مشكلة في فتح الهوتميــــل :(

ا

الشيبه محمد

زيزوومي جديد
إنضم
25 مارس 2008
المشاركات
59
مستوى التفاعل
17
النقاط
60
الإقامة
OMAN
غير متصل
Request Error (unsupported_protocol)

Your request used a protocol that is not currently supported.

For assistance, contact your network support team.
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
هلا وغلا


==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
اهلا باخي العزيز :

هذا هو التقرير الثاني :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:50:22 ?, on 25/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba Registration\Registration.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Broadband Internet-E220\Broadband Internet-E220.exe
C:\Users\al-yas\Downloads\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [1145860967] C:\Program Files\Toshiba Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ????? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&??? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB3AF542-54EC-4078-8821-89524614AAB3}: NameServer = 212.72.1.186 212.72.23.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: fbdpinger - Unknown owner - C:\Windows\fdbpinger.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10213 bytes
 
تأييد 0
طبق الشرح

ادخل على خيارات الأنترنت وتابع الصورة

zyzoom-094b651ff1.GIF



وجرب ادخل على صفحة الهوتميل​
 
توقيع : AbOdy
تأييد 0
اهلا باخي :

عملت ما طلبت و لكن بلا فائدة
 
تأييد 0
طيب اخوي انت ما عملت مثل ما قلت لك بالنسبة للتقارير




==============

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم



ملاحظة مهمه ...

عند تشغيل الأدوات شغلها كمسؤل

وهذا مثال لكيفية تشغيلها كمسؤل


zyzoom-9d2a15fead.png





اول شي ارفق التقرير الأول وبعدين ارفق التقرير الثاني لاهنت
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
هلا اخي العزيز :

التقوير الاول :
ComboFix 08-09-24.09 - al-yas 09/25/2008 16:16:05.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.1.1033.18.1852 [GMT 4:00]
Running from: C:\Users\al-yas\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 12:05 --------- d-----w C:\ProgramData\WLInstaller
2008-09-25 11:54 --------- d-----w C:\Program Files\Google
2008-09-25 09:27 --------- d-----w C:\Program Files\Yamicsoft
2008-09-25 04:55 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-09-25 04:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 04:55 --------- d-----w C:\Program Files\Realtek
2008-09-25 04:54 --------- d-----w C:\Users\al-yas\AppData\Roaming\WinBatch
2008-09-25 04:44 --------- d-----w C:\Program Files\Windows Mail
2008-09-25 01:14 --------- d-----w C:\Program Files\Windows Live
2008-09-25 00:06 --------- d-----w C:\Users\al-yas\AppData\Roaming\ESET
2008-09-25 00:04 --------- d-----w C:\ProgramData\ESET
2008-09-25 00:04 --------- d-----w C:\Program Files\ESET
2008-09-24 22:50 --------- d-----w C:\Program Files\Real
2008-09-24 22:50 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-24 22:50 --------- d-----w C:\Program Files\Common Files\Real
2008-09-24 22:33 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-24 22:32 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-24 22:32 --------- d-----w C:\Program Files\Windows Live Favorites
2008-09-24 22:25 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-24 21:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-24 21:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-24 20:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-24 18:50 --------- d-----w C:\Program Files\Broadband Internet-E220
2008-09-24 18:24 --------- d-----w C:\Program Files\MSBuild
2008-09-24 18:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-24 18:21 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-09-24 05:13 --------- d-----w C:\Program Files\Giganology
2008-09-23 20:05 --------- d-----w C:\Users\al-yas\AppData\Roaming\Ahead
2008-09-23 20:04 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-23 20:00 --------- d-----w C:\ProgramData\Nero
2008-09-23 20:00 --------- d-----w C:\Program Files\Nero
2008-09-23 19:52 5 --sh--r C:\Windows\system32\drivers\taishop.sys
2008-09-23 19:52 15 --sh--r C:\Windows\system32\drivers\fbd.sys
2008-09-23 07:31 --------- d-----w C:\Program Files\Camera Assistant Software for Toshiba
2008-09-23 07:30 --------- d-----w C:\ProgramData\Roaming
2008-09-23 07:29 --------- d-----w C:\ProgramData\Intel
2008-09-23 07:29 --------- d-----w C:\Program Files\Intel
2008-09-23 07:26 --------- d-----w C:\Program Files\Common Files\Toshiba Shared
2008-09-23 07:25 --------- d-----w C:\ProgramData\Toshiba
2008-09-23 07:25 --------- d-----w C:\Program Files\Toshiba
2008-09-23 07:23 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
2008-09-23 07:22 --------- d-----w C:\Program Files\Apoint2K
2008-09-23 07:08 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-09-23 07:08 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-09-23 06:59 --------- d-----w C:\Program Files\Microsoft Works
2008-08-22 03:38 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-22 03:38 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-08-22 03:38 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-08-22 03:38 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-08-18 09:27 71,688 ----a-w C:\Windows\system32\drivers\epfw.sys
2008-08-18 09:27 54,280 ----a-w C:\Windows\system32\drivers\epfwtdi.sys
2008-08-18 09:27 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys
2008-08-18 09:19 53,256 ----a-w C:\Windows\system32\drivers\easdrv.sys
2008-08-18 09:18 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 18:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 16:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll
2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll
2008-06-26 03:29 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@Thu 09-25-2008_14.44.43.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-25 12:16:00 6,258,688 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-09-25 12:11:01 86,746 ----a-r C:\Windows\Installer\{052D4DB2-B515-435C-830E-AB0606304E14}\wlmail.exe
+ 2008-09-25 12:08:57 29,926 ----a-r C:\Windows\Installer\{CACE46A6-D098-40B3-911D-A7334E336714}\MsblIco.Exe
- 2008-09-25 10:22:08 605,536 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-09-25 11:53:14 605,536 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-09-25 10:23:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-25 11:54:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-25 10:23:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-25 11:54:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-25 10:23:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-25 11:55:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-25 10:24:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-25 11:55:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-09-25 04:47:48 429,368 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-09-25 11:54:47 429,368 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2008-09-25 10:31:32 101,660 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-25 12:02:20 101,510 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-25 10:31:32 595,978 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-25 12:02:20 587,438 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-25 10:22:14 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-25 12:11:47 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-09-25 10:25:18 4,188 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2299197152-619899755-1388409824-1000_UserData.bin
+ 2008-09-25 11:56:48 4,268 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2299197152-619899755-1388409824-1000_UserData.bin
- 2008-09-25 10:25:17 73,780 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-25 11:56:48 75,386 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-25 10:25:15 43,892 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-25 11:56:47 45,884 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-24 23:00:57 32,101,961 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-09-25 12:11:42 32,105,466 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [01/30/2008 04:00 AM 430080]
"1145860967"="C:\Program Files\Toshiba Registration\Registration.exe" [03/19/2007 11:59 PM 65603]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM 143360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/21/2008 06:25 AM 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [09/20/2007 09:58 PM 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [09/20/2007 09:58 PM 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [09/20/2007 09:58 PM 129560]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [01/18/2008 03:27 AM 431456]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [11/01/2007 09:01 AM 54608]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [06/16/2007 08:01 AM 448080]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [01/23/2008 01:25 AM 712704]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [09/12/2006 02:21 AM 180224]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [04/11/2007 03:40 AM 413696]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [09/29/2007 04:03 AM 75136]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [03/23/2006 09:42 AM 438272]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [11/07/2006 05:14 AM 34352]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [12/17/2007 11:12 AM 243240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2008 02:50 AM 185872]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [08/18/2008 01:23 PM 1447168]
"NDSTray.exe"="NDSTray.exe" [BU]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-01-25 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A9C55D36-10EA-46FC-A355-162EF9FDDA89}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C3D0AB51-0248-4AB0-AB39-2B78F4236C77}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B10AA655-BEE5-49BA-B689-3E54A61BC185}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5FFACDBC-888C-4D8A-8C00-4508AB5C3522}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{99A154EA-C430-4835-9D37-2DECF7E73C80}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{63B27C40-7CF2-4E1A-8612-13435D3FBF98}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB8B8E79-E549-4395-825E-8A3E568B41B3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [12/26/2007 01:07 AM 40960]
R2 fbdpinger;fbdpinger;C:\Windows\fdbpinger.exe [01/21/2008 06:29 AM 157040]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [10/17/2007 01:53 PM 43816]
R2 fsssvc;Windows Live OneCare Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [12/17/2007 11:13 AM 523816]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [12/04/2007 04:03 AM 126976]
S3 GameConsoleService;GameConsoleService;C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [09/25/2007 05:38 AM 181784]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [01/21/2008 06:23 AM 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [01/21/2008 06:23 AM 386616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e2be101-8a68-11dd-bae2-001f3c5c823d}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e2be12a-8a68-11dd-bae2-001f3c5c823d}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f29813b6-893a-11dd-a623-806e6f6e6963}]
\shell\AutoRun\command - D:\INSTALL.EXE
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\al-yas\AppData\Roaming\Mozilla\Firefox\Profiles\e01b6qvs.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-25 16:17:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d??l/?????;? ;?X ;?? ;??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 09/25/2008 16:18:13
ComboFix-quarantined-files.txt 2008-09-25 12:18:10
ComboFix2.txt 2008-09-25 10:45:02

Pre-Run: 154,943,451,136 bytes free
Post-Run: 154,919,026,688 bytes free

223 --- E O F --- 2008-09-25 01:15:03



التقرير الثاني :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:18:49 م, on 25/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba Registration\Registration.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Users\al-yas\Downloads\Zyzoom_HijackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [1145860967] C:\Program Files\Toshiba Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: fbdpinger - Unknown owner - C:\Windows\fdbpinger.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9958 bytes


اعتذر على التاخير
 
تأييد 0
طيب اخوي

بالنسبة للتقرير الثاني

حدد القيم واحذفها


O1 - Hosts: ::1 localhost




O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)




O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll




O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll




O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll




O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll




O13 - Gopher Prefix:




O23 - Service: fbdpinger - Unknown owner - C:\Windows\fdbpinger.exe




طريقة الحذف



zyzoom-9d2a15fead.png



mg%20%283%29.png



mg%20%284%29.png








استخدم هذه الاداة للتنظيف


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




zyzoom-2992f8024f.png




zyzoom-a44eb4e208.png




بعد ما تخلص من عمل المطلوب .. اعد تشغيل الجهاز .. واخبرنا بالنتيجه​
 
توقيع : AbOdy
تأييد 0
اهلا باخي العزيز

لم يتغير شي و في صعوبة في الدخول الى الايميل ..

لكن المسنجر شغال مية بالمية ..
 
تأييد 0
الحل الأخير لدي


اعد التشغيل وقبل ظهور شاشة الويندوز

اضغط باستمرار على زر f8


wh_62195183.png


ستاتيك شاشة فيهاا عدة خيارات اختر منهاا

safemode

wh_39783481.png



ثم اختر التالي

wh_12507056.png



wh_11747871.png



من الشاشة التالية اختر حساب الادمن او اي حساب تريد


wh_85829423.png



اخيرا اضغط موافق للدخول لسطح المكتب


wh_64184495.png





وبعد الدخول للوضع الأمن



,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png



بالأنتظار
 
توقيع : AbOdy
تأييد 0
بعد اذنكم اخواني

يا الغالي

جرب تكتب بروكسي في متصفحك

بعدين جرب تدخل

واذا كنت تستخدم بروكسي

شيله وادخل بدونه

بعدين رد لنا خبر
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
AbOdy قال:
الحل الأخير لدي


اعد التشغيل وقبل ظهور شاشة الويندوز

اضغط باستمرار على زر f8


wh_62195183.png


ستاتيك شاشة فيهاا عدة خيارات اختر منهاا

safemode

wh_39783481.png



ثم اختر التالي

wh_12507056.png



wh_11747871.png



من الشاشة التالية اختر حساب الادمن او اي حساب تريد


wh_85829423.png



اخيرا اضغط موافق للدخول لسطح المكتب


wh_64184495.png





وبعد الدخول للوضع الأمن



,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png



بالأنتظار
أنقر للتوسيع...


ينفع للفيستا
 
تأييد 0
المعذرة على التأخر

ايه تصلح للفيستا

وطبق كلام اخونا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



بالأنتظار
 
توقيع : AbOdy
تأييد 0
اهلا اخي العزيز :

هذا التقرير :

SmitFraudFix v2.354
Scan done at 13:29:45.56, Fri 09/26/2008
Run from C:\Users\al-yas\Downloads\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
تأييد 0
طيب الحين كيف الوضع عندك ؟؟
 
توقيع : AbOdy
تأييد 0
لا زالت المشكلة موجودة
 
تأييد 0
للرفع و ايجاد الحل المناسب
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى