مشكلة في تعرف ال Usb

[عبودي_03]

السلام عليكم اعضاء زيزوم المميزين

لو سمحتوا يا اعضاء عندي مشكلة
اللي هو جهازي صار ما يقبل اي فلاش يدخل له
كل ما ادخل فلاش يقولي هناك مشكلة

والى الان كل ما ادخل فلاش يعطيني خطأ
ولو سمحتوا ابي منكم الحل في اقرب وقت
لان المشكلة في العمل عندي
ودايما مدرائي يعطوني قلاشات نزل من الفلاش
وفي انتظاركم انا

عبودي_03

 

[dяăģôŋ]

عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[ابو عمارالرحيلي]

نفس المشكلة وهذا ما طلبتة

تقرير ComboFix

ComboFix 08-08-29.02 - amer 08/30/2008 13:56:35.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.747 [GMT 3:00]
Running from: C:\Documents and Settings\amer\سطح المكتب\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 08:41 --------- d-----wC:\Documents and Settings\amer\Application Data\PCToolsSpamMonitorPlus
2008-08-30 08:41 --------- d-----wC:\Documents and Settings\amer\Application Data\PCToolsFirewallPlus
2008-08-30 08:40 --------- d-----wC:\Program Files\Common Files\PC Tools
2008-08-29 21:37 --------- d-----wC:\Program Files\SUPERAntiSpyware
2008-08-29 17:30 --------- d-----wC:\Program Files\Sunbelt Software
2008-08-29 17:30 --------- d-----wC:\Documents and Settings\amer\Application Data\Sunbelt
2008-08-29 17:30 --------- d-----wC:\Documents and Settings\All Users\Application Data\Sunbelt
2008-08-29 17:20 --------- d--h--wC:\Documents and Settings\All Users\Application Data\{069BCE30-6EC3-40CD-8DBA-EFECA88F79CC}
2008-08-28 09:00 --------- d-----wC:\Program Files\Spyware Doctor
2008-08-28 09:00 --------- d-----wC:\Documents and Settings\amer\Application Data\PC Tools
2008-08-19 22:47 15,600 ----a-wC:\WINDOWS\gdrv.sys
2008-08-18 21:47 --------- d-----wC:\Program Files\Internet Download Manager
2008-08-18 21:47 --------- d-----wC:\Documents and Settings\amer\Application Data\IDM
2008-08-18 21:47 --------- d-----wC:\Documents and Settings\amer\Application Data\DMCache
2008-08-06 16:44 --------- d-----wC:\Program Files\telephone directory
2008-08-05 20:28 --------- d-----wC:\Program Files\Hotspot Shield
2008-08-05 09:46 --------- d-----wC:\Program Files\anoooos
2008-08-04 13:05 --------- d-----wC:\Program Files\USB Disk Security
2008-08-02 11:53 --------- d-----wC:\Program Files\K-Lite Codec Pack
2008-08-01 17:47 --------- d-----wC:\Program Files\WinASO
2008-07-29 17:21 218,376 ----a-wC:\WINDOWS\system32\klogon.dll
2008-07-27 05:15 --------- d-----wC:\Program Files\ElcomSoft
2008-07-26 04:12 --------- d-----wC:\Program Files\Windows Live Safety Center
2008-07-25 16:13 --------- d-----wC:\Documents and Settings\All Users\Application Data\Avira
2008-07-25 08:35 102,464 ----a-wC:\WINDOWS\HarfDeleteFont.exe
2008-07-25 08:33 --------- d-----wC:\Program Files\Harf
2008-07-25 08:32 --------- d-----wC:\Program Files\quran
2008-07-19 14:50 --------- d-----wC:\Program Files\Sketch Master
2008-07-18 19:10 94,920 ----a-wC:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 19:10 94,920 ----a-wC:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-wC:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 53,448 ----a-wC:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 19:10 45,768 ----a-wC:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-wC:\WINDOWS\system32\wups.dll
2008-07-18 19:10 36,552 ----a-wC:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 19:09 563,912 ----a-wC:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 563,912 ----a-wC:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 19:09 325,832 ----a-wC:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 325,832 ----a-wC:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 19:09 205,000 ----a-wC:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 205,000 ----a-wC:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-wC:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:09 1,811,656 ----a-wC:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 19:07 270,880 ----a-wC:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-wC:\WINDOWS\system32\muweb.dll
2008-07-17 23:05 --------- d-----wC:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 23:05 --------- d-----wC:\Program Files\AlbaniV2
2008-07-15 20:18 352,256 ----a-wC:\WINDOWS\system32\IJL151.dll
2008-07-12 23:38 --------- d-----wC:\Documents and Settings\amer\Application Data\TuneUp Software
2008-07-12 23:20 --------- d-----wC:\Program Files\VIA Technologies, INC
2008-07-10 17:04 --------- d-----wC:\Program Files\BearFlix
2008-07-07 20:27 253,952 ----a-wC:\WINDOWS\system32\es.dll
2008-07-07 20:27 253,952 ------wC:\WINDOWS\system32\dllcache\es.dll
2008-07-06 22:10 --------- d-----wC:\Program Files\Your Uninstaller 2008
2008-07-05 18:09 --------- d-----wC:\Program Files\Common Files\NSV
2008-06-30 17:03 --------- d-----wC:\Program Files\ATI Multimedia
2008-06-30 17:02 --------- d-----wC:\Program Files\Common Files\SnapStream
2008-06-30 17:02 --------- d-----wC:\Documents and Settings\All Users\Application Data\SnapStream
2008-06-30 16:38 --------- d-----wC:\Program Files\SnapStream Media
2008-06-26 08:13 617,472 ------wC:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-26 08:13 1,499,136 ------wC:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-24 16:43 74,240 ----a-wC:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------wC:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:10 664,576 ----a-wC:\WINDOWS\system32\wininet.dll
2008-06-23 15:10 664,576 ------wC:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:10 3,088,384 ------wC:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-20 20:09 148,992 ----a-wC:\WINDOWS\system32\DNSAPI(3).dll
2008-06-20 20:09 148,992 ----a-wC:\WINDOWS\system32\dnsapi(2).dll
2008-06-20 17:47 245,248 ----a-wC:\WINDOWS\system32\mswsock.dll
2008-06-20 17:47 245,248 ------wC:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:47 147,968 ------wC:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:39 245,248 ----a-wC:\WINDOWS\system32\mswsock(3).dll
2008-06-20 17:39 245,248 ----a-wC:\WINDOWS\system32\mswsock(2).dll
2008-06-20 11:51 361,600 ------wC:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------wC:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------wC:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:31 271,616 ------wC:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 18:36 7,680 ----a-wC:\WINDOWS\system32\ff_vfw.dll
2008-06-01 21:24 12,288 ----a-wC:\WINDOWS\system32\impborl.dll
2008-05-30 23:22 683,520 ----a-wC:\WINDOWS\system32\divx.dll
2008-05-22 22:22 3,596,288 ----a-wC:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:19 81,920 ----a-wC:\WINDOWS\system32\dpl100.dll
2008-05-09 10:53 90,112 ----a-wC:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 90,112 ------wC:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53 512,000 ------wC:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53 430,080 ----a-wC:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 430,080 ------wC:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53 180,224 ----a-wC:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 180,224 ------wC:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53 172,032 ----a-wC:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53 172,032 ------wC:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------wC:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-wC:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------wC:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-wC:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------wC:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:10 1,286,144 ----a-wC:\WINDOWS\system32\quartz.dll
2008-05-07 05:10 1,286,144 ------wC:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 14:34 331,776 ------wC:\WINDOWS\system32\dllcache\msadce.dll
.
[code]<pre>
----a-w 8,009,320 2008-08-06 18:39:08 C:\Documents and Settings\amer\سطح المكتب\برامج\spywareterminatorمحطم ملفات التجسس .exe
</pre>[/code]


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="C:\Program Files\AnchorFree\bin\ctrl\AFController.exe" [11/20/2006 11:19 AM 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChange"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 10:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
--a------ 11/20/2006 11:19 AM 81920 C:\Program Files\AnchorFree\bin\ctrl\AFController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 04/14/2008 06:59 PM 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
-ra------ 05/11/2007 10:47 AM 790528 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/14/2008 06:59 PM 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 04/11/2008 09:10 PM 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Paltalk Messenger\\PALTALK.EXE"=
"C:\\WINDOWS\\system32\\wjview.exe"=
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"=
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"=
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"=
"C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [03/26/2007 10:26 AM]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [03/29/2007 06:36 AM]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [03/26/2007 10:26 AM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [04/17/2007 06:58 AM]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder

2008-08-29 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\amer\Application Data\Mozilla\Firefox\Profiles\pze0em4g.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
.
------- File Associations (Beta) -------
.
txtfile=C:\WINDOWS\notepad.exe %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-30 13:57:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 08/30/2008 13:57:54
ComboFix-quarantined-files.txt 2008-08-30 10:57:54
ComboFix2.txt 2008-08-30 10:54:36

Pre-Run: 18,072,584,192 bytes free
Post-Run: 18,062,753,792 bytes free

214 --- E O F --- 2008-08-29 21:58:26


تقرير hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 01:59:57 م, on 30/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\amer\سطح المكتب\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKCU\..\Run: [AFProg] C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe


ولك نمي خالص الشكر والتقدير
​

 

[dяăģôŋ]

نفس المشكلة وهذا ما طلبتة


ولك نمي خالص الشكر والتقدير
​

من طلعت اخوى:hh:

جارى التحليل اخوى بس مااردعليك هنا علشان ماتسير لخبطه مع صاحب الموضوع الاساسى

سولك موضوع جديد باسمك افضل بنفس القسم

بنتظارك​

 

[Juve GuardJuve Guard is verified member.]

بعد اذن اخوي كونج
جرب تسوي اعادة تثبيت لمنافذ الـ{usb}

 

[عبودي_03]

اخوي kong جربت الطريقة الاولى وجاني ملف بـ Text File
هذا الكلام

ComboFix 08-08-29.02 - user1 2008-08-30 17:40:10.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1485 [GMT 3:00]
Running from: C:\Documents and Settings\user1\Desktop\طلال\خطوط عربية\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user1\Application Data\macromedia\Flash Player\#Shareds\M3THHRQX\iforex.com
C:\Documents and Settings\user1\Application Data\macromedia\Flash Player\#Shareds\M3THHRQX\iforex.com\Emerp\Events\flash_.swf\user_data.sol
C:\Documents and Settings\user1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\user1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\user1\s\user1@ad.yieldmanager[1].txt
C:\WINDOWS\artools.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.
2008-08-30 12:55 . 2008-08-30 12:55 <DIR> d-------- C:\Program Files\Samehsoft
2008-08-30 12:55 . 1998-06-17 23:00 299,008 --a------ C:\WINDOWS\system32\MSDBRPTR.DLL
2008-08-21 11:21 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-21 11:21 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 11:12 . 2008-06-23 19:57 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-21 11:12 . 2007-04-17 12:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-21 11:12 . 2007-03-08 08:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-21 11:12 . 2008-06-23 19:57 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-21 11:12 . 2008-06-23 19:57 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-21 11:12 . 2008-06-23 19:57 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-21 11:12 . 2008-06-23 19:57 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-21 11:12 . 2008-06-23 19:57 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-21 11:12 . 2008-06-23 12:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-20 18:51 . 2008-08-20 18:51 268 --ah----- C:\sqmdata01.sqm
2008-08-20 18:51 . 2008-08-20 18:51 244 --ah----- C:\sqmnoopt01.sqm
2008-08-19 14:09 . 2008-08-19 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-19 14:04 . 2008-08-19 14:04 <DIR> d-------- C:\Program Files\Bonjour
2008-08-19 13:59 . 2008-08-19 14:00 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-16 13:03 . 2008-08-16 13:03 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2008-08-12 18:27 . 2008-08-12 18:27 <DIR> d-------- C:\Documents and Settings\user1\Application Data\Talkback
2008-08-12 18:27 . 2008-08-12 18:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-12 18:26 . 2008-08-12 18:26 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-12 18:26 . 2008-08-12 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-12 18:26 . 2008-08-12 18:26 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-10 12:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-10 12:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-10 12:09 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-10 12:09 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-10 11:38 . 2008-08-10 11:38 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-10 11:35 . 2008-08-10 11:35 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-09 13:33 . 2008-08-09 13:33 <DIR> d-------- C:\Program Files\Hotspot_Shield
2008-08-09 13:33 . 2008-08-09 13:33 <DIR> d-------- C:\Program Files\Conduit
2008-08-09 11:53 . 2008-08-09 11:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-09 11:19 . 2008-08-09 11:19 <DIR> d-------- C:\Program Files\BitComet
2008-08-07 11:24 . 2008-08-07 11:24 <DIR> d-------- C:\Program Files\DAP
2008-08-07 11:24 . 2008-08-07 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-07 11:24 . 2008-08-07 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-08-07 11:24 . 2008-08-07 11:24 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-08-07 11:24 . 2008-08-07 11:24 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-08-07 11:24 . 2008-08-07 11:24 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-08-06 17:40 . 2008-08-06 17:40 <DIR> d--hs---- C:\Documents and Settings\user1\UserData
2008-08-06 12:29 . 2008-08-06 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-06 11:19 . 2008-08-06 11:19 <DIR> d-------- C:\Documents and Settings\user1\Contacts
2008-08-06 11:19 . 2008-08-06 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dead info sign cdrom
2008-08-06 11:18 . 2008-08-06 11:18 <DIR> d-------- C:\Program Files\Windows Live
2008-08-06 11:18 . 2008-08-06 11:18 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-08-06 11:18 . 2008-08-06 11:18 <DIR> d-------- C:\Program Files\Circle Developement
2008-08-06 11:18 . 2008-08-06 11:18 <DIR> d-------- C:\Program Files\Build four time
2008-08-06 11:18 . 2008-08-06 11:18 <DIR> d-------- C:\Documents and Settings\user1\Application Data\Build four time
2008-08-06 11:18 . 2008-08-06 11:18 268 --ah----- C:\sqmdata00.sqm
2008-08-06 11:18 . 2008-08-06 11:18 244 --ah----- C:\sqmnoopt00.sqm
2008-08-06 11:15 . 2008-08-06 11:15 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-08-06 11:15 . 2008-08-06 11:15 <DIR> d-------- C:\Program Files\MSN Messenger
2008-08-06 10:34 . 2008-08-06 10:34 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-06 10:34 . 2008-08-06 10:34 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-08-06 10:23 . 2008-08-06 10:23 <DIR> d-------- C:\Program Files\Google
2008-08-02 18:09 . 2008-08-02 18:09 <DIR> d-------- C:\Program Files\Real_SC
2008-08-02 17:57 . 2001-09-19 15:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_20420.nls
2008-08-02 17:57 . 2001-09-19 15:00 66,082 --a------ C:\WINDOWS\system32\c_20420.nls
2008-07-29 12:41 . 2008-07-29 12:42 <DIR> d-------- C:\Documents and Settings\user1\Application Data\COWON
2008-07-28 17:38 . 2008-07-28 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-27 16:43 . 2008-07-27 16:43 <DIR> d--hs---- C:\FOUND.001
2008-07-27 00:57 . 2008-07-27 00:57 123 --a------ C:\WINDOWS\hpntwksetup.ini
2008-07-27 00:54 . 2008-07-27 00:54 <DIR> d--h----- C:\Program Files\Zenographics
2008-07-27 00:54 . 2008-07-27 00:54 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-07-27 00:51 . 2005-12-21 05:16 470,048 -ra------ C:\WINDOWS\system32\drivers\ar5211.sys
2008-07-25 00:06 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-25 00:05 . 2008-07-25 00:05 <DIR> d-------- C:\Program Files\MSBuild
2008-07-25 00:05 . 2008-07-25 00:05 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-25 00:03 . 2008-07-25 00:03 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-25 00:03 . 2008-07-25 00:03 <DIR> dr-h----- C:\MSOCache
2008-07-25 00:03 . 2008-07-25 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 07:09 155,995 ----a-w C:\WINDOWS\java\Packages\N9ZXRVPF.ZIP
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 07:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 14:30 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "C:\PROGRA~1\DAP\SBSearch.dll" [2008-08-07 11:24 32768]
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-06 10:23 171448]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-08-07 11:24 3065344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 08:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 08:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 08:55 118784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-13 17:20 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-12 18:26 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 12:21 16270848 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
C:\Documents and Settings\user1\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe [2008-08-06 10:34:22 260096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10261:TCP"= 10261:TCP:BitComet 10261 TCP
"10261:UDP"= 10261:UDP:BitComet 10261 UDP
S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
S3 SF-620;SF-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\SF-620.sys [2004-08-12 05:18]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-03-13 05:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9157438-ec01-11db-b351-806d6172696f}]
\Shell\AutoRun\command - E:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d93ec8e7-5cdd-11dd-9e5f-001d0fc694fc}]
\Shell\AutoRun\command - kongxsg.exe
\Shell\explore\Command - kongxsg.exe
\Shell\open\Command - kongxsg.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-filetype - C:\DOCUME~1\user1\APPLIC~1\BUILDF~1\Bin software heck.exe
HKLM-Run-Device Detector - DevDetect.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\ttttkydv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-30 17:41:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-30 17:41:40
ComboFix-quarantined-files.txt 2008-08-30 14:41:40
Pre-Run: 34,660,122,624 bytes free
Post-Run: 36,738,891,776 bytes free
213 --- E O F --- 2008-08-21 11:46:50


