xحموديx

زيزوومي نشيط
إنضم
14 يناير 2009
المشاركات
125
مستوى التفاعل
2
النقاط
170
غير متصل
السلام عليكم

ماهو حل هذه المشكله اذا دخلت اي موقع يحتوي على شات ..

6ivq0qite.jpg





وهنا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:34 ص, on 29/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\WINDOWS\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IDM\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\LClock.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\IDM\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\IDM\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\IDM\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [encdash] C:\DOCUME~1\Se7en\APPLIC~1\MIXPOK~1\defaultslow.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe (User 'Default user')
O4 - Startup: LClock.lnk = C:\WINDOWS\LClock.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\IDM\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\IDM\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\IDM\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 7542 bytes
 

توقيع : xحموديx
تم حذف

O4 - HKCU\..\Run: [encdash] C:\DOCUME~1\Se7en\APPLIC~1\MIXPOK~1\defaultslow.ex e
 
توقيع : xحموديx


أخوي تفضل هذا ان شالله يحل المشكله

الدخول الى Internet options في Control Panal
في فقرة Advanced ابحث عن السطر Enable third-party browser extensions
ثم ازل التأشير عنه واعد التشغيل
جرب الآن تشغيل انترنت اكسبلورر






ان شالله يفيد الحل والتقرير يبي له تحليل وانا بطلع ضروري










 
أخوي تفضل هذا ان شالله يحل المشكله

الدخول الى internet options في control panal
في فقرة advanced ابحث عن السطر enable third-party browser extensions
ثم ازل التأشير عنه واعد التشغيل
جرب الآن تشغيل انترنت اكسبلورر





ان شالله يفيد الحل والتقرير يبي له تحليل وانا بطلع ضروري

اخوي جهازي عربي ياليت بالعربي
 
توقيع : xحموديx


أخوي ترجمتها ماعرفتها والله لكن تفضل افحص جهازك

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة




[/B]
 
التعديل الأخير بواسطة المشرف:
ComboFix 09-09-28.01 - Se7en 09/29/2009 20:57.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.964.1025.18.1014.662 [GMT 3:00]
Running from: c:\documents and settings\Se7en\سطح المكتب\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Se7en\Application Data\Desktopicon
c:\documents and settings\Se7en\Application Data\Desktopicon\config.ini
c:\documents and settings\Se7en\Application Data\Desktopicon\eBayShortcuts.exe
c:\windows\system32\winntue16.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.
2009-09-29 08:24 . 2009-09-29 08:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-29 08:24 . 2009-09-29 08:24 -------- d-----w- c:\program files\Java
2009-09-29 07:03 . 2006-05-01 14:44 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-29 06:47 . 2009-09-29 06:47 -------- d-----w- c:\documents and settings\Se7en\.webrenderer
2009-09-29 06:19 . 2009-09-29 06:19 -------- d-----w- c:\documents and settings\Se7en\Local Settings\Application Data\Identities
2009-09-26 07:53 . 2009-09-26 07:53 -------- d-----w- c:\windows\Sun
2009-09-23 16:49 . 2009-09-23 20:37 -------- d-----w- c:\windows\system32\LogFiles
2009-09-23 13:50 . 2009-09-23 13:50 -------- d-----w- c:\documents and settings\Se7en\Application Data\CyberScrub
2009-09-23 13:49 . 2009-09-23 13:50 -------- d-----w- c:\documents and settings\Se7en\Application Data\zyzcleaner
2009-09-23 08:35 . 2008-03-17 07:56 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2009-09-23 08:35 . 2008-03-17 07:03 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-09-23 08:35 . 2008-03-16 10:47 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-09-23 08:35 . 2008-01-22 11:09 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-09-23 08:35 . 2007-08-09 00:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-09-23 08:34 . 2009-09-23 08:36 -------- d-----w- c:\program files\AFAQ Wireless
2009-09-22 19:31 . 2009-09-22 19:31 -------- d-----w- c:\documents and settings\Se7en\Application Data\TeamViewer
2009-09-22 17:37 . 2009-09-22 17:37 -------- d-----w- c:\documents and settings\Se7en\Local Settings\Application Data\Runscanner.net
2009-09-22 17:34 . 2009-09-22 17:34 -------- d-----w- c:\program files\Trend Micro
2009-09-22 10:43 . 2009-09-22 10:43 -------- d-----w- c:\documents and settings\Se7en\Bluetooth Software
2009-09-22 10:43 . 2007-03-23 06:50 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2009-09-22 10:43 . 2007-03-23 06:50 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2009-09-22 10:43 . 2007-03-23 06:50 106557 ----a-w- c:\windows\system32\btw_ci.dll
2009-09-22 10:42 . 2007-03-31 09:02 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2009-09-22 10:42 . 2007-03-23 06:50 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2009-09-22 10:42 . 2007-03-23 06:50 37424 ----a-w- c:\windows\system32\drivers\btport.sys
2009-09-22 10:42 . 2007-03-31 09:02 876384 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2009-09-22 10:42 . 2007-03-23 06:49 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2009-09-22 10:42 . 2009-09-22 10:42 -------- d-----w- c:\program files\WIDCOMM
2009-09-22 10:39 . 2009-09-22 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-22 10:36 . 2009-09-22 10:36 0 ----a-w- C:\osy3.sys
2009-09-22 08:14 . 2009-09-22 08:17 -------- d-----w- c:\documents and settings\Se7en\Local Settings\Application Data\WMTools Downloaded Files
2009-09-22 08:12 . 2009-09-22 08:12 -------- d-----w- c:\documents and settings\Se7en\Application Data\GRETECH
2009-09-21 20:00 . 2004-06-14 10:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2009-09-21 20:00 . 2009-09-21 20:00 -------- d-----w- c:\program files\Driver-Soft
2009-09-21 19:38 . 2007-12-12 06:03 1044984 ----a-w- c:\windows\system32\drivers\bcmwl6.sys
2009-09-21 16:51 . 2008-10-16 10:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-21 16:50 . 2008-10-16 10:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-21 16:47 . 2009-09-23 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-20 19:50 . 2009-09-20 19:50 -------- d-----w- c:\program files\Circle Dvelopement
2009-09-20 19:48 . 2009-09-20 19:48 -------- d-----w- c:\program files\Microsoft
2009-09-20 19:48 . 2009-09-20 19:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-20 19:44 . 2009-09-20 19:44 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-20 19:30 . 2009-09-20 19:30 -------- d-----w- c:\windows\system32\xircom
2009-09-20 19:30 . 2009-09-20 19:30 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-20 19:30 . 2009-09-20 19:30 -------- d-----w- c:\program files\microsoft frontpage
2009-09-20 19:08 . 2009-09-20 19:08 -------- d-----w- c:\windows\l2schemas
2009-09-20 19:08 . 2009-09-20 19:08 -------- d-----w- c:\windows\system32\ar
2009-09-20 19:08 . 2009-09-20 19:08 -------- d-----w- c:\windows\system32\bits
2009-09-19 16:06 . 2009-09-19 16:06 -------- d-----w- c:\program files\All2Chat
2009-09-19 06:34 . 2009-09-20 19:06 -------- d-----w- c:\windows\ServicePackFiles
2009-09-19 06:34 . 2009-09-19 06:34 -------- d-----w- c:\windows\ie8updates
2009-09-19 05:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-09-19 05:00 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-19 05:00 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-09-19 05:00 . 2009-07-03 16:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-19 05:00 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-19 05:00 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-19 05:00 . 2009-07-03 16:55 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-19 05:00 . 2009-07-03 16:55 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-19 04:58 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-18 16:38 . 2009-09-18 16:38 -------- d-----w- c:\documents and settings\Se7en\Application Data\ACD Systems
2009-09-18 15:09 . 2004-08-03 14:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-09-18 14:22 . 2008-06-14 17:31 271616 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-18 14:22 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-18 14:20 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-18 14:14 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-18 14:14 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-09-18 14:14 . 2009-06-10 05:20 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-18 14:13 . 2008-10-03 10:03 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-18 14:13 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-18 14:13 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-09-18 14:13 . 2008-04-21 21:14 215040 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-18 04:21 . 2009-09-18 04:21 -------- d-----w- C:\Google
2009-09-17 05:43 . 2009-09-17 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-17 05:07 . 2009-09-17 05:07 -------- d-sh--w- c:\documents and settings\Se7en\IECompatCache
2009-09-17 05:07 . 2009-09-17 05:07 -------- d-sh--w- c:\documents and settings\Se7en\PrivacIE
2009-09-17 05:07 . 2009-09-17 05:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-17 05:06 . 2009-09-17 05:06 -------- d-sh--w- c:\documents and settings\Se7en\IETldCache
2009-09-17 05:03 . 2009-09-20 19:08 -------- d-----w- c:\windows\system32\ar-SA
2009-09-17 05:03 . 2009-09-17 05:05 -------- dc-h--w- c:\windows\ie8
2009-09-17 04:59 . 2009-09-21 18:26 -------- d--h--w- c:\windows\$hf_mig$
2009-09-17 04:43 . 2009-09-17 04:43 3859 ----a-w- c:\windows\system32\gfbaksm.dat
2009-09-17 04:25 . 2004-03-29 11:23 90112 ----a-w- c:\windows\unvise32.exe
2009-09-17 04:25 . 2009-09-22 07:57 -------- d-----w- c:\program files\SWiSHmax
2009-09-17 03:51 . 2009-09-17 03:51 0 ----a-w- c:\windows\nsreg.dat
2009-09-17 03:48 . 2009-09-17 03:48 -------- d-----w- C:\TEMP
2009-09-17 03:48 . 2009-09-17 03:48 -------- d-----w- c:\documents and settings\Se7en\Application Data\Corel
2009-09-17 03:46 . 2009-09-29 17:56 -------- d-----w- c:\documents and settings\Se7en\Application Data\DMCache
2009-09-17 03:46 . 2009-09-17 04:52 -------- d-----w- c:\documents and settings\Se7en\Application Data\IDM
2009-09-17 03:43 . 2009-09-22 10:57 -------- d-----w- c:\documents and settings\Se7en\Local Settings\Application Data\Adobe
2009-09-17 03:10 . 2009-09-17 03:22 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-17 03:10 . 2009-09-17 03:22 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-17 03:10 . 2009-02-13 07:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-17 03:10 . 2009-02-13 07:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-17 03:10 . 2009-09-17 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-17 03:10 . 2009-09-17 03:10 -------- d-----w- c:\program files\Avira
2009-09-17 03:09 . 2009-09-17 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Eq Anti Fork Live
2009-09-17 03:08 . 2009-09-17 03:10 -------- d-----w- c:\documents and settings\Se7en\Application Data\mixpokefork
2009-09-17 03:08 . 2009-09-17 03:08 -------- d-----w- c:\program files\mixpokefork
2009-09-17 03:08 . 2009-09-20 19:50 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-17 02:42 . 2009-09-17 02:42 -------- d-sh--w- c:\documents and settings\Se7en\UserData
2009-09-17 02:41 . 2009-09-18 15:38 -------- d-----w- c:\documents and settings\Se7en\Local Settings\Application Data\Google
2009-09-17 02:41 . 2009-09-17 02:41 -------- d-----w- c:\documents and settings\Se7en\Local Settings\Application Data\Mozilla
2009-09-17 00:09 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2009-09-17 00:09 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2009-09-17 00:09 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2009-09-17 00:09 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2009-09-17 00:09 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2009-09-17 00:09 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2009-09-17 00:09 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2009-09-17 00:09 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2009-09-17 00:08 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2009-09-17 00:08 . 2001-08-17 05:59 3072 -c--a-w- c:\windows\system32\dllcache\audstub.sys
2009-09-17 00:08 . 2001-08-17 05:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-09-17 00:08 . 2008-04-14 15:59 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-09-17 00:08 . 2008-04-14 15:59 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-17 00:08 . 2008-04-14 15:59 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-09-17 00:08 . 2008-04-14 15:59 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-09-17 00:08 . 2008-04-13 18:46 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-09-17 00:08 . 2008-04-13 18:46 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-09-17 00:07 . 2008-04-14 15:37 57472 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2009-09-17 00:07 . 2008-04-14 15:37 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-09-17 00:07 . 2001-08-17 05:46 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2009-09-17 00:07 . 2001-08-17 05:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-09-17 00:06 . 2008-04-14 15:59 73728 -c--a-w- c:\windows\system32\dllcache\usbui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 17:19 . 2001-09-19 12:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-09-29 17:19 . 2001-09-19 12:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-09-20 19:48 . 2009-09-16 20:51 -------- d-----w- c:\program files\Windows Live
2009-09-19 10:21 . 2009-09-16 20:27 -------- d-----w- c:\program files\Unlocker
2009-09-18 15:36 . 2009-09-16 20:25 -------- d-----w- c:\program files\Yahoo!
2009-09-17 04:42 . 2009-09-16 20:27 -------- d-----w- c:\program files\GetFLV
2009-09-17 03:42 . 2009-09-16 20:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-17 03:13 . 2009-09-16 20:26 -------- d-----w- c:\program files\USBGATE
2009-09-17 03:07 . 2009-09-16 20:31 358656 ----a-w- c:\documents and settings\Se7en\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 20:53 . 2009-09-16 20:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 20:53 . 2009-09-16 20:53 -------- d-----w- c:\program files\SigmaTel
2009-09-16 20:53 . 2009-09-16 20:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-16 20:44 . 2009-09-16 20:44 -------- d-----w- c:\program files\CONEXANT
2009-09-16 20:36 . 2009-09-16 20:36 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-16 20:36 . 2009-09-16 20:36 -------- d-----w- c:\program files\Common Files\Real
2009-09-16 20:36 . 2009-09-16 20:36 -------- d-----w- c:\program files\Real
2009-09-16 20:36 . 2009-09-16 20:26 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-16 20:31 . 2009-09-16 20:31 -------- d-----w- c:\documents and settings\Se7en\Application Data\USBSafelyRemove
2009-09-16 20:31 . 2009-09-16 20:31 -------- d-----w- c:\program files\USB Safely Remove
2009-09-16 20:29 . 2009-09-16 20:29 -------- d-----w- c:\program files\Save Flash
2009-09-16 20:29 . 2009-09-16 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-16 20:28 . 2009-09-16 20:27 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-09-16 20:28 . 2009-09-16 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-09-16 20:27 . 2009-09-16 20:27 -------- d-----w- c:\program files\ACD Systems
2009-09-16 20:27 . 2009-09-16 20:27 -------- d-----w- c:\program files\PhotoFiltre
2009-09-16 20:27 . 2009-09-16 20:27 -------- d-----w- c:\program files\7-Zip
2009-09-16 20:27 . 2009-09-16 20:27 -------- d-----w- c:\program files\GRETECH
2009-09-16 20:26 . 2009-09-16 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-16 20:26 . 2009-09-16 20:26 -------- d-----w- c:\program files\Ringz Studio
2009-09-16 20:25 . 2009-09-16 20:25 -------- d-----w- c:\program files\CCleaner
2009-09-16 20:25 . 2009-09-16 20:25 -------- d-----w- c:\program files\MSECache
2009-09-16 20:23 . 2009-09-16 20:23 -------- d-----w- c:\program files\Microsoft.NET
2009-09-16 20:23 . 2009-09-16 20:23 -------- d-----w- c:\program files\Microsoft Works
2009-09-16 20:11 . 2009-09-16 20:11 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-16 20:10 . 2009-09-16 20:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 08:59 . 2004-08-03 22:55 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:34 . 2004-08-03 22:55 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:34 . 2001-09-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 12:44 . 2009-07-26 12:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2004-08-03 22:55 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 19:43 . 2008-08-02 11:53 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:55 . 2004-08-03 22:55 915456 ------w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-23_11.05.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-19 12:00 . 2009-09-23 08:35 40326 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2009-09-29 17:19 40326 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2009-09-29 17:19 311938 c:\windows\system32\perfh009.dat
- 2001-09-19 12:00 . 2009-09-23 08:35 311938 c:\windows\system32\perfh009.dat
+ 2009-09-29 08:24 . 2009-09-29 08:24 149280 c:\windows\system32\javaws.exe
+ 2009-09-29 08:24 . 2009-09-29 08:24 145184 c:\windows\system32\javaw.exe
+ 2009-09-29 08:24 . 2009-09-29 08:24 145184 c:\windows\system32\java.exe
+ 2009-09-29 08:24 . 2009-09-29 08:24 537600 c:\windows\Installer\1c3a74.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2007-10-21 2447360]
"RocketDock"="c:\windows\RocketDock\RocketDock.exe" [2007-03-18 630784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IDMan"="c:\program files\IDM\IDMan.exe" [2008-08-10 2606512]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"encdash"="c:\docume~1\Se7en\APPLIC~1\MIXPOK~1\defaultslow.exe" [2009-09-17 573440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-16 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-16 137752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-16 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-29 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-10 405504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\Default User\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\RocketDock\RocketDock.exe [2009-9-16 630784]
c:\documents and settings\Default User\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\RocketDock\RocketDock.exe [2009-9-16 630784]
c:\documents and settings\Default User\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\RocketDock\RocketDock.exe [2009-9-16 630784]
c:\documents and settings\Se7en\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
LClock.lnk - c:\windows\LClock.exe [2009-9-16 65536]
RocketDock.lnk - c:\windows\RocketDock\RocketDock.exe [2009-9-16 630784]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
c:\documents and settings\Default User\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\RocketDock\RocketDock.exe [2009-9-16 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [17/09/2009 06:10 ص 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/09/2009 06:10 ص 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [17/09/2009 06:10 ص 434945]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [16/09/2009 11:41 م 108032]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-29 c:\windows\Tasks\A3091AA091969880.job
- c:\docume~1\se7en\applic~1\mixpok~1\dataamokwarn.exe [2009-09-17 03:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\IDM\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\IDM\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\IDM\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\Se7en\Application Data\Mozilla\Firefox\Profiles\ysld6plm.default\
FF - prefs.js: browser.startup.homepage - hxxp://s33.travian.ae/dorf1.php
FF - component: c:\documents and settings\Se7en\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-09-29 21:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-515967899-1957994488-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,11,d4,ea,72,bf,fa,4c,97,85,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,11,d4,ea,72,bf,fa,4c,97,85,62,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1016)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-09-29 21:03
ComboFix-quarantined-files.txt 2009-09-29 18:03
ComboFix2.txt 2009-09-23 11:06
Pre-Run: 34,018,295,808 bytes free
Post-Run: 34,338,729,984 bytes free
325 --- E O F --- 2009-09-21 18:26
 
توقيع : xحموديx
ثبت متصفح اخر او احذفه ثم ثبت الاصدار الاحدث
 
الاصدار اللي عندي
Internet Explorer 8
عربي
 
توقيع : xحموديx




أخوي هات تقرير هايجاك جديد
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:02:24 ص, on 30/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\WINDOWS\RocketDock\RocketDock.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IDM\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\IDM\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\IDM\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\IDM\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [encdash] C:\DOCUME~1\Se7en\APPLIC~1\MIXPOK~1\defaultslow.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe (User 'Default user')
O4 - Startup: LClock.lnk = C:\WINDOWS\LClock.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\IDM\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\IDM\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\IDM\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 7976 bytes
 
توقيع : xحموديx


احذف هالقيمه من الهايجاك

O4 - HKCU\..\Run: [encdash] C:\DOCUME~1\Se7en\APPLIC~1\MIXPOK~1\defaultslow.ex e


هذي طريقة الحذف



mg%20%283%29.png



mg%20%284%29.png






ثم استخدم هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي





zyzoom-a44eb4e208.png


ثم تقرير هايجاك جديد




 
تم تحميل الاداء والتنظيف ..
 
توقيع : xحموديx
للرفع
 
توقيع : xحموديx
للرفع
 
توقيع : xحموديx
للرفع
 
توقيع : xحموديx
من فضلك قم بضغط الملف الموجود في هذا المسار( بالوينرار) >>C:\Qoobox\Quarantine

و قم برفعه علي هذا الموقع rapidsahre.com

وضع رابط التحميل هنا

ثم ضع تقرير هايجاك
 
توقيع : xحموديx
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:08 م, on 04/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\WINDOWS\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IDM\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\IDM\IEMonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\IDM\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\IDM\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [encdash] C:\DOCUME~1\Se7en\APPLIC~1\MIXPOK~1\defaultslow.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe (User 'Default user')
O4 - Startup: LClock.lnk = C:\WINDOWS\LClock.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\IDM\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\IDM\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\IDM\IEGetVL.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 8958 bytes
 
توقيع : xحموديx
للرفع
 
توقيع : xحموديx
للرفع
 
توقيع : xحموديx
عودة
أعلى