اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​


 
توقيع : Demo-dashDemo-dash is verified member.
تفضل أخوي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:06:05 م, on 4/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LG Software\On Screen Display\Hotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
D:\البرامج\AntiAutorun\AntiAutorun.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\star\Local Settings\Temporary Internet Files\Content.IE5\6VAVY9YN\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
O3 - Toolbar: (no name) - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - (no file)
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\SiCoDriVeT\vsdrv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [protect_autorun] D:\البرامج\AntiAutorun\AntiAutorun.exe /start
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [DelTempFiles] D:\البرامج\DelTempFiles تنظيف الجهاز\DelTempFiles تنظيف الجهاز\DelTempFiles.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
--
End of file - 8266 bytes
 

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


 
ComboFix 09-04-29.07 - star 04/30/2009 19:15.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1025.18.502.266 [GMT 3:00]
Running from: c:\documents and settings\star\سطح المكتب\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: Avira Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.
2009-04-28 17:27 . 2008-09-28 19:00 439440 ------w c:\program files\un_Internet Download Manager_16575.exe
2009-04-23 16:43 . 2003-11-04 12:11 159744 ----a-w c:\windows\system32\lfpng13n.dll
2009-04-23 16:43 . 2003-11-04 12:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-04-23 16:43 . 2004-01-11 23:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-04-23 16:43 . 2004-05-14 13:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-04-23 16:43 . 2004-05-14 13:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-04-23 16:43 . 2004-05-14 13:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-04-23 16:43 . 2004-05-14 13:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-04-23 16:43 . 2004-05-14 13:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-04-23 16:43 . 2004-05-14 13:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-04-22 16:59 . 2009-04-22 16:59 -------- d-----w c:\documents and settings\star\Application Data\Foxit
2009-04-20 17:42 . 2009-04-20 17:42 -------- d-----w c:\documents and settings\star\Application Data\DivX
2009-04-20 17:30 . 2009-04-20 17:30 -------- d-----w c:\documents and settings\star\Application Data\vlc
2009-04-20 17:29 . 2009-04-20 17:29 -------- d-----w c:\program files\VideoLAN
2009-04-16 22:08 . 2009-04-16 22:08 -------- d-----w c:\program files\Paltalk Messenger
2009-04-15 19:34 . 2009-04-15 19:34 -------- d-----w c:\program files\DreamBoxEdit
2009-04-12 19:25 . 2009-04-12 19:25 -------- d-----w c:\documents and settings\star\Application Data\TeamViewer
2009-04-12 19:25 . 2009-04-12 19:25 -------- d-----w c:\program files\TeamViewer
2009-04-12 19:25 . 2009-04-12 19:25 -------- d-----w c:\documents and settings\star\temp
2009-04-10 02:53 . 2009-04-10 02:53 -------- d-----w c:\documents and settings\star\Application Data\IDM
2009-04-10 02:52 . 2009-04-10 02:53 -------- d-----w c:\program files\Internet Download Manager
2009-04-10 01:55 . 2009-04-10 01:55 -------- d-----w c:\documents and settings\star\Application Data\DMCache
2009-04-07 15:37 . 2009-04-07 15:37 -------- d-----w C:\avira
2009-04-07 15:16 . 2009-04-07 15:16 -------- d-----w c:\documents and settings\star\Local Settings\Application Data\Orbmu2k
2009-04-05 15:40 . 2008-10-15 16:54 339456 ------w c:\windows\system32\dllcache\netapi32.dll
2009-04-03 15:36 . 2009-04-03 15:36 720896 ----a-w c:\windows\iun6002.exe
2009-04-03 15:36 . 2009-04-03 15:36 -------- d-----w c:\program files\Abadisoft
2009-04-02 18:33 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-04-02 18:33 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-02 18:33 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-04-02 18:33 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-02 18:33 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-04-02 18:33 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-04-02 18:33 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-04-02 18:33 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-02 18:33 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll
2009-04-02 18:33 . 2009-04-02 18:33 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-01 14:42 . 2009-04-01 14:42 57344 ----a-w c:\windows\system32\IMSInfo.dll
2009-04-01 14:42 . 2006-09-22 10:31 397312 ----a-w c:\windows\system32\imcv1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 16:18 . 2007-12-23 18:20 12 ----a-w c:\windows\bthservsdp.dat
2009-04-28 17:28 . 2009-04-28 17:27 5973 ----a-w c:\program files\un_Internet Download Manager_16575.txt
2009-04-28 16:36 . 2009-03-25 21:55 97480 ----a-w c:\windows\system32\drivers\avfwot.sys
2009-04-28 16:36 . 2009-03-18 14:16 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-10 17:01 . 2007-12-23 14:41 558080 ----a-w c:\windows\system32\AutoPartNt.exe
2009-03-31 15:50 . 2009-03-31 15:50 -------- d-----w c:\program files\KLC
2009-03-29 19:22 . 2009-03-29 19:22 -------- d-----w c:\program files\Zeallsoft
2009-03-18 14:16 . 2009-03-18 14:16 -------- d-----w c:\program files\Avira
2009-03-15 14:35 . 2001-09-19 13:00 61062 ----a-w c:\windows\system32\perfc001.dat
2009-03-15 14:35 . 2001-09-19 13:00 336818 ----a-w c:\windows\system32\perfh001.dat
2009-03-12 19:16 . 2009-03-12 19:16 21035 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-09 17:07 . 2009-03-09 17:07 -------- d-----w c:\program files\Webcam and Screen Recorder
2009-03-09 15:53 . 2008-10-21 15:11 63 ----a-w c:\windows\AlfaStart.CMD
2009-03-06 18:41 . 2009-03-06 18:41 -------- d-----w c:\program files\Codemonster
2009-02-24 09:06 . 2009-03-25 21:55 69632 ----a-w c:\windows\system32\drivers\avfwim.sys
2006-10-11 08:05 . 2009-03-05 16:31 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:05 . 2009-03-05 16:31 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-03-05 16:31 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-03-05 16:31 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:05 . 2009-03-05 16:31 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[-] 2006-09-12 01:22 2196608 E2E05AC6E25670D9A9F592E3E223B92D c:\windows\system32\ntkrnlpa.exe
[-] 2006-09-08 20:01 2321024 EF63859E4FD9CB3EC31A111481F4B1B6 c:\windows\system32\ntoskrnl.exe
[-] 2006-09-12 00:12 1616384 810316E2E8D32075C8B984320A6011CF c:\windows\explorer.exe
[-] 2006-07-01 07:59 1547776 5839C7D4FA3AE3ACEB7422829B010900 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-27 2799024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\Hotkey.exe" [2005-07-26 81920]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-20 180269]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2005-03-09 785048]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-03-09 98304]
"Vistadrv"="c:\program files\SiCoDriVeT\vsdrv.exe" [2006-07-30 121089]
"protect_autorun"="d:\البرامج\AntiAutorun\AntiAutorun.exe" [2008-04-17 114688]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"batterymiser"="c:\program files\LG Software\Battery Miser 2005\batterymiser.exe" [2006-06-01 335872]
"WebcamMaxMoniter"="c:\program files\WebcamMax\CAMTHINS.exe" [2007-03-07 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-02-27 16005120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelTempFiles"="d:\البرامج\DelTempFiles تنظيف الجهاز\DelTempFiles تنظيف الجهاز\DelTempFiles.exe" [2007-03-06 32768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-1-28 10950144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-06-01 114688]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\البرامج\\برامج منوعه ومضغوطه\\( Leap FTP )برنامج اف تي بي النسخه العربيه\\105\\Leap FTP النسخه العربيه\\FTP\\LeapFTP1.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\DRIVERS\e2ecap.sys [2007-08-24 126208]
R3 ATE_PROCMON;ATE_PROCMON; [x]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2006-06-04 35824]
R3 PAC7302;PAC7302 VGA SoC PC-Camera;c:\windows\system32\DRIVERS\PAC7302.SYS [2007-11-08 458752]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-01-11 194304]
R3 SjyPkt;SjyPkt; [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2009-04-28 97480]
S2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2009-04-28 388865]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-28 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-28 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-02-12 432897]
S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys [2007-01-11 243584]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-02-24 69632]
.
- - - - ORPHANS REMOVED - - - -
BHO-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
Toolbar-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
Notify-dimsntfy - (no file)

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} - hxxp://f5f9.redirectme.net/imscp/talkc38.cab
DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} - hxxp://voice5.emkanat.com/cp/files/talk3.cab
DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} - hxxp://74.86.181.169/imscp/talka.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://209.11.244.10/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.19.77/imscp/talks3n.cab
FF - ProfilePath - c:\documents and settings\star\Application Data\Mozilla\Firefox\Profiles\st9j2uqq.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\star\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-30 19:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-583907252-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1880)
c:\windows\system32\relog_ap.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\rundll32.exe
d:\c:\WINDOWS\PixArt\PAC7302\Monitor.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-30 19:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 16:21
Pre-Run: 20,068,548,608 bytes free
Post-Run: 20,235,124,736 bytes free
213 --- E O F --- 2008-09-22 01:19
 
من التقرير الاول احذف

O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - (no file)



O3 - Toolbar: (no name) - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - (no file)



O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - (no file)



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')


O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')


O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png



ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png


 
مشكور أخوي يعطيك العافية ما قصرت ودمت بود
 
عودة
أعلى