مشكلة ظهور صفحات غير مرغوب فيها

شبية الريح

شبية الريح

زيزوومى مبدع
إنضم
24 أكتوبر 2007
المشاركات
1,747
مستوى التفاعل
36
النقاط
680
الإقامة
KSA
غير متصل
السلام عليكم ورحمة الله وبركاته

يوجد لدي مشكلة وهي ظهور صفحات غيرمرغوب فيها أثناء تصفحي من فترة لفترة وتأتي عند كل برهة من الزمن وعند أغلق الصحفه يقوم بتهنيق الجهاز .
وسوف ارفق لكم صوره من الصحفات التي تظهر لي عند التصفح .
ولكم مني كل الاحترام وتقديري ،،،
zyzoom-ef6e27c250.png


 

توقيع : شبية الريح
ترتيب حسب التاريخ ترتيب حسب الأصوات
عطني التقرير
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06:56 م, on 04/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Antamedia\DBServer\DBServer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mubasher\Mubasher Pro\TWR.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_HijackThis.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.094\__و__ _ط_و_غ_ 6_1.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ir_ext_temp_1\autorun.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\spoolsv.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\Second ford.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SetupCdrom] C:\DOCUME~1\ADMINI~1\APPLIC~1\JUMPCH~1\DupeMeal.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Zyzoom\Net Cleaner By Blackstar_tech\ICleaner.exe (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Zyzoom\Net Cleaner By Blackstar_tech\ICleaner.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47F6AF9E-0765-46D4-A9FB-D0A7D518F513}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Antamedia Database Server Service (DBSERVER) - Antamedia - C:\Antamedia\DBServer\DBServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 9470 bytes
 
توقيع : شبية الريح
تأييد 0
قم حذف القيم التاليه

O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\Second ford.exe

O4 - HKCU\..\Run: [SetupCdrom] C:\DOCUME~1\ADMINI~1\APPLIC~1\JUMPCH~1\DupeMeal.ex e

اداة ComboFix


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
.............................................................................................ز
kaspersky tools

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

......................................................

عطني التقرير​
 
تأييد 0
انت منصب برنامج الراعي الي مع ماسنجر بلس ؟

وهل المشكلة حديثة او قديمه ؟

..
 
تأييد 0
ComboFix 09-03-03.01 - Administrator 03/04/2009 13:45:33.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.502.165 [GMT 3:00]
Running from: D:\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton AntiVirus *enabled*
FW: Norton Internet Security *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32

((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 09:02 --------- d-----w c:\program files\Elmokadim Flash Player
2009-02-26 19:34 33,824 ----a-w c:\windows\system32\drivers\oreans32.sys
2009-02-26 10:37 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-26 10:37 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-26 10:36 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-21 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\live 64 math does
2009-02-21 19:45 --------- d-----w c:\program files\Jumpchinfast
2009-02-21 19:45 --------- d-----w c:\documents and settings\Administrator\Application Data\Jumpchinfast
2009-02-18 21:16 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-18 21:16 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-18 21:16 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-18 21:16 --------- d-----w c:\program files\Symantec
2009-02-18 21:15 --------- d-----w c:\program files\Windows Sidebar
2009-02-18 21:15 --------- d-----w c:\program files\Norton Internet Security
2009-02-18 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-18 21:13 --------- d-----w c:\program files\NortonInstaller
2009-02-18 21:13 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-11 04:55 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-11 04:15 --------- d-----w c:\program files\Reference Assemblies
2009-02-10 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-10 17:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-30 11:57 --------- d-----w c:\program files\MSXML 4.0
2009-01-28 20:16 --------- d-----w c:\documents and settings\All Users\Application Data\Equis
2009-01-28 20:12 --------- d-----w c:\program files\Equis
2009-01-28 20:01 --------- d-----w c:\program files\Wealth-Lab, Inc
2009-01-26 18:19 --------- d-----w c:\program files\KingoOo Upload V3
2009-01-21 19:23 --------- d-----w c:\program files\Clone Terminator
2009-01-21 16:33 --------- d-----w c:\program files\ParetoLogic
2009-01-21 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\DriverCure
2009-01-21 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-01-21 16:33 --------- d-----w c:\documents and settings\Administrator\Application Data\DriverCure
2009-01-19 17:36 --------- d-----w c:\program files\Godlike Developers
2009-01-19 17:36 --------- d-----w c:\documents and settings\Administrator\Application Data\Godlike
2009-01-19 16:00 --------- d-----w c:\program files\Boost Windows
2009-01-19 16:00 --------- d-----w c:\documents and settings\Administrator\Application Data\Boost Windows
2009-01-19 06:43 --------- d-----w c:\program files\Zyzoom
2009-01-16 18:20 --------- d-----w c:\program files\MassSender
2009-01-16 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-01-16 17:14 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-16 17:14 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-16 16:10 --------- d-----w c:\program files\DIFX
2009-01-16 16:10 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-01-16 16:10 --------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-01-16 16:08 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-01-16 16:07 --------- d-----w c:\program files\Nokia
2009-01-16 16:07 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-12 17:43 --------- d-----w c:\program files\TechSmith
2009-01-12 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-01-12 17:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-20 11:13 0 ----a-w C:\osy3.sys
2008-11-25 07:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112520081126\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/09/2008 12:15 AM 68856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [11/24/2008 07:45 PM 2745776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [03/30/2007 08:00 PM 138008]
"Persistence"="c:\windows\system32\igfxpers.exe" [03/30/2007 07:59 PM 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [12/14/2008 09:47 AM 136600]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM 155648]
"SigmatelSysTrayApp"="stsystra.exe" [10/29/2006 06:17 PM 397312 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-29 576104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChange*********"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2008-05-07 124928]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-20 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-02-20 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090225.002\IDSxpx86.sys [2009-02-28 276344]
R2 DBSERVER;Antamedia Database Server Service;c:\antamedia\DBServer\DBServer.exe [2008-12-01 1118720]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-20 115560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-26 603904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-19 101936]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2689433f-d069-11dd-a8ee-001302c1eb5b}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6563aae0-fd29-11dd-a9c9-001302c1eb5b}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f26dcf8d-bac2-11dd-a8a0-0015c56117e5}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
*******s of the 'Scheduled Tasks' folder
2009-03-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-02-11 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-04 c:\windows\Tasks\AC9DB506915A25C6.job
- c:\docume~1\admini~1\applic~1\jumpch~1\POPTICKSAFE.exe [02/21/2009 10:48 PM]
2009-03-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [11/20/2008 04:28 PM]
2009-03-04 c:\windows\Tasks\الصيانة بنقرة واحدة.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [11/20/2008 04:28 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
TCP: {47F6AF9E-0765-46D4-A9FB-D0A7D518F513} = 192.168.1.254
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-04 13:51:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Mubasher\Mubasher Pro\TWR.exe
c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 03/04/2009 13:55:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 10:55:14
ComboFix3.txt 2008-12-24 05:16:48
ComboFix2.txt 2009-02-26 08:01:36
Pre-Run: 18,044,813,312 bytes free
Post-Run: 18,271,600,640 bytes free
214 --- E O F --- 2009-02-28 18:08:39
 
توقيع : شبية الريح
تأييد 0
مازالت مشكله مستمر...................
 
تأييد 0


اعمل التالي

اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png


005.png


ثم

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




 
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
المشكلة أني استخدم برنامج حمايه وهو النورتن انترنت سكوريتي وبعد نسخه أصليه .

SmitFraudFix v2.398
Scan done at 16:10:45.34, Wed 03/04/2009
Run from C:\Documents and Settings\Administrator\سطح المكتب\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Program Files\Google\googletoolbar1.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{47F6AF9E-0765-46D4-A9FB-D0A7D518F513}: NameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F25E5920-B187-43F1-B848-BDBF9479EE16}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{47F6AF9E-0765-46D4-A9FB-D0A7D518F513}: NameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F25E5920-B187-43F1-B848-BDBF9479EE16}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{47F6AF9E-0765-46D4-A9FB-D0A7D518F513}: NameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F25E5920-B187-43F1-B848-BDBF9479EE16}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
توقيع : شبية الريح
تأييد 0
^^

اهلا بك اخي .. فقط نبغى نشوف تقرير الكاسبر لوجود بعض الإشتباهات في تقرير الهاي جاك

النورتون ماأثق فيه يالغالي حتى لو كان نسخة اصليه :no:

المهم .. بس تخلص تخلص فحص بأداة الكاسبر وترفقلي تقريرها هات لي تقرير هاي جاك جديد
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Scan
----
Scanned: 535733
Detected: 2
Untreated: 0
Start time: 08/03/1430 17:33:59
Duration: 02:41:53
Finish time: 08/03/1430 20:15:52

Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Downloader.Win32.Swizzor.cru File: c:\documents and settings\administrator\application data\jumpchinfast\popticksafe.exe
deleted: Trojan program Trojan-Downloader.Win32.Swizzor.cru File: C:\System Volume Information\_restore{C278852B-6B2D-43A0-AA89-D8CA14F09AB2}\RP168\A0040489.exe

Events
------
Time Name Status Reason
---- ---- ------ ------
08/03/1430 17:34:26 Running module: smss.exe\smss.exe ok scanned

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----
 
توقيع : شبية الريح
تأييد 0
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى