تعليق بالشاشة الرئيسية وشريط الادوات ..

[Mr.FahooDy]

تعليق بالشاشة الرئيسية وشريط الادوات .. مرفق تقرير هايجاك ذيس

السلام عليكم
:no:
اخواني اعضاء زيزوم الكرام ..
:b:
انا ركبت نسخه ويندوز xp معدله
:q:
محذوف منها بعض الاشياء الغير مهمه
:u:
والنظام يعمل بكفائه عاليه جدا
k:
لكن بين فترة وفترة يعلق الجهاز خصوصا الشاشة الرئيسية وشريط الادوات (ابدا .. الساعة ..الخ)
:f:
وهذا تقرير الهايجاك ذيس

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:41:35 ص, on 27/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\CF27471.exe
C:\ComboFix\ComboFix-Download.exe
D:\Program\Zyzoom_HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Amok web bash obj] C:\Documents and Settings\All Users\Application Data\seek film amok web\Log Delete.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [burn amen] C:\DOCUME~1\ADMINI~1\APPLIC~1\DEBUGB~1\Wmastupid.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: One Click Destruction.lnk = C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237647353718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237721837171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6553 bytes

اتمنى ايجاد الحل ولكم مني كل الشكر والتقدير :b:
​

 

[JNoOoN AŁ3a6fh]

اذا انك مركب كاسبر أتوقع التعليق من الكاسبر ,, هذي حركاته :d:

عموما تعال لهذا الموضوع حبيبي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واعذرني على عدم تحليل التقرير

 

[Mr.FahooDy]

مركب Avira

وجاري مشاهده الموضوع

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 

[قاهرهم]

احذف هذه القيم ,,

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

باستخدام اداة الهايجاك


تابع الشرح على الصور

وبذلك تكون تمت عملية الحذف

--

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[Mr.FahooDy]

تفضل اخي ماكس سويت كل الي قلت لي وهذا التقرير

combofix 09-03-26.03 - administrator 03/28/2009 0:11:22.1 - ntfsx86
microsoft windows xp professional 5.1.2600.3.1256.1.1025.18.958.648 [gmt 3:00]
running from: D:\program\combofix.exe
av: Antivir desktop *on-access scanning enabled* (updated)
* created a new restore point

warning -this machine does not have the recovery console installed !!
.

((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\ktd32.atm
c:\windows\system32\agsaame.dll
c:\windows\system32\aloaudiofile2.dll
c:\windows\system32\aloavifile.dll
c:\windows\system32\aloquicktimefile.dll
c:\windows\system32\alovideocorem.dll
c:\windows\system32\alowmafile2.dll
c:\windows\system32\kakle.dll
c:\windows\system32\ultra.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((( files created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 21:07 --------- d-----w c:\documents and settings\administrator\application data\dmcache
2009-03-27 10:49 --------- d-----w c:\documents and settings\administrator\application data\utorrent
2009-03-27 10:39 --------- d-----w c:\program files\utorrent
2009-03-27 10:37 --------- d---a-w c:\documents and settings\all users\application data\temp
2009-03-26 12:55 --------- d-----w c:\documents and settings\administrator\application data\idm
2009-03-26 12:17 --------- d-----w c:\program files\pcbugdoctor
2009-03-26 12:13 --------- d-----w c:\documents and settings\administrator\application data\cyberscrub
2009-03-26 12:13 --------- d-----w c:\documents and settings\administrator\application data\cleaner
2009-03-25 22:47 --------- d-----w c:\documents and settings\administrator\application data\thinstall
2009-03-25 12:41 --------- d-----w c:\documents and settings\administrator\application data\gpass-4
2009-03-25 12:41 --------- d-----w c:\documents and settings\administrator\application data\gpass
2009-03-25 12:38 --------- d-----w c:\program files\no-ip
2009-03-23 21:34 --------- d-----w c:\documents and settings\all users\application data\messenger plus!
2009-03-23 15:36 --------- d-----w c:\documents and settings\administrator\application data\steady recorder
2009-03-23 12:43 --------- d-----w c:\program files\k-lite codec pack
2009-03-22 22:05 --------- d-----w c:\program files\circle developement
2009-03-22 22:05 --------- d-----w c:\documents and settings\administrator\application data\debugbookcake
2009-03-22 13:19 --------- d-----w c:\documents and settings\all users\application data\office genuine advantage
2009-03-22 12:47 --------- d-----w c:\program files\resize pictures plus
2009-03-22 11:29 --------- d-----w c:\program files\إدارة التشغيل العربي
2009-03-22 11:26 --------- d-----w c:\program files\avira
2009-03-22 11:26 --------- d-----w c:\documents and settings\all users\application data\avira
2009-03-22 03:49 --------- d-----w c:\program files\steganos internet trace destructor 7
2009-03-21 23:21 --------- d-----w c:\documents and settings\administrator\application data\avafind data
2009-03-21 23:16 --------- d-----w c:\program files\manycam 2.3
2009-03-21 23:03 --------- d-----w c:\program files\usb disk security
2009-03-21 21:54 --------- d-----w c:\program files\videocam gf112
2009-03-21 21:54 --------- d-----w c:\program files\installshield installation information
2009-03-21 21:54 --------- d-----w c:\program files\common files\pccamera
2009-03-21 21:54 --------- d-----w c:\program files\common files\installshield
2009-03-21 21:54 --------- d-----w c:\documents and settings\administrator\application data\paltalk
2009-03-21 21:42 --------- d-----w c:\program files\unlocker
2009-03-21 21:06 --------- d-----w c:\program files\paltalk messenger
2009-03-21 20:54 --------- d-----w c:\program files\total video converter
2009-03-21 20:52 --------- d-----w c:\program files\free flv to avi video converter
2009-03-21 20:47 --------- d-----w c:\program files\steady recorder
2009-03-21 20:46 --------- d-----w c:\program files\internet download manager
2009-03-21 20:45 --------- d-----w c:\documents and settings\all users\application data\seek film amok web
2009-03-21 20:41 --------- d-----w c:\program files\ashampoo
2009-03-21 20:41 --------- d-----w c:\documents and settings\all users\application data\ashampoo
2009-03-21 20:41 --------- d-----w c:\documents and settings\administrator\application data\ashampoo
2009-03-21 18:15 155,995 ----a-w c:\windows\java\packages\strndbzf.zip
2009-03-21 17:56 90,112 ----a-w c:\windows\system32\agsaami.dll
2009-03-21 17:56 753,664 ----a-w c:\windows\system32\agsaamg.dll
2009-03-21 17:56 626,688 ----a-w c:\windows\system32\agsaamh.dll
2009-03-21 17:56 544,256 ----a-w c:\windows\system32\agsaamd.dll
2009-03-21 17:56 538,624 ----a-w c:\windows\system32\agsaamb.dll
2009-03-21 17:56 372,736 ----a-w c:\windows\system32\agsaamc.dll
2009-03-21 17:56 331,776 ----a-w c:\windows\system32\agsaama.dll
2009-03-21 17:56 237,568 ----a-w c:\windows\system32\lame_enc.dll
2009-03-21 17:56 2,846,720 ----a-w c:\windows\system32\agsaamj.dll
2009-03-21 17:55 90,112 ----a-w c:\windows\system32\aloaudioformatsettings3.dll
2009-03-21 17:55 780,288 ----a-w c:\windows\system32\alovideocompress.dll
2009-03-21 17:55 778,240 ----a-w c:\windows\system32\aloaudiocompress2.dll
2009-03-21 17:55 215,552 ----a-w c:\windows\system32\alowmvfile.dll
2009-03-21 17:55 2,846,720 ----a-w c:\windows\system32\aloaudiocompress3.dll
2009-03-21 17:55 188,416 ----a-w c:\windows\system32\alovideofile.dll
2009-03-21 17:55 1,245,184 ----a-w c:\windows\system32\bkll.dll
2009-03-21 17:49 --------- d-----w c:\program files\messenger plus! Live
2009-03-21 17:49 --------- d-----w c:\program files\debugbookcake
2009-03-21 16:36 --------- d-----w c:\program files\msecache
2009-03-21 16:32 --------- d-----w c:\program files\ozone
2009-03-21 16:31 --------- d-----w c:\documents and settings\administrator\application data\ursoft
2009-03-21 16:21 --------- d-sh--w c:\documents and settings\all users\application data\{55a29068-f2ce-456c-9148-c869879e2357}
2009-03-21 16:21 --------- d-----w c:\documents and settings\all users\application data\tuneup software
2009-03-21 16:21 --------- d-----w c:\documents and settings\administrator\application data\tuneup software
2009-03-21 16:19 --------- d-----w c:\documents and settings\administrator\application data\media player classic
2009-03-21 16:14 --------- d-----w c:\program files\windows live
2009-03-21 16:12 --------- d-----w c:\program files\uninstaller 2008
2009-03-21 16:12 --------- d-----w c:\program files\the kmplayer
2009-03-21 16:12 --------- d-----w c:\program files\imageshack
2009-03-21 16:12 --------- d-----w c:\program files\foxit reader
2009-03-21 16:12 --------- d-----w c:\program files\dictionary
2009-03-21 16:12 --------- d-----w c:\program files\ccleaner
2009-03-21 16:12 --------- d-----w c:\program files\avi mpeg rm wmv splitter
2009-03-21 16:12 --------- d-----w c:\program files\avi mpeg rm wmv joiner
2009-03-21 16:11 --------- d-----w c:\program files\photobrush
2009-03-21 16:11 --------- d-----w c:\program files\megaview
2009-03-21 16:11 --------- d-----w c:\program files\inpaint
2009-03-21 16:11 --------- d-----w c:\program files\flash player 9
2009-03-21 16:11 --------- d-----w c:\program files\ava find
2009-03-21 16:10 --------- d-----w c:\program files\adobe photoshop cs
2009-03-21 15:06 --------- d-----w c:\program files\keychanger windows edition
2009-03-21 14:58 --------- d-----w c:\program files\difx
2009-03-21 14:50 --------- d-----w c:\program files\microsoft.net
2009-03-21 14:46 --------- d-----w c:\program files\reference assemblies
2009-03-21 14:46 --------- d-----w c:\program files\msbuild
2009-03-21 14:21 --------- d-----w c:\program files\windows media connect 2
2009-02-21 05:25 691,592 ----a-w c:\windows\system32\ogacheckcontrol.dll
2009-02-13 08:31 55,640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-02-09 14:04 1,846,656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:04 1,846,656 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-22 14:49 206,256 ----a-w c:\windows\system32\idmmbc.dll
2009-01-16 18:01 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
.

------- sigcheck -------

12/23/2007 09:51 pm 1814528 9fac07ba33c683cd81fdcded6d7ae44f c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4

[hkey_current_user\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/15/2008 12:29 am 15360]
"msnmsgr"="c:\program files\windows live\messenger\msnmsgr.exe" [03/25/2009 04:17 pm 5728112]
"idman"="c:\program files\internet download manager\idman.exe" [03/21/2009 11:46 pm 2745776]

[hkey_local_machine\software\microsoft\windows\currentversion\run]
"avgnt"="c:\program files\avira\antivir desktop\avgnt.exe" [03/02/2009 12:08 pm 209153]
"vttimer"="vttimer.exe" [09/21/2006 06:36 pm 53248 c:\windows\system32\vttimer.exe]
"s3trayp"="s3trayp.exe" [06/11/2007 01:15 pm 176128 c:\windows\system32\s3trayp.exe]
"rthdcpl"="rthdcpl.exe" [04/10/2008 05:52 pm 16861184 c:\windows\rthdcpl.exe]
"bluetoothauthenticationagent"="bthprops.cpl" [04/15/2008 12:30 am 110592 c:\windows\system32\bthprops.cpl]

[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/15/2008 12:29 am 15360]

[hkey_users\.default\software\microsoft\windows\currentversion\runonce]
"nltide_2"="shell32" [x]
"itd7"="c:\program files\steganos internet trace destructor 7\itd7.exe" [09/03/2004 04:02 pm 241664]
"nltide_3"="advpack.dll" [12/21/2008 01:30 am 124928 c:\windows\system32\advpack.dll]

c:\documents and settings\administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
one click destruction.lnk - c:\program files\steganos internet trace destructor 7\itd7.exe [2004-09-03 241664]

c:\documents and settings\all users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe [2009-01-28 10950144]

[hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer]
"nosmhelp"= 1 (0x1)
"memcheckboxinrundlg"= 1 (0x1)

[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer]
"nosmconfigureprograms"= 1 (0x1)

[hklm\~\startupfolder\c:^documents and settings^administrator^قائمة ابدأ^البرامج^بدء التشغيل^thaker.lnk]
path=c:\documents and settings\administrator\قائمة ابدأ\البرامج\بدء التشغيل\thaker.lnk
backup=c:\windows\pss\thaker.lnkstartup

[hklm\~\startupfolder\c:^documents and settings^all users^قائمة ابدأ^البرامج^بدء التشغيل^dyndns updater tray icon.lnk]
path=c:\documents and settings\all users\قائمة ابدأ\البرامج\بدء التشغيل\dyndns updater tray icon.lnk
backup=c:\windows\pss\dyndns updater tray icon.lnkcommon startup

[hklm\~\startupfolder\c:^documents and settings^all users^قائمة ابدأ^البرامج^بدء التشغيل^dyndns updater.lnk]
path=c:\documents and settings\all users\قائمة ابدأ\البرامج\بدء التشغيل\dyndns updater.lnk
backup=c:\windows\pss\dyndns updater.lnkcommon startup

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\itd7]
--a------ 09/03/2004 04:02 pm 241664 c:\program files\steganos internet trace destructor 7\itd7.exe

[hkey_local_machine\software\microsoft\security center]
"updatesdisablenotify"=dword:00000001
"antivirusoverride"=dword:00000001
"firewalloverride"=dword:00000001

[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\program files\\paltalk messenger\\paltalk.exe"=
"c:\\program files\\mozilla firefox\\firefox.exe"=
"c:\\program files\\windows live\\messenger\\msnmsgr.exe"=
"c:\\program files\\windows live\\messenger\\livecall.exe"=
"c:\\program files\\utorrent\\utorrent.exe"=

r2 antivirmailservice;avira antivir mailguard;c:\program files\avira\antivir desktop\avmailc.exe [2009-03-22 186625]
r2 antivirschedulerservice;avira antivir scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-03-22 108289]
r2 antivirwebservice;avira antivir webguard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-03-22 432897]
r3 manycam;manycam virtual webcam, wdm video capture driver;c:\windows\system32\drivers\manycam.sys [2008-01-14 21632]
r3 s3gigp;s3gigp;c:\windows\system32\drivers\s3gigpm.sys [2009-03-21 714240]
s3 pac207;videocam gf112;c:\windows\system32\drivers\pfc027.sys [2005-04-08 162176]
.
Contents of the 'scheduled tasks' folder

2009-03-27 c:\windows\tasks\a318633b910c161f.job
- c:\docume~1\admini~1\applic~1\debugb~1\this bags view.exe []

2009-03-27 c:\windows\tasks\ogadaily.job
- c:\windows\system32\ogaverify.exe []

2009-03-27 c:\windows\tasks\ogalogon.job
- c:\windows\system32\ogaverify.exe []
.
.
------- supplementary scan -------
.
Usearchmigrateddefaulturl = hxxp://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.microsoft:en-us&ie=utf8&oe=utf8
ustart page = hxxp://www.google.com.sa/
uinternet settings,proxyoverride = local
usearchurl,(default) = hxxp://www.google.com/keyword/%s
ie: تحميل الكل بواسطة internet download manager - c:\program files\internet download manager\iegetall.htm
ie: تحميل بواسطة internet download manager - c:\program files\internet download manager\ieext.htm
ie: تحميل محتوى flv بواسطة internet download manager - c:\program files\internet download manager\iegetvl.htm
lsp: C:\program files\avira\antivir desktop\avsda.dll
dpf: Microsoft xml parser for java - file:///c:/windows/java/classes/xmldso.cab
ff - profilepath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\zvdd24av.default\
ff - prefs.js: Browser.startup.homepage - hxxp://www.google.com.sa/
ff - component: C:\documents and settings\administrator\application data\idm\idmmzcc2\components\idmmzcc.dll
ff - plugin: C:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
ff - plugin: C:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 w2k/xp/vista - rootkit/stealth malware detector by gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2009-03-28 00:12:53
windows 5.1.2600 service pack 3 ntfs

scanning hidden processes ...

Scanning hidden autostart entries ...

Scanning hidden files ...

Scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- dlls loaded under running processes ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\program files\avira\antivir desktop\avsda.dll
.
Completion time: 03/28/2009 0:14:25
combofix-quarantined-files.txt 2009-03-27 21:14:23

pre-run: 35,734,683,648 bytes free
post-run: 35,726,213,120 bytes free

231

 

[MAAX]

ارفع تقرير هايجاك جديد

 

[Mr.FahooDy]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:37:54 م, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: One Click Destruction.lnk = C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237647353718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237721837171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 5480 bytes

 

[MAAX]

التقرير الان سليم
هل يوجد اي مشاكل ؟

 

[Mr.FahooDy]

الى الان كل شي سليم

التعليق ماهو دايم يعني يجي فجأه

لكن الى الان ما علق ولله الحمد

يعطيك الف عا فية يا ماكس وتستاهل التقييم