مشكلتي مع Internet Explorer

H

HooOoom

زيزوومى متألق
إنضم
13 يوليو 2008
المشاركات
274
مستوى التفاعل
2
النقاط
360
الإقامة
soudi
غير متصل
السلام عليكم ورحمة الله وبركاتة :-

عند ما افتح Internet Explorer
تطلعني هذه رساله

jXG08677.bmp


ما علم اني استعملة اداه اصلاح Internet Explorer

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



ولم ينفع

وان التقرير الهاجياك سليم 100%

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اهلا بك

ارفع تقرير من غير كود ولا اقتباس
 
توقيع : AbOdy
تأييد 0
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


يزيد فضلك

ليه تعب حالك كان حطيته هنا على طول بس من غير كود

على العموم

حدد القيم وحذفها

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

طريقه الحذف

mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))


بعد عمل المطلوب اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

وعطني التقرير مع تقرير هايجاك جديد
 
توقيع : AbOdy
تأييد 0
ComboFix 09-07-02.02 - uers 12/03/2009 12:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1913.1422 [GMT 3:00]
Running from: c:\documents and settings\uers\سطح المكتب\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-03 09:05 . 2009-12-03 09:05 -------- d-----w- c:\documents and settings\uers\Application Data\CyberScrub
2009-12-03 07:49 . 2009-12-03 07:49 -------- d-----w- c:\program files\Trend Micro
2009-12-02 15:19 . 2009-02-09 11:48 2017280 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-02 15:19 . 2009-02-09 11:48 2059264 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-02 15:19 . 2009-02-09 11:48 2182016 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-02 15:19 . 2009-02-09 11:48 2137600 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-02 14:13 . 2009-12-02 14:13 -------- d-----w- c:\documents and settings\uers\Local Settings\Application Data\Opera
2009-12-02 14:13 . 2009-12-02 14:24 -------- d-----w- c:\program files\Opera
2009-12-02 13:22 . 2009-12-02 13:22 -------- d-sh--w- c:\documents and settings\uers\IECompatCache
2009-12-02 13:21 . 2009-12-02 13:21 -------- d-sh--w- c:\documents and settings\uers\PrivacIE
2009-12-02 13:18 . 2009-12-02 13:18 -------- d-sh--w- c:\documents and settings\uers\IETldCache
2009-12-02 13:14 . 2009-12-02 13:14 -------- d-----w- c:\windows\ie8updates
2009-12-02 13:13 . 2009-12-02 16:30 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-02 13:12 . 2009-12-02 13:13 -------- dc-h--w- c:\windows\ie8
2009-12-02 13:12 . 2009-12-02 13:13 -------- d-----w- c:\windows\system32\ar-SA
2009-12-02 12:58 . 2008-06-14 17:59 271616 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-02 12:58 . 2008-06-14 17:59 271616 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-02 12:58 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-02 12:55 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-02 12:55 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-02 12:55 . 2009-04-30 21:13 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-02 12:54 . 2009-04-30 21:13 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-02 12:40 . 2009-12-03 00:01 -------- d--h--w- c:\windows\$hf_mig$
2009-12-02 10:48 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-02 04:51 . 2009-12-02 04:51 0 ----a-w- c:\windows\nsreg.dat
2009-12-02 04:51 . 2009-12-02 04:51 -------- d-----w- c:\documents and settings\uers\Local Settings\Application Data\Mozilla
2009-12-02 04:26 . 2009-12-02 04:26 10240 ----a-w- c:\documents and settings\uers\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-12-02 04:26 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\uers\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-12-01 19:12 . 2009-12-01 19:12 26421 ----a-w- c:\documents and settings\uers\Application Data\IDM\DwnlData\uers\javadl.sun_11\javadl.sun.com
2009-12-01 19:11 . 2009-12-01 19:11 -------- d-----w- c:\windows\Sun
2009-12-01 19:00 . 2009-11-30 13:13 76040 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2009-12-01 19:00 . 2009-11-30 13:12 97928 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-12-01 18:59 . 2009-11-30 13:13 10520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-12-01 18:59 . 2009-11-30 13:12 26824 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-12-01 18:59 . 2009-11-30 13:12 287000 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-12-01 18:59 . 2009-12-01 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-01 18:59 . 2009-12-01 18:59 -------- d-----w- c:\documents and settings\LocalService\قائمة ابدأ
2009-12-01 18:59 . 2009-12-01 18:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-12-01 09:03 . 2009-12-01 09:03 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-12-01 09:03 . 2009-12-01 09:03 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-12-01 09:03 . 2009-12-01 09:03 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-12-01 09:03 . 2009-12-01 09:03 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-11-30 20:40 . 2009-12-02 04:22 -------- d-----w- c:\documents and settings\uers\Contacts
2009-11-30 18:33 . 2009-11-30 18:33 -------- d-sh--w- c:\documents and settings\uers\UserData
2009-11-30 17:02 . 2009-11-30 17:02 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-11-30 16:46 . 2006-11-15 05:00 528096 ----a-w- c:\windows\system32\drivers\ar5211.sys
2009-11-30 16:46 . 2005-06-21 10:32 28544 ----a-w- c:\windows\system32\drivers\callistx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-03 09:13 . 2009-11-30 13:05 -------- d-----w- c:\documents and settings\uers\Application Data\DMCache
2009-12-03 09:11 . 2001-09-19 12:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-12-03 09:11 . 2001-09-19 12:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-12-03 09:07 . 2009-11-30 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-03 09:04 . 2009-12-03 09:04 -------- d-----w- c:\documents and settings\uers\Application Data\cleaner
2009-12-01 18:59 . 2009-11-30 13:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-01 18:59 . 2009-11-30 13:12 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-01 18:59 . 2009-11-30 13:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-01 18:59 . 2009-11-30 13:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-30 17:03 . 2009-11-30 13:44 -------- d-----w- c:\program files\Intel
2009-11-30 16:46 . 2009-11-30 13:37 -------- d-----w- c:\program files\Atheros
2009-11-30 16:46 . 2009-11-30 13:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-30 15:40 . 2009-11-30 15:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-30 14:22 . 2009-11-30 12:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-30 14:16 . 2009-11-30 13:33 -------- d-----w- c:\program files\Toshiba
2009-11-30 14:16 . 2009-11-30 14:16 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2009-11-30 14:08 . 2009-11-30 13:42 -------- d-----w- c:\program files\CONEXANT
2009-11-30 14:07 . 2009-11-30 14:07 -------- d-----w- c:\program files\Synaptics
2009-11-30 14:06 . 2009-11-30 13:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-30 13:50 . 2009-11-30 13:12 -------- d-----w- c:\documents and settings\uers\Application Data\AVGTOOLBAR
2009-11-30 13:48 . 2009-11-30 13:48 -------- d-----w- c:\program files\Marvell
2009-11-30 13:47 . 2009-11-30 13:47 -------- d-----w- c:\documents and settings\uers\Application Data\TMP
2009-11-30 13:44 . 2009-11-30 13:44 -------- d-----w- c:\documents and settings\uers\Application Data\Intel
2009-11-30 13:44 . 2009-11-30 13:44 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-11-30 13:44 . 2009-11-30 13:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-11-30 13:44 . 2009-11-30 13:44 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-11-30 13:44 . 2009-11-30 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-11-30 13:38 . 2009-11-30 13:38 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2009-11-30 13:37 . 2009-11-30 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2009-11-30 13:36 . 2009-11-30 13:36 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2009-11-30 13:36 . 2009-11-30 13:36 -------- d-----w- c:\documents and settings\uers\Application Data\InstallShield
2009-11-30 13:35 . 2009-11-30 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-11-30 13:29 . 2009-11-30 13:29 -------- d-----w- c:\program files\Circle Developement
2009-11-30 13:29 . 2009-11-30 13:29 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-30 13:29 . 2009-11-30 13:29 -------- d-----w- c:\program files\Windows Live
2009-11-30 13:29 . 2009-11-30 13:28 -------- d-----w- c:\program files\MSN Messenger
2009-11-30 13:29 . 2009-11-30 13:29 99496 ----a-w- c:\documents and settings\uers\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 13:28 . 2009-11-30 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-30 13:19 . 2009-11-30 13:19 -------- d-----w- c:\program files\Microsoft Works
2009-11-30 13:18 . 2009-11-30 13:18 -------- d-----w- c:\program files\MSBuild
2009-11-30 13:12 . 2009-11-30 13:12 -------- d-----w- c:\program files\AVG
2009-11-30 13:10 . 2009-11-30 13:05 -------- d-----w- c:\program files\Internet Download Manager
2009-11-30 13:07 . 2009-11-30 13:07 2232 ----a-w- c:\windows\java\Packages\Data\VR37XJ1N.DAT
2009-11-30 13:07 . 2009-11-30 13:07 155995 ----a-w- c:\windows\java\Packages\RLNR1N5B.ZIP
2009-11-30 13:07 . 2009-11-30 13:07 2678 ----a-w- c:\windows\java\Packages\Data\U3LN5NBP.DAT
2009-11-30 13:07 . 2009-11-30 13:07 2678 ----a-w- c:\windows\java\Packages\Data\TJVVFX7H.DAT
2009-11-30 13:07 . 2009-11-30 13:07 2678 ----a-w- c:\windows\java\Packages\Data\Q04Q93JR.DAT
2009-11-30 13:07 . 2009-11-30 13:07 2678 ----a-w- c:\windows\java\Packages\Data\KUDNDZ5B.DAT
2009-11-30 13:07 . 2009-11-30 13:07 2678 ----a-w- c:\windows\java\Packages\Data\HNJJTRVH.DAT
2009-11-30 13:06 . 2009-11-30 13:06 -------- d-----w- c:\program files\Java
2009-11-30 13:06 . 2009-11-30 13:05 -------- d-----w- c:\documents and settings\uers\Application Data\IDM
2009-11-30 13:06 . 2009-11-30 13:06 -------- d-----w- c:\program files\Common Files\Java
2009-11-30 13:05 . 2009-11-30 13:05 198064 ----a-w- c:\documents and settings\uers\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-11-30 13:03 . 2009-11-30 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-11-30 13:03 . 2009-11-30 13:03 -------- d-----w- c:\documents and settings\uers\Application Data\GRETECH
2009-11-30 13:03 . 2009-11-30 13:03 -------- d-----w- c:\program files\GRETECH
2009-11-30 13:02 . 2009-11-30 13:02 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-30 13:02 . 2009-11-30 13:02 -------- d-----w- c:\program files\Real
2009-11-30 13:02 . 2009-11-30 13:02 -------- d-----w- c:\program files\Common Files\Real
2009-11-30 13:02 . 2009-11-30 13:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-30 13:02 . 2009-11-30 13:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-30 13:00 . 2009-11-30 13:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-30 13:00 . 2009-11-30 12:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-30 12:50 . 2009-11-30 12:50 -------- d-----w- c:\program files\microsoft frontpage
2009-11-30 12:47 . 2009-11-30 12:47 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-12-01 2794928]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-01 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-01-26 450648]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1024000]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-28 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-28 141848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\çں‍ê، ں*§ڑ\ںé*©ںê¤\*§ک ں颬نïé\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-30 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-01 18:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtPCS.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/11/2009 04:12 م 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/11/2009 04:13 م 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [01/12/2009 09:59 م 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/12/2009 09:59 م 298776]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [30/11/2009 04:57 م 732160]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [30/11/2009 05:16 م 48600]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29/05/2007 11:31 ص 6912]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [30/11/2009 04:37 م 57408]
S2 bxgofkrqs;Manager Network;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:56 ص 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bxgofkrqs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-12-03 c:\windows\Tasks\User_Feed_Synchronization-{AE4597AE-1E9F-455D-A477-35BBA45C338A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-INPROCOMMWireless - c:\program files\Atheros\Wireless\Utility\WlanUtil.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-12-03 12:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bxgofkrqs]
"ServiceDll"="c:\windows\system32\lsekt.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(280)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-03 12:14
ComboFix-quarantined-files.txt 2009-12-03 09:14

Pre-Run: 74,470,174,720 bytes free
Post-Run: 74,453,291,008 bytes free

221 --- E O F --- 2009-12-03 00:02
 
تأييد 0
عطني تقرير هايجاك جديد
 
توقيع : AbOdy
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:36 م, on 03/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Controls Utility] "C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7671 bytes
 
تأييد 0
شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png
 
توقيع : AbOdy
تأييد 0
SmitFraudFix v2.423

Scan done at 12:31:52.48, Thu 12/03/2009
Run from C:\Documents and Settings\uers\سطح المكتب\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5006X Wireless Network Adapter - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DA6CB322-5D38-43B1-8605-56A0999C3A3B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DA6CB322-5D38-43B1-8605-56A0999C3A3B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DA6CB322-5D38-43B1-8605-56A0999C3A3B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 
تأييد 0
حمل هذا الملف وقوم بتشغيله

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




واتبع التالي كما موجود بالصور


i15024_000.png



i15025_001.png




 
توقيع : AbOdy
تأييد 0
لا تزال مشكله مستمره
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى