هل جهازي مصاب ام لا >>> تقرير كمبوفيكس

[الشيخ مشفوح]

هذا هو التقرير


ComboFix 08-12-15.04 - FAISAL 12/16/2008 21:59:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.2039.1556 [GMT 3:00]
Running from: d:\faisal\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\artools.dll
c:\windows\system32\ALOAudioFile2.dll
c:\windows\system32\ALOAVIFile.dll
c:\windows\system32\ALOQuickTimeFile.dll
c:\windows\system32\ALOVideoCoreM.dll
c:\windows\system32\ALOWMAFile2.dll
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 19:00 --------- d-----w c:\documents and settings\FAISAL\Application Data\uTorrent
2008-12-16 18:59 --------- d-----w c:\documents and settings\FAISAL\Application Data\DMCache
2008-12-13 08:52 --------- d-----w c:\program files\Steganos Internet Anonym Pro 7
2008-12-13 08:52 --------- d-----w c:\program files\Secure Surfing Engine
2008-12-13 07:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-07 17:44 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-07 17:43 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-07 17:43 --------- d-----w c:\documents and settings\FAISAL\Application Data\bsplayer
2008-12-07 17:39 --------- d-----w c:\program files\GVR
2008-12-05 22:53 --------- d-----w c:\documents and settings\FAISAL\Application Data\Thinstall
2008-12-05 20:27 2,359,350 ----a-w c:\program files\فايز.bmp
2008-12-04 21:56 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-04 21:55 --------- d-----w c:\program files\Windows Live
2008-12-04 21:55 --------- d-----w c:\program files\MSN Messenger
2008-12-04 21:55 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-04 21:55 --------- d-----w c:\program files\Circle Developement
2008-12-04 21:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-04 21:23 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-04 20:59 --------- d-----w c:\documents and settings\FAISAL\Application Data\IDM
2008-12-03 13:48 140,800 ----a-w c:\windows\system32\TAUR.exe
2008-12-02 17:49 --------- d-----w c:\program files\netcut
2008-11-28 16:07 --------- d-----w c:\program files\Microsoft Works
2008-11-28 16:05 --------- d-----w c:\program files\Counter-Strike Source
2008-11-28 15:47 --------- d-----w c:\program files\Eidos Interactive
2008-11-28 15:47 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-28 15:46 --------- d-----w c:\program files\Internet Download Manager
2008-11-27 18:53 --------- d-----w c:\program files\MSBuild
2008-11-27 15:13 --------- d-----w c:\program files\AirStrike II Gulf Thunder
2008-11-23 13:40 --------- d-----w c:\program files\MyPlayCity
2008-11-23 13:40 --------- d-----w c:\program files\Conduit
2008-11-21 20:07 --------- d-----w c:\program files\Common Files\Adobe
2008-11-21 20:06 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-19 10:18 --------- d-----w c:\program files\%temp&
2008-11-17 17:01 16 ----a-w c:\windows\system32\drivers\ksdevice.sys
2008-11-17 17:01 16 ----a-w c:\windows\system32\drivers\KeenSense.sys
2008-11-14 16:47 --------- d-----w c:\program files\WinAce
2008-11-12 18:50 --------- d-----w c:\program files\Google
2008-11-12 18:05 780,288 ----a-w c:\windows\system32\ALOVideoCompress.dll
2008-11-12 18:05 215,552 ----a-w c:\windows\system32\ALOWMVFile.dll
2008-11-12 18:05 188,416 ----a-w c:\windows\system32\ALOVideoFile.dll
2008-11-12 18:04 90,112 ----a-w c:\windows\system32\ALOAudioFormatSettings3.dll
2008-11-12 18:04 778,240 ----a-w c:\windows\system32\ALOAudioCompress2.dll
2008-11-12 18:04 2,846,720 ----a-w c:\windows\system32\ALOAudioCompress3.dll
2008-11-12 18:03 344,064 ----a-w c:\windows\system32\dkll.dll
2008-11-12 18:03 --------- d-----w c:\program files\Ozone
2008-11-11 19:02 --------- d-----w c:\program files\Video Convert Master
2008-11-11 19:01 81,920 ----a-w c:\documents and settings\FAISAL\Application Data\ezpinst.exe
2008-11-11 19:01 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-11 19:01 47,360 ----a-w c:\documents and settings\FAISAL\Application Data\pcouffin.sys
2008-11-11 19:01 --------- d-----w c:\documents and settings\FAISAL\Application Data\Vso
2008-11-11 18:44 --------- d-----w c:\program files\PowerQuest
2008-11-11 16:25 --------- d-----w c:\documents and settings\FAISAL\Application Data\Nero
2008-11-11 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2008-11-11 15:52 --------- d-----w c:\documents and settings\FAISAL\Application Data\ESET
2008-11-11 15:50 --------- d-----w c:\program files\ESET
2008-11-11 15:50 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-11-11 13:37 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2008-11-11 13:02 --------- d-----w c:\program files\Real
2008-11-11 13:02 --------- d-----w c:\program files\Common Files\Real
2008-11-11 12:58 --------- d-----w c:\program files\Realtek
2008-11-11 12:58 --------- d-----w c:\documents and settings\FAISAL\Application Data\InstallShield
2008-11-11 12:20 --------- d-----w c:\program files\MSXML 4.0
2008-11-11 12:18 --------- d-----w c:\program files\Intel
2008-11-11 12:07 --------- d-----w c:\documents and settings\FAISAL\Application Data\Media Player Classic
2008-11-11 11:57 --------- d-----w c:\program files\uTorrent
2008-11-11 11:03 --------- d-----w c:\program files\Common Files\Nero
2008-11-11 10:55 --------- d-----w c:\program files\AskTBar
2008-11-11 10:54 --------- d-----w c:\program files\Nero
2008-11-11 10:53 --------- d-----w c:\program files\Windows Sidebar
2008-11-11 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-11 10:43 --------- d-----w c:\program files\Common Files\LightScribe
2008-11-11 03:29 --------- d-----w c:\program files\Java
2008-11-11 03:29 --------- d-----w c:\program files\Common Files\Java
2008-11-11 03:23 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 11:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 11:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 13:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2006-09-19 03:14 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-09-19 03:14 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-09-19 03:14 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-09-19 03:14 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-09-19 03:14 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [08/05/2008 02:13 AM 1610264]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
08/05/2008 02:13 AM 1610264 --a------ c:\program files\MyPlayCity\tbMyPl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [08/05/2008 02:13 AM 1610264]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [08/05/2008 02:13 AM 1610264]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/28/2008 07:08 PM 2606512]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [06/09/2008 10:16 AM 2363392]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [04/14/2008 06:59 PM 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/16/2008 08:22 PM 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [04/05/2005 09:22 AM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [04/05/2005 09:19 AM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [04/05/2005 09:23 AM 114688]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [04/05/2005 09:19 AM 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [04/05/2005 09:23 AM 114688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [01/30/2008 12:37 PM 1443072]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 12:21 PM 16270848 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 01:04 PM 2879488 c:\windows\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 07:00 PM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SIAPRO7"="c:\program files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" [07/20/2005 02:05 PM 274432]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" [2008-01-30 468224]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.msn.com
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Secure Surfing Engine\sselsp.dll
FF - ProfilePath - c:\documents and settings\FAISAL\Application Data\Mozilla\Firefox\Profiles\5kgj5sp2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-16 22:02:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1252)
c:\program files\Secure Surfing Engine\sselsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 12/16/2008 22:04:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-16 19:04:29
Pre-Run: 17,124,683,776 bytes free
Post-Run: 17,094,463,488 bytes free
233 --- E O F --- 2008-12-13 07:03:38

 

[MAAX]

اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[MAAX]

تم حذف بعض الاصابات
ولتاكد اكثر اعمل هذا التقرير

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 

[الشيخ مشفوح]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:00:07 م, on 17/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\FAISAL\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\program files\steganos internet anonym pro 7\siapro7iep.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
--
End of file - 8433 bytes

 

[هاوي النت]

احذف القيم التاليه​

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)​

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)​

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)​

O4 - HKUS\.DEFAULT\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'Default user')​

طريقة الحذف ​

​

​

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود​

ثم نزل هذه الاداة واتبع الشرح التالي​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

التوافق : ويندوز اكسبيفقط ​

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )​

​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

​

 

[الشيخ مشفوح]

مشكووووور يعني الجهاز مو ملغوم