suite"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe​

 

[زيزوووم]

ويجزاك خير ويبارك فيك

الان التقرير تمام

بالتوفيق