تقرير Hijack + Combo Fix

علي ش2ة · 30 سبتمبر 2008

السلام عليكم ورحمة الله وبركاته

كل عام وانتم بخير

===================

1- تقرير Combo Fix + سؤال

PHP:

ComboFix 08-09-28.01 - TheGenius 09/30/2008  1:34:12.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1256.1.1033.18.306 [GMT 3:00]
Running from: C:\Users\TheGenius\Desktop\ComboFix.exe
 * Resident AV is active

.

(((((((((((((((((((((((((   Files Created from 2008-08-28 to 2008-09-29  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 22:38    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\DMCache
2008-09-28 18:59    ---------    d-----w    C:\Program Files\FlashGet
2008-09-28 05:15    ---------    d-----w    C:\Program Files\SpyMe Tools
2008-09-28 05:15    ---------    d-----w    C:\Program Files\Megaware
2008-09-28 05:04    ---------    d---a-w    C:\ProgramData\TEMP
2008-09-28 04:59    ---------    d-----w    C:\Program Files\GetData
2008-09-28 02:43    ---------    d-----w    C:\Program Files\Total Video Converter
2008-09-27 23:11    ---------    d-----w    C:\Program Files\IEPro
2008-09-22 04:41    ---------    d-----w    C:\Program Files\Nokia
2008-09-22 04:41    ---------    d-----w    C:\Program Files\Common Files\PCSuite
2008-09-22 04:41    ---------    d-----w    C:\Program Files\Common Files\Nokia
2008-09-20 19:00    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\PC Suite
2008-09-20 05:31    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\Nokia
2008-09-20 05:21    0    ---ha-w    C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-09-20 05:20    ---------    d-----w    C:\ProgramData\PC Suite
2008-09-20 05:14    ---------    d-----w    C:\Program Files\DIFX
2008-09-20 05:12    ---------    d-----w    C:\Program Files\PC Connectivity Solution
2008-09-20 05:07    ---------    d-----w    C:\ProgramData\Installations
2008-09-20 03:17    ---------    d-----w    C:\Program Files\Internet Download Manager
2008-09-19 19:26    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\IDM
2008-09-17 20:02    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\aAvgApi
2008-09-17 08:10    357,818    ----a-w    C:\Windows\System32\360x180° Mekan.scr
2008-09-17 04:22    ---------    d-----w    C:\Program Files\Dell
2008-09-17 04:19    ---------    d-----w    C:\Program Files\SigmaTel
2008-09-15 19:50    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\MakeUpPilot
2008-09-13 15:36    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-09-12 10:44    206,256    ----a-w    C:\Windows\System32\idmmbc.dll
2008-09-12 05:24    ---------    d-----w    C:\ProgramData\Kaspersky Lab
2008-09-11 20:01    ---------    d-----w    C:\ProgramData\TechSmith
2008-09-11 20:01    ---------    d-----w    C:\Program Files\TechSmith
2008-09-09 18:52    ---------    d-----w    C:\ProgramData\Microsoft Help
2008-09-09 18:41    ---------    d-----w    C:\Program Files\Microsoft Works
2008-09-09 04:45    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\Sony
2008-09-07 20:46    ---------    d-----w    C:\Program Files\الحاسبة المتطورة لـ Microsoft
2008-09-03 22:08    97,928    ----a-w    C:\Windows\system32\drivers\avgldx86.sys
2008-09-03 22:08    69,128    ----a-w    C:\Windows\system32\drivers\avgwfpx.sys
2008-09-03 22:08    12,936    ----a-w    C:\Windows\system32\drivers\avgrkx86.sys
2008-09-03 22:08    10,520    ----a-w    C:\Windows\System32\avgrsstx.dll
2008-09-03 22:08    ---------    d-----w    C:\ProgramData\Avg8
2008-09-03 22:08    ---------    d-----w    C:\Program Files\AVG
2008-09-03 17:51    ---------    d-----w    C:\ProgramData\EPSON
2008-09-03 17:49    ---------    d-----w    C:\Program Files\Messenger Plus! Live
2008-09-03 12:53    20,684    --sha-w    C:\Windows\system32\drivers\fidbox.idx
2008-09-03 12:53    1,673,248    --sha-w    C:\Windows\system32\drivers\fidbox.dat
2008-09-02 22:41    ---------    d-----w    C:\Users\Administrator\AppData\Roaming\TuneUp Software
2008-09-01 20:12    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\CyberPower Audio Editing Lab
2008-08-30 17:39    ---------    d-----w    C:\Users\Administrator\AppData\Roaming\Media Player Classic
2008-08-28 15:50    81,920    ----a-w    C:\Users\TheGenius\AppData\Roaming\ezpinst.exe
2008-08-28 15:50    47,360    ----a-w    C:\Users\TheGenius\AppData\Roaming\pcouffin.sys
2008-08-28 15:50    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\Vso
2008-08-28 10:59    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\Thinstall
2008-08-28 06:19    ---------    d-----w    C:\Users\Administrator\AppData\Roaming\Grisoft
2008-08-24 02:33    ---------    d-----w    C:\ProgramData\WLInstaller
2008-08-22 22:27    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\DeskSpace
2008-08-22 22:19    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\OtakuSoftware
2008-08-16 21:39    ---------    d-----w    C:\Program Files\K-Lite Codec Pack
2008-08-14 23:03    ---------    d-----w    C:\Program Files\Windows Mail
2008-08-05 00:21    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\EPSON
2008-08-04 20:06    ---------    d-----w    C:\ProgramData\UDL
2008-08-04 20:06    ---------    d-----w    C:\Program Files\Common Files\InstallShield
