اواجه المشكله انه يختفي لدي سطح المكتب

A

alshbaah_911

زيزوومى مميز
إنضم
28 مايو 2008
المشاركات
571
مستوى التفاعل
0
النقاط
520
غير متصل
السلام عليكم ورحمة الله وبركاته



اخواني واخواتي انا لدي مشكله صغيره جداً وهي اني لما افتح الموضوع الموجود الان بالمنتدى بقسم المشاكل بعنوان حل مشكلة إختفاء سطح المكتب والايقونات



ورابط الموضوع
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



ولكن المشكله اخواني هو انه لما افتح الموضوع لا تضهر لدي الصور وانا اواجه هذه المشكله انه يختفي لدي سطح المكتب واريد الحل منكم جزاكم الله خيراً وياليت الي فاهم لطريقة الحل ان يضعها لي برده على موضوعه


ولكم مني جزيل الشكر جميعاً سواء ساعدتوني او ماساعدتوني
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
المعذرة على تعديل عنوان الموضوع ..

اعمل التالي لاهنت



==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم



بالأنتظار
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
سم اخوي تفضل هذا التقرير





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58, on 2008-09-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\xp\سطح المكتب\explorer.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
D:\اداة هيجن للتقارير.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\Hotspot Shield\AnchorFree\ie\AFBho.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: get] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF30437.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock Dock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
--
End of file - 7320 bytes
 
تأييد 0
بعد اذن حبيب قلبي عبودي

اخوي احذف القيم التالية

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file

O4 - HKLM\..\Run: get] "C:\Program Files\FlashGet\FlashGet.exe" /min

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



طريقة الحذف

zyzoom-47abf39087.gif


zyzoom-dc3770ae68.gif


نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


zyzoom-3c0e283670.gif



بعدها اذهب الى ازالة البرامج واحذف جميع التولبار لديك ثم تقرير جديد​
 
توقيع : السّاجد لله
تأييد 0
تفضل كتاب بشرح الموضوع كامل
حل مشكلة إختفاء سطح المكتب والايقونات

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
اخذف هذا
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

O4 - HKLM\..\Run: get] "C:\Program Files\FlashGet\FlashGet.exe" /min

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : syam2007
تأييد 0
يا اخوان لم تنحل المشكله لدي ثانياً

اخوي سام ماعرف كيف احذف O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)



