عملت تقرير بواسطة hijackthis

أبو فيصل · 26 نوفمبر 2008

السلام عليكم ورحمة الله وبركاته
حملت برنامج وبعدها صار صفحات الانترنت تنحذف من نفسها وطفشني حبيت تحددون القيم كي أحذفها وهذا التقرير:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:37:51 م, on 26/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AvirTrsoftware\AvirTr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\tech\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.178.133.115:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AvirTrWarningBHO Class - {3A267370-076E-4af4-B986-77626B8E89DF} - C:\Program Files\AvirTrsoftware\AvirTrWarning.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows] C:\WINDOWS\system32\helper.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AvirTr] "C:\Program Files\AvirTrsoftware\AvirTr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
--
End of file - 5955 bytes

زيزوووم · 26 نوفمبر 2008

هلاا فيك اخوي ابو فيصل

عندك برنامج دعائي ...

استخدم هذا الملف لتنظيف جهازك من هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وعند تشغيل الملف ... سوف يعاد تشغيل جهازك تلقائيا
بعدها يظهر لك تقرير ... انسخه والصقه بردك القادم

ولا تنسى تعمل تقرير هايجاك جديد

أبو فيصل · 26 نوفمبر 2008

الله يحييك يا زيزوم مو مصدق إنك رديت علي الله يجزاك خير
هذا تقرير بعد إعادة تشغيل الجهاز:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Wed Nov 26 16:44:39 2008
Running in command-line mode.
Command line: "C:\Documents and Settings\tech\Local Settings\Temp\1zxq3\1.com" /nogui run.txt
16:44:39: Error: Invalid syntax in command:
"HKEY_CURRENT_USER\Software\AvirTrsoft"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CURRENT_USER\Software\AvirTrsoft\Update"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\AvirTrWarning.WarningBHO"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\AvirTrWarning.WarningBHO.1"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\CLSID\{3A267370-076E-4af4-B986-77626B8E89DF}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\Interface\{764BC8B4-1159-4736-8AF1-F124A7C8C3A8}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\TypeLib\{3ED86073-2FA7-4CF4-810B-28B030671678}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Licenses"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvirTrsoft"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper s\{3A267370-076E-4af4-B986-77626B8E89DF}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AvirTrsoft"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run|AvirTr"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\webmedia.chl"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\z444.z444mgr"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_CLASSES_ROOT\z444.z444mgr.1"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper s\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper s\{51B15F5A-E98B-4658-B9CB-9307B74773A7}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper s\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup"
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run|wblogon"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusTriggerBin "(Default)""
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler "{e0feeb92-908e-46d2-8a66-88c5295f2629}""
Skipping line. (Registry value deletion mode)
16:44:39: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|ITBar7Layout"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:

Error: "c:\Program Files\AvirTrsoftware" is a folder, not a file!
Deletion of file "c:\Program Files\AvirTrsoftware" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory
File "c:\Program Files\AvirTrsoftware\AvirTr.exe" deleted successfully.
File "c:\Program Files\AvirTrsoftware\AvirTrWarning.dll" deleted successfully.
Error: file "c:\Program Files\AvirTrsoftware\uninst.exe" not found!
Deletion of file "c:\Program Files\AvirTrsoftware\uninst.exe" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Error: file "C:\Documents and Settings\tech\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusTrigger 2.1.lnk" not found!
Deletion of file "C:\Documents and Settings\tech\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusTrigger 2.1.lnk" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Error: could not open file "C:\Documents and Settings\tech\Desktop\AntivirusTrigger 2.1.lnk"
Deletion of file "C:\Documents and Settings\tech\Desktop\AntivirusTrigger 2.1.lnk" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "C:\Documents and Settings\tech\Start Menu\AntivirusTrigger 2.1.lnk"
Deletion of file "C:\Documents and Settings\tech\Start Menu\AntivirusTrigger 2.1.lnk" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "C:\Documents and Settings\tech\Start Menu\Programs\AntivirusTrigger 2.1"
Deletion of file "C:\Documents and Settings\tech\Start Menu\Programs\AntivirusTrigger 2.1" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "C:\Documents and Settings\tech\Start Menu\Programs\AntivirusTrigger 2.1\AntivirusTrigger 2.1.lnk"
Deletion of file "C:\Documents and Settings\tech\Start Menu\Programs\AntivirusTrigger 2.1\AntivirusTrigger 2.1.lnk" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: file "c:\Program Files\WebMediaViewer" not found!
Deletion of file "c:\Program Files\WebMediaViewer" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\browseu.exe"
Deletion of file "c:\Program Files\WebMediaViewer\browseu.exe" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\browseul.dll"
Deletion of file "c:\Program Files\WebMediaViewer\browseul.dll" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\hpmom.exe"
Deletion of file "c:\Program Files\WebMediaViewer\hpmom.exe" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\hpmon.exe"
Deletion of file "c:\Program Files\WebMediaViewer\hpmon.exe" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\hpmun.dll"
Deletion of file "c:\Program Files\WebMediaViewer\hpmun.dll" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\hpmun.exe"
Deletion of file "c:\Program Files\WebMediaViewer\hpmun.exe" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\myd.ico"
Deletion of file "c:\Program Files\WebMediaViewer\myd.ico" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\mym.ico"
Deletion of file "c:\Program Files\WebMediaViewer\mym.ico" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\myp.ico"
Deletion of file "c:\Program Files\WebMediaViewer\myp.ico" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\myv.ico"
Deletion of file "c:\Program Files\WebMediaViewer\myv.ico" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\ot.ico"
Deletion of file "c:\Program Files\WebMediaViewer\ot.ico" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\qttask.exe"
Deletion of file "c:\Program Files\WebMediaViewer\qttask.exe" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\qttaskm.exe"
Deletion of file "c:\Program Files\WebMediaViewer\qttaskm.exe" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\qttasku.exe"
Deletion of file "c:\Program Files\WebMediaViewer\qttasku.exe" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Program Files\WebMediaViewer\ts.ico"
Deletion of file "c:\Program Files\WebMediaViewer\ts.ico" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: file "c:\WINDOWS\system32\512686" not found!
Deletion of file "c:\WINDOWS\system32\512686" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Error: could not open file "c:\WINDOWS\system32\512686\512686.dll"
Deletion of file "c:\WINDOWS\system32\512686\512686.dll" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: file "c:\WINDOWS\system32\algg.exe" not found!
Deletion of file "c:\WINDOWS\system32\algg.exe" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Error: file "c:\WINDOWS\system32\tiltmeo.dll" not found!
Deletion of file "c:\WINDOWS\system32\tiltmeo.dll" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Error: could not open file "c:\Documents and Settings\All Users\Desktop\Antivirus Scan.url"
Deletion of file "c:\Documents and Settings\All Users\Desktop\Antivirus Scan.url" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url"
Deletion of file "c:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url"
Deletion of file "c:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "c:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url"
Deletion of file "c:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: file "C:\Documents and Settings\tech\Favorites\Antivirus Scan.url" not found!
Deletion of file "C:\Documents and Settings\tech\Favorites\Antivirus Scan.url" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Error: could not open file "C:\Documents and Settings\tech\My Documents\My Documents.url"
Deletion of file "C:\Documents and Settings\tech\My Documents\My Documents.url" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "C:\Documents and Settings\tech\My Documents\My Music\My Music.url"
Deletion of file "C:\Documents and Settings\tech\My Documents\My Music\My Music.url" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "C:\Documents and Settings\tech\My Documents\My Pictures\My Pictures.url"
Deletion of file "C:\Documents and Settings\tech\My Documents\My Pictures\My Pictures.url" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "C:\Documents and Settings\tech\My Documents\My Videos"
Deletion of file "C:\Documents and Settings\tech\My Documents\My Videos" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open file "C:\Documents and Settings\tech\My Documents\My Videos\My Video.ur"
Deletion of file "C:\Documents and Settings\tech\My Documents\My Videos\My Video.ur" failed!
Status: 0xc000003a (STATUS__PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Folder "c:\Program Files\AvirTrsoftware" deleted successfully.
Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|QuickTime Task"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|QuickTime Task" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|VMware hptray"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|VMware hptray" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Completed script processing.
*******************
Finished! Terminate.

أبو فيصل · 26 نوفمبر 2008

وهذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:56:19 م, on 26/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\tech\سطح المكتب\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.178.133.115:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AvirTrWarningBHO Class - {3A267370-076E-4af4-B986-77626B8E89DF} - C:\Program Files\AvirTrsoftware\AvirTrWarning.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows] C:\WINDOWS\system32\helper.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AvirTr] "C:\Program Files\AvirTrsoftware\AvirTr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
--
End of file - 6206 bytes

زيزوووم · 26 نوفمبر 2008

ويجزاك خير ويبارك فيك

لاهنت شغل الهايجاك ... واضغط كما هو واضح بالصوره

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أشر على هذه القيم ... واضغط على fix checked

O2 - BHO: AvirTrWarningBHO Class - {3A267370-076E-4af4-B986-77626B8E89DF} - C:\Program Files\AvirTrsoftware\AvirTrWarning.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [Windows] C:\WINDOWS\system32\helper.exe

O4 - HKCU\..\Run: [AvirTr] "C:\Program Files\AvirTrsoftware\AvirTr.exe"

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ستظهر لك هذا النافذه : اضغط Yes

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أبو فيصل · 26 نوفمبر 2008

^^^^^^^^
الله يجزاك خير زيزوم أبشرك الجهاز رجع طبيعي ألف شكر

زيزوووم · 27 نوفمبر 2008

ويجزاك خير اخوي ابو فيصل والحمد لله يوم زبط جهازك

يحفظ لإنتهاء المشكله

عملت تقرير بواسطة hijackthis

أبو فيصل

زيزوومي نشيط

زيزوووم

عضو شرف

أبو فيصل

زيزوومي نشيط

أبو فيصل

زيزوومي نشيط

زيزوووم

عضو شرف

أبو فيصل

زيزوومي نشيط

زيزوووم

عضو شرف

NTLite Business 2025.8.10552 X64