والان حنزلك الطريقة الثانية
في الرد الذي يليه

 

[عبودي_03]

الطريقة الثانية اخوي kong

Logfile of HijackThis v1.99.1
Scan saved at 5:50:31 PM, on 8/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

اتمنى مساعدتي واقدر لك هذا اخوي
ويعطيك الف عافية
اتمنى اني اشوف ردك في اقرب وقت

 

[dяăģôŋ]

اولا
جدار الحمايه معطل
لديك مشكله فى هذا البرنامج اعد تنصيبه او احذفه لانه مانجح بالتحليل
C:\Program Files\Adobe Media Player\Adobe Media Player.exe

حدد التالى

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe

O11 - Options group: [INTERNATIONAL] International*

اذهب الى اضافة وازالة البرامج وشيل التولبارات كلها لانها ملجا للفيروسات والاختراقات

طريقة الحذف

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط



شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

وتقرير اخر​

 

[عبودي_03]

اخوي Kong معليش تعبتك معي

اللحين اهو انا عملت كل الي قلت لي عليه
وجاني التقرير هذا

Logfile of HijackThis v1.99.1
Scan saved at 6:36:54 PM, on 8/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$EX00.063\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\user1\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\user1\Application Data\CyberScrub\Privacy Suite"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

الله يوفقك ان شاء الله اخوي kong

 

[dяăģôŋ]

احذف القيمه هذى
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\user1\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\user1\Application Data\CyberScrub\Privacy Suite"

باقى التقلرير سليم

واذا مامشئ الحال مع usp

رايت كلك على جهاز الكمبيوتر >>اداره>>ادارة الاجهزه>>بالصفحه المقابله لها ستجد usp كما بالصوره

ابغاك اتصورلى الى بجهازك وترفعها بردك القادم

بنتظارك​

 

[عبودي_03]

يعطيك ربي الف عااااافية
زبط معايا مشكوووووووووووووووووووووور
روح الله يوفقك ويكرمك ويرزقك الذرية الصالحة
ويوفقك في حياتك ويرزقك وييسرلك امورك

وكل عام وانت بالف صحة وعافية
رمضان مبارك
مبارك عليك الشهر

 

[dяăģôŋ]

يعطيك ربي الف عااااافية
زبط معايا مشكوووووووووووووووووووووور
روح الله يوفقك ويكرمك ويرزقك الذرية الصالحة
ويوفقك في حياتك ويرزقك وييسرلك امورك

وكل عام وانت بالف صحة وعافية
رمضان مبارك
مبارك عليك الشهر

الله يسمع منك

:d:

وكل عام ونت بالف
خير​