2008-08-04 19:58    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\InstallShield
2008-08-02 23:25    ---------    d-----w    C:\Program Files\directx
2008-08-02 03:26    36,864    ----a-w    C:\Windows\System32\cdd.dll
2008-08-02 01:01    625,152    ----a-w    C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-31 08:55    306,432    ----a-w    C:\Windows\System32\TuneUpDefragService.exe
2008-07-31 08:55    ---------    d-----w    C:\Users\TheGenius\AppData\Roaming\TuneUp Software
2008-07-31 08:54    ---------    d-----w    C:\ProgramData\TuneUp Software
2008-07-31 08:54    ---------    d-----w    C:\Program Files\TuneUp Utilities 2008
2008-07-31 08:53    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 03:32    460,288    ----a-w    C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32    28,160    ----a-w    C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32    2,154,496    ----a-w    C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32    173,056    ----a-w    C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13    4,240,384    ----a-w    C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10    53,448    ----a-w    C:\Windows\System32\wuauclt.exe
2008-07-19 05:10    45,768    ----a-w    C:\Windows\System32\wups2.dll
2008-07-19 05:10    36,552    ----a-w    C:\Windows\System32\wups.dll
2008-07-19 05:09    563,912    ----a-w    C:\Windows\System32\wuapi.dll
2008-07-19 05:09    1,811,656    ----a-w    C:\Windows\System32\wuaueng.dll
2008-07-19 03:44    83,456    ----a-w    C:\Windows\System32\wudriver.dll
2008-07-19 03:44    1,524,736    ----a-w    C:\Windows\System32\wucltux.dll
2008-07-18 19:08    163,904    ----a-w    C:\Windows\System32\wuwebv.dll
2008-07-18 17:44    31,232    ----a-w    C:\Windows\System32\wuapp.exe
2008-07-16 01:32    2,048    ----a-w    C:\Windows\System32\tzres.dll
2008-07-15 11:13    83,224    ----a-w    C:\Windows\System32\DellSys.dll
2008-07-13 05:13    348,160    ----a-w    C:\Windows\System32\msvcr71.dll
2008-05-13 20:39    174    --sha-w    C:\Program Files\desktop.ini
2008-06-22 03:07    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-22 03:07    32,768    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2008-06-22 03:07    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\s\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 10:33 AM 125952]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 10:33 AM 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/15/2006 07:06 PM 815104]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [05/12/2008 08:32 PM 148888]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [09/04/2008 01:08 AM 1235736]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/28/2008 01:56 PM 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/28/2008 01:56 PM 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/28/2008 01:56 PM 133656]
"SigmatelSysTrayApp"="sttray.exe" [01/12/2007 10:51 AM 303104 C:\Windows\sttray.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 10:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 11/29/2007 07:25 PM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 08/11/2008 08:31 AM 1124352 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9D1E53B8-6940-4D80-BE80-7CC23323C34E}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{D04DE61D-F3A0-4206-951F-5008C30B0648}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{3047F2D7-35A5-4385-BC35-62BD475D7964}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C05479CD-315C-4F50-A2A0-58AE0CEA74CA}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F1FFEAF7-5826-4C1D-9C5F-CEEBCE5B61B4}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{718D4723-2354-4037-A950-D44E98FE0E0D}"= Disabled:UDP:C:\Program Files\NetSupport Manager\client32.exe:NetSupport Client
"{AF834D53-6EF3-4F20-8CF6-8D67CECFFE4A}"= Disabled:TCP:C:\Program Files\NetSupport Manager\client32.exe:NetSupport Client
"{C31974F3-0035-4F87-8A2C-3B875BE3DF65}"= Disabled:UDP:C:\Program Files\NetSupport Manager\PCICTLUI.EXE:NetSupport Control
"{0E8BE35E-1BDF-4598-B0ED-588E6E6978C0}"= Disabled:TCP:C:\Program Files\NetSupport Manager\PCICTLUI.EXE:NetSupport Control
"{67F80579-D46D-4FC7-B1D9-84E20013237E}"= Disabled:UDP:C:\Program Files\NetSupport Manager\pcideply.exe:NetSupport Deploy
"{27E581CD-B921-474F-9CFA-128F51186D69}"= Disabled:TCP:C:\Program Files\NetSupport Manager\pcideply.exe:NetSupport Deploy
"{DA68E378-8D82-48C6-8F8F-78A6A9823BA8}"= Disabled:UDP:C:\Program Files\NetSupport Manager\PCISA.EXE:NetSupport Scripting Agent
"{24792AEA-9F3C-4514-86AF-B50784FF55DD}"= Disabled:TCP:C:\Program Files\NetSupport Manager\PCISA.EXE:NetSupport Scripting Agent
"{C661EC2F-CFE5-46B8-9D53-962E5131E4B8}"= Disabled:UDP:C:\Program Files\NetSupport Manager\pciscrui.exe:NetSupport Script Editor
"{EE346F6D-C54E-48D7-8E16-A1974EE3C89D}"= Disabled:TCP:C:\Program Files\NetSupport Manager\pciscrui.exe:NetSupport Script Editor
"{8EB8E9D6-11FF-49E2-92B6-BFF41C648752}"= Disabled:UDP:C:\Program Files\NetSupport Manager\runscrip.exe:NetSupport Run Script
"{85706356-0091-444C-9823-92CB8E71A810}"= Disabled:TCP:C:\Program Files\NetSupport Manager\runscrip.exe:NetSupport Run Script

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [09/04/2008 01:08 AM 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [09/04/2008 01:08 AM 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [09/04/2008 01:08 AM 231704]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [09/04/2008 01:08 AM 1220888]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [05/12/2008 08:32 PM 147456]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [01/19/2008 10:33 AM 21504]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [09/04/2008 01:08 AM 69128]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [11/06/2006 05:37 PM 78128]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [11/06/2006 03:13 PM 80176]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [11/06/2006 03:13 PM 16560]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [04/03/2007 10:43 AM 1131136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [07/31/2008 11:55 AM 306432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2483d4ff-3553-11dd-8b1a-806e6f6e6963}]
\shell\AutoRun\command - F:\RavMon.exe
\shell\explore\Command - F:\RavMon.exe -e
\shell\open\Command - F:\RavMon.exe
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-EPSON Stylus Photo R270 Series - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\TheGenius\AppData\Roaming\Mozilla\Firefox\Profiles\48xvcmi0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://gamezer.com/billiards/
FF -: plugin - C:\Program Files\Java\jre6\bin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\npjpi160_10.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\npoji610.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 01:38:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 09/30/2008  1:40:54
ComboFix-quarantined-files.txt  2008-09-29 22:40:46

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 75,535,740,928 bytes free

218    --- E O F ---    2008-09-28 05:26:41

السؤال >> بعد استخدام الاداة ظهرت لي مجلدات على القرص الصلب C وهي :
1- ComboFix
MSIf3c95.tmp 2
QooBox 3

وش اسوي فيها ؟؟؟:q:

==================================================

2- تقرير Hijack

PHP:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:11, on 2008-09-30
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Programms\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.awalnet.net.sa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6619 bytes

Enter · 30 سبتمبر 2008

احذف القيم التاليه

O4 - HKLM..Run: [SynTPEnh] C

rogram FilesSynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [AVG8_TRAY] C

