yasser3007
زيزوومي جديد
- إنضم
- 28 أكتوبر 2008
- المشاركات
- 14
- مستوى التفاعل
- 0
- النقاط
- 20
غير متصل
السلام عليكمشباب عندي مشكلة في فتح مواقع قياس السرعة لمن افتح الصفحة يطلب مني تنزيل adobe flash playerنزلت البرنامج ....... لاكن المشكلة مستمرة
- بادئ الموضوع yasser3007
- تاريخ البدء
- 765
yasser3007
زيزوومي جديد
- إنضم
- 28 أكتوبر 2008
- المشاركات
- 14
- مستوى التفاعل
- 0
- النقاط
- 20
غير متصل
وين الشباب
تأييد
0
- إنضم
- 2 نوفمبر 2007
- المشاركات
- 733
- مستوى التفاعل
- 145
- النقاط
- 750
غير متصل
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
هات تقرير هايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
هات تقرير هايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
التعديل الأخير بواسطة المشرف:
توقيع : qa6ar
تأييد
0
yasser3007
زيزوومي جديد
- إنضم
- 28 أكتوبر 2008
- المشاركات
- 14
- مستوى التفاعل
- 0
- النقاط
- 20
غير متصل
تجيني هذة الرسالةعفواا الرابط غير صحيح لحظات وننتقل للموقع الجديد
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
yasser3007
زيزوومي جديد
- إنضم
- 28 أكتوبر 2008
- المشاركات
- 14
- مستوى التفاعل
- 0
- النقاط
- 20
غير متصل
ComboFix 08-10-30.04 - vip 2008-10-30 14:20:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.503 [GMT 3:00]
Running from: C:\Documents and Settings\vip\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-30 13:30 . 2008-10-30 13:30 <DIR> d-------- C:\Program Files\Sun
2008-10-30 13:29 . 2008-10-30 13:29 <DIR> d-------- C:\Program Files\Java
2008-10-30 13:29 . 2008-10-30 13:29 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-30 13:29 . 2008-10-30 13:29 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-30 02:43 . 2008-10-30 02:43 <DIR> d-------- C:\VundoFix Backups
2008-10-28 20:09 . 2008-10-28 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\U3
2008-10-28 20:03 . 2008-10-28 21:34 <DIR> d-------- C:\Documents and Settings\vip\Application Data\U3
2008-10-28 09:55 . 2008-10-28 09:55 <DIR> d-------- C:\Documents and Settings\vip\Application Data\Ahead
2008-10-28 09:54 . 2008-10-28 09:54 <DIR> d-------- C:\Program Files\Nero
2008-10-28 09:54 . 2008-10-28 13:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-28 02:25 . 2008-10-28 02:25 <DIR> d-------- C:\Documents and Settings\vip\Application Data\Thinstall
2008-10-28 01:50 . 2008-10-28 01:50 <DIR> d-------- C:\Documents and Settings\vip\Application Data\URSoft
2008-10-28 01:50 . 2008-10-28 01:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-27 16:39 . 2008-06-14 20:31 271,616 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-27 16:39 . 2008-06-14 20:31 271,616 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-27 16:35 . 2008-08-14 16:20 2,190,720 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-27 16:35 . 2008-08-14 16:20 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-27 16:35 . 2008-08-14 16:20 2,067,584 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-27 16:35 . 2008-08-14 16:20 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-27 15:06 . 2008-10-27 15:06 98 --a------ C:\WINDOWS\WirelessFTP.INI
2008-10-27 14:38 . 2008-10-27 14:38 <DIR> d-------- C:\Program Files\Real
2008-10-27 14:38 . 2008-10-27 14:38 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-27 14:38 . 2008-10-27 14:38 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-27 04:06 . 2008-10-27 04:06 0 --a------ C:\WINDOWS\tosOBEX.INI
2008-10-26 23:39 . 2008-10-26 23:39 <DIR> d-------- C:\Program Files\Toshiba
2008-10-26 23:39 . 2007-04-24 13:20 113,920 --a------ C:\WINDOWS\system32\drivers\tosrfbd.sys
2008-10-26 23:39 . 2007-03-01 16:53 73,728 --a------ C:\WINDOWS\system32\drivers\Tosrfhid.sys
2008-10-26 23:39 . 2007-05-24 14:27 64,000 --a------ C:\WINDOWS\system32\drivers\tosrfcom.sys
2008-10-26 23:39 . 2007-01-22 10:43 53,376 --a------ C:\WINDOWS\system32\drivers\TosRfSnd.sys
2008-10-26 23:39 . 2006-10-10 19:33 41,600 --a------ C:\WINDOWS\system32\drivers\tosporte.sys
2008-10-26 23:39 . 2006-11-20 17:55 36,480 --a------ C:\WINDOWS\system32\drivers\tosrfbnp.sys
2008-10-26 23:39 . 2005-01-06 13:42 18,612 --a------ C:\WINDOWS\system32\drivers\tosrfnds.sys
2008-10-26 23:02 . 2008-10-26 23:04 5,405 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-26 22:40 . 2008-10-28 21:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-26 22:27 . 2008-10-26 22:27 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-26 22:27 . 2003-03-19 00:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-26 22:27 . 2003-03-18 23:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-26 22:27 . 2003-02-21 07:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-10-26 12:26 . 2008-10-26 12:26 268 --ah----- C:\sqmdata19.sqm
2008-10-26 12:26 . 2008-10-26 12:26 244 --ah----- C:\sqmnoopt19.sqm
2008-10-26 12:09 . 2008-10-27 20:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-26 12:09 . 2005-02-25 06:34 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-26 12:03 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-26 12:03 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-26 12:03 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-26 12:03 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-26 12:03 . 2007-07-30 19:21 19,288 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-26 08:20 . 2008-10-26 08:20 268 --ah----- C:\sqmdata18.sqm
2008-10-26 08:20 . 2008-10-26 08:20 244 --ah----- C:\sqmnoopt18.sqm
2008-10-26 08:13 . 2008-10-26 08:13 268 --ah----- C:\sqmdata17.sqm
2008-10-26 08:13 . 2008-10-26 08:13 244 --ah----- C:\sqmnoopt17.sqm
2008-10-26 06:53 . 2008-10-26 06:53 268 --ah----- C:\sqmdata16.sqm
2008-10-26 06:53 . 2008-10-26 06:53 244 --ah----- C:\sqmnoopt16.sqm
2008-10-26 06:50 . 2008-10-26 06:50 268 --ah----- C:\sqmdata15.sqm
2008-10-26 06:50 . 2008-10-26 06:50 244 --ah----- C:\sqmnoopt15.sqm
2008-10-26 06:42 . 2008-10-26 06:42 268 --ah----- C:\sqmdata14.sqm
2008-10-26 06:42 . 2008-10-26 06:42 244 --ah----- C:\sqmnoopt14.sqm
2008-10-26 03:51 . 2008-10-26 03:51 268 --ah----- C:\sqmdata13.sqm
2008-10-26 03:51 . 2008-10-26 03:51 244 --ah----- C:\sqmnoopt13.sqm
2008-10-26 02:57 . 2008-10-26 02:57 <DIR> d-------- C:\Program Files\TechSmith
2008-10-26 02:57 . 2008-10-26 02:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-10-26 02:52 . 2008-10-26 02:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 01:44 . 2008-10-26 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-26 00:48 . 2008-10-26 00:58 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-10-26 00:48 . 2008-10-30 02:39 <DIR> d-------- C:\Documents and Settings\vip\Application Data\IDM
2008-10-26 00:48 . 2008-10-30 14:22 <DIR> d-------- C:\Documents and Settings\vip\Application Data\DMCache
2008-10-26 00:40 . 2008-10-26 21:21 <DIR> d-------- C:\Documents and Settings\vip\Contacts
2008-10-25 15:25 . 2008-10-25 15:25 268 --ah----- C:\sqmdata12.sqm
2008-10-25 15:25 . 2008-10-25 15:25 244 --ah----- C:\sqmnoopt12.sqm
2008-10-25 15:13 . 2008-10-25 15:13 268 --ah----- C:\sqmdata11.sqm
2008-10-25 15:13 . 2008-10-25 15:13 244 --ah----- C:\sqmnoopt11.sqm
2008-10-25 03:39 . 2008-10-25 03:39 268 --ah----- C:\sqmdata10.sqm
2008-10-25 03:39 . 2008-10-25 03:39 244 --ah----- C:\sqmnoopt10.sqm
2008-10-25 02:50 . 2008-10-25 02:50 268 --ah----- C:\sqmdata09.sqm
2008-10-25 02:50 . 2008-10-25 02:50 244 --ah----- C:\sqmnoopt09.sqm
2008-10-25 02:38 . 2008-10-25 02:38 268 --ah----- C:\sqmdata08.sqm
2008-10-25 02:38 . 2008-10-25 02:38 244 --ah----- C:\sqmnoopt08.sqm
2008-10-25 02:22 . 2008-10-25 02:22 268 --ah----- C:\sqmdata07.sqm
2008-10-25 02:22 . 2008-10-25 02:22 244 --ah----- C:\sqmnoopt07.sqm
2008-10-25 01:54 . 2008-10-26 23:30 268 --ah----- C:\sqmdata06.sqm
2008-10-25 01:54 . 2008-10-26 23:30 244 --ah----- C:\sqmnoopt06.sqm
2008-10-25 01:21 . 2008-10-26 23:04 268 --ah----- C:\sqmdata05.sqm
2008-10-25 01:21 . 2008-10-26 23:04 244 --ah----- C:\sqmnoopt05.sqm
2008-10-24 22:20 . 2008-10-26 22:44 268 --ah----- C:\sqmdata04.sqm
2008-10-24 22:20 . 2008-10-26 22:44 244 --ah----- C:\sqmnoopt04.sqm
2008-10-24 22:08 . 2008-10-26 23:03 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-10-24 22:08 . 2008-10-26 23:04 71,489 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-10-24 22:08 . 2008-10-26 22:42 268 --ah----- C:\sqmdata03.sqm
2008-10-24 22:08 . 2008-10-26 22:42 244 --ah----- C:\sqmnoopt03.sqm
2008-10-24 22:06 . 2008-10-26 23:01 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-10-24 09:52 . 2008-10-26 13:38 268 --ah----- C:\sqmdata02.sqm
2008-10-24 09:52 . 2008-10-26 13:38 244 --ah----- C:\sqmnoopt02.sqm
2008-10-24 03:45 . 2008-10-24 03:45 <DIR> d---s---- C:\Documents and Settings\vip\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 00:05 155,995 ----a-w C:\WINDOWS\java\Packages\4RJ7JT7V.ZIP
2008-10-24 22:13 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-24 19:08 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-10-24 18:58 --------- d-----w C:\Program Files\Yahoo!
2008-10-24 02:10 --------- d-----w C:\Program Files\CCleaner
2008-10-24 01:46 --------- d-----w C:\Documents and Settings\vip\Application Data\ATI
2008-10-24 01:38 --------- d-----w C:\Program Files\ATI Technologies
2008-10-24 01:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-24 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 01:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-24 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-24 00:23 --------- d-----w C:\Program Files\MSN Messenger
2008-10-23 23:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-15 15:24 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-14 13:20 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:20 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
------- Sigcheck -------
2008-04-14 20:29 698880 42d872d207f9f5d278205234dcf92a7b C:\WINDOWS\system32\wininet.dll
2008-04-14 20:29 698880 42d872d207f9f5d278205234dcf92a7b C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-14 20:29 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\explorer.exe
2008-04-14 20:29 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-09-15 2606512]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-03-21 544768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-27 185872]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
C:\Documents and Settings\vip\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
C:\DOCUME~1\ALLUSE~1\A007~1\7D39~1\D51D~1\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-10-28 22486]
C:\DOCUME~1\vip\A007~1\7D39~1\D51D~1\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-30 152984]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 1260672]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ed51480-a512-11dd-9aab-001e8c43cf0b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - JAVAQUICKSTARTERSERVICE
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyServer = 212.93.193.87:8080
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-30 14:22:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-30 14:23:19
ComboFix-quarantined-files.txt 2008-10-30 11:23:17
Pre-Run: 71,152,902,144 bytes free
Post-Run: 72,575,049,728 bytes free
208 --- E O F --- 2008-10-27 17:42:53
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.503 [GMT 3:00]
Running from: C:\Documents and Settings\vip\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-30 13:30 . 2008-10-30 13:30 <DIR> d-------- C:\Program Files\Sun
2008-10-30 13:29 . 2008-10-30 13:29 <DIR> d-------- C:\Program Files\Java
2008-10-30 13:29 . 2008-10-30 13:29 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-30 13:29 . 2008-10-30 13:29 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-30 02:43 . 2008-10-30 02:43 <DIR> d-------- C:\VundoFix Backups
2008-10-28 20:09 . 2008-10-28 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\U3
2008-10-28 20:03 . 2008-10-28 21:34 <DIR> d-------- C:\Documents and Settings\vip\Application Data\U3
2008-10-28 09:55 . 2008-10-28 09:55 <DIR> d-------- C:\Documents and Settings\vip\Application Data\Ahead
2008-10-28 09:54 . 2008-10-28 09:54 <DIR> d-------- C:\Program Files\Nero
2008-10-28 09:54 . 2008-10-28 13:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-28 02:25 . 2008-10-28 02:25 <DIR> d-------- C:\Documents and Settings\vip\Application Data\Thinstall
2008-10-28 01:50 . 2008-10-28 01:50 <DIR> d-------- C:\Documents and Settings\vip\Application Data\URSoft
2008-10-28 01:50 . 2008-10-28 01:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-27 16:39 . 2008-06-14 20:31 271,616 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-27 16:39 . 2008-06-14 20:31 271,616 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-27 16:35 . 2008-08-14 16:20 2,190,720 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-27 16:35 . 2008-08-14 16:20 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-27 16:35 . 2008-08-14 16:20 2,067,584 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-27 16:35 . 2008-08-14 16:20 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-27 15:06 . 2008-10-27 15:06 98 --a------ C:\WINDOWS\WirelessFTP.INI
2008-10-27 14:38 . 2008-10-27 14:38 <DIR> d-------- C:\Program Files\Real
2008-10-27 14:38 . 2008-10-27 14:38 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-27 14:38 . 2008-10-27 14:38 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-27 04:06 . 2008-10-27 04:06 0 --a------ C:\WINDOWS\tosOBEX.INI
2008-10-26 23:39 . 2008-10-26 23:39 <DIR> d-------- C:\Program Files\Toshiba
2008-10-26 23:39 . 2007-04-24 13:20 113,920 --a------ C:\WINDOWS\system32\drivers\tosrfbd.sys
2008-10-26 23:39 . 2007-03-01 16:53 73,728 --a------ C:\WINDOWS\system32\drivers\Tosrfhid.sys
2008-10-26 23:39 . 2007-05-24 14:27 64,000 --a------ C:\WINDOWS\system32\drivers\tosrfcom.sys
2008-10-26 23:39 . 2007-01-22 10:43 53,376 --a------ C:\WINDOWS\system32\drivers\TosRfSnd.sys
2008-10-26 23:39 . 2006-10-10 19:33 41,600 --a------ C:\WINDOWS\system32\drivers\tosporte.sys
2008-10-26 23:39 . 2006-11-20 17:55 36,480 --a------ C:\WINDOWS\system32\drivers\tosrfbnp.sys
2008-10-26 23:39 . 2005-01-06 13:42 18,612 --a------ C:\WINDOWS\system32\drivers\tosrfnds.sys
2008-10-26 23:02 . 2008-10-26 23:04 5,405 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-26 22:40 . 2008-10-28 21:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-26 22:27 . 2008-10-26 22:27 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-26 22:27 . 2003-03-19 00:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-26 22:27 . 2003-03-18 23:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-26 22:27 . 2003-02-21 07:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-10-26 12:26 . 2008-10-26 12:26 268 --ah----- C:\sqmdata19.sqm
2008-10-26 12:26 . 2008-10-26 12:26 244 --ah----- C:\sqmnoopt19.sqm
2008-10-26 12:09 . 2008-10-27 20:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-26 12:09 . 2005-02-25 06:34 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-26 12:03 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-26 12:03 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-26 12:03 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-26 12:03 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-26 12:03 . 2007-07-30 19:21 19,288 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-26 08:20 . 2008-10-26 08:20 268 --ah----- C:\sqmdata18.sqm
2008-10-26 08:20 . 2008-10-26 08:20 244 --ah----- C:\sqmnoopt18.sqm
2008-10-26 08:13 . 2008-10-26 08:13 268 --ah----- C:\sqmdata17.sqm
2008-10-26 08:13 . 2008-10-26 08:13 244 --ah----- C:\sqmnoopt17.sqm
2008-10-26 06:53 . 2008-10-26 06:53 268 --ah----- C:\sqmdata16.sqm
2008-10-26 06:53 . 2008-10-26 06:53 244 --ah----- C:\sqmnoopt16.sqm
2008-10-26 06:50 . 2008-10-26 06:50 268 --ah----- C:\sqmdata15.sqm
2008-10-26 06:50 . 2008-10-26 06:50 244 --ah----- C:\sqmnoopt15.sqm
2008-10-26 06:42 . 2008-10-26 06:42 268 --ah----- C:\sqmdata14.sqm
2008-10-26 06:42 . 2008-10-26 06:42 244 --ah----- C:\sqmnoopt14.sqm
2008-10-26 03:51 . 2008-10-26 03:51 268 --ah----- C:\sqmdata13.sqm
2008-10-26 03:51 . 2008-10-26 03:51 244 --ah----- C:\sqmnoopt13.sqm
2008-10-26 02:57 . 2008-10-26 02:57 <DIR> d-------- C:\Program Files\TechSmith
2008-10-26 02:57 . 2008-10-26 02:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-10-26 02:52 . 2008-10-26 02:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 01:44 . 2008-10-26 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-26 00:48 . 2008-10-26 00:58 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-10-26 00:48 . 2008-10-30 02:39 <DIR> d-------- C:\Documents and Settings\vip\Application Data\IDM
2008-10-26 00:48 . 2008-10-30 14:22 <DIR> d-------- C:\Documents and Settings\vip\Application Data\DMCache
2008-10-26 00:40 . 2008-10-26 21:21 <DIR> d-------- C:\Documents and Settings\vip\Contacts
2008-10-25 15:25 . 2008-10-25 15:25 268 --ah----- C:\sqmdata12.sqm
2008-10-25 15:25 . 2008-10-25 15:25 244 --ah----- C:\sqmnoopt12.sqm
2008-10-25 15:13 . 2008-10-25 15:13 268 --ah----- C:\sqmdata11.sqm
2008-10-25 15:13 . 2008-10-25 15:13 244 --ah----- C:\sqmnoopt11.sqm
2008-10-25 03:39 . 2008-10-25 03:39 268 --ah----- C:\sqmdata10.sqm
2008-10-25 03:39 . 2008-10-25 03:39 244 --ah----- C:\sqmnoopt10.sqm
2008-10-25 02:50 . 2008-10-25 02:50 268 --ah----- C:\sqmdata09.sqm
2008-10-25 02:50 . 2008-10-25 02:50 244 --ah----- C:\sqmnoopt09.sqm
2008-10-25 02:38 . 2008-10-25 02:38 268 --ah----- C:\sqmdata08.sqm
2008-10-25 02:38 . 2008-10-25 02:38 244 --ah----- C:\sqmnoopt08.sqm
2008-10-25 02:22 . 2008-10-25 02:22 268 --ah----- C:\sqmdata07.sqm
2008-10-25 02:22 . 2008-10-25 02:22 244 --ah----- C:\sqmnoopt07.sqm
2008-10-25 01:54 . 2008-10-26 23:30 268 --ah----- C:\sqmdata06.sqm
2008-10-25 01:54 . 2008-10-26 23:30 244 --ah----- C:\sqmnoopt06.sqm
2008-10-25 01:21 . 2008-10-26 23:04 268 --ah----- C:\sqmdata05.sqm
2008-10-25 01:21 . 2008-10-26 23:04 244 --ah----- C:\sqmnoopt05.sqm
2008-10-24 22:20 . 2008-10-26 22:44 268 --ah----- C:\sqmdata04.sqm
2008-10-24 22:20 . 2008-10-26 22:44 244 --ah----- C:\sqmnoopt04.sqm
2008-10-24 22:08 . 2008-10-26 23:03 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-10-24 22:08 . 2008-10-26 23:04 71,489 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-10-24 22:08 . 2008-10-26 22:42 268 --ah----- C:\sqmdata03.sqm
2008-10-24 22:08 . 2008-10-26 22:42 244 --ah----- C:\sqmnoopt03.sqm
2008-10-24 22:06 . 2008-10-26 23:01 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-10-24 09:52 . 2008-10-26 13:38 268 --ah----- C:\sqmdata02.sqm
2008-10-24 09:52 . 2008-10-26 13:38 244 --ah----- C:\sqmnoopt02.sqm
2008-10-24 03:45 . 2008-10-24 03:45 <DIR> d---s---- C:\Documents and Settings\vip\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 00:05 155,995 ----a-w C:\WINDOWS\java\Packages\4RJ7JT7V.ZIP
2008-10-24 22:13 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-24 19:08 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-10-24 18:58 --------- d-----w C:\Program Files\Yahoo!
2008-10-24 02:10 --------- d-----w C:\Program Files\CCleaner
2008-10-24 01:46 --------- d-----w C:\Documents and Settings\vip\Application Data\ATI
2008-10-24 01:38 --------- d-----w C:\Program Files\ATI Technologies
2008-10-24 01:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-24 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 01:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-24 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-24 00:23 --------- d-----w C:\Program Files\MSN Messenger
2008-10-23 23:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-15 15:24 1,846,272 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-14 13:20 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:20 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
------- Sigcheck -------
2008-04-14 20:29 698880 42d872d207f9f5d278205234dcf92a7b C:\WINDOWS\system32\wininet.dll
2008-04-14 20:29 698880 42d872d207f9f5d278205234dcf92a7b C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-14 20:29 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\explorer.exe
2008-04-14 20:29 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\system32\dllcache\explorer.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-09-15 2606512]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-03-21 544768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-27 185872]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
C:\Documents and Settings\vip\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
C:\DOCUME~1\ALLUSE~1\A007~1\7D39~1\D51D~1\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-10-28 22486]
C:\DOCUME~1\vip\A007~1\7D39~1\D51D~1\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-30 152984]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 1260672]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ed51480-a512-11dd-9aab-001e8c43cf0b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - JAVAQUICKSTARTERSERVICE
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyServer = 212.93.193.87:8080
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-30 14:22:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-30 14:23:19
ComboFix-quarantined-files.txt 2008-10-30 11:23:17
Pre-Run: 71,152,902,144 bytes free
Post-Run: 72,575,049,728 bytes free
208 --- E O F --- 2008-10-27 17:42:53
تأييد
0
yasser3007
زيزوومي جديد
- إنضم
- 28 أكتوبر 2008
- المشاركات
- 14
- مستوى التفاعل
- 0
- النقاط
- 20
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:26, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\vip\سطح المكتب\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.87:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 6746 bytes
Scan saved at 14:38:26, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\vip\سطح المكتب\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.87:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 6746 bytes
تأييد
0
- إنضم
- 2 نوفمبر 2007
- المشاركات
- 733
- مستوى التفاعل
- 145
- النقاط
- 750
غير متصل
احذف القيم التالية
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وإنشالله بعدها ،، 100 %
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وإنشالله بعدها ،، 100 %
توقيع : qa6ar
تأييد
0