هذا تقرير بالاداة كمبوفيكس ومشكله في تصفح بعض المواقع

fahad-1984 · 6 ديسمبر 2008

هذا تقرير بالاداة كمبوفيكس
ووجود مشكله في تصفح بعض المواقع

ComboFix 08-12-05.06 - DELL 12/06/2008 15:22:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.610 [GMT 3:00]
Running from: c:\documents and settings\DELL\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 12:23 --------- d-----w c:\documents and settings\DELL\Application Data\DMCache
2008-12-05 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-03 17:13 --------- d-----w c:\program files\Conduit
2008-12-03 15:25 3,286 ----a-w c:\windows\system32\tmp.reg
2008-12-03 11:12 --------- d-----w c:\program files\Registry Fast
2008-12-03 10:12 --------- d-----w c:\documents and settings\DELL\Application Data\CyberScrub
2008-12-03 10:12 --------- d-----w c:\documents and settings\DELL\Application Data\cleaner
2008-12-03 03:26 720,896 ----a-w c:\windows\iun6002.exe
2008-12-03 03:26 --------- d-----w c:\program files\Abadisoft
2008-12-02 20:59 --------- d-----w c:\documents and settings\DELL\Application Data\Vso
2008-12-02 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-02 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\Novatel Wireless
2008-12-02 19:03 --------- d-----w c:\documents and settings\DELL\Application Data\IDM
2008-12-02 17:09 --------- d-----w c:\program files\Registry Compressor
2008-12-02 13:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 09:11 --------- d-----w c:\program files\Wise Registry Cleaner 3 Pro
2008-12-01 09:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 09:02 --------- d-----w c:\documents and settings\DELL\Application Data\Dealio
2008-11-30 21:11 --------- d-----w c:\documents and settings\DELL\Application Data\Search Settings
2008-11-30 21:00 --------- d-----w c:\program files\Search Settings
2008-11-30 21:00 --------- d-----w c:\program files\Dealio
2008-11-30 19:28 --------- d-----w c:\program files\Google
2008-11-28 03:45 --------- d-----w c:\program files\MakeUp Pilot
2008-11-27 16:28 --------- d-----w c:\documents and settings\DELL\Application Data\MakeUpPilot
2008-11-22 18:20 --------- d-----w c:\program files\All-in-1 Mobile Video Convert
2008-11-22 14:55 --------- d-----w c:\program files\mpegable
2008-11-22 14:52 84 ----a-w C:\savelist1.dat
2008-11-22 14:52 305 ----a-w C:\savelist.dat
2008-11-22 14:50 79,360 ----a-w c:\windows\system32\realmrec.dll
2008-11-22 14:50 72,704 ----a-w c:\windows\system32\in_tara.dll
2008-11-22 14:50 70,144 ----a-w c:\windows\system32\in_cdda.dll
2008-11-22 14:50 226,816 ----a-w c:\windows\system32\in_vorbis.dll
2008-11-22 14:50 15,360 ----a-w c:\windows\system32\out_disk.dll
2008-11-22 14:50 13,824 ----a-w c:\windows\system32\out_wave.dll
2008-11-22 14:50 102,400 ----a-w c:\windows\system32\in_wm.dll
2008-11-21 20:40 --------- d-----w c:\program files\Unlocker
2008-11-21 20:20 --------- d-----w c:\documents and settings\DELL\Application Data\Desktopicon
2008-11-21 00:36 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-20 23:12 --------- d-----w c:\documents and settings\DELL\Application Data\Avira
2008-11-20 22:53 --------- d-----w c:\program files\Avira
2008-11-20 22:53 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-11-19 09:57 --------- d-----w c:\program files\Common Files\Vbox
2008-11-19 09:57 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 03:13 --------- d-----w c:\program files\Kaspersky Lab
2008-11-17 00:08 --------- d-----w c:\program files\Windows Live
2008-11-16 23:11 --------- d-----w c:\program files\Dell
2008-11-16 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-16 22:00 --------- d-----w c:\program files\Broadcom
2008-11-16 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-15 18:56 --------- d-----w c:\program files\Intel
2008-11-14 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-14 21:26 --------- d-----w c:\program files\Bonjour
2008-11-14 21:14 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-14 18:22 --------- d-----w c:\program files\Internet Download Manager
2008-11-14 03:50 --------- d-----w c:\program files\Microsoft Works
2008-11-14 03:49 --------- d-----w c:\program files\MSBuild
2008-11-12 22:11 --------- d-----w c:\program files\Windows Installer Clean Up
2008-11-12 22:11 --------- d-----w c:\program files\MSECACHE
2008-11-12 21:27 --------- d-----w c:\documents and settings\DELL\Application Data\URSoft
2008-11-10 16:17 --------- d-----w c:\program files\Microsoft
2008-11-10 15:46 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-06 22:21 --------- d-----w c:\documents and settings\DELL\Application Data\vlc
2008-11-06 14:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-06 14:33 47,104 ------w c:\windows\AKDeInstall.exe
2008-11-04 12:25 --------- d-----w c:\documents and settings\DELL\Application Data\PC Suite