ROGRA~1AVGAVG8avgtray.exe

O4 - HKLM..Run: [IgfxTray] C:Windowssystem32igfxtray.exe

O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe

O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe

O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe

O4 - HKCU..Run: [Sidebar] C

rogram FilesWindows Sidebarsidebar.exe /autoRun

O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C

ROGRA~1AVGAVG8avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C

ROGRA~1AVGAVG8avgfws8.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C

rogram FilesCommon FilesInterVideoDeviceServiceDevSvc.exe

O23 - Service: Iap - Dell Inc. - C

rogram FilesDellOpenManageClientIap.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C

rogram FilesJavajre6binjqs.exe

O23 - Service: ServiceLayer - Nokia. - C

rogram FilesPC Connectivity SolutionServiceLayer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C

rogram FilesSigmaTelC-Major AudioWDMSTacSV.exe

O23 - Service: @%SystemRoot%System32TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:WindowsSystem32TuneUpDefragService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

طريقة الحذف

تنظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

بعدين لو تركب الكاسبر سيكورتي ترى افضل لك اخر اصدار

علي ش2ة · 30 سبتمبر 2008

مشكور اخوي على تجاوبك السريع

بعد استخدام الاداة ظهرت لي مجلدات على القرص الصلب C وهي :
1- ComboFix
MSIf3c95.tmp 2
QooBox 3

وش اسوي فيها ؟؟؟:q:

لكن اداة التنظيف خاصه بالـ XP وانا جهازي Vista ممكن توضيح زياده ؟؟

BOYKA · 30 سبتمبر 2008

علي ش2ة قال:
مشكور اخوي على تجاوبك السريع

بعد استخدام الاداة ظهرت لي مجلدات على القرص الصلب C وهي :
1- ComboFix
MSIf3c95.tmp 2
QooBox 3

وش اسوي فيها ؟؟؟:q:

لكن اداة التنظيف خاصه بالـ XP وانا جهازي Vista ممكن توضيح زياده ؟؟

احذفها
مالها داعي
طالما تم التنظيف

k:

علي ش2ة · 30 سبتمبر 2008

طيب القيم اللي قال عليها اخونا Enter احذفها كلها ؟؟

لأن في واحد من القيم خاص ببرنامج الحمايه

البارون · 30 سبتمبر 2008

هات تقرير جديد ولصقة في ردك الجاي بدون ماتحطه في كود php

علي ش2ة · 30 سبتمبر 2008

تفضل اخوي البارون

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:50:34 ص, on 30/09/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
F:\Programms\Zyzoom_HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.awalnet.net.sa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6045 bytes

البارون · 30 سبتمبر 2008

اول شيء تقريرك سليم (( انت مشغل اداة الغاء تجزيئة القرص ببرنامج تون اب )) اذا مشغله مافي مشكلة اذا مو مشغلة

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

احذف هالقيمة

وركب برنامج فايروسات اللي عندك مومسوي حماية كاملة خاصية البحث عن الفايوسات معطلة للجهاز ركب الكاسبر او الافيرا

علي ش2ة · 30 سبتمبر 2008

مشكور أخوي ،، حذفت برنامج AVG وركبت الكاسبر 2009

لكن عندي سؤال القيم اللي قال عليها اخونا Enter لو كنت حذفتها وش كان بيصير ؟؟

البارون · 30 سبتمبر 2008

ممكن القيم كان فيها مشاكل اول بس الحين بعد التقرير الجديد راحت هالمشاكل والاخ انتر حاول يساعد بقدر مايستطيع

فقل له شكرا على مجرد الاهتمام بالموضوع

علي ش2ة · 30 سبتمبر 2008

شــــكــــرا Enter ،، البارون . جزاكم الله خير ،، وكل عام وانت بألف خير

تقرير Hijack + Combo Fix

علي ش2ة

زيزوومى فعال

Enter

زيزوومى مميز

توقيع : Enter

علي ش2ة

زيزوومى فعال

BOYKA

زيزوومى مبدع

توقيع : BOYKA

علي ش2ة

زيزوومى فعال

البارون

زيزوومى فضى

توقيع : البارون

علي ش2ة

زيزوومى فعال

البارون

زيزوومى فضى

توقيع : البارون

علي ش2ة

زيزوومى فعال

البارون

زيزوومى فضى

توقيع : البارون

علي ش2ة

زيزوومى فعال

NTLite Business 2025.8.10552 X64