المتصفح يعلللللللللللللللللللق ماقدر احمل اي ملفات او شي

خ

خال ولد خال

زيزوومي نشيط
إنضم
9 يونيو 2008
المشاركات
181
مستوى التفاعل
0
النقاط
230
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:11, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\user\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 6184 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اعمل التالي مرة اخرى



==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم





وبعدين تقرير جديد للهايجاك


(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم


بالأنتظار للتقريرين

 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
تفضل تقرير ComboFix


ComboFix 08-12-04.05 - user 2008-12-05 16:09:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.974.1033.18.625 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.
2008-12-05 15:19 . 2008-12-05 15:19 230 --a------ c:\windows\system32\spupdsvc.inf
2008-12-05 15:11 . 2008-06-13 14:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-05 15:10 . 2008-09-08 13:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-12-05 15:10 . 2008-08-14 13:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-12-05 15:09 . 2008-09-15 15:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-12-05 15:08 . 2008-08-14 13:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-05 15:08 . 2008-08-14 13:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-05 15:08 . 2008-08-14 12:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-05 15:08 . 2008-08-14 12:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-05 15:07 . 2008-05-08 17:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-12-05 15:06 . 2008-04-11 22:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-12-05 15:06 . 2008-10-24 14:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-05 15:04 . 2008-10-15 19:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-05 14:45 . 2008-12-05 14:48 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-05 14:40 . 2006-12-29 00:31 19,569 --a------ c:\windows\002874_.tmp
2008-12-05 13:52 . 2008-12-05 13:52 <DIR> d-------- c:\documents and settings\user\Application Data\Products
2008-12-05 13:38 . 2008-12-05 15:15 131 --a------ c:\windows\CRC.INI
2008-12-05 13:32 . 2008-12-05 13:32 <DIR> d-------- c:\program files\COMODO
2008-12-05 01:58 . 2003-10-03 16:28 45,056 --a------ c:\windows\system32\vusetup.dll
2008-12-05 01:49 . 2007-12-18 17:40 450,560 --a------ c:\windows\system32\dllcache\jscript.dll
2008-12-05 01:49 . 2007-12-18 17:40 417,792 --a------ c:\windows\system32\dllcache\vbscript.dll
2008-12-05 01:49 . 2004-08-04 01:56 81,920 --a------ c:\windows\system32\dllcache\ieencode.dll
2008-12-05 01:49 . 2004-08-04 01:56 35,328 --a------ c:\windows\system32\dllcache\corpol.dll
2008-12-05 01:47 . 2008-12-05 14:54 2,675 --a------ c:\windows\imsins.BAK
2008-12-04 18:01 . 2008-12-04 18:43 <DIR> d-------- c:\program files\a-squared Anti-Malware
2008-12-04 16:28 . 2004-04-13 15:14 70,144 -ra------ c:\windows\system32\drivers\Rtlnicxp.sys
2008-12-04 15:41 . 2008-12-04 15:41 <DIR> d-------- C:\swsetup
2008-12-04 15:21 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-04 15:09 . 2008-12-04 15:09 <DIR> d-------- c:\windows\Logs
2008-12-04 15:02 . 2008-12-04 15:02 <DIR> d-------- c:\program files\Lavalys
2008-12-04 14:57 . 2008-12-04 14:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-12-04 14:03 . 2008-12-04 14:49 133 --a------ c:\windows\WinDrvGhost.ini
2008-12-04 14:02 . 2008-12-04 14:03 <DIR> d-------- C:\My Drivers
2008-12-03 23:38 . 2008-12-03 23:38 <DIR> d-------- C:\Intel
2008-12-03 19:51 . 2003-09-08 14:08 53,760 --a------ c:\windows\uninst62.exe
2008-12-03 14:47 . 2008-12-03 17:48 <DIR> d-------- c:\program files\Your Uninstaller 2008
2008-12-03 13:59 . 2008-12-03 13:59 <DIR> d-------- c:\program files\Avira
2008-12-03 13:59 . 2008-12-03 13:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-03 13:42 . 2008-12-05 13:56 <DIR> d-------- c:\program files\Ashampoo
2008-11-29 18:16 . 2008-12-03 14:23 <DIR> d-------- c:\program files\Trojan Remover
2008-11-24 00:41 . 2008-11-24 00:41 <DIR> d-------- c:\program files\IObit
2008-11-24 00:40 . 2008-12-03 18:00 <DIR> d-------- C:\Zyzoom_RFA_Platinum
2008-11-24 00:40 . 2008-11-24 00:40 <DIR> d-------- c:\documents and settings\All Users.WIN2
2008-11-24 00:36 . 2008-12-05 15:35 <DIR> d-------- c:\windows\system32\CatRoot2
2008-11-23 22:36 . 2008-11-23 22:36 <DIR> d-------- c:\windows\ERUNT
2008-11-23 22:36 . 2008-11-23 22:36 <DIR> d-------- C:\ERDNT
2008-11-23 22:36 . 2008-11-23 22:36 <DIR> d-------- C:\!FixIEDef
2008-11-23 22:27 . 2008-12-05 14:08 <DIR> d---s---- c:\windows\Downloaded Program Files
2008-11-23 19:50 . 2008-11-23 19:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-11-23 00:17 . 2008-06-13 14:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-22 23:59 . 2008-12-05 15:10 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-22 23:53 . 2008-11-24 22:04 <DIR> d-------- c:\documents and settings\user\Application Data\Thinstall
2008-11-22 23:13 . 2008-11-22 23:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-11-22 22:13 . 2008-11-22 22:13 <DIR> d-------- C:\Deckard
2008-11-22 12:24 . 2008-11-22 12:27 <DIR> d-------- c:\program files\NoAdware
2008-11-20 18:27 . 2008-11-20 18:27 <DIR> d-------- c:\windows\PaltalkScene
2008-11-20 18:27 . 2008-11-20 18:39 <DIR> d-------- c:\program files\Paltalk Messenger
2008-11-20 18:27 . 2008-11-20 18:39 <DIR> d-------- c:\documents and settings\user\Application Data\Paltalk
2008-11-19 15:43 . 2008-11-19 15:43 <DIR> d-------- c:\documents and settings\user\Application Data\PC Suite
2008-11-19 15:43 . 2008-11-19 15:43 <DIR> d-------- c:\documents and settings\user\Application Data\Nokia
2008-11-19 15:39 . 2008-11-19 15:39 <DIR> d-------- c:\program files\DIFX
2008-11-19 15:39 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-11-19 15:39 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-11-19 15:36 . 2008-11-19 15:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-11-19 15:21 . 2008-11-23 19:54 <DIR> d-------- c:\program files\NSS
2008-11-19 15:21 . 2006-08-29 17:56 32,377 --a------ c:\windows\system32\drivers\prodigy.sys
2008-11-18 17:30 . 2008-11-18 17:30 315,392 --a------ c:\windows\HideWin.exe
2008-11-18 16:13 . 2008-05-01 16:35 53,248 --a------ c:\windows\system32\CSVer.dll
2008-11-18 16:10 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
2008-11-18 16:03 . 2008-12-04 19:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-18 15:58 . 2008-12-04 19:11 <DIR> d-------- c:\program files\ma-config.com
2008-11-18 15:43 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-18 15:41 . 2008-11-18 15:41 <DIR> d-------- c:\program files\Setup Files
2008-11-18 15:39 . 2008-11-20 13:38 <DIR> d-------- c:\program files\MSI
2008-11-18 15:33 . 2008-11-18 15:33 16 --a------ c:\windows\wininit.ini
2008-11-17 15:37 . 2008-11-23 19:54 <DIR> d-------- c:\program files\Anti Trojan Elite
2008-11-17 13:42 . 2008-11-17 13:54 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-17 13:42 . 2008-11-17 13:42 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-17 13:41 . 2008-11-17 13:41 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-17 13:41 . 2008-12-05 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-17 13:41 . 2008-12-05 16:12 1,802,784 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-17 13:41 . 2008-12-05 16:12 426,016 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-17 13:41 . 2008-12-05 16:12 16,212 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-17 13:41 . 2008-12-05 16:12 3,584 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-17 13:39 . 2008-11-17 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-17 13:05 . 2008-11-23 19:54 <DIR> d-------- c:\program files\The Cleaner
2008-11-17 01:34 . 2008-11-17 01:34 <DIR> d-------- c:\program files\Intel Desktop Board
2008-11-16 16:10 . 2008-12-03 12:14 <DIR> d-------- c:\program files\Hotspot Shield
2008-11-16 01:23 . 2008-11-16 01:23 <DIR> d-------- C:\Drivers
2008-11-16 01:06 . 2008-11-22 16:58 <DIR> d-------- c:\documents and settings\user\Application Data\Uniblue