ثالثاً هذا تقرير الاخ عبودي




ComboFix 08-08-31.01 - xp 09/02/2008 0:39:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.238 [GMT 3:00]
Running from: C:\Documents and Settings\xp\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-01 21:06 971,296 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-01 21:06 9,716 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-01 21:06 253,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-01 21:06 2,996 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-01 21:05 --------- d-----w C:\Program Files\FlashGet
2008-09-01 14:38 --------- d-----w C:\Program Files\Quran 5.0
2008-08-30 00:02 --------- d-----w C:\Program Files\Hotspot_Shield
2008-08-30 00:02 --------- d-----w C:\Program Files\Conduit
2008-08-26 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-26 01:22 --------- d-----w C:\Program Files\Paltalk Messenger
2008-08-26 01:22 --------- d-----w C:\Documents and Settings\xp\Application Data\Paltalk
2008-08-26 00:58 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-25 04:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-25 04:12 --------- d-----w C:\Program Files\Ozone
2008-08-25 04:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-25 04:04 --------- d-----w C:\Program Files\Circle Developement
2008-08-25 02:55 13,824 ----a-w C:\WINDOWS\system32\drivers\splitcam.sys
2008-08-25 02:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-25 02:48 --------- d-----w C:\Program Files\SplitCam
2008-08-25 02:33 --------- d-----w C:\Program Files\Media Player Classic
2008-08-25 02:32 --------- d-----w C:\Program Files\Real Alternative
2008-08-25 02:08 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-25 02:02 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-25 02:01 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-25 00:42 --------- d-----w C:\Program Files\Registry Easy
2008-08-25 00:06 --------- d-----w C:\Documents and Settings\xp\Application Data\GRETECH
2008-08-25 00:01 --------- d-----w C:\Program Files\LtUcx
2008-08-24 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-24 21:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-24 21:31 --------- d-----w C:\Program Files\Google
2008-08-24 19:47 --------- d-----w C:\Program Files\Dalel2
2008-08-24 19:45 2,115 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-24 19:44 47,251 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-24 19:44 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-24 19:43 --------- d-----w C:\Documents and Settings\xp\Application Data\Media Player Classic
2008-08-24 19:35 --------- d-----w C:\Documents and Settings\xp\Application Data\Creative
2008-08-24 08:23 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-24 08:23 --------- d-----w C:\Program Files\Ahead
2008-08-24 08:09 --------- d-----w C:\Program Files\PCI Fax Modem
2008-08-24 08:02 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-08-24 08:02 --------- d-----w C:\Program Files\mpegable
2008-08-24 07:51 --------- d-----w C:\Program Files\XP Codec Pack
2008-08-24 07:50 --------- d-----w C:\Program Files\VideoLAN
2008-08-24 07:50 --------- d-----w C:\Program Files\GRETECH
2008-08-24 07:49 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-24 07:49 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-24 07:49 --------- d-----w C:\Program Files\Real
2008-08-24 07:49 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-24 07:49 --------- d-----w C:\Program Files\Common Files\Real
2008-08-24 07:48 --------- d-----w C:\Program Files\Windows Live
2008-08-24 07:47 155,995 ----a-w C:\WINDOWS\java\Packages\MPRVDVVT.ZIP
2008-08-24 07:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-24 07:42 172,032 ------w C:\WINDOWS\Setup1.exe
2008-08-24 07:31 --------- d-----w C:\Program Files\VideoCAM Trek
2008-08-24 07:31 --------- d-----w C:\Program Files\Common Files\VCAMTrek
2008-08-24 07:29 --------- d-----w C:\Program Files\Creative
2008-08-24 07:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-24 07:17 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon(2).dll
2008-07-29 17:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 15:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
.
------- Sigcheck -------
08/04/2004 12:55 AM 1214464 92b93b5d7ab948f818cc5f9eee6ed0da C:\WINDOWS\system32\wininet.dll
08/04/2004 12:55 AM 1214464 92b93b5d7ab948f818cc5f9eee6ed0da C:\WINDOWS\system32\dllcache\wininet.dll
08/03/2004 11:14 PM 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
08/03/2004 11:14 PM 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@Mon 09-01-2008_20.17.18.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-01 16:59:56 40,118 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2008-09-01 21:39:05 40,118 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-09-01 16:59:56 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-01 21:39:05 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-01 16:59:56 251,674 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2008-09-01 21:39:05 251,674 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-09-01 16:59:56 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-01 21:39:05 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "C:\Program Files\Hotspot_Shield\tbHots.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
06/24/2008 11:17 PM 1569304 --a------ C:\Program Files\Hotspot_Shield\tbHots.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "C:\Program Files\Hotspot_Shield\tbHots.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "C:\Program Files\Hotspot_Shield\tbHots.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM 102400]
"AFProg"="C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [07/23/2006 12:44 PM 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [02/15/2005 04:10 PM 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM 90112]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [06/10/2004 01:48 PM 286720]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [06/29/2007 02:44 PM 1990704]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [04/01/2006 03:33 PM 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/24/2008 10:49 AM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"P17Helper"="P17.dll" [05/03/2005 02:38 PM 64512 C:\WINDOWS\system32\P17.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\xp\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Stardock Dock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe [2005-02-21 16:56:00 1826885]
Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 16:41:00 90112]
C:\Documents and Settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-24 11:16:00 113664]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:00 734872]
«©م، ¢¬نïé Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:00 40048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 11/30/2004 11:00 AM 135168 C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 04/01/2006 03:33 PM 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 04/01/2006 03:33 PM 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 08/24/2008 10:49 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [07/23/2006 12:44 PM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 -: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O16 -: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://67.198.203.34:1999/talk.cab
C:\WINDOWS\Downloaded Program Files\talk.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\imcv1.dll
C:\Program Files\LtUcx\1003\imcv1.dll
O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.34:1999/ReadUid.CAB
C:\WINDOWS\Downloaded Program Files\ReadUid.INF
C:\WINDOWS\Downloaded Program Files\ReadUid.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-02 00:40:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/02/2008 0:42:57
ComboFix-quarantined-files.txt 2008-09-01 21:42:36
ComboFix2.txt 2008-09-01 17:18:17
Pre-Run: 8,723,558,400 bytes free
Post-Run: 8,714,215,424 bytes free
210
 
تأييد 0
وهذا تقرير الكيجين يا اخوان



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:03 ص, on 02/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\xp\سطح المكتب\explorer.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
D:\اداة هيجن للتقارير.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\Hotspot Shield\AnchorFree\ie\AFBho.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: get] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock Dock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\Dock\Dock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
--
End of file - 7082 bytes
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى