تقرير الهيجاك

[شموس]

هذا هو التقرير :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:59:16 ص, on 09/12/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\fxstaller.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\program file\Winamp\winampa.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Internet Download Manager\IDMan.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\DOCUME~1\ENG_LA~1\LOCALS~1\Temp\wingdetxe.exe
E:\DOCUME~1\ENG_LA~1\LOCALS~1\Temp\winyyclks.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\DOCUME~1\ENG_LA~1\LOCALS~1\Temp\GLB6.tmp
E:\WINDOWS\explorer.exe
E:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
F:\eng_walaa\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "E:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "F:\program file\Winamp\winampa.exe"
O4 - HKLM\..\Run: [08317b8c] rundll32.exe "E:\WINDOWS\system32\uxftwfkp.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "E:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] E:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [99948781813962802556430865306529] E:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A19089C-BAE9-43DB-88A5-68A20A2E37F7}: NameServer = 212.210.150.1
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - E:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (file missing)
O23 - Service: OfficeScan NT Listener (tmlisten) - Unknown owner - E:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (file missing)
--
End of file - 5879 bytes



*****************************

ممكن حد يساعدنى مع العلم ان لا سكمل تستطيب اى انتى فيروس وعلى اخر خطوة ويقف ..
اتمنى انى اجد حل ..

 

[alshbaah_911]

حذف وبسرعه



O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe



O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')



O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

 

[المانسي]

يا هلا بك
اعمل التالي


عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------

( 2 )

واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
​

 

[شموس]

بشكر alshbaah_911
على حرصة ومساعدته ...جزاك الله خيرا

............................

المانسى : جزاك الله خير على حسن تعاونك

حملت الاداة ولما فتحتها ظهرتلى هذة الرسالة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[صمت السكوت]

اخي الفاضل المشكله لديك تمكن في التاريخ والوقت بجهازك عدلها وبعد ذلك

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[صمت السكوت]

هذا هو التقرير :

Logfile of trend micro hijackthis v2.0.2
scan saved at 07:59:16 ص, on 09/12/2001
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal
running processes:
E:\windows\system32\smss.exe
e:\windows\system32\winlogon.exe
e:\windows\system32\services.exe
e:\windows\system32\lsass.exe
e:\windows\system32\svchost.exe
e:\windows\system32\svchost.exe
e:\windows\system32\spoolsv.exe
e:\windows\fxstaller.exe
e:\program files\common files\real\update_ob\realsched.exe
f:\program file\winamp\winampa.exe
e:\windows\system32\rundll32.exe
e:\program files\java\jre6\bin\jusched.exe
e:\windows\soundman.exe
e:\windows\system32\ctfmon.exe
e:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
e:\program files\msn messenger\msnmsgr.exe
e:\program files\internet download manager\idman.exe
e:\program files\java\jre6\bin\jqs.exe
e:\progra~1\yahoo!\messen~1\ymsgr_tray.exe
e:\windows\system32\wscntfy.exe
e:\program files\internet explorer\iexplore.exe
e:\program files\common files\microsoft shared\windows live\wlloginproxy.exe
e:\docume~1\eng_la~1\locals~1\temp\wingdetxe.exe
e:\docume~1\eng_la~1\locals~1\temp\winyyclks.exe
e:\windows\system32\rundll32.exe
e:\program files\internet explorer\iexplore.exe
e:\docume~1\eng_la~1\locals~1\temp\glb6.tmp
e:\windows\explorer.exe
e:\program files\adobe\reader 9.0\reader\acrord32info.exe
f:\eng_walaa\zyzoom_hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o3 - toolbar: &google - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\googletoolbar1.dll
o4 - hklm\..\run: [windows udp control center] fxstaller.exe
o4 - hklm\..\run: [downloadaccelerator] "e:\program files\dap\dap.exe" /startup
o4 - hklm\..\run: [adobe reader speed launcher] "e:\program files\adobe\reader 9.0\reader\reader_sl.exe"
o4 - hklm\..\run: [tkbellexe] "e:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [winampagent] "f:\program file\winamp\winampa.exe"
o4 - hklm\..\run: [08317b8c] rundll32.exe "e:\windows\system32\uxftwfkp.dll",b
o4 - hklm\..\run: [sunjavaupdatesched] "e:\program files\java\jre6\bin\jusched.exe"
o4 - hklm\..\run: [soundman] soundman.exe
o4 - hklm\..\run: [officescannt monitor] "e:\program files\trend micro\officescan client\pccntmon.exe" -hidewindow
o4 - hklm\..\run: [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k
o4 - hklm\..\run: [zonealarm client] "e:\program files\zone labs\zonealarm\zlclient.exe"
o4 - hkcu\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [yahoo! Pager] "e:\progra~1\yahoo!\messen~1\yahoom~1.exe" -quiet
o4 - hkcu\..\run: [swg] e:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [msnmsgr] "e:\program files\msn messenger\msnmsgr.exe" /background
o4 - hkcu\..\run: [uniblue registrybooster 2009] e:\program files\uniblue\registrybooster\registrybooster.exe /s
o4 - hkcu\..\run: [idman] e:\program files\internet download manager\idman.exe /onboot
o4 - hkcu\..\run: [99948781813962802556430865306529] e:\program files\antivirus 2009\av2009.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'default user')
o8 - extra context menu item: &clean traces - e:\program files\dap\privacy package\dapcleanerie.htm
o8 - extra context menu item: &download with &dap - e:\program files\dap\dapextie.htm
o8 - extra context menu item: Download &all with dap - e:\program files\dap\dapextie2.htm
o8 - extra context menu item: Download all links with idm - e:\program files\internet download manager\iegetall.htm
o8 - extra context menu item: Download with idm - e:\program files\internet download manager\ieext.htm
o8 - extra context menu item: E&xport to microsoft excel - res://c:\office11\excel.exe/3000
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\office11\refiebar.dll
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - e:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - e:\program files\messenger\msmsgs.exe
o10 - unknown file in winsock lsp: E:\windows\system32\nwprovau.dll
o17 - hklm\system\ccs\services\tcpip\..\{6a19089c-bae9-43db-88a5-68a20a2e37f7}: Nameserver = 212.210.150.1
o23 - service: Google updater service (gusvc) - google - e:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: Java quick starter (javaquickstarterservice) - sun microsystems, inc. - e:\program files\java\jre6\bin\jqs.exe
o23 - service: Officescannt realtime scan (ntrtscan) - unknown owner - e:\program files\trend micro\officescan client\ntrtscan.exe (file missing)
o23 - service: Officescan nt listener (tmlisten) - unknown owner - e:\program files\trend micro\officescan client\tmlisten.exe (file missing)
--
end of file - 5879 bytes



*****************************

ممكن حد يساعدنى مع العلم ان لا سكمل تستطيب اى انتى فيروس وعلى اخر خطوة ويقف ..
اتمنى انى اجد حل ..

انظر اخي الى اعلا التاريخ تجد السنه 2001

 

[شموس]

التقرير الخاص بالاداة ...-
----------------------------

ComboFix 08-12-07.01 - eng_lamiss 12/08/2008 21:33:16.1 - FAT32x86
Running from: e:\documents and settings\eng_lamiss\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\eng_lamiss\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
e:\documents and settings\eng_lamiss\Start Menu\Antivirus 2009
e:\documents and settings\eng_lamiss\Start Menu\Antivirus 2009\Antivirus 2009.lnk
e:\documents and settings\eng_lamiss\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
e:\program files\Antivirus 2009
e:\program files\Antivirus 2009\av2009.exe
e:\program files\VirusRemover2008
e:\windows\fxstaller.exe
e:\windows\system32\epeekkue.ini
e:\windows\system32\mcrh.tmp
e:\windows\system32\pkfwtfxu.ini
e:\windows\system32\rAbIOqru.ini
e:\windows\system32\scui.cpl
e:\windows\system32\urqOIbAr.dll
e:\windows\system32\uxftwfkp.dll
e:\windows\system32\xuiemhfo.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr

((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 12:09 43,544 ----a-w e:\windows\system32\wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
12/04/2001 11:58 AM 34816 --a------ e:\windows\system32\ssqRLDTn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"Yahoo! Pager"="e:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [12/17/2007 05:13 PM 3880176]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/07/2001 06:32 PM 68856]
"MsnMsgr"="e:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5743984]
"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [06/09/2006 04:18 PM 939704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="e:\program files\DAP\DAP.EXE" [12/04/2001 09:49 AM 3405576]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 112496]
"TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [12/04/2001 02:45 AM 185872]
"WinampAgent"="f:\program file\Winamp\winampa.exe" [08/04/2008 01:02 AM 105984]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [12/06/2001 10:13 PM 210328]
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 10:54 AM 142848 e:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="e:\windows\system32\tscupgrd.exe" [08/03/2004 11:59 PM 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "e:\windows\system32\ssqRLDTn.dll" [12/04/2001 11:58 AM 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRLDTn]
12/04/2001 11:58 AM 34816 e:\windows\system32\ssqRLDTn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"f:\\program file\\RealPlayer.v11.0.0167.Plus Full\\RealPlayer.v11.0.0167.Plus Full\\RealPlayer11.exe"=
"e:\\WINDOWS\\system32\\autorun.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"e:\\WINDOWS\\system32\\regsvr32.exe"=
"f:\\program file\\Winamp\\winampa.exe"=
"e:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ymsgr_tray.exe"=
"e:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"e:\\WINDOWS\\SOUNDMAN.EXE"=
"e:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"e:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"e:\\Program Files\\DAP\\DAP.exe"= e:\\Program Files\\DAP\\DAP.EXE
"e:\\Program Files\\MSN Messenger\\livecall.exe"=
"e:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"e:\\Program Files\\Trend Micro\\OfficeScan Client\\PccNTUpd.exe"=
"f:\\program file\\snagit9\\snagit.exe"=
"e:\\WINDOWS\\system32\\CF21996.exe"=
"e:\\ComboFix\\NirCmd.cfexe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61406:TCP"= 61406:TCP:Trend Micro OfficeScan Listener
R2 TmFilter;Trend Micro Filter;\??\e:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2007-06-12 203024]
R2 TmPreFilter;Trend Micro PreFilter;\??\e:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2007-06-12 36112]
R3 tmcfw;Trend Micro Common Firewall Service;e:\windows\system32\DRIVERS\TM_CFW.sys [2007-04-20 307984]
*Newly Created Service* - ASC3360PR
.
- - - - ORPHANS REMOVED - - - -
BHO-{8449C302-F1D0-43E2-AC09-C62BA9F08A29} - e:\windows\system32\urqOIbAr.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - e:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-OfficeScanNT Monitor - e:\program files\Trend Micro\OfficeScan Client\pccntmon.exe
HKLM-Run-ZoneAlarm Client - e:\program files\Zone Labs\ZoneAlarm\zlclient.exe

**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-08 21:37:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1020)
e:\windows\system32\ssqRLDTn.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\SYSTEM32\SAVEDUMP.EXE
e:\program files\JAVA\JRE6\BIN\JQS.EXE
e:\program files\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
.
**************************************************************************
.
Completion time: 12/08/2008 21:39:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-08 19:39:20
Pre-Run: 15,436,464,128 bytes free
Post-Run: 15,754,543,104 bytes free
138
----------------------------------------------------------------------------

تقرير الهيجاك
---------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:39 م, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\program file\Winamp\winampa.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Internet Download Manager\IDMan.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\DOCUME~1\ENG_LA~1\LOCALS~1\Temp\kefntg.exe
E:\DOCUME~1\ENG_LA~1\LOCALS~1\Temp\winwhkpu.exe
F:\eng_walaa\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - E:\WINDOWS\system32\ssqRLDTn.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "E:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "F:\program file\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A19089C-BAE9-43DB-88A5-68A20A2E37F7}: NameServer = 212.210.150.1
O20 - Winlogon Notify: ssqRLDTn - E:\WINDOWS\SYSTEM32\ssqRLDTn.dll
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - E:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (file missing)
O23 - Service: OfficeScan NT Listener (tmlisten) - Unknown owner - E:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (file missing)
--
End of file - 6642 bytes

---------------------------------------------------------

 

[صمت السكوت]

احذف التالي

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - E:\WINDOWS\system32\ssqRLDTn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O20 - Winlogon Notify: ssqRLDTn - E:\WINDOWS\SYSTEM32\ssqRLDTn.dll


طريقة الحذف

وبذلك تكون تمت عملية الحذف

بعدها حمل هذه الأدآة



ثم استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدها أرجع أرفق تقرير هأي جآك جديد


ملاحظه التولبارات تحذف عن طريق اضافة وازاله البرامج تجد كلمة تولبار من القيم الموجوده

 

[شموس]

خلود شكر لك على مساعدتك واتمنى الا اكون اثقلت عليك

ولكن نزلت البرنامج فعلا وعند الضغط علي الايكونة لا تستمر صفحة البرنامج سوى ثوانى ويقفل بسرعه

 

[صمت السكوت]

خلود شكر لك على مساعدتك واتمنى الا اكون اثقلت عليك

ولكن نزلت البرنامج فعلا وعند الضغط علي الايكونة لا تستمر صفحة البرنامج سوى ثوانى ويقفل بسرعه

اتمنى التوضيح اكثر ماذا تقصد بالبرنامج هل تقصد برنامج الحمايه

 

[شموس]

اسفة اقصد اداة التنظيف
كنت لما بضغط عليها فى الاول بتظهر وتختفى بسرعة لكن دلوقتى لما بضغط على الايقونة مفيش حاجة بتظهر

 

[السّاجد لله]

بعد اذن خيتي خللو

اختي شموس لديك فايروس خطير وهو عبارة عم برنامج حماية وهمي

Antivirus 2009

قومي بحذفة بالطريقة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[شموس]

hesham77
جزاك الله خيرا فعلت كما ذكرت وجدت 57 ملف مصاب وحذفتهم
وهذا تقرير الهاى جاك بعد الحذف

....................................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:38 م, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\program file\Winamp\winampa.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Internet Download Manager\IDMan.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\wscntfy.exe
E:\DOCUME~1\ENG_LA~1\LOCALS~1\Temp\apys.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\DOCUME~1\ENG_LA~1\LOCALS~1\Temp\winygbjs.exe
F:\eng_walaa\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {C5C2FA5A-CB95-4693-A388-575D07CDCD1B} - E:\WINDOWS\system32\ssqNEwvS.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "E:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "F:\program file\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A19089C-BAE9-43DB-88A5-68A20A2E37F7}: NameServer = 212.210.150.1
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - E:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (file missing)
O23 - Service: OfficeScan NT Listener (tmlisten) - Unknown owner - E:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (file missing)
--
End of file - 5431 bytes

 

[KoNaMi]

احذف التالي اخوي

O2 - BHO: (no name) - {C5C2FA5A-CB95-4693-A388-575D07CDCD1B} - E:\WINDOWS\system32\ssqNEwvS.dll (file missing)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

بعدين استخدم هذا الادوات
​

برنامج مكافحة برامج التجسس المجاني
SUPERAntiSpyware

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط



شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

بعدين سوي تقرير جديد للهاجيك​