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 11:59 --------- d-----w c:\program files\MSN Messenger
2008-12-05 10:48 --------- d-----w c:\program files\RogueRemover PRO
2008-12-04 16:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 19:40 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-23 16:54 --------- d-----w c:\program files\Real_SC
2008-11-23 16:53 --------- d-----w c:\documents and settings\user\Application Data\Ahead
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 14:27 2,015 ---h--r c:\windows\system32\drivers\hosts
2008-10-18 04:28 --------- d-----w c:\documents and settings\user\Application Data\MsgCenter
2008-10-16 00:51 --------- d-----w c:\program files\Power Email Harvester
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-12-01 11:59 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-21 185896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-12-04 18:14 2780816 c:\program files\a-squared Anti-Malware\a2guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-11-26 20:18 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 05:42 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive]
--a------ 2001-01-10 08:04 295424 c:\program files\The Cleaner\tca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcmonitor]
--a------ 2001-01-10 08:04 248320 c:\program files\The Cleaner\tcm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-21 16:31 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP المنفذ 37675
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-03 111184]
R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2008-07-08 13696]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-12-03 749400]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-03 20560]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2008-11-19 32377]
S4 AntiVirMailService;Avira AntiVir Premium MailGuard;"c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-12-03 164097]
S4 antivirwebservice;Avira AntiVir Premium WebGuard;"c:\program files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-12-03 258305]
S4 AVEService;Avira AntiVir Premium MailGuard helper service;"c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-12-03 41217]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1f66863-5120-11dd-a249-00121791eceb}]
\Shell\AutoRun\command - 1rfw8hjr.com
\Shell\explore\Command - 1rfw8hjr.com
\Shell\open\Command - 1rfw8hjr.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed7013a2-574e-11dd-a253-00121791eceb}]
\Shell\AutoRun\command - hgu.bat
\Shell\explore\Command - hgu.bat
\Shell\open\Command - hgu.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0792a96-78dc-11dd-a2e2-00121791eceb}]
\Shell\Auto\command - Sever.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sever.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.qa/
uLocal Page = \blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java
O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2008-12-05 16:13:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\windows\TEMP\aswUpdSum.ini 107 bytes
c:\windows\TEMP\_av_proI.tm~a04068
c:\windows\TEMP\_av_proI.tm~a04068\setup.lok 0 bytes

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2008-12-05 16:18:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 13:18:04
ComboFix2.txt 2008-11-23 14:50:10
Pre-Run: 30,515,699,712 bytes free
Post-Run: 30,431,764,480 bytes free
238 --- E O F --- 2008-12-05 12:35:52
 
تأييد 0
تقرير هايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:55, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 5864 bytes
 
تأييد 0
اخوي حدد القيم واحذفها


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm




O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)





O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll




O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي






O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي








طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png



بعد ما تخلص عطنا تقرير هايجاك جديد​
 
توقيع : AbOdy
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى