تم حل المشكلة /تقرير ج ـهازي

A-3siri · 30 مارس 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:41:37 , on 29/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SmElis\WebData Extractor\swde.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = abo0o0ode
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TiGeR-Firewall] C:\DOCUME~1\ch\LOCALS~1\Temp\Rar$EX27.203\البرنامج\TiGeR-Firewall.EXE
O4 - HKLM\..\Run: [task manager] C:\DOCUME~1\ch\LOCALS~1\Temp\Rar$EX00.922\Islam - Soldier.exe
O4 - HKLM\..\Run: [swstem] C:\DOCUME~1\ch\LOCALS~1\Temp\s-HTMOOK.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ownslite] C:\DOCUME~1\ch\APPLIC~1\FILMPI~1\Bib Meet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmElis WebData Extractor] C:\Program Files\SmElis\WebData Extractor\swde.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &SmElis WebData Extractor - res://C:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmElis WebData Extractor - {29718CC3-6C8E-4908-B546-A80C67C2F146} - res://C:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: SmElis WebData Extractor - {29718CC3-6C8E-4908-B546-A80C67C2F146} - res://C:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220 (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7992 bytes

MAAX · 30 مارس 2009

اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

MAAX · 30 مارس 2009

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

A-3siri · 31 مارس 2009

ComboFix 09-03-29.02 - ch 03/30/2009 5:28:05.5 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.3061.2592 [GMT -8:00]
Running from: c:\documents and settings\ch\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 11:41 --------- d-----w c:\documents and settings\ch\Application Data\TVU networks
2009-03-30 00:16 396,288 ----a-w C:\HijackThis.exe
2009-03-29 09:39 --------- d-----w c:\program files\Trend Micro
2009-03-29 04:49 --------- d-----w c:\program files\Internet Download Manager
2009-03-29 04:49 --------- d-----w c:\documents and settings\ch\Application Data\IDM
2009-03-29 04:49 --------- d-----w c:\documents and settings\ch\Application Data\DMCache
2009-03-26 04:43 --------- d-----w c:\program files\Tsonamy
2009-03-25 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-03-25 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-03-25 01:21 --------- d-----w c:\program files\SmElis
2009-03-25 01:09 --------- d-----w c:\program files\Online TV Player
2009-03-25 01:06 --------- d-----w c:\program files\BPFTP
2009-03-25 01:06 --------- d-----w c:\documents and settings\ch\Application Data\BPFTP
2009-03-23 00:48 --------- d-----w c:\program files\Paltalk Messenger
2009-03-23 00:17 --------- d-----w c:\documents and settings\ch\Application Data\Paltalk
2009-03-23 00:13 --------- d-----w c:\program files\Google
2009-03-22 09:32 --------- d-----w c:\program files\No-IP
2009-03-21 17:53 --------- d-----w c:\program files\TorrentSpeeder
2009-03-21 16:25 --------- d-----w c:\program files\Microsoft.NET
2009-03-21 16:23 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-21 15:17 --------- d-----w c:\documents and settings\ch\Application Data\COWON
2009-03-21 10:04 --------- d-----w c:\program files\Microsoft Virtual PC
2009-03-20 10:07 --------- d-----w c:\program files\LtUcx
2009-03-16 12:00 --------- d-----w c:\program files\NextSecurity.NET
2009-03-16 10:43 --------- d-----w c:\documents and settings\ch\Application Data\Media Player Classic
2009-03-15 21:11 --------- d-----w c:\program files\TVUPlayer
2009-03-15 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-03-14 21:42 --------- d-----w c:\documents and settings\ch\Application Data\Thinstall
2009-03-12 16:58 --------- d-----w c:\program files\Mobily Connect Card
2009-03-12 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2009-03-12 13:10 --------- d-----w c:\program files\TechSmith
2009-03-12 13:10 --------- d-----w c:\program files\Common Files\TechSmith Shared
2009-03-12 13:08 --------- d-----w c:\documents and settings\ch\Application Data\Nero
2009-03-12 03:43 --------- d-----w c:\program files\FAHESS
2009-03-12 03:26 --------- d-----w c:\program files\Fahess_Activation
2009-03-12 03:26 --------- d-----w c:\program files\Common Files\Motive
2009-03-12 03:26 --------- d-----w c:\documents and settings\ch\Application Data\Motive
2009-03-12 03:26 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-03-12 02:59 155,995 ----a-w c:\windows\java\Packages\SXNFB9ZH.ZIP
2009-03-12 02:50 --------- d-----w c:\program files\Microsoft
2009-03-12 02:49 --------- d-----w c:\program files\Windows Live
2009-03-12 02:48 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-12 02:47 --------- d-----w c:\program files\Yahoo!
2009-03-12 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-12 02:37 16,608 ----a-w c:\windows\gdrv.sys
2009-03-11 23:15 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-11 23:12 --------- d-----w c:\program files\FILM PILE TITLE
2009-03-11 23:03 --------- d-----w c:\program files\MSN Messenger
2009-03-11 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Lies shim upload curb
2009-03-11 22:29 --------- d-----w c:\documents and settings\ch\Application Data\FILM PILE TITLE
2009-03-11 22:28 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-11 22:28 --------- d-----w c:\program files\Circle Develoement
2009-03-11 20:01 --------- d-----w c:\documents and settings\ch\Application Data\ESET
2009-03-11 19:58 --------- d-----w c:\program files\ESET
2009-03-11 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-11 19:44 --------- d-----w c:\program files\Common Files\Adobe
2009-01-22 14:49 206,256 ----a-w c:\windows\system32\idmmbc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [06/28/2007 09:43 AM 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [06/28/2007 09:43 AM 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [04/26/2008 10:58 PM 185896]
"ClocX"="c:\program files\ClocX\ClocX.exe" [04/13/2004 07:12 AM 103936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [09/05/2007 01:13 AM 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [09/05/2007 01:13 AM 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [09/05/2007 01:13 AM 137752]
"FAHESS_McciTrayApp"="c:\program files\FAHESS\McciTrayApp.exe" [04/16/2008 12:54 AM 1459200]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM 1443072]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 01:08 AM 16380416 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [06/15/2007 01:45 AM 1826816 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [06/28/2007 09:43 AM 1626112 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/03/2004 10:56 PM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 08/30/2007 05:43 PM 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Bifrost.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 NSPacket;NextSecurity Packet Driver;c:\windows\system32\drivers\nspacket.sys [2009-03-16 32768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e62d820-0f27-11de-a788-001fd01c368d}]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9603fb1b-0f0b-11de-a787-001fd01c368d}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-30 c:\windows\Tasks\ADE142F59186F61D.job
- c:\docume~1\ch\applic~1\filmpi~1\64 trust dart.exe [03/11/2009 03:15 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
IE: &SmElis WebData Extractor - c:\program files\SmElis\WebData Extractor\SWDECom.dll/220
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.94/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-30 05:28:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1123561945-261478967-682003330-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*0*\Attributes]
"Vendor"="Microsoft"
"Technology"="MMSys"
[HKEY_USERS\S-1-5-21-1123561945-261478967-682003330-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*0*\UI\AudioVolume]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"
[HKEY_USERS\S-1-5-21-1123561945-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="MsnMsgr.Exe"
"MRUList"="bdca"
"b"="AcroRd32.exe"
"c"="NOTEPAD.EXE"
"d"="iexplore.exe"
[HKEY_USERS\S-1-5-21-1123561945-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithProgids]
"ctt‎_auto_file"=hex(0):
.
Completion time: 03/30/2009 5:29:13
ComboFix-quarantined-files.txt 2009-03-30 13:29:12
ComboFix4.txt 2009-03-30 10:21:28
ComboFix3.txt 2009-03-30 10:24:40
ComboFix2.txt 2009-03-30 10:30:34
Pre-Run: 21,168,504,832 bytes free
Post-Run: 21,213,970,432 bytes free
177

مدري يا الغ ـالي هل اني سويت الطريقه صح ولا لانه ما عاد التششغيل من كيفـه انا عدت التششغ ـيل و بع ـد اع ـادهـ التششغ ـيل البرنامج ما اششتغ ـل

MAAX · 31 مارس 2009

اعد عمل تقرير هايجاك جديد

ولا هنت اكتب بدون ما تفصل الحروف :q:>>> خويك نظاراته كبار:d:

A-3siri · 31 مارس 2009

MAAX قال:
اعد عمل تقرير هايجاك جديد

ولا هنت اكتب بدون ما تفصل الحروف :q:>>> خويك نظاراته كبار:d:

مدري يا الغـالي هل اني سويت الطريقه صح ولا لانه ما عاد التششغيل من كيفـه انا عدت التششغـيل و بعـد اعـادهـ التششغـيل البرنامج ما اششتغـل

:d::d::d:

A-3siri · 31 مارس 2009

ComboFix 09-03-30.02 - ch 03/31/2009 5:25:44.6 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.3061.2542 [GMT -8:00]
Running from: c:\documents and settings\ch\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Mylist.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 03:17 --------- d-----w c:\documents and settings\All Users\Application Data\Winferno
2009-03-31 03:14 --------- d-----w c:\program files\Hotspot Shield
2009-03-31 03:12 --------- d-----w c:\program files\Winferno
2009-03-30 11:41 --------- d-----w c:\documents and settings\ch\Application Data\TVU networks
2009-03-30 00:16 396,288 ----a-w C:\HijackThis.exe
2009-03-29 09:39 --------- d-----w c:\program files\Trend Micro
2009-03-29 04:49 --------- d-----w c:\program files\Internet Download Manager
2009-03-29 04:49 --------- d-----w c:\documents and settings\ch\Application Data\IDM
2009-03-29 04:49 --------- d-----w c:\documents and settings\ch\Application Data\DMCache
2009-03-26 04:43 --------- d-----w c:\program files\Tsonamy
2009-03-25 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-03-25 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-03-25 01:21 --------- d-----w c:\program files\SmElis
2009-03-25 01:09 --------- d-----w c:\program files\Online TV Player
2009-03-25 01:06 --------- d-----w c:\program files\BPFTP
2009-03-25 01:06 --------- d-----w c:\documents and settings\ch\Application Data\BPFTP
2009-03-23 00:48 --------- d-----w c:\program files\Paltalk Messenger
2009-03-23 00:17 --------- d-----w c:\documents and settings\ch\Application Data\Paltalk
2009-03-23 00:13 --------- d-----w c:\program files\Google
2009-03-22 09:32 --------- d-----w c:\program files\No-IP
2009-03-21 17:53 --------- d-----w c:\program files\TorrentSpeeder
2009-03-21 16:25 --------- d-----w c:\program files\Microsoft.NET
2009-03-21 16:23 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-21 15:17 --------- d-----w c:\documents and settings\ch\Application Data\COWON
2009-03-21 10:04 --------- d-----w c:\program files\Microsoft Virtual PC
2009-03-20 10:07 --------- d-----w c:\program files\LtUcx
2009-03-16 12:00 --------- d-----w c:\program files\NextSecurity.NET
2009-03-16 10:43 --------- d-----w c:\documents and settings\ch\Application Data\Media Player Classic
2009-03-15 21:11 --------- d-----w c:\program files\TVUPlayer
2009-03-15 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-03-14 21:42 --------- d-----w c:\documents and settings\ch\Application Data\Thinstall
2009-03-12 16:58 --------- d-----w c:\program files\Mobily Connect Card
2009-03-12 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2009-03-12 13:10 --------- d-----w c:\program files\TechSmith
2009-03-12 13:10 --------- d-----w c:\program files\Common Files\TechSmith Shared
2009-03-12 13:08 --------- d-----w c:\documents and settings\ch\Application Data\Nero
2009-03-12 03:43 --------- d-----w c:\program files\FAHESS
2009-03-12 03:26 --------- d-----w c:\program files\Fahess_Activation
2009-03-12 03:26 --------- d-----w c:\program files\Common Files\Motive
2009-03-12 03:26 --------- d-----w c:\documents and settings\ch\Application Data\Motive
2009-03-12 03:26 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-03-12 02:59 155,995 ----a-w c:\windows\java\Packages\SXNFB9ZH.ZIP
2009-03-12 02:50 --------- d-----w c:\program files\Microsoft
2009-03-12 02:49 --------- d-----w c:\program files\Windows Live
2009-03-12 02:48 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-12 02:47 --------- d-----w c:\program files\Yahoo!
2009-03-12 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-12 02:37 16,608 ----a-w c:\windows\gdrv.sys
2009-03-11 23:15 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-11 23:12 --------- d-----w c:\program files\FILM PILE TITLE
2009-03-11 23:03 --------- d-----w c:\program files\MSN Messenger
2009-03-11 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\Lies shim upload curb
2009-03-11 22:29 --------- d-----w c:\documents and settings\ch\Application Data\FILM PILE TITLE
2009-03-11 22:28 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-11 22:28 --------- d-----w c:\program files\Circle Develoement
2009-03-11 20:01 --------- d-----w c:\documents and settings\ch\Application Data\ESET
2009-03-11 19:58 --------- d-----w c:\program files\ESET
2009-03-11 19:58 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-11 19:44 --------- d-----w c:\program files\Common Files\Adobe
2009-01-22 14:49 206,256 ----a-w c:\windows\system32\idmmbc.dll
.
((((((((((((((((((((((((((((( SnapShot@Mon 03-30-2009_ 2.20.59.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-27 19:10:48 516,832 ----a-w c:\windows\system32\CapiCom.dll
+ 2008-01-23 21:25:32 27,136 ----a-w c:\windows\system32\drivers\tapvpn.sys
+ 2006-05-17 16:40:20 393,216 ----a-w c:\windows\system32\WINLCTL5.DLL
+ 2006-10-09 21:06:46 495,616 ----a-w c:\windows\system32\WINUTIL5.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [06/28/2007 09:43 AM 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [06/28/2007 09:43 AM 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [04/26/2008 10:58 PM 185896]
"ClocX"="c:\program files\ClocX\ClocX.exe" [04/13/2004 07:12 AM 103936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [09/05/2007 01:13 AM 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [09/05/2007 01:13 AM 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [09/05/2007 01:13 AM 137752]
"FAHESS_McciTrayApp"="c:\program files\FAHESS\McciTrayApp.exe" [04/16/2008 12:54 AM 1459200]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM 1443072]
"TiGeR-Firewall"="c:\documents and settings\ch\Desktop\لي مراقبه الرجستري من الباتشات.EXE" [01/02/2002 12:16 PM 90112]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 01:08 AM 16380416 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [06/15/2007 01:45 AM 1826816 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [06/28/2007 09:43 AM 1626112 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/03/2004 10:56 PM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 08/30/2007 05:43 PM 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Bifrost.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 NSPacket;NextSecurity Packet Driver;c:\windows\system32\drivers\nspacket.sys [2009-03-16 32768]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - HOTSPOTSHIELDSERVICE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e62d820-0f27-11de-a788-001fd01c368d}]
\Shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9603fb1b-0f0b-11de-a787-001fd01c368d}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-31 c:\windows\Tasks\ADE142F59186F61D.job
- c:\docume~1\ch\applic~1\filmpi~1\64 trust dart.exe [03/11/2009 03:15 PM]
2009-03-31 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [10/28/2008 02:48 PM]
2009-03-31 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [10/28/2008 02:34 PM]
2009-03-31 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
IE: &SmElis WebData Extractor - c:\program files\SmElis\WebData Extractor\SWDECom.dll/220
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.94/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-31 05:26:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1123561945-261478967-682003330-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*0*\Attributes]
"Vendor"="Microsoft"
"Technology"="MMSys"
[HKEY_USERS\S-1-5-21-1123561945-261478967-682003330-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*0*\UI\AudioVolume]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"
[HKEY_USERS\S-1-5-21-1123561945-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="MsnMsgr.Exe"
"MRUList"="bdca"
"b"="AcroRd32.exe"
"c"="NOTEPAD.EXE"
"d"="iexplore.exe"
[HKEY_USERS\S-1-5-21-1123561945-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithProgids]
"ctt‎_auto_file"=hex(0):
.
Completion time: 03/31/2009 5:26:50
ComboFix-quarantined-files.txt 2009-03-31 13:26:50
ComboFix4.txt 2009-03-30 10:24:40
ComboFix3.txt 2009-03-30 10:30:34
ComboFix5.txt 2009-03-31 13:25:34
ComboFix2.txt 2009-03-30 13:29:16
Pre-Run: 20,892,499,968 bytes free
Post-Run: 21,126,086,656 bytes free
202

دمـت بـ كـل ود واح ـترام ,, استاذي

MAAX · 31 مارس 2009

انا كتبت انه ممكن ما يعيد التشغيل

اثناء الفحص ممكن يعاد تشغيل الجهاز

الان تقرير هايجاك نفس الاول

A-3siri · 31 مارس 2009

مـا فهمــت عليك اسستاذي.. سورى ها اليومين مدري وش فيني الفهم بطي عندي :d

MAAX · 31 مارس 2009

شطووط قال:
مـا فهمــت عليك اسستاذي.. سورى ها اليومين مدري وش فيني الفهم بطي عندي :d

:d::d::d:

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

A-3siri · 31 مارس 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:26 , on 31/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\ch\Desktop\لي مراقبه الرجستري من الباتشات.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SmElis\WebData Extractor\swde.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\DfrgFat.exe
C:\Documents and Settings\ch\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TiGeR-Firewall] C:\Documents and Settings\ch\Desktop\لي مراقبه الرجستري من الباتشات.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ownslite] C:\DOCUME~1\ch\APPLIC~1\FILMPI~1\Bib Meet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmElis WebData Extractor] C:\Program Files\SmElis\WebData Extractor\swde.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &SmElis WebData Extractor - res://C:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmElis WebData Extractor - {29718CC3-6C8E-4908-B546-A80C67C2F146} - res://C:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: SmElis WebData Extractor - {29718CC3-6C8E-4908-B546-A80C67C2F146} - res://C:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220 (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8295 bytes

سسسسسسورىا حاسس اني تعبتك معاي .. هذي اول مره افحص فيها الجهاز وواحد يدلني علي الشي الي مااعرفه :d

MAAX · 1 أبريل 2009

احذف التالي

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

O4 - HKLM\..\Run: [TiGeR-Firewall] C:\Documents and Settings\ch\Desktop\لي مراقبه الرجستري من الباتشات.EXE

O4 - HKCU\..\Run: [ownslite] C:\DOCUME~1\ch\APPLIC~1\FILMPI~1\Bib Meet.exe

O8 - Extra context menu item: &SmElis WebData Extractor - res://C:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file

O9 - Extra button: SmElis WebData Extractor - {29718CC3-6C8E-4908-B546-A80C67C2F146} - res://C:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220 (file missing) (HKCU

O9 - Extra 'Tools' menuitem: SmElis WebData Extractor - {29718CC3-6C8E-4908-B546-A80C67C2F146} - res://C:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220 (file missing) (HKCU

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

A-3siri · 1 أبريل 2009

فـديت راسسسك يا استاذي .. وهذا التقرير لـ التاكد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:16:42 , on 01/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SmElis\WebData Extractor\swde.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\ch\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ownslite] C:\DOCUME~1\ch\APPLIC~1\FILMPI~1\Bib Meet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmElis WebData Extractor] C:\Program Files\SmElis\WebData Extractor\swde.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\ch\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\ch\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6961 bytes

MAAX · 1 أبريل 2009

تماام
باقي هذي

O4 - HKCU\..\Run: [ownslite] C:\DOCUME~1\ch\APPLIC~1\FILMPI~1\Bib Meet.exe

A-3siri · 1 أبريل 2009

الله يجعل الجنه مثواك استاذي .. وسسلم علي متابعه موضوعي

MAAX · 1 أبريل 2009

الله يسلمك اخي
موفق

زيزوومي نشيط

توقيع : A-3siri

عضوشرف

عضوشرف

زيزوومي نشيط

توقيع : A-3siri

عضوشرف

زيزوومي نشيط

توقيع : A-3siri

زيزوومي نشيط

توقيع : A-3siri

عضوشرف

زيزوومي نشيط

توقيع : A-3siri

عضوشرف

زيزوومي نشيط

توقيع : A-3siri

عضوشرف

زيزوومي نشيط

توقيع : A-3siri

عضوشرف

زيزوومي نشيط

توقيع : A-3siri

عضوشرف