مشكله اعلان بجهازي

[ماااجد]

سلام عليكم شخباركم

ارجوا الفزعه ياشباب كل ما افتح اي موقع وحتي قوقل يطلع لي

تحت شريط اعلان وسخ ياليت تعلموني شلون الغيه

الله ياخذها من اعلانات

 

[Demo-dashDemo-dash is verified member.]

اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

 

[ماااجد]

SmitFraudFix v2.381
Scan done at 17:19:48.15, Fri 12/05/2008
Run from C:\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: EDUP 802.11g Wireless CardBus PC Card - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9F0DAD73-9184-4FDE-BA81-6E672CBF2ED8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9F0DAD73-9184-4FDE-BA81-6E672CBF2ED8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9F0DAD73-9184-4FDE-BA81-6E672CBF2ED8}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[ماااجد]

ارجوا الحل لاني والله ماني قادر اشوف الشاشه من هذا الاعلان القبيح

 

[Demo-dashDemo-dash is verified member.]

اعمل التالي

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​

​

 

[ماااجد]

ComboFix 08-12-04.05 - MAS 12/05/2008 17:45:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1525 [GMT 3:00]
Running from: c:\downloads\Programs\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\15913497_F86C_4218_8817_F50940D1E1B2.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\A2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\C75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\E21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:\documents and settings\MAS\Local Settings\Temporary Internet Files\E9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:\windows\system32\wpv031228474072.cpx
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 14:42 --------- d-----w c:\documents and settings\MAS\Application Data\HPAppData
2008-12-05 14:39 --------- d-----w c:\documents and settings\MAS\Application Data\cleaner
2008-12-05 14:19 3,200 ----a-w c:\windows\system32\tmp.reg
2008-12-05 11:34 331,264 ----a-w c:\windows\system32\frilib.dll
2008-12-04 15:13 --------- d-----w c:\documents and settings\MAS\Application Data\CyberScrub
2008-11-30 17:38 --------- d-----w c:\program files\Wireless WEP Key Password Spy
2008-11-29 14:58 82,944 ----a-w c:\windows\system32\o4Patch.exe
2008-11-29 14:58 82,944 ----a-w c:\windows\system32\IEDFix.C.exe
2008-11-28 09:08 --------- d-----w c:\program files\Google
2008-11-28 09:07 --------- d-----w c:\program files\VideoLAN
2008-11-27 14:08 --------- d-----w c:\documents and settings\MAS\Application Data\Internet Download Accelerator
2008-11-26 16:01 --------- d-----w c:\program files\IDA
2008-11-26 13:52 --------- d-----w c:\program files\Internet Download Manager
2008-11-25 17:29 --------- d-----w c:\documents and settings\MAS\Application Data\DMCache
2008-11-25 17:28 --------- d-----w c:\documents and settings\MAS\Application Data\SlipStream
2008-11-25 17:28 --------- d-----w c:\documents and settings\MAS\Application Data\IDM
2008-11-25 17:11 --------- d-----w c:\program files\Jap
2008-11-25 16:33 --------- d-----w c:\program files\GreenBrowser
2008-11-24 14:14 --------- d-----w c:\program files\LeapFTP
2008-11-23 17:10 --------- d-----w c:\program files\Xilisoft
2008-11-23 16:17 --------- d-----w c:\program files\Video Convert Premier
2008-11-23 16:06 81,920 ----a-w c:\documents and settings\MAS\Application Data\ezpinst.exe
2008-11-23 16:06 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-23 16:06 47,360 ----a-w c:\documents and settings\MAS\Application Data\pcouffin.sys
2008-11-20 13:40 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-11-20 13:40 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-11-20 13:40 --------- d-----w c:\program files\Common Files\xing shared
2008-11-20 13:40 --------- d-----w c:\program files\Common Files\Real
2008-11-20 13:39 --------- d-----w c:\program files\PremierOpinion
2008-11-20 13:39 --------- d-----w c:\program files\ESET
2008-11-20 13:37 --------- d-----w c:\program files\CEDP Stealer 6.0 for Messenger
2008-11-20 11:24 --------- d-----w c:\documents and settings\MAS\Application Data\vlc
2008-11-18 16:36 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-18 16:22 --------- d-----w c:\program files\Windows Live
2008-11-18 16:22 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-18 16:06 --------- d-----w c:\program files\MSN Messenger
2008-11-18 15:47 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-18 07:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 07:01 --------- d-----w c:\program files\Wirelwss LAN Utility
2008-11-17 16:32 --------- d-----w c:\documents and settings\MAS\Application Data\Ahead
2008-11-17 16:31 --------- d-----w c:\program files\Common Files\Ahead
2008-11-17 16:31 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-11-17 16:29 --------- d-----w c:\program files\Nero
2008-11-17 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-17 16:25 --------- d-----w c:\documents and settings\MAS\Application Data\HP
2008-11-17 16:24 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2008-11-17 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-17 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-17 16:19 --------- d-----w c:\program files\HP
2008-11-17 16:19 --------- d-----w c:\program files\Common Files\HP
2008-11-17 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-17 15:33 --------- d-----w c:\program files\Common Files\snp2std
2008-11-17 15:31 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-17 15:30 --------- d-----w c:\program files\CyberLink
2008-11-17 15:30 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-17 15:27 --------- d-----w c:\program files\Real
2008-11-17 15:25 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-17 15:22 --------- d-----w c:\program files\DivX
2008-11-17 15:20 47,104 ------w c:\windows\AKDeInstall.exe
2008-11-17 15:20 --------- d-----w c:\program files\mpegable
2008-11-17 15:20 --------- d-----w c:\program files\GRETECH
2008-11-17 15:19 --------- d-----w c:\program files\QuickTime
2008-11-17 15:19 --------- d-----w c:\program files\Nokia
2008-11-17 15:19 --------- d-----w c:\program files\Common Files\Nokia
2008-11-17 15:19 --------- d-----w c:\documents and settings\MAS\Application Data\Apple Computer
2008-11-17 15:18 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-17 15:06 1,023,035 ----a-w c:\windows\system32\Setup.scr
2008-11-17 15:05 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-17 14:59 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-17 14:59 --------- d-----w c:\program files\Circle Developement
2008-11-17 14:48 155,995 ----a-w c:\windows\java\Packages\5ZVJ5B53.ZIP
2008-11-17 14:44 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 14:31 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-17 14:31 172,032 ------w c:\windows\Setup1.exe
2008-11-17 14:21 512,096 ----a-w c:\windows\system32\drivers\amon.sys
2008-11-17 14:21 298,104 ----a-w c:\windows\system32\imon.dll
2008-11-17 14:21 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2008-11-17 14:02 --------- d-----w c:\program files\Microsoft.NET
2008-11-17 14:02 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-17 14:02 --------- d-----w c:\program files\Common Files\L&H
2008-11-17 14:01 --------- d-----w c:\program files\Microsoft Works
2008-11-17 13:46 --------- d-----w c:\program files\Realtek
2008-11-17 13:45 16,608 ----a-w c:\windows\gdrv.sys
2008-11-17 13:44 315,392 ----a-w c:\windows\HideWin.exe
2008-11-17 13:42 --------- d-----w c:\program files\Intel
2008-11-17 08:35 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 11:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 11:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-01 11:51 87,552 ----a-w c:\windows\system32\VACFix.exe
.
((((((((((((((((((((((((((((( snapshot@Thu 12-04-2008_17.58.59.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-08-18 08:19:03 82,432 ----a-w c:\windows\system32\404Fix.exe
- 2007-07-30 16:19:46 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 11:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2004-07-31 14:50:36 51,200 ----a-w c:\windows\system32\dumphive.exe
+ 2008-05-18 17:40:35 82,944 ----a-w c:\windows\system32\IEDFix.exe
- 2008-12-04 12:50:13 40,972 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-05 14:45:24 40,972 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-04 12:50:13 314,644 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-05 14:45:24 314,644 ----a-w c:\windows\system32\perfh009.dat
+ 2003-06-05 17:13:00 53,248 ----a-w c:\windows\system32\Process.exe
+ 2006-04-27 13:49:30 288,417 ----a-w c:\windows\system32\SrchSTS.exe
+ 2006-01-09 06:36:06 40,960 ----a-w c:\windows\system32\swsc.exe
+ 2007-09-05 20:22:23 289,144 ----a-w c:\windows\system32\VCCLSID.exe
+ 2007-10-03 20:36:46 25,600 ----a-w c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{47D633D7-7456-46C2-AD1D-58DDDD333D13}]
12/05/2008 02:34 PM 331264 --a------ c:\windows\system32\frilib.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [11/19/2008 05:37 PM 5724184]
"Internet Download Accelerator"="c:\program files\IDA\ida.exe" [04/10/2006 09:04 PM 45056]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [09/05/2007 12:13 PM 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [09/05/2007 12:13 PM 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [09/05/2007 12:13 PM 137752]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [11/17/2008 05:21 PM 949376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [11/17/2008 06:18 PM 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [05/18/2006 11:29 AM 49152]
"FixCamera"="c:\windows\FixCamera.exe" [07/11/2007 04:09 PM 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [05/12/2007 11:19 AM 270336]
"snp2std"="c:\windows\vsnp2std.exe" [09/28/2007 04:32 PM 344064]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [08/22/2007 04:31 PM 80896]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [11/26/2007 02:54 PM 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [11/26/2007 02:54 PM 1057064]
"TI WLAN"="c:\program files\Wirelwss LAN Utility\TIWLANCu.exe" [12/09/2004 04:49 PM 1150976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/20/2008 04:40 PM 185872]
"RTHDCPL"="RTHDCPL.EXE" [02/13/2008 09:31 AM 16857600 c:\windows\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-02-08 394856]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-17 15424]
R3 TNET1130;EDUP 802.11 WLAN;c:\windows\system32\DRIVERS\TNET1130.sys [2008-11-18 438912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.sa/
IE: Download ALL with IDA - c:\program files\IDA\idaieall.htm
IE: Download with IDA - c:\program files\IDA\idaie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
O16 -: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\MAS\Application Data\Mozilla\Firefox\Profiles\5conje8q.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-05 17:48:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\IDA\_IDA.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\slmdmsr.exe
c:\program files\Wirelwss LAN Utility\tiwlnsvc.exe
.
**************************************************************************
.
Completion time: 12/05/2008 17:49:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 14:49:11
ComboFix2.txt 2008-12-04 14:59:18
Pre-Run: 60,940,472,320 bytes free
Post-Run: 60,867,444,736 bytes free
259

 

[ماااجد]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:50:54 م, on 05/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IDA\_IDA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\MAS\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: frilibP - {47D633D7-7456-46C2-AD1D-58DDDD333D13} - C:\WINDOWS\system32\frilib.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
--
End of file - 7922 bytes

 

[Demo-dashDemo-dash is verified member.]

تم حذف بعض الإصابات

من الهاي جاك احذف

O2 - BHO: frilibP - {47D633D7-7456-46C2-AD1D-58DDDD333D13} - C:\WINDOWS\system32\frilib.dll

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

​

​

وخبرنا بالنتائج

​

 

[ماااجد]

يعطيك العافية وماقصرت

راحت الاعلانات
دايم متعبك معي احلي تقيم تستاهل

 

[Demo-dashDemo-dash is verified member.]

تسلم اخي ,, ماعملنا الى الواجب
بالتوفيق دائما وأبدا​