عند الدخول لـ الجهاز تظهر 3 رسائل غريبة ,, مالحل ؟؟

B

brotherhood

زيزوومي جديد
إنضم
4 أبريل 2008
المشاركات
92
مستوى التفاعل
0
النقاط
110
الإقامة
سوريا الحبيبة
غير متصل
بسم الله الرحمن الرحيم
هلا شباب كيفكم
شو اخباركم
انا عندي مشكلة مضايقتني كتير
وهي اني كل ما شغل جهاز اللابتوب بيطلعلي هالرسائل الـ3​


zyzoom-46c1c8dfed.gif


zyzoom-8e61adb621.gif

zyzoom-bfa78b4f81.gif



لو سمحتم يلي عنده حل لا يبخل علي​
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
السلام عليكم ورحمة الله وبركاته

بعد اذنك يا الغلااا تم تعديل العنوان لـ ينم عن محتواه

==============================

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



قم بتشغيلها واتبع الشرح :

ri0jwrauixffv0n3hsk9.png


ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :


ph5zm97asywocrv26o6n.png



تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :


vcugasz5fixcii0xz21f.png



بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار


q7nw2aekeox17qx62fkh.png



هذه هو التقرير قد خرج انسخه والصقه في ردك القادم


2uhlzh9hbxq4i16xu7do.png


(2)
حمل أداة الهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

kphzzpsh5mpfqbcw3yi9.png


بعد ان تشغل البرنامج اعمل الاتي :

gjmaza581l881lopj6o7.png


ستظهر لك هذه النافذه .. اتبع الشرح :


11tu2t6gl40lzqlf9yc8.png



ثم ستظهر لك هذه النافذه ::


zcmkecxjzd7pfypb4gdq.png



انسخ التقرير كاملا وارفقه في ردك القادم لتحليله​
 
توقيع : Al jNtEeL
تأييد 0
مشكور اخوي
التقرير الاول:
ComboFix 08-10-31.02 - dell 2008-11-01 21:43:15.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.967.1033.18.357 [GMT 3:00]
Running from: C:\Users\dell\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\ActivationManager.dll
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\FunWebProducts
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Users\dell\Desktop\New Folder\1\تمارين فلاش\1\Desktop_.ini
C:\Users\dell\Desktop\New Folder\1\ff\تمارين فلاش\1\Desktop_.ini
C:\Users\dell\Desktop\New Folder\2\تمارين فلاش\1\Desktop_.ini
C:\Windows\system32\f3PSSavr.scr
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MyWebSearchService​

((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.
2008-10-31 20:00 . 2007-09-13 14:45 595,456 --a------ C:\Windows\System32\stapo.dll
2008-10-31 20:00 . 2007-03-05 13:05 492,544 --a------ C:\Windows\System32\ctapo32.dll
2008-10-31 20:00 . 2007-09-13 14:46 330,240 --a------ C:\Windows\System32\drivers\stwrt.sys
2008-10-31 20:00 . 2007-09-13 14:45 328,704 --a------ C:\Windows\System32\stcplx.dll
2008-10-31 20:00 . 2007-09-13 14:44 299,520 --a------ C:\Windows\System32\stapi32.dll
2008-10-31 20:00 . 2007-09-13 14:45 146,944 --a------ C:\Windows\System32\st325614.dll
2008-10-31 20:00 . 2007-03-05 13:05 45,568 --a------ C:\Windows\System32\ctppld.dll
2008-10-31 18:51 . 2006-03-24 19:30 282,624 --a------ C:\Windows\stsystra.exe
2008-10-31 18:49 . 2006-03-24 19:34 1,156,648 --a------ C:\Windows\System32\drivers\sthda.sys
2008-10-31 18:49 . 2006-03-24 19:31 208,896 --a------ C:\Windows\System32\stacapi.dll
2008-10-30 18:49 . 2008-08-12 06:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-30 18:49 . 2008-08-05 12:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-30 18:49 . 2008-08-05 12:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-30 18:49 . 2008-08-05 12:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-30 18:49 . 2008-08-05 12:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-30 18:49 . 2008-09-18 07:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-30 18:49 . 2008-09-18 07:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-30 18:49 . 2008-08-05 12:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-25 23:29 . 2008-10-25 23:29 1,273 --a------ C:\Windows\VB.INI
2008-10-25 23:28 . 2008-10-25 23:29 <DIR> d-------- C:\Program Files\Web Publish
2008-10-25 18:48 . 2008-10-28 17:14 <DIR> d-------- C:\Users\dell\AppData\Roaming\skypePM
2008-10-25 18:48 . 2008-10-25 18:48 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-10-25 18:48 . 2008-10-25 18:48 56 --ah----- C:\ProgramData\ezsidmv.dat
2008-10-25 18:43 . 2008-11-01 21:27 <DIR> d-------- C:\Users\dell\AppData\Roaming\Skype
2008-10-25 18:42 . 2008-10-25 18:42 <DIR> d-------- C:\Program Files\Skype
2008-10-25 18:42 . 2008-10-25 18:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-10-25 18:41 . 2008-10-25 18:42 <DIR> d-------- C:\Users\All Users\Skype
2008-10-25 18:41 . 2008-10-25 18:42 <DIR> d-------- C:\ProgramData\Skype
2008-10-25 18:08 . 2008-10-25 18:08 <DIR> d-------- C:\Program Files\Advanced IP Scanner
2008-10-18 14:13 . 2008-10-18 14:39 <DIR> d-------- C:\Netgear
2008-10-17 00:31 . 2008-10-17 00:46 <DIR> d-------- C:\Program Files\Ease123 Video Watermarker
2008-10-16 00:46 . 2008-10-16 00:46 <DIR> d-------- C:\Program Files\learn computer
2008-10-15 13:34 . 2008-09-03 06:59 468,992 --a------ C:\Windows\System32\newdev.dll
2008-10-15 13:34 . 2008-09-03 06:58 74,752 --a------ C:\Windows\System32\newdev.exe
2008-10-15 13:32 . 2008-09-18 05:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 13:31 . 2008-09-18 08:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 13:31 . 2008-09-18 08:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 13:31 . 2008-08-27 04:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 13:26 . 2008-10-02 04:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 13:26 . 2008-10-02 06:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-14 15:54 . 2008-10-14 15:54 <DIR> d-------- C:\Users\dell\AppData\Roaming\Media Player Classic
2008-10-14 15:53 . 2008-10-14 15:53 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-14 15:53 . 2007-11-29 23:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-10-14 15:53 . 2007-07-25 14:24 1,559,040 --a------ C:\Windows\System32\xvidcore.dll
2008-10-14 15:53 . 2007-12-04 02:33 682,496 --a------ C:\Windows\System32\divx.dll
2008-10-14 15:53 . 2006-09-24 16:11 389,120 --a------ C:\Windows\System32\lameACM.acm
2008-10-14 15:53 . 2007-03-10 12:51 282,624 --a------ C:\Windows\System32\xvidvfw.dll
2008-10-14 15:53 . 2004-01-25 17:18 217,088 --a------ C:\Windows\System32\yv12vfw.dll
2008-10-14 15:53 . 2007-09-04 17:56 164,352 --a------ C:\Windows\System32\unrar.dll
2008-10-14 15:53 . 2007-09-21 01:52 118,784 --a------ C:\Windows\System32\ac3acm.acm
2008-10-14 15:53 . 2007-11-29 23:28 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-10-14 15:53 . 2007-12-24 13:49 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-10-14 15:53 . 2007-07-10 17:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-10-14 15:53 . 2007-10-03 16:03 414 --a------ C:\Windows\System32\lame_acm.xml
2008-10-14 15:09 . 2008-10-14 15:09 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-14 14:22 . 2008-10-14 14:22 <DIR> d-------- C:\Program Files\WinWatermark 2.2
2008-10-14 13:28 . 2008-10-14 13:28 <DIR> d-------- C:\Program Files\TagRename
2008-10-11 11:22 . 2008-04-26 11:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-10-10 20:42 . 2008-10-10 20:42 <DIR> d-------- C:\PerfLogs
2008-10-10 19:50 . 2008-10-10 19:51 <DIR> d-------- C:\ad339357d6b74dd10ed6fcf8b53d
2008-10-10 17:29 . 2008-01-19 10:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-10-10 17:29 . 2008-01-19 10:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-10-10 17:27 . 2008-01-19 10:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-10-10 17:26 . 2008-01-19 10:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-10-10 17:25 . 2008-01-19 10:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-10-10 17:24 . 2008-01-19 10:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-10-10 17:23 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-10-10 17:21 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-10-10 17:21 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-10-10 17:21 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-10-10 17:21 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-10-10 17:21 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-10-10 17:21 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-10-10 17:21 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-10-10 17:21 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-10-10 17:21 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-10-09 15:12 . 2008-10-09 15:12 <DIR> d-------- C:\Program Files\Tarneeb
2008-10-09 14:35 . 2008-10-09 14:36 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 14:35 . 2008-10-09 14:36 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 14:35 . 2008-10-09 14:36 <DIR> d-------- C:\Program Files\iTunes
2008-10-09 14:35 . 2008-10-09 14:35 <DIR> d-------- C:\Program Files\iPod
2008-10-09 14:09 . 2008-10-09 15:00 <DIR> d-------- C:\Users\All Users\Protexis
2008-10-09 14:09 . 2008-10-09 15:00 <DIR> d-------- C:\ProgramData\Protexis
2008-10-06 14:03 . 2008-07-19 08:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-10-06 14:03 . 2008-07-19 06:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-10-06 14:03 . 2008-07-19 08:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-10-06 14:03 . 2008-07-19 08:10 45,768 --a------ C:\Windows\System32\wups2.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 18:23 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-11-01 18:20 712,736 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-11-01 18:20 4,564 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-11-01 18:17 5,763,104 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-11-01 18:17 47,152 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-11-01 17:05 --------- d-----w C:\ProgramData\Google Updater
2008-10-24 17:10 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-16 09:15 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 09:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-12 21:06 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-10 18:01 174 --sha-w C:\Program Files\desktop.ini
2008-10-10 17:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-10 17:44 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-10 17:44 --------- d-----w C:\Program Files\Windows Journal
2008-10-10 17:44 --------- d-----w C:\Program Files\Windows Defender
2008-10-10 17:44 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-10 17:44 --------- d-----w C:\Program Files\Windows Calendar
2008-10-06 17:45 --------- d-----w C:\Program Files\Google
2008-09-17 15:52 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-09-17 15:52 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-09-17 11:33 --------- d-----w C:\Users\dell\AppData\Roaming\Yahoo!
2008-09-17 00:09 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-16 23:59 --------- d---a-w C:\ProgramData\TEMP
2008-09-16 00:09 --------- d-----w C:\Program Files\Microsoft Works
2008-09-11 20:16 --------- d-----w C:\Program Files\Bonjour
2008-09-11 20:15 --------- d-----w C:\Program Files\QuickTime
2008-09-11 20:14 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-11 20:06 --------- d-----w C:\Program Files\Apple Software Update
2008-09-07 01:43 --------- d-----w C:\Users\dell\AppData\Roaming\App Launcher Gadget
2008-09-05 19:16 36,864 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2007-11-19 16:26 106 ----a-w C:\Users\dell\AppData\Roaming\wklnhst.dat
2007-10-05 13:33 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-05 13:33 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2007-10-05 13:33 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\s\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-14 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-12 81920]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-12 106496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 815104]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RK Launcher.lnk - C:\Users\dell\Desktop\ ©ںê¤\ ©ëںê¤ «ل¥ ںéêè¢ \RKLauncher.exe [2008-07-06 708608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-06-11 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe"
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"SigmatelSysTrayApp"=sttray.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A8B76320-8323-4971-95EA-07325D9558C1}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{355967B9-5C02-4532-A8AB-67180DD993B9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F12563C5-0B48-4332-989C-ABEB37AD4A97}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{788CCD0C-6F09-4C62-ABB5-4747AF12823E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A939B521-DBDF-407E-A929-E9A825C62C81}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{71B98131-BAAA-4AFC-AB51-6D14993AF0DC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88DDFD6D-70A2-4A1C-A05C-1094F7A6D8BD}"= UDP:C:\Program Files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{34E93AE8-5437-4F47-B046-D1A329586B10}"= TCP:C:\Program Files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{3DE7EDE2-B8E0-4A27-809C-E334D7281906}"= UDP:C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{67329A89-B50B-47BC-99E5-27383E9A2822}"= TCP:C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{20FA1FD2-8766-42EF-937F-745C2D503CCF}"= UDP:C:\Program Files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{927B52FB-16EB-4B5E-9E28-1A82D2BFC16A}"= TCP:C:\Program Files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{F329647E-EC42-445F-80A5-6AF9E7AE0DBD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B7867CA8-99F3-4908-8E84-25BCD989CDE7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{20929B47-D0B3-464F-BA2A-BB8B3B34C32C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C943858A-FD6D-4321-A366-C97554686F06}C:\\users\\dell\\desktop\\valve\\hlds.exe"= UDP:C:\users\dell\desktop\valve\hlds.exe:hlds.exe
"UDP Query User{3FB9BF0B-82B7-4487-A2C9-9B3D5B2AE474}C:\\users\\dell\\desktop\\valve\\hlds.exe"= TCP:C:\users\dell\desktop\valve\hlds.exe:hlds.exe
"TCP Query User{3C843A6E-BD8D-4845-A207-BF3DE066592F}F:\\valve\\hl.exe"= UDP:F:\valve\hl.exe:Half-Life Launcher
"UDP Query User{19BBA6C8-80B1-4B1E-B1D4-37E111369BC3}F:\\valve\\hl.exe"= TCP:F:\valve\hl.exe:Half-Life Launcher
"TCP Query User{90AE2303-AE75-43C0-B8BF-F9F2BCD8312E}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{A21A6083-0350-45D9-BB6D-30AC49FE710F}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"{DC8FFBEC-DF33-47D9-AB77-9B5E307EF4B8}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2B40AFA0-2DD2-4185-BC4E-0CE5308E64D8}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7139AC47-4841-4B7E-A598-0B5024DD8AB1}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{3D0A2E5A-68F4-4950-B049-72B4D77E7C4A}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BE4BEB1F-861D-439C-974F-24F307644007}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9538D690-C17C-40D1-8C0E-B22E4879B39C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86C0C593-687D-4469-BEAD-F76F1D61468D}"= UDP:C:\Program Files\TuneUp Utilities 2008\OneClick.exe:TuneUp 1-Click Maintenance
"{A747D227-AA7B-4F55-B5AB-E0BE8B5F9C96}"= TCP:C:\Program Files\TuneUp Utilities 2008\OneClick.exe:TuneUp 1-Click Maintenance
"TCP Query User{55E41A13-3D14-4C25-BD35-96A6CC41AFB1}C:\\users\\dell\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\dell\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{E36D2C2B-A596-4345-B21C-0E791EDE1F71}C:\\users\\dell\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\dell\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"{F8AEB167-4B0A-4402-B3E9-B8EAE1C2E3D9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AE35B96E-EDF8-4D5C-9A6D-9ABACE87C4AE}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{9D740542-861B-4F85-9FD0-079B9FE550B8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{431ED126-EAA4-4480-B1E9-4E634EE0577B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{19072E26-984E-411C-8161-5D3159EFCCDE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0DDFCC98-A72B-45C1-AC80-AC63C0C9FD71}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C1242F07-212A-4D0F-879F-E020EE7D5CD1}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12 41456]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\Windows\system32\Drivers\cam1690.sys [2006-12-20 121088]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-03 354560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12d5cccc-f1d5-11dc-977a-00197edd8726}]
\shell\AutoRun\command - 8ng8w.com
\shell\explore\Command - 8ng8w.com
\shell\open\Command - 8ng8w.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32755071-4d24-11dd-a8a9-0019b9782b7b}]
\shell\AutoRun\command - semo2x.exe
\shell\explore\Command - semo2x.exe
\shell\open\Command - semo2x.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{456f6590-4f56-11dd-962a-0019b9782b7b}]
\shell\AutoRun\command - 8ng8w.com
\shell\explore\Command - 8ng8w.com
\shell\open\Command - 8ng8w.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a5349bd-e601-11dc-9f8e-00197edd8726}]
\shell\AutoRun\command - 8ng8w.com
\shell\explore\Command - 8ng8w.com
\shell\open\Command - 8ng8w.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a535a39-e601-11dc-9f8e-0019b9782b7b}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5ff4ba1-53e5-11dd-919e-0019b9782b7b}]
\shell\AutoRun\command - F:\8ng8w.com
\shell\explore\Command - F:\8ng8w.com
\shell\open\Command - F:\8ng8w.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea54a25a-1d1b-11dd-8f61-0019b9782b7b}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea54a25e-1d1b-11dd-8f61-0019b9782b7b}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe
.
s of the 'Scheduled Tasks' folder
2008-11-01 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59]
2008-11-01 C:\Windows\Tasks\User_Feed_Synchronization-{4A99BD4C-8428-4ABA-9CF4-64EEDD87518E}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 10:33]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe​

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\59vr3hya.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-11-01 21:56:06
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> G:\Windows\System32\msxml3.dll
.
Completion time: 2008-11-01 22:04:09
ComboFix-quarantined-files.txt 2008-11-01 19:03:59
Pre-Run: 46,652,489,728 bytes free
Post-Run: 46,583,898,112 bytes free
381 --- E O F --- 2008-10-31 00:03:24​



التقرير الثاني:​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:42 PM, on 11/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Users\dell\Desktop\Zyzoom_HijackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨?¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Yahoo! ¤u¨?¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: RK Launcher.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = guardianind.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = guardianind.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = guardianind.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = guardianind.com
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = guardianind.com
O17 - HKLM\System\CS17\Services\Tcpip\Parameters: Domain = guardianind.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9244 bytes​
 
تأييد 0
جار التحليل يا الغالي
 
توقيع : السّاجد لله
تأييد 0
حدد واحذف هذه القيم

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll


O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)


O3 - Toolbar: Yahoo! ¤u¨?¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll


O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



طريقة الحذف

zyzoom-47abf39087.gif



zyzoom-dc3770ae68.gif



نزل هالاداة لتنظيف الجهاز


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



zyzoom-3c0e283670.gif

 
توقيع : السّاجد لله
تأييد 0
اخوي بس في بعض القيم ما انحذفت ليش؟؟؟​
 
تأييد 0
اعمل التالي اولا وبعدين احذف


من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



ثم وافق على اعادة التغشيل


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
اخوي طبق التالي



حمل اداة الكاسبر من الرابط التالي​


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل​


تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير​


zyzoom-3d6517b067.png


zyzoom-7717063ed7.png


zyzoom-cda271da05.png


zyzoom-26888dbf15.png


zyzoom-3f4576c288.png


ثم قم بضغط التقرير ورفعه هنا​


وارفع تقرير هايجاك بعد ماتنتهي​
 
توقيع : صمت السكوت
تأييد 0
يعني اغلق كل صفحات الانترنت قبل الحذف .... جرب و طبق ...؟.
 
توقيع : السّاجد لله
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى