عندي مشكله بالنت ,, يطفى ويشتغل ,, ارجوا المساعده

ا

الشنكار

زيزوومي جديد
إنضم
11 يوليو 2008
المشاركات
70
مستوى التفاعل
0
النقاط
80
الإقامة
مادري
غير متصل
مشكله بالنت ,, يطفى ويشتغل

السلام عليكم
هلا بشباب كيف الحال
أخواااني
النت عندي ممكن يطفى ويشتغل مااادري ليش
المشكله اني مصلح المودم قبل اسبوع تقريبا
والإتصالات قالو ماافيه شي أبد عندنا كل شي تمام

:: التفاصيل ::

نوع الموم : speedtouch سبيداتش (أسود)
البطاقة: نسما

أبغى الحل بأسرع وقت
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم


شركة نسمه فيها مشاكل وبطى كثيييير

 
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد 0
اخووووووي هذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:59:23 م, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\الملفات المتلقاة\Zyzoom_HijackThis.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=jn;hijj89uj9ji9j:5454;hijj89uj9ji9j
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\locks meal.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Math16] C:\DOCUME~1\ADMINI~1\APPLIC~1\knobthe\Chin Fast.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ز×ب¤¹؛خï - {DE60714F-AC17-427e-861A-FD60CBDF119A} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra 'Tools' menuitem: ز×ب¤¹؛خï - {DE60714F-AC17-427e-861A-FD60CBDF119A} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 7201 bytes
 
تأييد 0
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:59:23 م, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\الملفات المتلقاة\Zyzoom_HijackThis.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=jn;hijj89uj9ji9j:5454;hijj89uj9ji9j
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\locks meal.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Math16] C:\DOCUME~1\ADMINI~1\APPLIC~1\knobthe\Chin Fast.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ز×ب¤¹؛خï - {DE60714F-AC17-427e-861A-FD60CBDF119A} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra 'Tools' menuitem: ز×ب¤¹؛خï - {DE60714F-AC17-427e-861A-FD60CBDF119A} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 7201 bytes
 
تأييد 0
عزيزي وين تقرير الاداة الاولى​
 
توقيع : فارس الملاك
تأييد 0
اهلا بك معنا بمنتديات زيزوووم للامن والحماية
عنوان موضوعك خالف احد شروط المنتدى
14- يُمنع منعاً باتاً استخدام عناوين لا تنم عن فحوى الموضوع مثلاً نذكر العناوين التالية والتي يمنع استخدامه( الحقووووووونييي - مصيييييبة - تكفي يا فلان - طلب برنامج - ...إلخ)
أنقر للتوسيع...
عذرا منك بتعديله لينم عن فحواه​

 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
ComboFix 08-11-06.01 - Administrator 11/07/2008 16:26:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.71 [GMT 3:00]
Running from: c:\documents and settings\Administrator\My Documents\الملفات المتلقاة\ComboFix\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Administrator\Application Data\tazebama
c:\documents and settings\Administrator\Application Data\tazebama\tazebama.log
c:\documents and settings\Administrator\Application Data\tazebama\zPharaoh.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\amvo.exe
c:\windows\system32\amvo0.dll
c:\windows\system32\amvo1.dll
c:\windows\system32\kakle.dll
C:\zPharaoh.exe
D:\Autorun.inf
D:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 13:32 925,039 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
2008-11-07 13:32 314,735 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-11-07 13:32 155,621 --sh--r C:\zPharaoh.exe
2008-11-07 13:32 --------- d-----w c:\program files\SpeedBit Video Accelerator
2008-11-07 13:32 --------- d-----w c:\documents and settings\Administrator\Application Data\tazebama
2008-11-07 11:48 --------- d-----w c:\program files\Face.Smoother
2008-11-07 11:22 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-07 11:07 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-11-06 21:22 877,423 ----a-w c:\windows\iun6002.exe
2008-11-06 21:22 463,215 ----a-w c:\windows\IsUninst.exe
2008-11-06 21:22 398,191 ----a-w c:\windows\system32\zhhp1600.exe
2008-11-06 21:22 246,639 ----a-w c:\windows\unvise32.exe
2008-11-06 21:21 456,047 ----a-w c:\windows\uninst.exe
2008-11-06 21:21 372,591 ----a-w c:\windows\iun3405.exe
2008-11-06 21:21 307,381 ----a-w c:\windows\UnDsp.EXE
2008-11-06 21:21 305,007 ----a-w c:\windows\UNWISE.EXE
2008-11-06 21:21 229,743 ----a-w c:\windows\ST6UNST.EXE
2008-11-06 07:08 --------- d-----w c:\documents and settings\Administrator\Application Data\knobthe
2008-11-04 19:58 327,680 ----a-w c:\windows\system32\dfxg11.dll
2008-11-04 19:58 --------- d-----w c:\program files\Winamp
2008-11-04 19:58 --------- d-----w c:\program files\Sonique
2008-11-04 19:58 --------- d-----w c:\program files\DFX
2008-11-04 19:57 --------- d-----w c:\program files\DSPFX Virtual Pack
2008-11-04 19:53 --------- d-----w c:\program files\RayGun
2008-11-04 19:51 --------- d-----w c:\program files\Sonic Foundry Plug-Ins
2008-11-04 19:51 --------- d-----w c:\program files\Sonic Foundry MP3 Plug-In
2008-11-04 19:51 --------- d-----w c:\program files\Sonic Foundry ACID 2.0
2008-11-04 19:50 --------- d-----w c:\program files\Timeworks
2008-11-04 19:50 --------- d-----w c:\program files\Sonic Foundry
2008-11-04 19:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 19:44 --------- d-----w c:\program files\Waves
2008-11-04 19:44 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-04 13:46 --------- d-----w c:\program files\Super Audio Converter
2008-11-03 21:23 13,344 ----a-w c:\windows\system32\drivers\NEROCDNT.SYS
2008-11-03 21:22 --------- d-----w c:\program files\Wav to Mp3 Encoder
2008-11-03 21:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-03 21:20 --------- d-----w c:\program files\2B System
2008-11-03 21:19 --------- d-----w c:\program files\MP3CD
2008-11-03 21:19 --------- d-----w c:\program files\Acoustica
2008-10-31 10:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-27 16:11 --------- d-----w c:\program files\The KMPlayer
2008-10-27 11:52 90,112 ----a-w c:\windows\system32\agsaami.dll
2008-10-27 11:52 610,304 ----a-w c:\windows\system32\agsaamg.dll
2008-10-27 11:52 372,736 ----a-w c:\windows\system32\agsaamc.dll
2008-10-27 11:52 2,535,424 ----a-w c:\windows\system32\agsaamj.dll
2008-10-27 11:52 196,608 ----a-w c:\windows\system32\maag.dll
2008-10-27 11:52 1,986,560 ----a-w c:\windows\system32\akll.dll
2008-10-27 11:52 1,245,184 ----a-w c:\windows\system32\bkll.dll
2008-10-27 11:52 1,212,416 ----a-w c:\windows\system32\ckll.dll
2008-10-27 11:52 --------- d-----w c:\program files\Real_SC
2008-10-25 20:47 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-10-25 20:47 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-10-25 20:46 --------- d-----w c:\program files\Common Files\Adobe
2008-10-12 21:08 --------- d-----w c:\program files\Voxengo
2008-10-10 07:59 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2008-10-09 12:20 --------- d-----w c:\program files\VOB
2008-10-09 12:17 --------- d-----w c:\program files\Steinberg
2008-10-09 10:27 --------- d-----w c:\program files\ESET
2008-10-09 10:07 --------- d-----w c:\program files\Absolute MP3 Splitter
2008-10-05 12:21 --------- d-----w c:\program files\Rescue Pro
2008-09-29 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-09-29 04:21 --------- d-----w c:\program files\CyberLink
2008-09-11 03:34 --------- d-----w c:\program files\Kelk 2000
2008-09-11 03:33 --------- d-----w c:\program files\DAP
2008-09-11 03:33 --------- d-----w c:\program files\ClocX
2008-09-09 00:39 --------- d-----w c:\program files\Photodex Presenter
2008-09-09 00:39 --------- d-----w c:\program files\Photodex
2008-09-09 00:39 --------- d-----w c:\documents and settings\Administrator\Application Data\Netscape
2008-09-09 00:38 --------- d-----w c:\documents and settings\Administrator\Application Data\Photodex
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/08/2008 01:26 AM 68856]
"Math16"="c:\docume~1\ADMINI~1\APPLIC~1\knobthe\Chin Fast.exe" [11/06/2008 04:40 PM 660847]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [05/06/2008 08:47 PM 77824]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [11/10/2003 11:06 PM 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [05/09/2008 04:27 PM 185896]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [11/07/2008 12:22 AM 251297]
"1 mags 16 more"="c:\documents and settings\All Users\Application Data\Admin Inter 1 Mags\locks meal.exe" [11/07/2008 12:21 AM 899439]
"SoundMan"="SOUNDMAN.EXE" [11/11/2005 09:07 AM 90112 c:\windows\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [03/07/2005 10:33 PM 53248 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [03/11/2005 12:33 PM 147456 c:\windows\system32\VTTrayp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-06 267119]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"vidc.vp31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 11/07/2008 12:14 AM 3209583 c:\program files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 11/07/2008 12:14 AM 2886111 c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [04/17/2002 08:27 PM 11264]
R2 ASPIXNT;ASPIXNT;c:\windows\system32\drivers\ASPIXNT.sys [06/03/2008 11:41 PM 6336]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [05/06/2008 09:13 PM 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [05/06/2008 09:13 PM 280184]
S0 NeroCdNt;NeroCdNt;c:\windows\system32\drivers\NeroCdNt.sys [11/04/2008 12:23 AM 13344]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0181f5ba-290b-11dd-97e2-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41999132-1bb7-11dd-97c1-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{429b5cfb-6087-11dd-987b-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49d19428-a418-11dd-98f3-0016ec42f4d1}]
\Shell\AutoRun\command - g2pfnid.com
\Shell\explore\Command - g2pfnid.com
\Shell\open\Command - g2pfnid.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d40ef8-5057-11dd-982c-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ecb35a-92de-11dd-98c3-fdd5eddc84ff}]
\Shell\AutoRun\command - G:\y82td3td.com
\Shell\explore\Command - G:\y82td3td.com
\Shell\open\Command - G:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fee98c2-2b2f-11dd-97e5-0016ec42f4d1}]
\Shell\AutoRun\command - qa8sywva.cmd
\Shell\explore\Command - qa8sywva.cmd
\Shell\open\Command - qa8sywva.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fee98c3-2b2f-11dd-97e5-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5f97ac5-a139-11dd-98e5-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b649b57a-753f-11dd-988c-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba495126-9911-11dd-98d1-b2c0bf439d9f}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be785b66-921c-11dd-98be-9550fd932db6}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2e63916-2b15-11dd-97e3-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d963a24f-51a3-11dd-982f-0016ec42f4d1}]
\Shell\AutoRun\command - F:\t1ypkh.exe
\Shell\explore\Command - F:\t1ypkh.exe
\Shell\open\Command - F:\t1ypkh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec2e0134-4309-11dd-9806-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7058b4e-661b-11dd-9886-0016ec42f4d1}]
\Shell\AutoRun\command - F:\u2.cmd
\Shell\explore\Command - F:\u2.cmd
\Shell\open\Command - F:\u2.cmd
.
s of the 'Scheduled Tasks' folder
2008-11-07 c:\windows\Tasks\AF0D08AC918ABCAC.job
- c:\docume~1\admini~1\applic~1\knobthe\LogoHoleDraw.exe [11/06/2008 04:40 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.raddadi.com/
R1 -: HKCU-Internet Settings,ProxyServer = https=jn;hijj89uj9ji9j:5454;hijj89uj9ji9j
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-11-07 16:32:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Crypserv.exe
c:\documents and settings\tazebama.dl_
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Completion time: 11/07/2008 16:35:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-07 13:35:52
Pre-Run: 13,794,127,872 bytes free
Post-Run: 17,784,643,584 bytes free
253
 
تأييد 0
تأييد 0

الحمد لله تخلصنا من فيروسات كثيرة

وتم اصلاح بعض القيم من الرجستري

الان اعمل تقرير هايجاك للتاكد من سلامة جهازك

واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:57:47 م, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\DYX6L4GS\Zyzoom_HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=jn;hijj89uj9ji9j:5454;hijj89uj9ji9j
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\locks meal.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Math16] C:\DOCUME~1\ADMINI~1\APPLIC~1\knobthe\Chin Fast.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 6094 bytes
 
تأييد 0
احذف هالقيم


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = https=jn;hijj89uj9ji9j:5454;hijj89uj9ji9j
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\locks meal.exe

O4 - HKCU\..\Run: [Math16] C:\DOCUME~1\ADMINI~1\APPLIC~1\knobthe\Chin Fast.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe



طريقة الحذف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



mg%20%284%29.png


=================================​

استخدم هذه الاداة للتنظيف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


wh_15149054.png



بعدها اعمل اعادة تشغيل

ونزل الاداة من جديد وشغلها


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد 0
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
هذا هو التقرير::
ComboFix 08-11-06.01 - Administrator 11/07/2008 19:49:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.85 [GMT 3:00]
Running from: c:\documents and settings\Administrator\My Documents\الملفات المتلقاة\ComboFix\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Administrator\Application Data\tazebama
c:\documents and settings\Administrator\Application Data\tazebama\tazebama.log
c:\documents and settings\Administrator\Application Data\tazebama\zPharaoh.dat
C:\zPharaoh.exe
D:\Autorun.inf
D:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 16:53 155,301 --sh--r C:\zPharaoh.exe
2008-11-07 16:53 --------- d-----w c:\program files\SpeedBit Video Accelerator
2008-11-07 16:53 --------- d-----w c:\documents and settings\Administrator\Application Data\tazebama
2008-11-07 11:48 --------- d-----w c:\program files\Face.Smoother
2008-11-07 11:22 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-07 11:07 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-11-06 21:22 877,423 ----a-w c:\windows\iun6002.exe
2008-11-06 21:22 463,215 ----a-w c:\windows\IsUninst.exe
2008-11-06 21:22 398,191 ----a-w c:\windows\system32\zhhp1600.exe
2008-11-06 21:22 246,639 ----a-w c:\windows\unvise32.exe
2008-11-06 21:21 456,047 ----a-w c:\windows\uninst.exe
2008-11-06 21:21 372,591 ----a-w c:\windows\iun3405.exe
2008-11-06 21:21 307,381 ----a-w c:\windows\UnDsp.EXE
2008-11-06 21:21 305,007 ----a-w c:\windows\UNWISE.EXE
2008-11-06 21:21 229,743 ----a-w c:\windows\ST6UNST.EXE
2008-11-06 07:08 --------- d-----w c:\documents and settings\Administrator\Application Data\knobthe
2008-11-04 19:58 327,680 ----a-w c:\windows\system32\dfxg11.dll
2008-11-04 19:58 --------- d-----w c:\program files\Winamp
2008-11-04 19:58 --------- d-----w c:\program files\Sonique
2008-11-04 19:58 --------- d-----w c:\program files\DFX
2008-11-04 19:57 --------- d-----w c:\program files\DSPFX Virtual Pack
2008-11-04 19:53 --------- d-----w c:\program files\RayGun
2008-11-04 19:51 --------- d-----w c:\program files\Sonic Foundry Plug-Ins
2008-11-04 19:51 --------- d-----w c:\program files\Sonic Foundry MP3 Plug-In
2008-11-04 19:51 --------- d-----w c:\program files\Sonic Foundry ACID 2.0
2008-11-04 19:50 --------- d-----w c:\program files\Timeworks
2008-11-04 19:50 --------- d-----w c:\program files\Sonic Foundry
2008-11-04 19:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 19:44 --------- d-----w c:\program files\Waves
2008-11-04 19:44 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-04 13:46 --------- d-----w c:\program files\Super Audio Converter
2008-11-03 21:23 13,344 ----a-w c:\windows\system32\drivers\NEROCDNT.SYS
2008-11-03 21:22 --------- d-----w c:\program files\Wav to Mp3 Encoder
2008-11-03 21:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-03 21:20 --------- d-----w c:\program files\2B System
2008-11-03 21:19 --------- d-----w c:\program files\MP3CD
2008-11-03 21:19 --------- d-----w c:\program files\Acoustica
2008-10-31 10:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-27 16:11 --------- d-----w c:\program files\The KMPlayer
2008-10-27 11:52 90,112 ----a-w c:\windows\system32\agsaami.dll
2008-10-27 11:52 610,304 ----a-w c:\windows\system32\agsaamg.dll
2008-10-27 11:52 372,736 ----a-w c:\windows\system32\agsaamc.dll
2008-10-27 11:52 2,535,424 ----a-w c:\windows\system32\agsaamj.dll
2008-10-27 11:52 196,608 ----a-w c:\windows\system32\maag.dll
2008-10-27 11:52 1,986,560 ----a-w c:\windows\system32\akll.dll
2008-10-27 11:52 1,245,184 ----a-w c:\windows\system32\bkll.dll
2008-10-27 11:52 1,212,416 ----a-w c:\windows\system32\ckll.dll
2008-10-27 11:52 --------- d-----w c:\program files\Real_SC
2008-10-25 20:47 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-10-25 20:47 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-10-25 20:46 --------- d-----w c:\program files\Common Files\Adobe
2008-10-12 21:08 --------- d-----w c:\program files\Voxengo
2008-10-10 07:59 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2008-10-09 12:20 --------- d-----w c:\program files\VOB
2008-10-09 12:17 --------- d-----w c:\program files\Steinberg
2008-10-09 10:27 --------- d-----w c:\program files\ESET
2008-10-09 10:07 --------- d-----w c:\program files\Absolute MP3 Splitter
2008-10-05 12:21 --------- d-----w c:\program files\Rescue Pro
2008-09-29 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-09-29 04:21 --------- d-----w c:\program files\CyberLink
2008-09-11 03:34 --------- d-----w c:\program files\Kelk 2000
2008-09-11 03:33 --------- d-----w c:\program files\DAP
2008-09-11 03:33 --------- d-----w c:\program files\ClocX
2008-09-09 00:39 --------- d-----w c:\program files\Photodex Presenter
2008-09-09 00:39 --------- d-----w c:\program files\Photodex
2008-09-09 00:39 --------- d-----w c:\documents and settings\Administrator\Application Data\Netscape
2008-09-09 00:38 --------- d-----w c:\documents and settings\Administrator\Application Data\Photodex
.
((((((((((((((((((((((((((((( snapshot@Fri 11-07-2008_16.35.29.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-07 13:32:00 925,039 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
+ 2004-08-03 21:56:14 768,512 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe
- 2008-11-07 13:32:00 314,735 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2004-08-03 21:56:22 158,208 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/08/2008 01:26 AM 68856]
"Math16"="c:\docume~1\ADMINI~1\APPLIC~1\knobthe\Chin Fast.exe" [11/06/2008 04:40 PM 660847]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [05/06/2008 08:47 PM 77824]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [11/10/2003 11:06 PM 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [05/09/2008 04:27 PM 185896]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [11/07/2008 12:22 AM 251297]
"1 mags 16 more"="c:\documents and settings\All Users\Application Data\Admin Inter 1 Mags\locks meal.exe" [11/07/2008 12:21 AM 899439]
"SoundMan"="SOUNDMAN.EXE" [11/11/2005 09:07 AM 90112 c:\windows\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [03/07/2005 10:33 PM 53248 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [03/11/2005 12:33 PM 147456 c:\windows\system32\VTTrayp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-06 267119]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"vidc.vp31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 11/07/2008 12:14 AM 3209583 c:\program files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 11/07/2008 12:14 AM 2886111 c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [04/17/2002 08:27 PM 11264]
R2 ASPIXNT;ASPIXNT;c:\windows\system32\drivers\ASPIXNT.sys [06/03/2008 11:41 PM 6336]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [05/06/2008 09:13 PM 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [05/06/2008 09:13 PM 280184]
S0 NeroCdNt;NeroCdNt;c:\windows\system32\drivers\NeroCdNt.sys [11/04/2008 12:23 AM 13344]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0181f5ba-290b-11dd-97e2-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41999132-1bb7-11dd-97c1-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{429b5cfb-6087-11dd-987b-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49d19428-a418-11dd-98f3-0016ec42f4d1}]
\Shell\AutoRun\command - g2pfnid.com
\Shell\explore\Command - g2pfnid.com
\Shell\open\Command - g2pfnid.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d40ef8-5057-11dd-982c-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ecb35a-92de-11dd-98c3-fdd5eddc84ff}]
\Shell\AutoRun\command - G:\y82td3td.com
\Shell\explore\Command - G:\y82td3td.com
\Shell\open\Command - G:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fee98c2-2b2f-11dd-97e5-0016ec42f4d1}]
\Shell\AutoRun\command - qa8sywva.cmd
\Shell\explore\Command - qa8sywva.cmd
\Shell\open\Command - qa8sywva.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fee98c3-2b2f-11dd-97e5-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5f97ac5-a139-11dd-98e5-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b649b57a-753f-11dd-988c-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba495126-9911-11dd-98d1-b2c0bf439d9f}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be785b66-921c-11dd-98be-9550fd932db6}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2e63916-2b15-11dd-97e3-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d963a24f-51a3-11dd-982f-0016ec42f4d1}]
\Shell\AutoRun\command - F:\t1ypkh.exe
\Shell\explore\Command - F:\t1ypkh.exe
\Shell\open\Command - F:\t1ypkh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec2e0134-4309-11dd-9806-0016ec42f4d1}]
\Shell\AutoRun\command - F:\y82td3td.com
\Shell\explore\Command - F:\y82td3td.com
\Shell\open\Command - F:\y82td3td.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7058b4e-661b-11dd-9886-0016ec42f4d1}]
\Shell\AutoRun\command - F:\u2.cmd
\Shell\explore\Command - F:\u2.cmd
\Shell\open\Command - F:\u2.cmd
.
s of the 'Scheduled Tasks' folder
2008-11-07 c:\windows\Tasks\AF0D08AC918ABCAC.job
- c:\docume~1\admini~1\applic~1\knobthe\LogoHoleDraw.exe [11/06/2008 04:40 PM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.raddadi.com/
R1 -: HKCU-Internet Settings,ProxyServer = https=jn;hijj89uj9ji9j:5454;hijj89uj9ji9j
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-11-07 19:53:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Crypserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\documents and settings\tazebama.dl_
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Completion time: 11/07/2008 19:57:22 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-11-07 16:57:17
ComboFix2.txt 2008-11-07 13:35:57
Pre-Run: 17,671,610,368 bytes free
Post-Run: 17,671,213,056 bytes free
251

 
التعديل الأخير بواسطة المشرف:
تأييد 0
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

هذا التقرير::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:03:12 م, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\Administrator\My Documents\الملفات المتلقاة\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=jn;hijj89uj9ji9j:5454;hijj89uj9ji9j
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\locks meal.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Math16] C:\DOCUME~1\ADMINI~1\APPLIC~1\knobthe\Chin Fast.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 6056 bytes
 
التعديل الأخير بواسطة المشرف:
تأييد 0
عزيزي نزل برنامج حماية وافحص الجهاز بالكامل
 
توقيع : فارس الملاك
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى