هل جهازي مصاب ؟ يوجد تقرير اداة الكاسبر

الحالة
مغلق و غير مفتوح للمزيد من الردود.
ع

عتيق غرم الله علي

زيزوومى محترف
إنضم
27 يوليو 2008
المشاركات
3,712
مستوى التفاعل
7
النقاط
820
غير متصل
السلام عليكم ورحمة الله وبركاته...
كيفكم ياخواني أرجوا من الله أن تكونوا في تمام الصحة والعافية ، أنا اليوم قمت بفحص الجهاز باداة الكاسبر ثم قمت بحفظ التقرير ارجوا منكم افادتي هل الجهاز مصاب أم لا ؟
ولكم جزيل الشكر والتقدير...
هذا هو التقرير :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 

توقيع : عتيق غرم الله علي
ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام

عندك 5 اصابات تم حذفهم



اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​
 
توقيع : AbOdy
تأييد 0
السلام عليكم ورحمة الله وبركاته..
اولا: مشكور أخوي الكريم على ردك الجميل وجعله الله في ميزان حسناتك ...
ثانيا :هذا هو التقرير:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:41:35 م, on 23/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo123.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Wyyo\wyyo.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-688M8.lnk = ?
O4 - Startup: is-6D01D.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Wyyo Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo123.exe
--
End of file - 13639 bytes
 
توقيع : عتيق غرم الله علي
تأييد 0
هلا بك

حدد القيم واحذفها

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll



R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll




R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll





R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL




R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll




R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL




O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll




O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll





O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)




O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll




O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll




O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll





O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll





O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL





O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL





O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll




O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll





O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll





O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL





O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll





O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll





O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL




O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html




O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)





O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)





O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي






O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي






طريقة الحذف




mg%20%283%29.png


mg%20%284%29.png




بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png





بعد عمل المطلوب

احذف هالبرنامج

Wyyo

وبس تخلص الحذف

ااعد تشغيل الجهاز واعمل التالي


حمل الأداة التاليه
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيل الاداة نضغط كما محدد بالصورة التالية

wh_61624949.png


ونوافق على الرسائل التي تخرج وفي حال خروج تحذير من برنامج الحماية نعمل له سماح



بعد ما تخلص اعد تشغيل الجهاز مرة اخرى واعمل التالي


عطل برامج الحماية وسكر صفحات الأنترنت وسكر جميع البرامج

وحمل هالأداة


شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png




بعد ماتخلص عطني تقرير هالأداة وتقرير هايجاك جديد​
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
مشكور أخوي وبارك الله فيك لقد قمت بحذف القيم ولكن هل أحذف البرامج المحدد كما في الصور
zyzoom-06215ce110.png


الصورة الثانية
zyzoom-ed8731c993.png

الصورة الثالثة
zyzoom-2d1a1e3b60.png

الصورة الخامسة
zyzoom-37908d0660.png


وجزاك الله عني خير الجزاء ...
 
توقيع : عتيق غرم الله علي
تأييد 0
ايه نعم يا الغلاا , احذفهم كلهم وكمل عمل المطلوب
 
توقيع : AbOdy
تأييد 0
بارك الله فيك أخوي الكريم عملت كل شئ بس بقي عليه الاداة الاخيرة ارجوا منك رفعها لان الرابط مش شغال
وجزاك الله خير...
 
توقيع : عتيق غرم الله علي
تأييد 0
هذا هو تقرير الاداة الاخيرة بارك الله فيك
SmitFraudFix v2.396
Scan done at 16:48:13.68, Tue 02/24/2009
Run from C:\Documents and Settings\ATEEK\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
DNS Server Search Order: 212.93.192.16
DNS Server Search Order: 212.93.192.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{82A664C6-AC88-4312-AFB1-D6BA780D6871}: DhcpNameServer=212.93.192.16 212.93.192.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82A664C6-AC88-4312-AFB1-D6BA780D6871}: DhcpNameServer=212.93.192.16 212.93.192.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82A664C6-AC88-4312-AFB1-D6BA780D6871}: DhcpNameServer=212.93.192.16 212.93.192.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.93.192.16 212.93.192.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.93.192.16 212.93.192.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.93.192.16 212.93.192.10

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
توقيع : عتيق غرم الله علي
تأييد 0
وهذا تقرير الهايجاك بارك الله فيك :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:06, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Zyzoom_HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-688M8.lnk = ?
O4 - Startup: is-6D01D.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 9017 bytes
 
توقيع : عتيق غرم الله علي
تأييد 0
عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى


بس تخلص عطني تقرير هالأداة وتقرير هايجاك جديد

بالأنتظار
 
توقيع : AbOdy
تأييد 0
السلام عليكم ورحمة الله وبركاته ...
بارك الله فيك أخوي AbOdy هذا تقرير الاداة الاخيرة :
ComboFix 09-02-21.01 - ATEEK 02/24/2009 17:16:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.1.1025.18.758.313 [GMT 3:00]
Running from: c:\documents and settings\ATEEK\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 14:22 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-24 14:20 --------- d-----w c:\documents and settings\ATEEK\Application Data\DMCache
2009-02-24 14:18 540,704 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-24 14:18 3,976 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-24 14:18 20,468 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-24 14:18 2,347,552 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-24 13:47 --------- d-----w c:\documents and settings\ATEEK\Application Data\IDM
2009-02-24 12:38 --------- d-----w c:\program files\Conduit
2009-02-24 12:38 --------- d-----w c:\program files\AskTBar
2009-02-24 12:19 --------- d-----w c:\documents and settings\ATEEK\Application Data\CyberScrub
2009-02-24 12:16 --------- d-----w c:\documents and settings\ATEEK\Application Data\cleaner
2009-02-24 11:10 --------- d-----w c:\program files\Yahoo!
2009-02-24 11:08 --------- d-----w c:\program files\Jap
2009-02-23 09:04 --------- d-----w c:\program files\Registry Easy
2009-02-23 06:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 06:46 --------- d-----w c:\program files\JavaSoft
2009-02-23 06:42 --------- d-----w c:\documents and settings\ATEEK\Application Data\GTunnel
2009-02-21 09:51 --------- d-----w c:\program files\Reference Assemblies
2009-02-21 09:51 --------- d-----w c:\program files\MSBuild
2009-02-20 12:54 --------- d-----w c:\program files\SpeedBit Video Accelerator
2009-02-20 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\Speedbit
2009-02-20 12:49 --------- d-----w c:\program files\SweetIM
2009-02-20 12:49 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2009-02-19 14:38 --------- d-----w c:\program files\Sweethearts 3D Screensaver
2009-02-19 14:34 --------- d-----w c:\program files\The Lost Watch 3D Screensaver
2009-02-19 14:31 --------- d-----w c:\program files\Ice Clock 3D Screensaver
2009-02-19 14:16 --------- d-----w c:\program files\3Planesoft Screensaver Manager
2009-02-18 14:46 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-18 09:51 --------- d-----w c:\documents and settings\All Users\Application Data\Winferno
2009-02-18 09:49 --------- d-----w c:\program files\Free Offers from Freeze.com
2009-02-18 09:47 --------- d-----w c:\documents and settings\All Users\Application Data\Wyyo
2009-02-18 04:08 --------- d-----w c:\documents and settings\ATEEK\Application Data\WNR
2009-02-17 16:30 --------- d-----w c:\documents and settings\ATEEK\Application Data\GPass-3
2009-02-12 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-11 10:54 --------- d-----w c:\documents and settings\ATEEK\Application Data\3
2009-02-10 10:52 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-04 17:59 --------- d-----w c:\documents and settings\ATEEK\Application Data\4
2009-02-04 17:50 --------- d-----w c:\documents and settings\ATEEK\Application Data\GPass
2009-02-04 11:13 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-04 11:13 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-03 04:38 --------- d-----w c:\program files\Internet Download Manager
2009-02-02 10:32 --------- d-----w c:\program files\LtUcx
2009-02-01 08:45 --------- d-----w c:\documents and settings\ATEEK\Application Data\Yahoo!
2009-02-01 08:44 --------- d-----w c:\documents and settings\ATEEK\Application Data\SlipStream
2009-01-29 19:10 65,541 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-29 19:10 6,106 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-29 12:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-27 14:33 --------- d-----w c:\program files\KingoOo Upload V3
2009-01-26 17:33 --------- d-----w c:\program files\EPSON
2009-01-26 17:33 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-26 17:33 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
2009-01-26 14:24 --------- d-----w c:\program files\VisualBasic
2009-01-24 18:42 --------- d-----w c:\program files\TVPlayerClassic
2009-01-23 21:36 --------- d-----w c:\program files\Common Files\Nero
2009-01-23 21:13 --------- d-----w c:\program files\Nero
2009-01-23 21:10 --------- d-----w c:\program files\Windows Sidebar
2009-01-23 20:55 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-23 20:03 --------- d-----w c:\program files\DirectVobSub
2009-01-23 17:55 --------- d-----w c:\documents and settings\ATEEK\Application Data\Ashampoo
2009-01-23 17:54 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-01-23 17:53 --------- d-----w c:\program files\Ashampoo
2009-01-23 14:44 --------- d-----w c:\documents and settings\ATEEK\Application Data\Datalayer
2009-01-23 14:35 --------- d-----w c:\program files\Google
2009-01-23 11:29 --------- d-----w c:\documents and settings\ATEEK\Application Data\Nero
2009-01-23 03:51 --------- d-----w c:\program files\Microsoft Works
2009-01-21 14:20 --------- d-----w c:\program files\BandRich
2009-01-20 19:35 --------- d-----w c:\program files\Windows Live
2009-01-20 19:09 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-20 19:06 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-20 10:22 --------- d-----w c:\program files\MSXML 4.0
2009-01-19 20:38 --------- d-----w c:\program files\Kaspersky Lab
2009-01-19 20:37 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-19 20:04 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-01-19 20:04 172,032 ------w c:\windows\Setup1.exe
2009-01-19 20:01 --------- d-----w c:\documents and settings\ATEEK\Application Data\PC Suite
2009-01-19 20:00 --------- d-----w c:\program files\Nokia
2009-01-19 20:00 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-19 20:00 --------- d-----w c:\program files\Common Files\Nokia
2009-01-19 18:19 --------- d-----w c:\program files\3GP Player
2009-01-19 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-01-19 18:17 --------- d-----w c:\program files\GRETECH
2009-01-19 18:11 --------- d-----w c:\program files\Java
2009-01-19 13:23 --------- d-----w c:\documents and settings\ATEEK\Application Data\Winamp
2009-01-19 13:21 --------- d-----w c:\program files\Winamp
2009-01-19 13:02 --------- d-----w c:\program files\Real
2009-01-19 13:02 --------- d-----w c:\program files\Common Files\xing shared
2009-01-19 13:02 --------- d-----w c:\program files\Common Files\Real
2009-01-19 12:54 --------- d-----w c:\program files\All-in-1 Mobile Video Convert
2009-01-19 12:52 --------- d-----w c:\program files\Zoom Player
2009-01-19 12:50 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-19 12:45 --------- d-----w c:\program files\Common Files\Java
2009-01-19 11:50 --------- d-----w c:\program files\Common Files\ACD Systems
2009-01-19 11:50 --------- d-----w c:\program files\ACD Systems
2009-01-19 11:50 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-19 11:11 --------- d-----w c:\program files\microsoft frontpage
.
------- Sigcheck -------
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\explorer.exe
01/19/2009 09:13 PM 1655296 2fd48aaeaec9c891f72277bbe701f5db c:\windows\$NtServicePackUninstall$\explorer.exe
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\ServicePackFiles\i386\explorer.exe
01/19/2009 09:13 PM 66584 a7799dc80ab57384272e2179ef1237dd c:\windows\ServicePackFiles\i386\wuauclt.exe
01/19/2009 09:13 PM 66584 a7799dc80ab57384272e2179ef1237dd c:\windows\system32\wuauclt.exe
01/19/2009 09:13 PM 78360 0fb0036acea470cc670c4919fe53007f c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [10/08/2008 12:22 PM 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/23/2009 05:35 PM 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [02/03/2009 07:43 AM 2745776]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [08/26/2005 03:49 PM 860160]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [02/20/2009 03:53 PM 2823784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [04/25/2005 05:32 AM 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [04/25/2005 05:29 AM 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [04/25/2005 05:32 AM 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [01/19/2009 09:11 PM 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [01/19/2009 04:02 PM 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [04/01/2008 09:49 PM 36352]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [09/06/2005 02:45 PM 820736]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/29/2005 03:29 PM 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [01/28/2009 04:57 PM 111928]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [02/10/2009 01:52 PM 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\ATEEK\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
is-688M8.lnk - c:\documents and settings\ATEEK\«ل¥ ںéêè¢ \Virus Removal Tool\is-688M8\startup.exe [2009-02-23 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 is-688M8drv;is-688M8drv;c:\windows\system32\drivers\78019896.sys [2009-02-23 148496]
R1 is-6D01Ddrv;is-6D01Ddrv;c:\windows\system32\drivers\30072513.sys [2009-02-22 148496]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2008-10-03 87264]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [2009-01-21 104192]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S4 Wyyo Service;Wyyo Service;c:\documents and settings\All Users\Application Data\Wyyo\wyyo123.exe [2009-02-18 54752]
.
