مشكلة في جهااازي

ذيب تميم · 30 نوفمبر 2008

السلام عليكم ورحمة الله وبركاته

أنا في هذه الأيام حاولت أجرب الهكر لاني أحب البرمجه:hh:

حملت برنامج صار فيه باتش وأنا ما أدري :no:

من عقبه وكمبيوتري صاير بطيئ جداا وبعض المرات يعلق ولا أقدر اسوي شئ

وأضطر إلى إعادة أضغط زر إعادة التشغيل ويتعطل شريط المهام كل ما أبي أضغط عليه يقول

ثمن قمت أفحصه ببرامج الحمايه الي عندي يلقا فيروسات بس بدون فايده

ثمن تدهور كمبيوتري زياده حتى إني لاما أبي اضغد على سطح المكتب ما أقدر أسوي شئ

حطيت قرص الوينزوز وسويت إصلاح تحسن شوي بس بدون فيده

ثمن طلعت لي هذا الخطء فما الحل جزاكم الله خير

ياليت تساعدوني

MAAX · 30 نوفمبر 2008

وعليكم السلام ورحمة الله

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ذيب تميم · 30 نوفمبر 2008

جاري الفحص.......

طيب الله يعافيك وش السوات مع هذا الخطء الي يطلعلي هبلبي

MAAX · 30 نوفمبر 2008

اعمل تقرير هايجاك للاطلاع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

ذيب تميم · 1 ديسمبر 2008

السلام عليكم

هذا تقريري وأسف على التأخر لانه قاعد يفحص في الجهاز مدة 3 ساعات أو أكثر ورحت أنوم دايخ

scan
----
scanned: 701835
detected: 7
untreated: 0
start time: 03/12/1429 08:33:26 م
duration: 03:33:36
finish time: 04/12/1429 12:07:02 ص

detected
--------
status
------ ------
deleted: Malware hacktool.win32.haktek.11 file: C:\documents and settings\a\local settings\application data\google\chrome\user data\default\cache\f_00059b/haktek.exe
deleted: Malware hacktool.win32.prorat.a file: C:\documents and settings\a\سطح المكتب\هـ ـكـ ـر ز\prorat_v1.9.zip/prorat.exe//prorat.exe
deleted: Malware hacktool.win32.prorat.a file: C:\recycler\s-1-5-21-2025429265-706699826-839522115-1003\dc104\prorat.exe//prorat.exe
deleted: Malware hacktool.win32.prorat.a file: C:\recycler\s-1-5-21-2025429265-706699826-839522115-1003\dc105\prorat.exe//prorat.exe
deleted: Malware hacktool.win32.prorat.a file: C:\recycler\s-1-5-21-2025429265-706699826-839522115-1003\dc113\prorat.exe.bak//prorat.exe
deleted: Malware hacktool.win32.prorat.a file: C:\system volume information\_restore{2f1e3246-0627-44fa-857f-5b7c9725fee1}\rp4\a0002254.exe//prorat.exe
deleted: Malware hacktool.win32.prorat.a file: C:\system volume information\_restore{2f1e3246-0627-44fa-857f-5b7c9725fee1}\rp4\a0002255.exe

events
------
time name status reason
---- ---- ------ ------
03/12/1429 08:33:31 م running module: Smss.exe\smss.exe ok scanned

statistics
----------
scanned detected untreated deleted moved to quarantine archives packed files password protected corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

settings
--------
parameter value
--------- -----
security level recommended
action disinfect, delete if disinfection fails
run mode manually
file types scan all files
scan only new and changed files no
scan archives all
scan embedded ole s all
skip if is larger than no
skip if scan takes longer than no
parse email formats no
scan password-protected archives no
enable ichecker technology no
enable iswift technology no
show detected threats on "detected" tab yes
rootkits search yes
deep rootkits search no
use heuristic analyzer yes

quarantine
----------
status size added
------ ------ ---- -----

backup
------
status size
------ ------ ----

أبحمل أدات هايجك وأبرفقها لكم

ذيب تميم · 1 ديسمبر 2008

هذا تقرير الهايجك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:56:39 ص, on 02/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Documents and Settings\A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager112211\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager112211\IEMonitor.exe
C:\Documents and Settings\A\سطح المكتب\Virus Removal Tool\is-43FL1\is-43FL1.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
E:\Zyzoom_HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.190:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager112211\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: arabslaptop Toolbar - {32548747-c6e2-49e7-8d6c-6cfae30b1b72} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: hotah Toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - C:\Program Files\hotah\tbhota.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: STOPzilla Browser Helper - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: arabslaptop Toolbar - {32548747-c6e2-49e7-8d6c-6cfae30b1b72} - (no file)
O3 - Toolbar: hotah Toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - C:\Program Files\hotah\tbhota.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager112211\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Embedded Web Browser from:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
InfoPath.2; .NET CLR 2.0.50727; FDM)" -"http://www.miniclip.com/games/super-trucks/en/"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Startup: is-43FL1.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager112211\IEGetAll.htm
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager112211\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager112211\IEGetVL.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: CabBuilder -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 14425 bytes

أنا أعتقد إن في جهازي دوده قاعده تلعب فيه:cr:

MAAX · 1 ديسمبر 2008

اولا عطل استعادة النظام حسب الشرح التالي

ثم حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيل الاداة نضغط كما محدد بالصورة التالية

ونوافق على الرسائل التي تخرج وفي حال خروج تحذير من برنامج الحماية نعمل له سماح
ثم يعاد تشغيل الجهاز

بعد ذلك

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

ثم اعمل تقرير هايجااك جديد

ذيب تميم · 2 ديسمبر 2008

السلام عليكم

أنا أسف على التأخر بسبب الأدوات التي أعطيتونيها

لانها عطلت الإتصال ولا قدرت أرفع الملف وإضطررت إلى أن أسوي إصلاح للويندوز وتوه زان الحين

هذا التقرير حق الأدات وتقرير الهايجك بردي الثاني

combofix 08-11-30.02 - a 12/02/2008 17:59:32.1 - ntfsx86
microsoft windows xp professional 5.1.2600.2.1256.1.1025.18.1468 [gmt 3:00]
running from: E:\combofix.exe
* created a new restore point
* resident av is active

warning -this machine does not have the recovery console installed !!
.
/wow section - stage 41

((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\ie4 error log.txt

.
((((((((((((((((((((((((( files created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 15:03 320 ----a-w c:\windows\system32\drivers\kgpcpy.cfg
2008-12-02 15:03 --------- d-----w c:\documents and settings\all users\application data\stopzilla!
2008-12-02 14:59 --------- d-----w c:\documents and settings\a\application data\dmcache
2008-12-02 14:57 --------- d-----w c:\program files\crawler
2008-12-02 14:53 502,340 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-02 14:53 42,596,384 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-02 14:51 --------- d-----w c:\documents and settings\all users\application data\kaspersky lab
2008-12-02 14:14 --------- d-----w c:\documents and settings\all users\application data\siteguard
2008-12-02 13:22 --------- d-----w c:\program files\java
2008-11-30 16:41 --------- d-----w c:\program files\kaspersky lab
2008-11-30 16:41 --------- d-----w c:\program files\common files\kaspersky lab
2008-11-30 15:38 --------- d-----w c:\documents and settings\all users\application data\spyware terminator
2008-11-30 13:49 --------- d-----w c:\documents and settings\administrator\application data\spyware terminator
2008-11-30 13:28 --------- d-----w c:\program files\gamespy arcade
2008-11-30 13:21 --------- d-----w c:\documents and settings\a\application data\spyware terminator
2008-11-30 11:40 --------- d-----w c:\program files\spyware terminator
2008-11-30 11:07 --------- d-----w c:\program files\esetonlinescanner
2008-11-29 14:43 --------- d-----w c:\documents and settings\الضيوف\application data\iepro
2008-11-29 05:53 --------- d-----w c:\documents and settings\الضيوف\application data\pc suite
2008-11-29 04:28 0 ----a-w c:\osy3.sys
2008-11-29 04:27 --------- d-----w c:\documents and settings\all users\application data\prevx
2008-11-28 19:02 --------- d-----w c:\documents and settings\a\application data\prorat
2008-11-28 18:26 142,592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-28 14:13 --------- d-----w c:\program files\dyndns updater
2008-11-28 14:13 --------- d-----w c:\documents and settings\all users\application data\dyndns
2008-11-28 10:49 --------- d-----w c:\documents and settings\all users\application data\yahoo!
2008-11-28 08:42 --------- d-----w c:\program files\winpcap
2008-11-27 09:04 --------- d-----w c:\program files\messenger plus! Live
2008-11-26 13:39 --------- d-----w c:\program files\no-ip
2008-11-25 17:03 7,926,561 ------w c:\persi0.sys
2008-11-25 17:03 --------- d-----w c:\program files\faronics
2008-11-24 15:13 --------- d-----w c:\documents and settings\a\application data\avant profiles
2008-11-24 15:11 --------- d-----w c:\program files\avant browser
2008-11-23 16:54 --------- d-----w c:\program files\video gif converter
2008-11-23 15:39 --------- d-----w c:\program files\google
2008-11-21 20:11 --------- d-----w c:\documents and settings\a\application data\free download manager
2008-11-21 16:48 --------- d-----w c:\documents and settings\a\application data\minidm
2008-11-20 16:31 --------- d-----w c:\program files\kelk 2000
2008-11-18 17:39 --------- d-----w c:\program files\gameshadow
2008-11-18 15:11 --------- d-----w c:\program files\elaborate bytes
2008-11-18 11:13 --------- d-----w c:\documents and settings\a\application data\hamachi
2008-11-15 04:18 --------- d-----w c:\documents and settings\all users\application data\pc suite
2008-11-15 04:18 --------- d-----w c:\documents and settings\a\application data\pc suite
2008-11-15 04:18 --------- d-----w c:\documents and settings\a\application data\nokia
2008-11-15 04:17 0 ---ha-w c:\windows\system32\drivers\msftwdf_kernel_01005_coinstaller_critical.wdf
2008-11-15 04:17 0 ---ha-w c:\windows\system32\drivers\msft_kernel_ccdcmb_01005.wdf
2008-11-15 04:10 --------- d-----w c:\program files\nokia
2008-11-15 04:10 --------- d-----w c:\program files\common files\pcsuite
2008-11-15 04:10 --------- d-----w c:\program files\common files\nokia
2008-11-15 04:09 --------- d-----w c:\program files\pc connectivity solution
2008-11-15 04:09 --------- d-----w c:\program files\difx
2008-11-15 04:04 --------- d-----w c:\documents and settings\all users\application data\installations
2008-11-15 03:36 --------- d-----w c:\documents and settings\a\application data\nokia multimedia player
2008-11-15 03:36 --------- d-----w c:\documents and settings\a\application data\datalayer
2008-11-13 14:38 --------- d-----w c:\documents and settings\administrator\application data\free upload manager
2008-11-13 12:46 --------- d-----w c:\documents and settings\administrator\application data\lavasoft
2008-11-12 12:42 --------- d-----w c:\program files\zeallsoft
2008-11-10 11:35 --------- d-----w c:\program files\aaalogo2008
2008-11-09 15:23 --------- d-----w c:\program files\internet download manager112211
2008-11-09 11:04 --------- d-----w c:\program files\common files\adobe
2008-11-09 11:01 --------- d--h--w c:\program files\installshield installation information
2008-11-08 07:53 --------- d-----w c:\documents and settings\a\application data\idm
2008-11-08 07:20 --------- d-----w c:\program files\stopzilla!
2008-11-08 04:43 --------- d-----w c:\program files\natural ambience
2008-11-07 18:30 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-07 18:30 --------- d-----w c:\program files\hamachi
2008-11-07 09:44 --------- d-----w c:\program files\common files\real
2008-11-06 09:40 --------- d-----w c:\program files\techsmith
2008-11-06 09:40 --------- d-----w c:\documents and settings\all users\application data\techsmith
2008-11-06 09:38 --------- d-----w c:\program files\common files\wise installation wizard
2008-11-02 17:38 --------- d-----w c:\program files\firefly studios
2008-11-02 17:38 --------- d-----w c:\program files\common files\installshield
2008-11-02 17:34 --------- d-----w c:\program files\managed directx (0900)
2008-10-31 14:48 --------- d-----w c:\documents and settings\a\application data\avira
2008-10-31 13:58 --------- d-----w c:\documents and settings\all users\application data\avira
2008-10-31 13:57 --------- d-----w c:\program files\avira
2008-10-30 15:37 --------- d-sh--r c:\program files\msncs
2008-10-29 16:17 --------- d-----w c:\documents and settings\a\application data\teamviewer
2008-10-28 13:55 --------- d-----w c:\documents and settings\a\application data\u3
2008-10-26 10:38 --------- d-----w c:\program files\messengerdiscovery
2008-10-25 02:56 --------- d-----w c:\documents and settings\localservice\application data\agi
2008-10-24 03:04 --------- d-----w c:\program files\windows live
2008-10-23 02:41 --------- d-----w c:\program files\microsoft silverlight
2008-10-22 19:49 --------- d-----w c:\documents and settings\all users\application data\winzip
2008-10-22 17:35 65,385 ----a-w c:\windows\bricopackuninst.cmd
2008-10-22 17:35 6,098 ----a-w c:\windows\bricopackfoldersdelete.cmd
2008-10-21 17:38 --------- d-----w c:\program files\webcammax
2008-10-21 13:25 --------- d-----w c:\documents and settings\all users\application data\microsoft help
2008-10-21 02:48 --------- d-----w c:\program files\the kmplayer1431
2008-10-20 12:39 --------- d-----w c:\program files\real_sc
2008-10-20 12:18 --------- d-----w c:\program files\windows media connect 2
2008-10-19 06:20 --------- d-----w c:\program files\circle developement
2008-10-19 03:59 --------- d-----w c:\program files\smarty uninstaller pro
2008-10-19 03:58 --------- d---a-w c:\documents and settings\all users\application data\temp
2008-10-18 18:01 --------- d-----w c:\program files\msecache
2008-10-16 10:43 --------- d-----w c:\documents and settings\all users\application data\wlinstaller
2008-10-16 10:08 --------- d-----w c:\program files\windows installer clean up
2008-10-15 18:22 --------- d-----w c:\documents and settings\all users\application data\ashampoo
2008-10-15 02:33 --------- d-----w c:\program files\windows defender
2008-10-15 02:30 --------- d-----w c:\program files\usb disk security
.

((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4

[hkey_local_machine\~\browser helper s\{dbf9be6b-f17a-48da-9407-672bfc0299d2}]
09/15/2008 06:47 am 1784856 --a------ c:\program files\hotah\tbhota.dll

[hkey_local_machine\software\microsoft\internet explorer\toolbar]
"{dbf9be6b-f17a-48da-9407-672bfc0299d2}"= "c:\program files\hotah\tbhota.dll" [09/15/2008 06:47 am 1784856]

[hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser]
"{dbf9be6b-f17a-48da-9407-672bfc0299d2}"= "c:\program files\hotah\tbhota.dll" [09/15/2008 06:47 am 1784856]

[hkey_classes_root\clsid\{dbf9be6b-f17a-48da-9407-672bfc0299d2}]

[hkey_current_user\software\microsoft\windows\currentversion\run]
"google update"="c:\documents and settings\a\local settings\application data\google\update\googleupdate.exe" [09/07/2008 11:00 pm 133104]
"idman"="c:\program files\internet download manager112211\idman.exe" [11/09/2008 06:23 pm 2606512]
"msnmsgr"="c:\program files\windows live\messenger\msnmsgr.exe" [10/18/2007 11:34 am 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 am 15360]
"msmsgs"="c:\program files\messenger\msmsgs.exe" [08/04/2004 01:09 am 1667584]

[hkey_local_machine\software\microsoft\windows\currentversion\run]
"avgnt"="c:\program files\avira\antivir personaledition premium\avgnt.exe" [06/12/2008 02:28 pm 266497]
"sunjavaupdatesched"="c:\program files\java\jre6\bin\jusched.exe" [12/02/2008 04:22 pm 136600]

[hkey_users\.default\software\microsoft\windows\currentversion\run]
"dwqueuedreporting"="c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" [08/24/2007 03:18 am 437160]

c:\documents and settings\a\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
ela-salaty.lnk - c:\program files\ela-salaty\salaty.exe [2007-03-05 5353984]

c:\documents and settings\all users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
dyndns updater tray icon.lnk - c:\program files\dyndns updater\dyntray.exe [2008-06-23 86016]

[hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon\notify\dflogon]
08/08/2004 03:19 pm 49152 c:\windows\system32\logondll.dll

[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"vidc.x264"= x264vfw.dll
"vidc.3iv2"= 3ivxvfwcodec.dll

[hklm\~\startupfolder\c:^documents and settings^all users^قائمة ابدأ^البرامج^بدء التشغيل^adobe gamma loader.lnk]
path=c:\documents and settings\all users\قائمة ابدأ\البرامج\بدء التشغيل\adobe gamma loader.lnk
backup=c:\windows\pss\adobe gamma loader.lnkcommon startup

[hklm\~\startupfolder\c:^documents and settings^all users^قائمة ابدأ^البرامج^بدء التشغيل^kaspersky anti-hacker.lnk]
path=c:\documents and settings\all users\قائمة ابدأ\البرامج\بدء التشغيل\kaspersky anti-hacker.lnk
backup=c:\windows\pss\kaspersky anti-hacker.lnkcommon startup

[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^adobe media player.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\adobe media player.lnk
backup=c:\windows\pss\adobe media player.lnkstartup

[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^hamachi.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkstartup

[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^onenote 2007 screen clipper and launcher.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\onenote 2007 screen clipper and launcher.lnk
backup=c:\windows\pss\onenote 2007 screen clipper and launcher.lnkstartup

[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^rocketdock.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\rocketdock.lnk
backup=c:\windows\pss\rocketdock.lnkstartup

[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^transbar.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\transbar.lnk
backup=c:\windows\pss\transbar.lnkstartup

[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^ubericon.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\ubericon.lnk
backup=c:\windows\pss\ubericon.lnkstartup

[hklm\~\startupfolder\c:^documents and settings^a^قائمة ابدأ^البرامج^بدء التشغيل^y'z shadow.lnk]
path=c:\documents and settings\a\قائمة ابدأ\البرامج\بدء التشغيل\y'z shadow.lnk
backup=c:\windows\pss\y'z shadow.lnkstartup

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
--a------ 01/11/2008 10:16 pm 39792 c:\program files\adobe\reader 8.0\reader\reader_sl.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:56 am 15360 c:\windows\system32\ctfmon.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 02/26/2008 07:45 pm 1430784 c:\program files\eset\eset smart security\egui.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\free download manager]
--a------ 05/20/2008 05:27 pm 2474031 c:\program files\free download manager\fdm.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\google desktop search]
--a------ 10/29/2008 05:24 pm 30192 c:\program files\google\google desktop search\googledesktop.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\groovemonitor]
--a------ 08/24/2007 07:00 am 33648 c:\program files\microsoft office\office12\groovemonitor.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 11/28/2005 08:52 am 77824 c:\windows\system32\hkcmd.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 11/28/2005 08:55 am 118784 c:\windows\system32\igfxpers.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 11/28/2005 08:55 am 98304 c:\windows\system32\igfxtray.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\imekrmig6.1]
--a------ 09/19/2001 03:00 pm 44032 c:\windows\ime\imkr6_1\imekrmig.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\imjpmig8.1]
--a------ 08/03/2004 10:32 pm 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
--------- 08/04/2004 01:09 am 1667584 c:\program files\messenger\msmsgs.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
--a------ 07/09/2001 10:50 am 155648 c:\windows\system32\nerocheck.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync]
--a------ 06/17/2008 04:00 pm 1249280 c:\program files\nokia\nokia pc suite 7\pcsync2.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\spywareterminator]
--a------ 11/28/2008 09:26 pm 2246144 c:\program files\spyware terminator\spywareterminatorshield.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\virtualclonedrive]
--a------ 06/30/2008 01:01 am 52168 c:\program files\elaborate bytes\virtualclonedrive\vcddaemon.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\webcammaxmoniter]
--a------ 02/12/2008 05:34 pm 456024 c:\program files\webcammax\wcmmon.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\windows defender]
--a------ 11/03/2006 07:20 pm 866584 c:\program files\windows defender\msascui.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\alcmtr]
-ra------ 05/03/2005 01:43 pm 69632 c:\windows\alcmtr.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\rthdcpl]
-ra------ 07/05/2007 11:08 am 16380416 c:\windows\rthdcpl.exe

[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\skytel]
-ra------ 06/15/2007 11:45 am 1826816 c:\windows\skytel.exe

[hkey_local_machine\software\microsoft\security center]
"antivirusoverride"=dword:00000001

[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantihacker]
"disablemonitoring"=dword:00000001

[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\program files\\windows live\\messenger\\msnmsgr.exe"=
"c:\\program files\\windows live\\messenger\\livecall.exe"=
"c:\\windows\\pchealth\\helpctr\\binaries\\helpctr.exe"=

[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3389:tcp"= 3389:tcpxpsp2res.dll,-22009

r0 deepfrz;deepfrz;c:\windows\system32\drivers\deepfrz.sys [2004-08-08 93568]
r0 klpf;klpf;c:\windows\system32\drivers\klpf.sys [2006-02-07 25075]
r0 klpid;klpid;c:\windows\system32\drivers\klpid.sys [2006-02-07 32214]
r0 szkg5;szkg;c:\windows\system32\drivers\szkg.sys [2008-10-08 49664]
r1 sp_rsdrv2;spyware terminator driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-28 142592]
r2 antivirwebservice;avira antivir premium webguard;"c:\program files\avira\antivir personaledition premium\avwebgrd.exe" [2008-10-31 258305]
r2 aveservice;avira antivir premium mailguard helper service;"c:\program files\avira\antivir personaledition premium\avesvc.exe" [2008-10-31 41217]
r2 camthwdm;webcammax, wdm video capture;c:\windows\system32\drivers\camthwdm.sys [2008-02-09 941784]
r2 dyndns updater;dyndns updater;c:\program files\dyndns updater\dynupsvc.exe [2008-06-23 65536]
r2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2008-10-03 56344]
s2 antivirmailservice;avira antivir premium mailguard;"c:\program files\avira\antivir personaledition premium\avmailc.exe" [2008-10-31 164097]
s3 ar5523;tp-link tl-wn620g 11g wireless adapter service;c:\windows\system32\drivers\ar5523.sys [2008-08-26 360288]
s3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-09-23 23296]
s3 avgfwfd;avg network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-09-23 23296]
s3 fsssvc;windows live family safety;"c:\program files\windows live\family safety\fsssvc.exe" []
s3 googledesktopmanager-090808-172447;google desktop manager 5.8.809.8522;"c:\program files\google\google desktop search\googledesktop.exe" [2008-09-13 30192]
s3 npf;winpcap packet driver (npf);c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
.
S of the 'scheduled tasks' folder

2008-12-02 c:\windows\tasks\googleupdatetaskuser.job
- c:\documents and settings\a\local settings\application data\google\update\googleupdate.exe [09/07/2008 11:00 pm]

2008-12-02 c:\windows\tasks\mp scheduled scan.job
- c:\program files\windows defender\mpcmdrun.exe [11/03/2006 07:20 pm]

2008-12-02 c:\windows\tasks\user_feed_synchronization-{738fd7ae-daac-40a0-b176-ce1b011beb9a}.job
- c:\windows\system32\msfeedssync.exe [08/22/2008 03:05 am]
.
- - - - orphans removed - - - -

bho-{32548747-c6e2-49e7-8d6c-6cfae30b1b72} - (no file)
toolbar-siteguard - (no file)
toolbar-{32548747-c6e2-49e7-8d6c-6cfae30b1b72} - (no file)
webbrowser-{32548747-c6e2-49e7-8d6c-6cfae30b1b72} - (no file)
hkcu-runonce-shockwave updater - c:\windows\system32\adobe\shockw~1\swhelp~1.exe -update -1100465 -mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; gtb5; mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1) ; embedded web browser from:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
infopath.2; .net
msconfigstartup-adsnwm - c:\windows\system32\adsnwm.exe
msconfigstartup-mspy2002 - c:\windows\system32\ime\pintlgnt\imscinst.exe
msconfigstartup-phime2002a - c:\windows\system32\ime\tintlgnt\tintsetp.exe
msconfigstartup-phime2002async - c:\windows\system32\ime\tintlgnt\tintsetp.exe
msconfigstartup-rocketdock - c:\windows\bricopacks\vista inspirat 2\rocketdock\rocketdock.exe
msconfigstartup-ubericon - c:\windows\bricopacks\vista inspirat 2\ubericon\ubericon manager.exe
msconfigstartup-uiwatcher - c:\program files\ashampoo\ashampoo uninstaller 3\uiwatcher.exe

.
------- supplementary scan -------
.
Firefox -: Profile - c:\documents and settings\a\application data\mozilla\firefox\profiles\k4k0ouvr.default\
firefox -: Prefs.js - search.defaulturl - hxxp://search.yahoo.com/search?ei=utf-8&fr=ytff-amo&p=
firefox -: Prefs.js - startup.homepage - hxxp://my.yahoo.com/
ff -: Plugin - c:\documents and settings\a\local settings\application data\google\update\1.2.131.27\npgoogleoneclick6.dll
ff -: Plugin - c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
ff -: Plugin - c:\program files\java\jre6\bin\new_plugin\npjp2.dll
ff -: Plugin - c:\program files\microsoft silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
ff -: Plugin - c:\program files\microsoft silverlight\2.0.31005.0\npctrl.dll
ff -: Plugin - c:\program files\mozilla firefox\plugins\npdeploytk.dll
ff -: Plugin - c:\program files\real\rhapsodyplayerengine\nprhapengine.dll
.

**************************************************************************

catchme 0.3.1367 w2k/xp/vista - rootkit/stealth malware detector by gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2008-12-02 18:03:41
windows 5.1.2600 service pack 2 ntfs

scanning hidden processes ...

Scanning hidden autostart entries ...

Scanning hidden files ...

Scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- dlls loaded under running processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\logondll.dll

- - - - - - - > 'lsass.exe'(644)
c:\program files\common files\is3\anti-spyware\is3lsp.dll
.
------------------------ other running processes ------------------------
.
C:\program files\faronics\deep freeze\install c-0\df5serv.exe
c:\program files\common files\is3\anti-spyware\szserver.exe
c:\program files\windows defender\msmpeng.exe
c:\program files\avira\antivir personaledition premium\sched.exe
c:\program files\stopzilla!\stopzilla.exe
c:\program files\avira\antivir personaledition premium\avguard.exe
c:\windows\system32\crypserv.exe
c:\program files\eset\eset smart security\ekrn.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\spyware terminator\sp_rsser.exe
c:\windows\system32\dwwin.exe
c:\program files\internet download manager112211\iemonitor.exe
c:\program files\stopzilla!\stopzilla.exe
.
**************************************************************************
.
Completion time: 12/02/2008 18:09:16 - machine was rebooted
combofix-quarantined-files.txt 2008-12-02 15:09:11

pre-run: 7,758,938,112 bytes free
post-run: 8,894,971,904 bytes free

323 --- e o f --- 2008-11-08 19:37:57

ذيب تميم · 2 ديسمبر 2008

هذا التقرير للهايجك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:22 م, on 03/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager112211\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Internet Download Manager112211\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Zyzoom_HijackThis.exe
C:\Documents and Settings\A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.190:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager112211\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: hotah Toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - C:\Program Files\hotah\tbhota.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: STOPzilla Browser Helper - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: hotah Toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - C:\Program Files\hotah\tbhota.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager112211\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager112211\IEGetAll.htm
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager112211\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager112211\IEGetVL.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: CabBuilder -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 15306 bytes

MAAX · 2 ديسمبر 2008

ذيب تميم قال:
السلام عليكم

أنا أسف على التأخر بسبب الأدوات التي أعطيتونيها

لانها عطلت الإتصال ولا قدرت أرفع الملف وإضطررت إلى أن أسوي إصلاح للويندوز وتوه زان الحين

هذا التقرير حق الأدات وتقرير الهايجك بردي الثاني

اخوي اي اداة عطلت الاتصال ؟؟

واعد استخدام هذه الاداة

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيل الاداة نضغط كما محدد بالصورة التالية

ونوافق على الرسائل التي تخرج وفي حال خروج تحذير من برنامج الحماية نعمل له سماح
ثم يعاد تشغيل الجهاز

ثم اعمل تقرير هايجااك جديد

ذيب تميم · 3 ديسمبر 2008

^^^^^
هذه الأدات قطعت الإتصال

ةالأدات الثانيه أعادت تشغيل الإتصال بس ما أقدر أتصفح ولا أفتح المسن

هل أشعل الأدات وتقطع علي الإتصال وأعمل تقرير للهايجك

ولا لا

MAAX · 3 ديسمبر 2008

المفروض انها ما تقطع الاتصال !
بكل الاحوال اعمل التالي الان

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اعد تشغيل الجهاز بالوضع الامن
شغل الاداة بدبل كلك وسيتم استخراج محتوياتها على القرص c

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد الاستخراج توجه للقرص c وستجد مجلد باسم sdfix افتحه وطبق الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انتظر حتى ينهي الفحص ،، ثم يظهر لك press any key to continue
اضغط اي مفتاح بلوحة المفاتيح ليعاد تشغيل الجهاز

سيعاد تشغيل الجهاز بالوضع العادي ليكمل الفحص والتنظيف
انتظر حتى ينهي الفحص ،، ثم يظهر لك press any key to continue
اضغط اي مفتاح بلوحة المفاتيح لانهاء الفحص

سيظهر لك تقرير ،، انسخ مافيه والصقه بمشاركتك القادمة

ثم تقرير هايجاك جديد

ذيب تميم · 5 ديسمبر 2008

السلام عليكم

أسف على الرد المتأخر لاني مشغول مره وتوني جاي للبيت

الله يهدي إخواني جلسوا على الجهاز ولا أدري وش سوو فيه (((((يعني ضاع التقرير))))

بس دورت في الجهاز ولقيت هذا التقرير يمكن يفيدك

sdfix: Version 1.240
run by a on fri 12/05/2008 at 01:24 pm

microsoft windows xp [version 5.1.2600]
running from: C:\sdfix

checking services :

Restoring default security values
restoring default hosts file

rebooting

checking files :

No trojan files found

removing temp files

ads check :

final check :

Catchme 0.3.1361.2 w2k/xp/vista - rootkit/stealth malware detector by gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2008-12-05 13:43:00
windows 5.1.2600 service pack 2 ntfs

scanning hidden processes ...

Scanning hidden services & system hive ...

[hkey_local_machine\system\currentcontrolset\control\network\{4d36e972-e325-11ce-bfc1-08002be10318}\descriptions]
"e\6-\6h\6d\6 ?r?a?s? ?a?s?y?n?c?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6@\6 ?w?a?n? ? ?(?l?2?t?p?)?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6@\6 ?w?a?n? ?(?p?p?t?p?)?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6@\6 ?w?a?n? ?(?p?p?p?o?e?)?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6@\6 ?w?a?n? ?(?i?p?)?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6,\6/\6h\6d\6)\6 ?'\6d\6-\0062\6e\6"=str(7):"1\0002\0003\0004\0"
"'\6*\0065\6'\6d\6 ?*\6d\6a\0062\6j\6h\6f\6/?a\6j\6/\6j\6h\6 ?m?i?c?r?o?s?o?f?t?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6@\6 ?w?a?n? ?(?e\0061\6'\6b\6(\6 ?4\6(\6c\6)\6 ?'\6d\6'\6*\0065\6'\6d\6)?"=str(7):"1\0"
[hkey_local_machine\system\currentcontrolset\services\lanmanserver\shares]
"'\6d\0067\6'\6(\69\6)\6"=str(7):"cscflags=0\0maxuses=4294967295\0path='d di onenote 2007,localsplonly\0permissions=0\0remark='d di onenote 2007\0type=1\0"
"'\6d\0067\6'\6(\69\6)\0062?"=str(7):"cscflags=0\0maxuses=4294967295\0path=snagit 9,localsplonly\0permissions=0\0remark=snagit 9\0type=1\0"
[hkey_local_machine\system\controlset002\control]
"currentuser"="username"
"waittokillservicetimeout"="20000"
"systemstartoptions"="noexecute=optin fastdetect"
"systembootdevice"="multi(0)disk(0)rdisk(0)partition(1)"

[hkey_local_machine\system\controlset002\control\class\{4d36e965-e325-11ce-bfc1-08002be10318}\properties]
"devicetype"=dword:00000002
"devicecharacteristics"=dword:00000100

[hkey_local_machine\system\controlset002\control\class\{4d36e967-e325-11ce-bfc1-08002be10318}\properties]
"devicetype"=dword:00000007
"devicecharacteristics"=dword:00000100

[hkey_local_machine\system\controlset002\control\class\{4d36e968-e325-11ce-bfc1-08002be10318}\properties]
"devicetype"=dword:00000023
"devicecharacteristics"=dword:00000100

[hkey_local_machine\system\controlset002\control\class\{4d36e969-e325-11ce-bfc1-08002be10318}\properties]
"devicetype"=dword:00000004
"devicecharacteristics"=dword:00000100

[hkey_local_machine\system\controlset002\control\class\{4d36e96a-e325-11ce-bfc1-08002be10318}\properties]
"devicetype"=dword:00000004
"devicecharacteristics"=dword:00000100

[hkey_local_machine\system\controlset002\control\class\{4d36e97b-e325-11ce-bfc1-08002be10318}\properties]
"devicetype"=dword:00000004
"devicecharacteristics"=dword:00000100

[hkey_local_machine\system\controlset002\control\class\{4d36e980-e325-11ce-bfc1-08002be10318}\properties]
"devicetype"=dword:00000007
"devicecharacteristics"=dword:00000100

[hkey_local_machine\system\controlset002\control\network\{4d36e972-e325-11ce-bfc1-08002be10318}\descriptions]
"e\6-\6h\6d\6 ?r?a?s? ?a?s?y?n?c?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6@\6 ?w?a?n? ? ?(?l?2?t?p?)?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6@\6 ?w?a?n? ?(?p?p?t?p?)?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6@\6 ?w?a?n? ?(?p?p?p?o?e?)?"=str(7):"1\0""=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6,\6/\6h\6d\6)\6 ?'\6d\6-\0062\6e\6"=str(7):"1\0002\0003\0004\0"
"'\6*\0065\6'\6d\6 ?*\6d\6a\0062\6j\6h\6f\6/?a\6j\6/\6j\6h\6 ?m?i?c?r?o?s?o?f?t?"=str(7):"1\0"
"e\6f\6a\0060\6 ?e\0065\6:\0061\6 ?d\6@\6 ?w?a?n? ?(?e\0061\6'\6b\6(\6 ?4\6(\6c\6)\6 ?'\6d\6'\6*\0065\6'\6d\6)?"=str(7):"1\0"
[hkey_local_machine\system\controlset002\services\lanmanserver\shares]
"'\6d\0067\6'\6(\69\6)\6"=str(7):"cscflags=0\0maxuses=4294967295\0path='d di onenote 2007,localsplonly\0permissions=0\0remark='d di onenote 2007\0type=1\0"
"'\6d\0067\6'\6(\69\6)\0062?"=str(7):"cscflags=0\0maxuses=4294967295\0path=snagit 9,localsplonly\0permissions=0\0remark=snagit 9\0type=1\0"
[hkey_local_machine\system\controlset002\services\mrxdav\encrypteddirectories]
@=""

scanning hidden registry entries ...

[hkey_local_machine\software\microsoft\windows\currentversion\control panel\cursors\schemes]
"4\69\6'\0061\6'\6*\6 ?w?i?n?d?o?w?s? ?'\6d\6e\6*\6-\0061\6c\6)\6"=""c:\windows\cursors\rainbow.ani,,c:\windows\cursors\appstart.ani,c:\windows\cursors\hourglas.ani,c:\windows\cursors\cross.cur,,,,c:\windows\cursors\sizens.ani,c:\windows\cursors\sizewe.ani,c:\windows\cursors\sizenwse.ani,c:\windows\cursors\sizenesw.ani,,""
"#\6(\6j\0066\6 ?+\6d\6'\6+\6j\6 ?'\6d\6#\6(\69\6'\6/\6"=""c:\windows\cursors\3dwarro.cur,,c:\windows\cursors\appstar3.ani,c:\windows\cursors\hourgla3.ani,c:\windows\cursors\cross.cur,,,c:\windows\cursors\3dwno.cur,c:\windows\cursors\3dwns.cur,c:\windows\cursors\3dwwe.cur,c:\windows\cursors\3dwnwse.cur,c:\windows\cursors\3dwnesw.cur,c:\windows\cursors\3dwmove.cur,""
"#\6j\6/\6j\6 ?1?"=""c:\windows\cursors\harrow.cur,,c:\windows\cursors\handapst.ani,c:\windows\cursors\hand.ani,c:\windows\cursors\hcross.cur,c:\windows\cursors\hibeam.cur,,c:\windows\cursors\hnodrop.cur,c:\windows\cursors\hns.cur,c:\windows\cursors\hwe.cur,c:\windows\cursors\hnwse.cur,c:\windows\cursors\hnesw.cur,c:\windows\cursors\hmove.cur,""
"#\6j\6/\6j\6 ?2?"=""c:\windows\cursors\harrow.cur,,c:\windows\cursors\handapst.ani,c:\windows\cursors\handwait.ani,c:\windows\cursors\hcross.cur,c:\windows\cursors\hibeam.cur,,c:\windows\cursors\handno.ani,c:\windows\cursors\handns.ani,c:\windows\cursors\handwe.ani,c:\windows\cursors\handnwse.ani,c:\windows\cursors\handnesw.ani,c:\windows\cursors\hmove.cur,""
"/\6j\6f\0065\6h\0061\6"=""c:\windows\cursors\3dgarro.cur,,c:\windows\cursors\dinosaur.ani,c:\windows\cursors\dinosau2.ani,c:\windows\cursors\cross.cur,,,c:\windows\cursors\banana.ani,c:\windows\cursors\3dsns.cur,c:\windows\cursors\3dgwe.cur,c:\windows\cursors\3dsnwse.cur,c:\windows\cursors\3dgnesw.cur,c:\windows\cursors\3dsmove.cur,""
"7\0061\6'\0062\6 ?b\6/\6j\6e\6"=""c:\windows\cursors\harrow.cur,,c:\windows\cursors\horse.ani,c:\windows\cursors\barber.ani,c:\windows\cursors\hcross.cur,c:\windows\cursors\hibeam.cur,,c:\windows\cursors\coin.ani,c:\windows\cursors\3dgns.cur,c:\windows\cursors\3dgwe.cur,c:\windows\cursors\3dgnwse.cur,c:\windows\cursors\3dgnesw.cur,c:\windows\cursors\3dgmove.cur,""
"e\6h\0065\6d\6"=""c:\windows\cursors\harrow.cur,,c:\windows\cursors\drum.ani,c:\windows\cursors\metronom.ani,c:\windows\cursors\hcross.cur,c:\windows\cursors\hibeam.cur,,c:\windows\cursors\piano.ani,c:\windows\cursors\hns.cur,c:\windows\cursors\hwe.cur,c:\windows\cursors\hnwse.cur,c:\windows\cursors\hnesw.cur,c:\windows\cursors\hmove.cur,""
"e\6c\6(\0061\6"=""c:\windows\cursors\larrow.cur,,c:\windows\cursors\lappstrt.cur,c:\windows\cursors\lwait.cur,c:\windows\cursors\lcross.cur,c:\windows\cursors\libeam.cur,,c:\windows\cursors\lnodrop.cur,c:\windows\cursors\lns.cur,c:\windows\cursors\lwe.cur,c:\windows\cursors\lnwse.cur,c:\windows\cursors\lnesw.cur,c:\windows\cursors\lmove.cur,""
"*\6a\6'\6h\6*\6'\6*\6"=""c:\windows\cursors\fillitup.ani,,c:\windows\cursors\raindrop.ani,c:\windows\cursors\counter.ani,c:\windows\cursors\cross.cur,,,c:\windows\cursors\wagtail.ani,c:\windows\cursors\sizens.ani,c:\windows\cursors\sizewe.ani,c:\windows\cursors\sizenwse.ani,c:\windows\cursors\sizenesw.ani,""
"(\0061\6h\6f\0062\6 ?+\6d\6'\6+\6j\6 ?'\6d\6#\6(\69\6'\6/\6"=""c:\windows\cursors\3dgarro.cur,,c:\windows\cursors\appstar2.ani,c:\windows\cursors\hourgla2.ani,c:\windows\cursors\cross.cur,,,c:\windows\cursors\3dgno.cur,c:\windows\cursors\3dgns.cur,c:\windows\cursors\3dgwe.cur,c:\windows\cursors\3dgnwse.cur,c:\windows\cursors\3dgnesw.cur,c:\windows\cursors\3dgmove.cur,""
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\docfolderpaths]
"'\6d\0066\6j\6h\6a\6"="c:\documents and settings\'d6jha\my documents"
[hkey_current_user\software\microsoft\windows\currentversion\grpconv\mapgroups]
"*\0063\6'\6d\6j\6"="'d(1'e, 'ded-b)\*3'dj"
[hkey_current_user\software\microsoft\windows live\communications clients\shared\301581837\groups]
":\6j\0061\6 ?e\6*\0065\6d\6"=dword:00000000
[hkey_current_user\software\microsoft\windows live\communications clients\shared\947219955\groups]
"'\6d\6e\6a\0066\6d\6)\6"=dword:00000000
"'\6d\6e\6,\6e\6h\69\6'\6*\6"=dword:00000001
[hkey_current_user\software\microsoft\windows nt\currentversion\devices]
"%\0061\0063\6'\6d\6 ?%\6d\6i\6 ?o?n?e?n?o?t?e? ?2?0?0?7?"="winspool,ne00:"
[hkey_current_user\software\microsoft\windows nt\currentversion\printerports]
"%\0061\0063\6'\6d\6 ?%\6d\6i\6 ?o?n?e?n?o?t?e? ?2?0?0?7?"="winspool,ne00:,15,45"

scanning hidden files ...

Scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

remaining services :

Authorized application key export:

[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"c:\\program files\\windows live\\messenger\\msnmsgr.exe"="c:\\program files\\windows live\\messenger\\msnmsgr.exe:*:enabled:windows live messenger"

[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

remaining files :

files with hidden attributes :

Wed 17 dec 2003 52 a..h. --- "c:\program files\stopzilla!\swin32z.sys"
sat 28 oct 2006 2,560 a..h. --- "c:\documents and settings\a\«ل¥ ںéêè¢ \windows live messenger v8.5.1302.10 ar\msistub.exe"
thu 18 oct 2007 51,224 a..h. --- "c:\documents and settings\a\«ل¥ ںéêè¢ \windows live messenger v8.5.1302.10 ar\sirenacm.dll"
sat 28 oct 2006 2,560 a..h. --- "c:\documents and settings\a\my documents\windows live messenger v8.5.1302.10 ar\msistub.exe"
thu 18 oct 2007 51,224 a..h. --- "c:\documents and settings\a\my documents\windows live messenger v8.5.1302.10 ar\sirenacm.dll"
mon 20 oct 2008 0 a.sh. --- "c:\documents and settings\all users\drm\cache\indiv01.tmp"
sun 1 jul 2007 146 a..h. --- "c:\documents and settings\a\«ل¥ ںéêè¢ \ff\wlm_patch\tm.reg"
tue 23 oct 2007 3,350,528 a..h. --- "c:\documents and settings\a\application data\u3\temp\launchpad removal.exe"
wed 3 dec 2008 269 a..h. --- "c:\documents and settings\a\local settings\temp\free download manager\tic11.tmp"
wed 3 dec 2008 571 a..h. --- "c:\documents and settings\a\local settings\temp\free download manager\tic12.tmp"
thu 4 dec 2008 437 a..h. --- "c:\documents and settings\a\local settings\temp\free download manager\tic29.tmp"
thu 4 dec 2008 44,625,182 a..h. --- "c:\windows\softwaredistribution\download\707694e8ac7180b5d8c67faef2c5e530\download\bit60.tmp"

finished!

إذا كان هذا التقرير المطلوب ولا عادي أزين بداله وشكرااا

MAAX · 5 ديسمبر 2008

ايوا هو
تقرير هايجاك لا هنت

ذيب تميم · 6 ديسمبر 2008

إبشر هذا التقرير الهايجك

logfile of trend micro hijackthis v2.0.2
scan saved at 05:09:32 م, on 07/12/2008
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal

running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\program files\faronics\deep freeze\install c-0\df5serv.exe
c:\windows\system32\svchost.exe
c:\program files\common files\is3\anti-spyware\szserver.exe
c:\program files\windows defender\msmpeng.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\spoolsv.exe
c:\program files\avira\antivir personaledition premium\sched.exe
c:\program files\avira\antivir personaledition premium\avguard.exe
c:\program files\avira\antivir personaledition premium\avesvc.exe
c:\windows\system32\crypserv.exe
c:\program files\dyndns updater\dynupsvc.exe
c:\program files\eset\eset smart security\ekrn.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\spyware terminator\sp_rsser.exe
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\program files\stopzilla!\stopzilla.exe
c:\program files\avira\antivir personaledition premium\avwebgrd.exe
c:\program files\avira\antivir personaledition premium\avgnt.exe
c:\program files\java\jre6\bin\jusched.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\svchost.exe
c:\windows\system32\igfxpers.exe
c:\windows\rthdcpl.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\a\local settings\application data\google\update\googleupdate.exe
c:\program files\internet download manager112211\idman.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\messenger\msmsgs.exe
c:\program files\dyndns updater\dyntray.exe
c:\program files\ela-salaty\salaty.exe
c:\program files\internet download manager112211\iemonitor.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\windows live\messenger\usnsvc.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\mozilla firefox\firefox.exe
c:\progra~1\crawler\ctoolbar.exe
e:\zyzoom_hijackthis.exe

r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = 212.116.219.190:8080
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
o2 - bho: Ie7pro - {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
o2 - bho: Idm helper - {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager112211\idmiecc.dll
o2 - bho: Snagit toolbar loader - {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\snagitbho.dll
o2 - bho: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)
o2 - bho: Adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: Siteguard bho - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\szsg.dll
o2 - bho: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
o2 - bho: Wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - (no file)
o2 - bho: Click-to-call bho - {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll (file missing)
o2 - bho: Search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: Java(tm) plug-in ssv helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: (no name) - {a057a204-bacc-4d26-9990-79a187e2698e} - (no file)
o2 - bho: Google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar.dll
o2 - bho: Google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
o2 - bho: Google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219b3e1547538286.dll
o2 - bho: Fdmiesbho class - {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
o2 - bho: Java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: Hotah toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - c:\program files\hotah\tbhota.dll
o2 - bho: Windows live toolbar beta - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll (file missing)
o2 - bho: Stopzilla browser helper - {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
o2 - bho: Jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o3 - toolbar: (no name) - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - (no file)
o3 - toolbar: (no name) - {a057a204-bacc-4d26-9990-79a187e2698e} - (no file)
o3 - toolbar: Hotah toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - c:\program files\hotah\tbhota.dll
o3 - toolbar: &windows live toolbar beta - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll (file missing)
o3 - toolbar: Snagit - {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\snagitieaddin.dll
o3 - toolbar: Stopzilla - {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\szsg.dll
o3 - toolbar: &google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar.dll
o3 - toolbar: &crawler toolbar - {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
o4 - hklm\..\run: [avgnt] "c:\program files\avira\antivir personaledition premium\avgnt.exe" /min
o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\java\jre6\bin\jusched.exe"
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [igfxhkcmd] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [igfxpers] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [skytel] skytel.exe
o4 - hklm\..\run: [alcmtr] alcmtr.exe
o4 - hklm\..\run: [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k
o4 - hkcu\..\run: [google update] "c:\documents and settings\a\local settings\application data\google\update\googleupdate.exe" /c
o4 - hkcu\..\run: [idman] c:\program files\internet download manager112211\idman.exe /onboot
o4 - hkcu\..\run: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkus\s-1-5-18\..\run: [dwqueuedreporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (user 'system')
o4 - hkus\.default\..\run: [dwqueuedreporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t (user 'default user')
o4 - hkus\.default\..\runonce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (user 'default user')
o4 - startup: Ela-salaty.lnk = c:\program files\ela-salaty\salaty.exe
o4 - global startup: Dyndns updater tray icon.lnk = c:\program files\dyndns updater\dyntray.exe
o8 - extra context menu item: Crawler search - tbr:iemenu
o8 - extra context menu item: Free download manager تحميل الفيديو بواسطة - file://c:\program files\free download manager\dlfvideo.htm
o8 - extra context menu item: ت&صدير إلى microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager112211\iegetall.htm
o8 - extra context menu item: تحميل المحددة بفري داونلود مانيجر - file://c:\program files\free download manager\dlselected.htm
o8 - extra context menu item: تحميل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager112211\ieext.htm
o8 - extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\internet download manager112211\iegetvl.htm
o8 - extra context menu item: تنزيل الكل بفري داونلود مانيجر - file://c:\program files\free download manager\dlall.htm
o8 - extra context menu item: تنزيل بفري داونلود مانيجر - file://c:\program files\free download manager\dllink.htm
o9 - extra button: Ie7pro preferences - {0026439f-a980-4f18-8c95-4f1cbbf9c1d8} - c:\program files\iepro\iepro.dll
o9 - extra 'tools' menuitem: Ie7pro preferences - {0026439f-a980-4f18-8c95-4f1cbbf9c1d8} - c:\program files\iepro\iepro.dll
o9 - extra button: تدوين هذا في المدونة - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\windows\system32\shdocvw.dll
o9 - extra 'tools' menuitem: &تدوين هذا في windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\windows\system32\shdocvw.dll
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o10 - unknown file in winsock lsp: C:\windows\system32\nwprovau.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o16 - dpf: Cabbuilder -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {20a60f0d-9afa-4515-a0fd-83bd84642501} (checkers class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (onlinescanner control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {cf40acc5-e1bb-4aff-ac72-04c2f616bca7} (get_atlcom class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o18 - protocol: Linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - (no file)
o18 - protocol: Tbr - {4d25fb7a-8902-4291-960e-9ada051cfbbf} - c:\progra~1\crawler\ctbr.dll
o20 - winlogon notify: Dflogon - c:\windows\system32\logondll.dll
o23 - service: Ad-aware 2007 service (aawservice) - lavasoft - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
o23 - service: Avira antivir premium mailguard (antivirmailservice) - avira gmbh - c:\program files\avira\antivir personaledition premium\avmailc.exe
o23 - service: Avira antivir premium scheduler (antivirscheduler) - avira gmbh - c:\program files\avira\antivir personaledition premium\sched.exe
o23 - service: Avira antivir premium guard (antivirservice) - avira gmbh - c:\program files\avira\antivir personaledition premium\avguard.exe
o23 - service: Avira antivir premium webguard (antivirwebservice) - avira gmbh - c:\program files\avira\antivir personaledition premium\avwebgrd.exe
o23 - service: Avira antivir premium mailguard helper service (aveservice) - avira gmbh - c:\program files\avira\antivir personaledition premium\avesvc.exe
o23 - service: Crypkey license - kenonic controls ltd. - c:\windows\system32\crypserv.exe
o23 - service: Df5serv - faronics corporation - c:\program files\faronics\deep freeze\install c-0\df5serv.exe
o23 - service: Dyndns updater - dynamic network services, inc. - c:\program files\dyndns updater\dynupsvc.exe
o23 - service: Eset http server (ehttpsrv) - eset - c:\program files\eset\eset smart security\ehttpsrv.exe
o23 - service: Eset service (ekrn) - eset - c:\program files\eset\eset smart security\ekrn.exe
o23 - service: Windows live family safety (fsssvc) - unknown owner - c:\program files\windows live\family safety\fsssvc.exe (file missing)
o23 - service: Google desktop manager 5.8.809.8522 (googledesktopmanager-090808-172447) - google - c:\program files\google\google desktop search\googledesktop.exe
o23 - service: Google updater service (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: Installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: Java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: License management service esd - unknown owner - c:\program files\common files\element5 shared\service\licence manager esd.exe
o23 - service: Remote packet capture protocol v.0 (experimental) (rpcapd) - cace technologies - c:\program files\winpcap\rpcapd.exe
o23 - service: Servicelayer - nokia. - c:\program files\pc connectivity solution\servicelayer.exe
o23 - service: Spyware terminator realtime shield service (sp_rssrv) - crawler.com - c:\program files\spyware terminator\sp_rsser.exe
o23 - service: Stopzilla service (szserver) - is3, inc. - c:\program files\common files\is3\anti-spyware\szserver.exe

--
end of file - 15354 bytes

MAAX · 6 ديسمبر 2008

اعد رفع التقرير بدون اقتباس

ذيب تميم · 6 ديسمبر 2008

تراني نسخته من ردي الأول

logfile of trend micro hijackthis v2.0.2
scan saved at 05:09:32 م, on 07/12/2008
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal

running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\program files\faronics\deep freeze\install c-0\df5serv.exe
c:\windows\system32\svchost.exe
c:\program files\common files\is3\anti-spyware\szserver.exe
c:\program files\windows defender\msmpeng.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\spoolsv.exe
c:\program files\avira\antivir personaledition premium\sched.exe
c:\program files\avira\antivir personaledition premium\avguard.exe
c:\program files\avira\antivir personaledition premium\avesvc.exe
c:\windows\system32\crypserv.exe
c:\program files\dyndns updater\dynupsvc.exe
c:\program files\eset\eset smart security\ekrn.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\spyware terminator\sp_rsser.exe
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\program files\stopzilla!\stopzilla.exe
c:\program files\avira\antivir personaledition premium\avwebgrd.exe
c:\program files\avira\antivir personaledition premium\avgnt.exe
c:\program files\java\jre6\bin\jusched.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\svchost.exe
c:\windows\system32\igfxpers.exe
c:\windows\rthdcpl.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\a\local settings\application data\google\update\googleupdate.exe
c:\program files\internet download manager112211\idman.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\messenger\msmsgs.exe
c:\program files\dyndns updater\dyntray.exe
c:\program files\ela-salaty\salaty.exe
c:\program files\internet download manager112211\iemonitor.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\windows live\messenger\usnsvc.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\mozilla firefox\firefox.exe
c:\progra~1\crawler\ctoolbar.exe
e:\zyzoom_hijackthis.exe

r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyserver = 212.116.219.190:8080
r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyoverride = *.local
o2 - bho: Ie7pro - {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
o2 - bho: Idm helper - {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager112211\idmiecc.dll
o2 - bho: Snagit toolbar loader - {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\snagitbho.dll
o2 - bho: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)
o2 - bho: Adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: Siteguard bho - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\szsg.dll
o2 - bho: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
o2 - bho: Wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - (no file)
o2 - bho: Click-to-call bho - {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll (file missing)
o2 - bho: Search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: Java(tm) plug-in ssv helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: (no name) - {a057a204-bacc-4d26-9990-79a187e2698e} - (no file)
o2 - bho: Google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar.dll
o2 - bho: Google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\sw g.dll
o2 - bho: Google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219b3e1547538286.dll
o2 - bho: Fdmiesbho class - {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
o2 - bho: Java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: Hotah toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - c:\program files\hotah\tbhota.dll
o2 - bho: Windows live toolbar beta - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll (file missing)
o2 - bho: Stopzilla browser helper - {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
o2 - bho: Jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o3 - toolbar: (no name) - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - (no file)
o3 - toolbar: (no name) - {a057a204-bacc-4d26-9990-79a187e2698e} - (no file)
o3 - toolbar: Hotah toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - c:\program files\hotah\tbhota.dll
o3 - toolbar: &windows live toolbar beta - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll (file missing)
o3 - toolbar: Snagit - {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\snagitieaddin.dll
o3 - toolbar: Stopzilla - {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\szsg.dll
o3 - toolbar: &google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar.dll
o3 - toolbar: &crawler toolbar - {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
o4 - hklm\..\run: [avgnt] "c:\program files\avira\antivir personaledition premium\avgnt.exe" /min
o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\java\jre6\bin\jusched.exe"
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [igfxhkcmd] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [igfxpers] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [skytel] skytel.exe
o4 - hklm\..\run: [alcmtr] alcmtr.exe
o4 - hklm\..\run: [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k
o4 - hkcu\..\run: [google update] "c:\documents and settings\a\local settings\application data\google\update\googleupdate.exe" /c
o4 - hkcu\..\run: [idman] c:\program files\internet download manager112211\idman.exe /onboot
o4 - hkcu\..\run: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkus\s-1-5-18\..\run: [dwqueuedreporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (user 'system')
o4 - hkus\.default\..\run: [dwqueuedreporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t (user 'default user')
o4 - hkus\.default\..\runonce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (user 'default user')
o4 - startup: Ela-salaty.lnk = c:\program files\ela-salaty\salaty.exe
o4 - global startup: Dyndns updater tray icon.lnk = c:\program files\dyndns updater\dyntray.exe
o8 - extra context menu item: Crawler search - tbr:iemenu
o8 - extra context menu item: Free download manager تحميل الفيديو بواسطة - file://c:\program files\free download manager\dlfvideo.htm
o8 - extra context menu item: ت&صدير إلى microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager112211\iegetall.htm
o8 - extra context menu item: تحميل المحددة بفري داونلود مانيجر - file://c:\program files\free download manager\dlselected.htm
o8 - extra context menu item: تحميل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager112211\ieext.htm
o8 - extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\internet download manager112211\iegetvl.htm
o8 - extra context menu item: تنزيل الكل بفري داونلود مانيجر - file://c:\program files\free download manager\dlall.htm
o8 - extra context menu item: تنزيل بفري داونلود مانيجر - file://c:\program files\free download manager\dllink.htm
o9 - extra button: Ie7pro preferences - {0026439f-a980-4f18-8c95-4f1cbbf9c1d8} - c:\program files\iepro\iepro.dll
o9 - extra 'tools' menuitem: Ie7pro preferences - {0026439f-a980-4f18-8c95-4f1cbbf9c1d8} - c:\program files\iepro\iepro.dll
o9 - extra button: تدوين هذا في المدونة - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\windows\system32\shdocvw.dll
o9 - extra 'tools' menuitem: &تدوين هذا في windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\windows\system32\shdocvw.dll
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o10 - unknown file in winsock lsp: C:\windows\system32\nwprovau.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o10 - unknown file in winsock lsp: C:\program files\common files\is3\anti-spyware\is3lsp.dll
o16 - dpf: Cabbuilder -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {20a60f0d-9afa-4515-a0fd-83bd84642501} (checkers class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (onlinescanner control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {cf40acc5-e1bb-4aff-ac72-04c2f616bca7} (get_atlcom class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o18 - protocol: Linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - (no file)
o18 - protocol: Tbr - {4d25fb7a-8902-4291-960e-9ada051cfbbf} - c:\progra~1\crawler\ctbr.dll
o20 - winlogon notify: Dflogon - c:\windows\system32\logondll.dll
o23 - service: Ad-aware 2007 service (aawservice) - lavasoft - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
o23 - service: Avira antivir premium mailguard (antivirmailservice) - avira gmbh - c:\program files\avira\antivir personaledition premium\avmailc.exe
o23 - service: Avira antivir premium scheduler (antivirscheduler) - avira gmbh - c:\program files\avira\antivir personaledition premium\sched.exe
o23 - service: Avira antivir premium guard (antivirservice) - avira gmbh - c:\program files\avira\antivir personaledition premium\avguard.exe
o23 - service: Avira antivir premium webguard (antivirwebservice) - avira gmbh - c:\program files\avira\antivir personaledition premium\avwebgrd.exe
o23 - service: Avira antivir premium mailguard helper service (aveservice) - avira gmbh - c:\program files\avira\antivir personaledition premium\avesvc.exe
o23 - service: Crypkey license - kenonic controls ltd. - c:\windows\system32\crypserv.exe
o23 - service: Df5serv - faronics corporation - c:\program files\faronics\deep freeze\install c-0\df5serv.exe
o23 - service: Dyndns updater - dynamic network services, inc. - c:\program files\dyndns updater\dynupsvc.exe
o23 - service: Eset http server (ehttpsrv) - eset - c:\program files\eset\eset smart security\ehttpsrv.exe
o23 - service: Eset service (ekrn) - eset - c:\program files\eset\eset smart security\ekrn.exe
o23 - service: Windows live family safety (fsssvc) - unknown owner - c:\program files\windows live\family safety\fsssvc.exe (file missing)
o23 - service: Google desktop manager 5.8.809.8522 (googledesktopmanager-090808-172447) - google - c:\program files\google\google desktop search\googledesktop.exe
o23 - service: Google updater service (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: Installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: Java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: License management service esd - unknown owner - c:\program files\common files\element5 shared\service\licence manager esd.exe
o23 - service: Remote packet capture protocol v.0 (experimental) (rpcapd) - cace technologies - c:\program files\winpcap\rpcapd.exe
o23 - service: Servicelayer - nokia. - c:\program files\pc connectivity solution\servicelayer.exe
o23 - service: Spyware terminator realtime shield service (sp_rssrv) - crawler.com - c:\program files\spyware terminator\sp_rsser.exe
o23 - service: Stopzilla service (szserver) - is3, inc. - c:\program files\common files\is3\anti-spyware\szserver.exe

--
end of file - 15354 bytes

MAAX · 6 ديسمبر 2008

لا ما ابغاه منسوخ
الاقتباس يغير بحروف التقرير
لاهنت تقرير جديد

ذيب تميم · 6 ديسمبر 2008

هذا تقرير جديد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:54:17 م, on 07/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager112211\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Internet Download Manager112211\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Adobe\Photoshop CS\ImageReady.exe
E:\Zyzoom_HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.190:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager112211\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: hotah Toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - C:\Program Files\hotah\tbhota.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: STOPzilla Browser Helper - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: hotah Toolbar - {dbf9be6b-f17a-48da-9407-672bfc0299d2} - C:\Program Files\hotah\tbhota.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager112211\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager112211\IEGetAll.htm
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager112211\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager112211\IEGetVL.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: CabBuilder -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 15509 bytes

MAAX · 6 ديسمبر 2008

اخوي انت عندك هذا البرنامج

is3\anti-spyware

اذا عندك احذفه وارفع تقرير هايجاك ثاني بعد اعادة التشغيل
واذا ما عندك اعمل التالي

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

وارفع تقرير هايجاك جديد

زيزوومى فعال

توقيع : ذيب تميم

عضوشرف

زيزوومى فعال

توقيع : ذيب تميم

عضوشرف

زيزوومى فعال

توقيع : ذيب تميم

زيزوومى فعال

توقيع : ذيب تميم

عضوشرف

زيزوومى فعال

توقيع : ذيب تميم

زيزوومى فعال

توقيع : ذيب تميم

عضوشرف

زيزوومى فعال

توقيع : ذيب تميم

عضوشرف

زيزوومى فعال

توقيع : ذيب تميم

عضوشرف

زيزوومى فعال

توقيع : ذيب تميم

عضوشرف

زيزوومى فعال

توقيع : ذيب تميم

عضوشرف

زيزوومى فعال

توقيع : ذيب تميم

عضوشرف