2008-11-03 20:37 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-02 22:55 --------- d-----w c:\documents and settings\DELL\Application Data\Nokia Multimedia Player
2008-11-02 19:39 --------- d-----w c:\documents and settings\DELL\Application Data\Sierra Wireless
2008-11-02 19:38 --------- d-----w c:\program files\Sierra Wireless Inc
2008-11-02 12:03 --------- d-----w c:\documents and settings\DELL\Application Data\Nero
2008-11-02 12:02 --------- d-----w c:\program files\Nero
2008-11-02 12:02 --------- d-----w c:\program files\Common Files\Nero
2008-11-01 21:15 --------- d-----w c:\program files\IObit
2008-11-01 12:46 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-01 12:19 --------- d-----w c:\program files\Key Spyware
2008-11-01 10:48 --------- d-----w c:\program files\FastStone Capture
2008-11-01 10:48 --------- d-----w c:\documents and settings\DELL\Application Data\FastStone
2008-10-29 10:41 47,360 ----a-w c:\documents and settings\DELL\Application Data\pcouffin.sys
2008-10-29 10:41 --------- d-----w c:\program files\VSO
2008-10-28 03:53 --------- d-----w c:\program files\Media Player Classic
2008-10-28 03:45 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-28 03:45 --------- d-----w c:\program files\Nokia
2008-10-28 03:45 --------- d-----w c:\program files\DIFX
2008-10-28 03:45 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-28 03:45 --------- d-----w c:\program files\Common Files\Nokia
2008-10-28 03:45 --------- d-----w c:\documents and settings\DELL\Application Data\Nokia
2008-10-28 03:45 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-10-28 03:44 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-27 22:01 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-27 21:55 --------- d-----w c:\program files\Common Files\Real
2008-10-27 16:02 --------- d-----w c:\documents and settings\DELL\Application Data\Thinstall
2008-10-26 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Vso
2008-10-26 21:17 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-26 10:11 --------- d-----w c:\documents and settings\DELL\Application Data\Media Player Classic
2008-10-24 20:18 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-24 18:19 155,995 ----a-w c:\windows\java\Packages\0XJPNV9N.ZIP
2008-10-24 15:33 --------- d-----w c:\documents and settings\DELL\Application Data\Apple Computer
2008-10-24 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-24 15:31 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 15:24 --------- d-----w c:\program files\WIDCOMM
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [11/14/2008 09:21 PM 2594224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM 405504]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM 271360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [08/30/2007 01:24 PM 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [08/30/2007 01:24 PM 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [08/30/2007 01:24 PM 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [05/10/2007 01:01 AM 36864]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 02:28 PM 266497]
"au"="c:\program files\Dealio\DealioAU.exe" [05/26/2008 07:50 PM 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [06/12/2008 04:57 PM 991584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM 1241088]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-19 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-24 50688]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroups"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-11-21 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2008-11-21 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-11-21 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-11-21 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-11-21 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-11-21 71464]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;\??\c:\windows\system32\Drivers\OEM02Afx.sys [2008-11-13 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-11-13 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-11-13 7424]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352]
.
- - - - ORPHANS REMOVED - - - -
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Compare Prices with &Dealio - c:\documents and settings\DELL\Application Data\Dealio\kb127\res\DealioSearch.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: avsda.dll
O16 -: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-06 15:23:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1572)
c:\windows\system32\avsda.dll
.
Completion time: 12/06/2008 15:25:27
ComboFix-quarantined-files.txt 2008-12-06 12:24:10
ComboFix2.txt 2008-11-28 18:50:26
Pre-Run: 27,468,537,856 bytes free
Post-Run: 27,459,821,568 bytes free
220 --- E O F --- 2008-12-05 22:35:40

fahad-1984 · 6 ديسمبر 2008

وهذا تقرير مرة اخرى

ComboFix 08-12-05.06 - DELL 12/06/2008 16:02:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.583 [GMT 3:00]
Running from: c:\documents and settings\DELL\My Documents\Downloads\Programs\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 13:03 --------- d-----w c:\documents and settings\DELL\Application Data\DMCache
2008-12-05 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-03 17:13 --------- d-----w c:\program files\Conduit
2008-12-03 15:25 3,286 ----a-w c:\windows\system32\tmp.reg
2008-12-03 11:12 --------- d-----w c:\program files\Registry Fast
2008-12-03 10:12 --------- d-----w c:\documents and settings\DELL\Application Data\CyberScrub
2008-12-03 10:12 --------- d-----w c:\documents and settings\DELL\Application Data\cleaner
2008-12-03 03:26 720,896 ----a-w c:\windows\iun6002.exe
2008-12-03 03:26 --------- d-----w c:\program files\Abadisoft
2008-12-02 20:59 --------- d-----w c:\documents and settings\DELL\Application Data\Vso
2008-12-02 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-02 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\Novatel Wireless
2008-12-02 19:03 --------- d-----w c:\documents and settings\DELL\Application Data\IDM
2008-12-02 17:09 --------- d-----w c:\program files\Registry Compressor
2008-12-02 13:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 09:11 --------- d-----w c:\program files\Wise Registry Cleaner 3 Pro
2008-12-01 09:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 09:02 --------- d-----w c:\documents and settings\DELL\Application Data\Dealio
2008-11-30 21:11 --------- d-----w c:\documents and settings\DELL\Application Data\Search Settings
2008-11-30 21:00 --------- d-----w c:\program files\Search Settings
2008-11-30 21:00 --------- d-----w c:\program files\Dealio
2008-11-30 19:28 --------- d-----w c:\program files\Google
2008-11-28 03:45 --------- d-----w c:\program files\MakeUp Pilot
2008-11-27 16:28 --------- d-----w c:\documents and settings\DELL\Application Data\MakeUpPilot
2008-11-22 18:20 --------- d-----w c:\program files\All-in-1 Mobile Video Convert
2008-11-22 14:55 --------- d-----w c:\program files\mpegable
2008-11-22 14:52 84 ----a-w C:\savelist1.dat
2008-11-22 14:52 305 ----a-w C:\savelist.dat
2008-11-22 14:50 79,360 ----a-w c:\windows\system32\realmrec.dll
2008-11-22 14:50 72,704 ----a-w c:\windows\system32\in_tara.dll
2008-11-22 14:50 70,144 ----a-w c:\windows\system32\in_cdda.dll
2008-11-22 14:50 226,816 ----a-w c:\windows\system32\in_vorbis.dll
2008-11-22 14:50 15,360 ----a-w c:\windows\system32\out_disk.dll
2008-11-22 14:50 13,824 ----a-w c:\windows\system32\out_wave.dll
2008-11-22 14:50 102,400 ----a-w c:\windows\system32\in_wm.dll
2008-11-21 20:40 --------- d-----w c:\program files\Unlocker
2008-11-21 20:20 --------- d-----w c:\documents and settings\DELL\Application Data\Desktopicon
2008-11-21 00:36 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-20 23:12 --------- d-----w c:\documents and settings\DELL\Application Data\Avira
2008-11-20 22:53 --------- d-----w c:\program files\Avira
2008-11-20 22:53 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-11-19 09:57 --------- d-----w c:\program files\Common Files\Vbox
2008-11-19 09:57 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 03:13 --------- d-----w c:\program files\Kaspersky Lab
2008-11-17 00:08 --------- d-----w c:\program files\Windows Live
2008-11-16 23:11 --------- d-----w c:\program files\Dell
2008-11-16 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-16 22:00 --------- d-----w c:\program files\Broadcom
2008-11-16 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-15 18:56 --------- d-----w c:\program files\Intel
2008-11-14 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-14 21:26 --------- d-----w c:\program files\Bonjour
2008-11-14 21:14 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-14 18:22 --------- d-----w c:\program files\Internet Download Manager
2008-11-14 03:50 --------- d-----w c:\program files\Microsoft Works
2008-11-14 03:49 --------- d-----w c:\program files\MSBuild
2008-11-12 22:11 --------- d-----w c:\program files\Windows Installer Clean Up
2008-11-12 22:11 --------- d-----w c:\program files\MSECACHE
2008-11-12 21:27 --------- d-----w c:\documents and settings\DELL\Application Data\URSoft
2008-11-10 16:17 --------- d-----w c:\program files\Microsoft
2008-11-10 15:46 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-06 22:21 --------- d-----w c:\documents and settings\DELL\Application Data\vlc
2008-11-06 14:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-06 14:33 47,104 ------w c:\windows\AKDeInstall.exe
2008-11-04 12:25 --------- d-----w c:\documents and settings\DELL\Application Data\PC Suite
2008-11-03 20:37 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-02 22:55 --------- d-----w c:\documents and settings\DELL\Application Data\Nokia Multimedia Player
2008-11-02 19:39 --------- d-----w c:\documents and settings\DELL\Application Data\Sierra Wireless
2008-11-02 19:38 --------- d-----w c:\program files\Sierra Wireless Inc
2008-11-02 12:03 --------- d-----w c:\documents and settings\DELL\Application Data\Nero
2008-11-02 12:02 --------- d-----w c:\program files\Nero
2008-11-02 12:02 --------- d-----w c:\program files\Common Files\Nero
2008-11-01 21:15 --------- d-----w c:\program files\IObit
2008-11-01 12:46 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-01 12:19 --------- d-----w c:\program files\Key Spyware
2008-11-01 10:48 --------- d-----w c:\program files\FastStone Capture
2008-11-01 10:48 --------- d-----w c:\documents and settings\DELL\Application Data\FastStone
2008-10-29 10:41 47,360 ----a-w c:\documents and settings\DELL\Application Data\pcouffin.sys
2008-10-29 10:41 --------- d-----w c:\program files\VSO
2008-10-28 03:53 --------- d-----w c:\program files\Media Player Classic
2008-10-28 03:45 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-28 03:45 --------- d-----w c:\program files\Nokia
2008-10-28 03:45 --------- d-----w c:\program files\DIFX
2008-10-28 03:45 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-28 03:45 --------- d-----w c:\program files\Common Files\Nokia
2008-10-28 03:45 --------- d-----w c:\documents and settings\DELL\Application Data\Nokia
2008-10-28 03:45 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-10-28 03:44 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-27 22:01 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-27 21:55 --------- d-----w c:\program files\Common Files\Real
2008-10-27 16:02 --------- d-----w c:\documents and settings\DELL\Application Data\Thinstall
2008-10-26 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Vso
2008-10-26 21:17 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-26 10:11 --------- d-----w c:\documents and settings\DELL\Application Data\Media Player Classic
2008-10-24 20:18 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-24 18:19 155,995 ----a-w c:\windows\java\Packages\0XJPNV9N.ZIP
2008-10-24 15:33 --------- d-----w c:\documents and settings\DELL\Application Data\Apple Computer
2008-10-24 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-24 15:31 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 15:24 --------- d-----w c:\program files\WIDCOMM
.
((((((((((((((((((((((((((((( snapshot@Sat 12-06-2008_15.23.55.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-06 12:01:28 59,878 ----a-w c:\windows\system32\perfc001.dat
+ 2008-12-06 12:55:56 59,878 ----a-w c:\windows\system32\perfc001.dat
- 2008-12-06 12:01:28 59,774 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-06 12:55:56 59,774 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-06 12:01:28 331,338 ----a-w c:\windows\system32\perfh001.dat
+ 2008-12-06 12:55:56 331,338 ----a-w c:\windows\system32\perfh001.dat
- 2008-12-06 12:01:28 395,534 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-06 12:55:56 395,534 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [11/14/2008 09:21 PM 2594224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM 405504]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM 271360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [08/30/2007 01:24 PM 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [08/30/2007 01:24 PM 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [08/30/2007 01:24 PM 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [05/10/2007 01:01 AM 36864]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 02:28 PM 266497]
"au"="c:\program files\Dealio\DealioAU.exe" [05/26/2008 07:50 PM 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [06/12/2008 04:57 PM 991584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM 1241088]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-19 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-24 50688]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroups"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-11-21 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2008-11-21 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-11-21 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-11-21 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-11-21 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-11-21 71464]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;\??\c:\windows\system32\Drivers\OEM02Afx.sys [2008-11-13 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-11-13 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-11-13 7424]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Compare Prices with &Dealio - c:\documents and settings\DELL\Application Data\Dealio\kb127\res\DealioSearch.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: avsda.dll
TCP: {7DFB77DA-66B6-4FE7-A1C7-0CE0D1D60816} = 84.235.114.209 84.235.114.197
O16 -: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-06 16:03:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1408)
c:\windows\system32\avsda.dll
.
Completion time: 12/06/2008 16:04:24
ComboFix-quarantined-files.txt 2008-12-06 13:04:21
ComboFix2.txt 2008-12-06 12:25:28
ComboFix3.txt 2008-11-28 18:50:26
Pre-Run: 27,464,314,880 bytes free
Post-Run: 27,455,250,432 bytes free
234 --- E O F --- 2008-12-05 22:35:40

MAAX · 6 ديسمبر 2008

اهلاا بك اخي

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

وعذرا بنقله للقسم المناسب

fahad-1984 · 6 ديسمبر 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:35:01 م, on 2008/12/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\DELL\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\DELL\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFB77DA-66B6-4FE7-A1C7-0CE0D1D60816}: NameServer = 84.235.114.209 84.235.114.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
--
End of file - 8051 bytes

Corporation · 6 ديسمبر 2008

من بعد أذن أستآذي مآكس

C:\Program Files\Search Settings\SearchSettings.exe

لو تحذف البرنامج اللي باللون الأحمر يكون أحسن لك

أحذف القيم التالية

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFB77DA-66B6-4FE7-A1C7-0CE0D1D60816}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE

طريقة الحذف

وبذلك تكون تمت عملية الحذف

بعدها حمل هذه الأدآة

استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وأن شاء الله تروح مشكلتك

السّاجد لله · 6 ديسمبر 2008

حدد القيم التالية واحذفها

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe

طريقة الحذف

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم ادخل على ازالة البرامج وابحث عن هذا البرنامج واحذفه

SearchSettings

وارفع تقرير هاي جاك جديد

السّاجد لله · 6 ديسمبر 2008

مشكور اخوي كومباك وما تقصر وعذرا ما شفت ردك

بس القيمة الاولى بردك لا تحذف بهذه الطريقة لانها تعمل في الذاكرة ولا تظهر ببرنامج الهايجاك فقط تظهر بملف ال txt

Corporation · 6 ديسمبر 2008

شوف ردي تم التحرير يالغالي :hh:

fahad-1984 · 6 ديسمبر 2008

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:00:38 م, on 2008/12/06Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\Avira Premium Security Suite\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\OEM02Mon.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Avira\Avira Premium Security Suite\avguard.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Avira\Avira Premium Security Suite\avesvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\Avira\Avira Premium Security Suite\avmailc.exeC:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXEC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\PC Connectivity Solution\NclBTHandler.exeC:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\DELL\My Documents\Downloads\Programs\Zyzoom_HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLLO2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dllO4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exeO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startupO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /minO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Bluetooth.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exeO8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\DELL\Application Data\Dealio\kb127\res\DealioSearch.htmlO8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htmO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLLO23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exeO23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exeO23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exeO23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exeO23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXEO23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe--End of file - 7624 bytes

KoNaMi · 6 ديسمبر 2008

اخوي ارسل التقرير مرة اخرى...........

السّاجد لله · 6 ديسمبر 2008

الاخ فاهد اعمل توسيط الكتابة ثم الصق التقرير مرة اخرى

fahad-1984 · 6 ديسمبر 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:38:20 م, on 2008/12/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DELL\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\DELL\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFB77DA-66B6-4FE7-A1C7-0CE0D1D60816}: NameServer = 84.235.114.209 84.235.114.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
--
End of file - 7702 bytes

KoNaMi · 6 ديسمبر 2008

حبيب قلبي التقرير سليم ماعدا هذة القيمة

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFB77DA-66B6-4FE7-A1C7-0CE0D1D60816}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بس نصيحه قلل من برامج بدأ التشغيل

بالتوفيق

السّاجد لله · 6 ديسمبر 2008

سلمت يداك بس اعملي التالي بعد وارفع تقرير اخير حبيب قلبي

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

ارفع علامة الصح من امام كل القيم ذات اللاحقة
C:/program File

ما عدا الانتي فايروس الخاص بك
والمثال هنا على الكاسبر وانت قيس على جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم وافق على اعادة التغشيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

السّاجد لله · 6 ديسمبر 2008

حمود خيو تسلم ايدك بس هذي القيمة بعد اذنك غير ضارة

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFB77DA-66B6-4FE7-A1C7-0CE0D1D60816}: NameServer =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهي لا تنحذف لانها خاصة بالسريفر المزود لخدمة الانترنت

KoNaMi · 6 ديسمبر 2008

hesham77 قال:
سلمت يداك بس اعملي التالي بعد وارفع تقرير اخير حبيب قلبي

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

ارفع علامة الصح من امام كل القيم ذات اللاحقة
C:/program File

ما عدا الانتي فايروس الخاص بك
والمثال هنا على الكاسبر وانت قيس على جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم وافق على اعادة التغشيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انا اشهد بالله انك استاذ k:k: وكلنا نتعلم منك

KoNaMi · 6 ديسمبر 2008

وزيادة على كلام استاذي هشام

قبل رفع التقرير استخدم هذة الاداة

هذة الاداة من اخوي protection

حمل هذه الاداه المجانيه من dr-web لانه افضل مكافح للتخلص من الفايروسات أثناء الاصابه

وينضف الملفات بشكل سليم .. وحاصل على جوائز في هذا االمجال ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد ماتخلص الاداة الفحص ارفع التقرير

السّاجد لله · 6 ديسمبر 2008

حمود انت استاذ وانا اتعلمت منك اكثر مما انت تعلمت مني من حيث لا تشعر انا متابع ردودك وتعجبني طريقتك حبيب قلبي

KoNaMi · 6 ديسمبر 2008

hesham77 قال:
حمود انت استاذ وانا اتعلمت منك اكثر مما انت تعلمت مني من حيث لا تشعر انا متابع ردودك وتعجبني طريقتك حبيب قلبي

لاوالله العين ماتعلى عن الحاجب انت استاذ الجميع :king:

fahad-1984 · 7 ديسمبر 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:31:11 ص, on 2008/12/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\DELL\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\DELL\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFB77DA-66B6-4FE7-A1C7-0CE0D1D60816}: NameServer = 84.235.114.209 84.235.114.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
--
End of file - 6352 bytes

زيزوومى متألق

زيزوومى متألق

عضوشرف

زيزوومى متألق

زيزوومى فضى

توقيع : Corporation

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : Corporation

زيزوومى متألق

زيزوومى فضى

توقيع : KoNaMi

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى متألق

زيزوومى فضى

توقيع : KoNaMi

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : KoNaMi

زيزوومى فضى

توقيع : KoNaMi

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : KoNaMi

زيزوومى متألق