*******s of the 'Scheduled Tasks' folder
2009-02-24 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2009-02-23 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [02/23/2009 07:44 AM]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-Device Detector - DevDetect.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-02-24 17:20:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\.Default\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_Default.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\AppGPFault\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\CCSelect\9*JB0*خw]
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\Close\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_CriticalBatteryAlarm.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\DeviceConnect\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_DeviceConnect.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_DeviceDisconnect.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\DeviceFail\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_DeviceFail.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_LowBatteryAlarm.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\MailBeep\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_MailBeep.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\Maximize\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\MenuCommand\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\MenuPopup\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\Minimize\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\Open\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\PrintComplete\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\RestoreDown\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\RestoreUp\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\ShowBand\9*JB0*خw]
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\SystemAsterisk\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_SystemAsterisk.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\SystemExclamation\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_SystemExclamation.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\SystemExit\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_SystemExit.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\SystemHand\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_SystemHand.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\SystemNotification\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_SystemNotification.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\SystemQuestion\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\SystemStart\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_SystemStart.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\WindowsLogoff\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_WindowsLogoff.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\.Default\WindowsLogon\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_WindowsLogon.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\9*JB0*خw]
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\Explorer\BlockedPopup\9*JB0*خw]
@="Vista_BlockedPopup.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Vista_EmptyRecycleBin.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\9*JB0*خw]
@="Windows Feed Discovered.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\9*JB0*خw]
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\Explorer\Navigating\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Navigation Start.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\Explorer\SearchProviderDiscovered\9*JB0*خw]
@=""
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\Explorer\SecurityBand\9*JB0*خw]
@="Vista_SecurityBand.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\9*JB0*خw]
@="c:\\Program Files\\Messenger\\online.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\9*JB0*خw]
@="c:\\Program Files\\Messenger\\newalert.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\9*JB0*خw]
@="c:\\Program Files\\Messenger\\newemail.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\9*JB0*خw]
@="c:\\Program Files\\Messenger\\type.wav"
[HKEY_USERS\S-1-5-21-839522115-1275210071-725345543-1004\AppEvents\Schemes\Names\9*JB0*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="عتيق"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 02/24/2009 17:25:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-24 14:25:46
Pre-Run: 30,918,561,792 bytes free
Post-Run: 30,879,162,368 bytes free
371 --- E O F --- 2009-02-18 14:46:53
 
توقيع : عتيق غرم الله علي
تأييد 0
وهذا تقرير الهايجاك :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:31, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-688M8.lnk = ?
O4 - Startup: is-6D01D.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 8962 bytes
 
توقيع : عتيق غرم الله علي
تأييد 0
وفيك يا الغلاا

الأن جهازك سليم ولا يوجد فيه اصابات :ok:

يغلق الموضوع لأنتهائه
 
توقيع : AbOdy
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى