مشكل في خيارات المجلد

  • بادئ الموضوع بادئ الموضوع hamza_39
  • تاريخ البدء تاريخ البدء
  • المشاهدات 775
H

hamza_39

زيزوومي جديد
إنضم
16 مايو 2008
المشاركات
19
مستوى التفاعل
0
النقاط
20
الإقامة
ugig
غير متصل
لدي فيريس يعمل على إعادة إخفاء المجلدات المخفية بعد ان اقوم بإضهارها
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، انسخه والصقه بردك القادم
 
تأييد 0
ComboFix 08-12-05.06 - Administrator 2008-12-06 14:52:32.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.126 [GMT 1:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Cache\000EF836.bin
c:\program files\MyWebSearch\bar\Cache\000F5CFB.bin
c:\program files\MyWebSearch\bar\Cache\000F5ED0.bin
c:\program files\MyWebSearch\bar\Cache\000F63A2.bin
c:\program files\MyWebSearch\bar\Cache\0092995B
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-04 22:38 . 2008-12-04 22:38 <DIR> d-------- c:\program files\RM to MP3 Converter
2008-12-04 18:17 . 2008-12-04 18:17 <DIR> d--hs---- C:\FOUND.008
2008-12-03 18:17 . 2008-12-03 18:17 <DIR> d-------- c:\windows\system32\Adobe
2008-11-30 23:22 . 2008-11-30 23:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-30 23:22 . 2008-11-30 23:22 1,409 --a------ c:\windows\QTFont.for
2008-11-30 23:07 . 2008-11-30 23:07 <DIR> d--hs---- C:\FOUND.007
2008-11-28 20:45 . 2008-11-28 20:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM
2008-11-28 20:44 . 2008-11-28 20:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype
2008-11-28 19:34 . 2008-11-28 19:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire
2008-11-26 21:15 . 2008-11-26 21:15 <DIR> d-------- c:\program files\DAP
2008-11-26 21:15 . 2008-11-26 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2008-11-26 21:15 . 2008-11-26 21:15 479,298 --a------ c:\windows\system32\wbocx.ocx
2008-11-26 21:15 . 2008-11-26 21:15 172,032 --a------ c:\windows\system32\AniGIF.ocx
2008-11-26 21:15 . 2008-11-26 21:15 50,688 --a------ c:\windows\system32\wbhelp2.dll
2008-11-26 19:16 . 2008-11-26 19:16 <DIR> d-------- c:\program files\AnswerWorks 4.0
2008-11-26 19:14 . 2008-11-26 19:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2008-11-26 19:12 . 2008-11-26 19:12 <DIR> d-------- c:\program files\Autodesk
2008-11-26 18:45 . 2008-11-26 18:45 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-24 19:17 . 2008-11-24 19:17 <DIR> d-------- C:\Temp
2008-11-23 17:39 . 2008-11-23 17:39 <DIR> d-------- c:\windows\pdf2word
2008-11-23 17:39 . 2008-11-23 17:39 <DIR> d-------- c:\program files\UltiConverters
2008-11-23 17:38 . 2008-11-23 17:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UltiConverters
2008-11-22 22:34 . 2008-11-22 22:34 0 --a------ c:\windows\system32\FOXIT_PDF
2008-11-22 16:32 . 2004-08-04 01:55 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-22 16:30 . 2008-11-22 16:30 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-21 19:15 . 2008-11-21 19:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GRETECH
2008-11-21 18:41 . 2008-11-21 18:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Camfrog
2008-11-21 17:17 . 2008-11-21 17:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Autodesk
2008-11-21 11:41 . 2008-11-21 11:42 11,776 --ahs---- c:\windows\Thumbs.db
2008-11-19 21:07 . 2004-08-04 00:55 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-19 21:07 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-19 21:07 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-11-19 21:07 . 2001-09-18 14:04 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-19 18:44 . 2008-11-19 18:44 <DIR> d--hs---- C:\FOUND.006
2008-11-19 16:13 . 2008-11-19 16:13 <DIR> d--hs---- C:\FOUND.005
2008-11-10 19:37 . 2008-11-10 19:37 <DIR> d--hs---- C:\FOUND.004
2008-11-08 01:31 . 2008-11-08 01:31 <DIR> d-------- c:\program files\Avira
2008-11-08 01:31 . 2008-11-08 01:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-08 00:24 . 2008-11-08 00:24 0 --a------ c:\windows\PanelExe.INI
2008-11-08 00:06 . 2008-11-08 00:06 <DIR> d-------- c:\windows\system32\DRVSTORE
2008-11-08 00:05 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-11-08 00:03 . 2008-11-08 00:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-11-06 08:36 . 2001-09-18 13:38 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-06 08:36 . 2001-09-18 13:38 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2008-11-06 08:36 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-06 08:36 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-05 21:49 --------- d-----w c:\documents and settings\Administrator\Application Data\Free Download Manager
2008-11-05 21:48 --------- d-----w c:\program files\Free Download Manager
2008-11-04 16:01 --------- d-----w c:\program files\MSBuild
2008-11-04 16:01 --------- d-----w c:\program files\Microsoft Works
2008-11-04 16:00 --------- d-----w c:\program files\Microsoft.NET
2008-11-02 21:50 --------- d-----w c:\program files\Camfrog
2008-11-02 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-02 18:51 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-11-02 18:51 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-11-02 18:51 --------- d-----w c:\program files\Common Files\xing shared
2008-10-31 23:39 --------- d-----w c:\program files\Ela-Salaty
2008-10-31 23:20 --------- d-----w c:\program files\Quranzu1
2008-10-27 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-26 16:33 --------- d-----w c:\program files\AMT
2008-10-25 20:08 --------- d-----w c:\program files\CCleaner
2008-10-21 21:00 --------- d-----w c:\program files\ARCHICAD 10
2008-10-21 18:47 --------- d-----w c:\program files\WIBUKEY(2)
2008-10-17 22:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2008-10-16 19:40 --------- d-----w c:\documents and settings\Administrator\Application Data\Graphisoft
2008-10-16 19:24 --------- d-----w c:\program files\WIBU-SYSTEMS
2008-10-16 19:22 --------- d-----w c:\program files\QuickTime
2008-10-16 19:14 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-15 19:55 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2008-10-12 20:13 --------- d-----w c:\program files\Java
2008-10-11 22:25 --------- d-----w c:\program files\Foxit Software
2008-10-11 22:02 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-10-10 23:10 --------- d-----w c:\program files\Skype
2008-10-10 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-10 11:44 --------- d-----w c:\program files\Real
2008-10-10 11:44 --------- d-----w c:\program files\Common Files\Real
2008-10-10 11:14 --------- d-----w c:\program files\Opera
2008-10-10 10:48 --------- d-----w c:\program files\GRETECH
2008-10-10 10:48 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2008-10-10 09:47 --------- d-----w c:\program files\Google
2008-10-10 06:55 94,208 ----a-w c:\windows\system32\ScrUnZip.dll
2008-10-09 19:06 --------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2008-10-08 02:26 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-10-08 02:19 --------- d-----w c:\program files\Common Files\Adobe
2008-10-08 02:16 315,392 ----a-w c:\windows\HideWin.exe
2008-10-08 02:16 --------- d-----w c:\program files\Realtek
2008-10-08 02:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-08 00:46 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-31 39408]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-16 155648]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-06 22528]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-02 185872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-03-05 5205504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"ForceClassicControlPanel"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoChange"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ARCHICAD 10\\ArchiCAD 10\\ArchiCAD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9393:TCP"= 9393:TCP:BitComet 9393 TCP
"9393:UDP"= 9393:UDP:BitComet 9393 UDP


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002377c8-ab6c-11dd-8b65-001837050f72}]
\Shell\AutoRun\command - H:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7a86334-a375-11dd-8b47-001837050f72}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.dz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free Download Manager تحميل الفيديو بواسطة - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: تحميل المحددة بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlselected.htm
IE: تنزيل الكل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlall.htm
IE: تنزيل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dllink.htm
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7cha97m.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF -: plugin - c:\program files\Opera\program\plugins\NPOFF12.DLL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-06 14:55:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\windows\SYSTEM32\CAP3RSK.EXE
c:\program files\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
c:\program files\WINZIP\WZQKPICK.EXE
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-06 14:56:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 13:56:04

Pre-Run: 12 749 684 736 bytes free
Post-Run: 12,678,807,552 bytes free

251
 
تأييد 0
جهازك فيه اصابات وتم حذفها

اعمل التالي

(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
التقرير الذي طلبت max

hamza_39 قال:
ComboFix 08-12-05.06 - Administrator 2008-12-06 14:52:32.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.126 [GMT 1:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Cache\000EF836.bin
c:\program files\MyWebSearch\bar\Cache\000F5CFB.bin
c:\program files\MyWebSearch\bar\Cache\000F5ED0.bin
c:\program files\MyWebSearch\bar\Cache\000F63A2.bin
c:\program files\MyWebSearch\bar\Cache\0092995B
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-04 22:38 . 2008-12-04 22:38 <DIR> d-------- c:\program files\RM to MP3 Converter
2008-12-04 18:17 . 2008-12-04 18:17 <DIR> d--hs---- C:\FOUND.008
2008-12-03 18:17 . 2008-12-03 18:17 <DIR> d-------- c:\windows\system32\Adobe
2008-11-30 23:22 . 2008-11-30 23:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-30 23:22 . 2008-11-30 23:22 1,409 --a------ c:\windows\QTFont.for
2008-11-30 23:07 . 2008-11-30 23:07 <DIR> d--hs---- C:\FOUND.007
2008-11-28 20:45 . 2008-11-28 20:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM
2008-11-28 20:44 . 2008-11-28 20:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype
2008-11-28 19:34 . 2008-11-28 19:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire
2008-11-26 21:15 . 2008-11-26 21:15 <DIR> d-------- c:\program files\DAP
2008-11-26 21:15 . 2008-11-26 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2008-11-26 21:15 . 2008-11-26 21:15 479,298 --a------ c:\windows\system32\wbocx.ocx
2008-11-26 21:15 . 2008-11-26 21:15 172,032 --a------ c:\windows\system32\AniGIF.ocx
2008-11-26 21:15 . 2008-11-26 21:15 50,688 --a------ c:\windows\system32\wbhelp2.dll
2008-11-26 19:16 . 2008-11-26 19:16 <DIR> d-------- c:\program files\AnswerWorks 4.0
2008-11-26 19:14 . 2008-11-26 19:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2008-11-26 19:12 . 2008-11-26 19:12 <DIR> d-------- c:\program files\Autodesk
2008-11-26 18:45 . 2008-11-26 18:45 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-24 19:17 . 2008-11-24 19:17 <DIR> d-------- C:\Temp
2008-11-23 17:39 . 2008-11-23 17:39 <DIR> d-------- c:\windows\pdf2word
2008-11-23 17:39 . 2008-11-23 17:39 <DIR> d-------- c:\program files\UltiConverters
2008-11-23 17:38 . 2008-11-23 17:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UltiConverters
2008-11-22 22:34 . 2008-11-22 22:34 0 --a------ c:\windows\system32\FOXIT_PDF
2008-11-22 16:32 . 2004-08-04 01:55 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-22 16:30 . 2008-11-22 16:30 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-21 19:15 . 2008-11-21 19:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GRETECH
2008-11-21 18:41 . 2008-11-21 18:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Camfrog
2008-11-21 17:17 . 2008-11-21 17:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Autodesk
2008-11-21 11:41 . 2008-11-21 11:42 11,776 --ahs---- c:\windows\Thumbs.db
2008-11-19 21:07 . 2004-08-04 00:55 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-19 21:07 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-19 21:07 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-11-19 21:07 . 2001-09-18 14:04 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-19 18:44 . 2008-11-19 18:44 <DIR> d--hs---- C:\FOUND.006
2008-11-19 16:13 . 2008-11-19 16:13 <DIR> d--hs---- C:\FOUND.005
2008-11-10 19:37 . 2008-11-10 19:37 <DIR> d--hs---- C:\FOUND.004
2008-11-08 01:31 . 2008-11-08 01:31 <DIR> d-------- c:\program files\Avira
2008-11-08 01:31 . 2008-11-08 01:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-08 00:24 . 2008-11-08 00:24 0 --a------ c:\windows\PanelExe.INI
2008-11-08 00:06 . 2008-11-08 00:06 <DIR> d-------- c:\windows\system32\DRVSTORE
2008-11-08 00:05 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-11-08 00:03 . 2008-11-08 00:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-11-06 08:36 . 2001-09-18 13:38 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-06 08:36 . 2001-09-18 13:38 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2008-11-06 08:36 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-06 08:36 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-05 21:49 --------- d-----w c:\documents and settings\Administrator\Application Data\Free Download Manager
2008-11-05 21:48 --------- d-----w c:\program files\Free Download Manager
2008-11-04 16:01 --------- d-----w c:\program files\MSBuild
2008-11-04 16:01 --------- d-----w c:\program files\Microsoft Works
2008-11-04 16:00 --------- d-----w c:\program files\Microsoft.NET
2008-11-02 21:50 --------- d-----w c:\program files\Camfrog
2008-11-02 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-02 18:51 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-11-02 18:51 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-11-02 18:51 --------- d-----w c:\program files\Common Files\xing shared
2008-10-31 23:39 --------- d-----w c:\program files\Ela-Salaty
2008-10-31 23:20 --------- d-----w c:\program files\Quranzu1
2008-10-27 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-26 16:33 --------- d-----w c:\program files\AMT
2008-10-25 20:08 --------- d-----w c:\program files\CCleaner
2008-10-21 21:00 --------- d-----w c:\program files\ARCHICAD 10
2008-10-21 18:47 --------- d-----w c:\program files\WIBUKEY(2)
2008-10-17 22:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2008-10-16 19:40 --------- d-----w c:\documents and settings\Administrator\Application Data\Graphisoft
2008-10-16 19:24 --------- d-----w c:\program files\WIBU-SYSTEMS
2008-10-16 19:22 --------- d-----w c:\program files\QuickTime
2008-10-16 19:14 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-15 19:55 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2008-10-12 20:13 --------- d-----w c:\program files\Java
2008-10-11 22:25 --------- d-----w c:\program files\Foxit Software
2008-10-11 22:02 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-10-10 23:10 --------- d-----w c:\program files\Skype
2008-10-10 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-10 11:44 --------- d-----w c:\program files\Real
2008-10-10 11:44 --------- d-----w c:\program files\Common Files\Real
2008-10-10 11:14 --------- d-----w c:\program files\Opera
2008-10-10 10:48 --------- d-----w c:\program files\GRETECH
2008-10-10 10:48 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2008-10-10 09:47 --------- d-----w c:\program files\Google
2008-10-10 06:55 94,208 ----a-w c:\windows\system32\ScrUnZip.dll
2008-10-09 19:06 --------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2008-10-08 02:26 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-10-08 02:19 --------- d-----w c:\program files\Common Files\Adobe
2008-10-08 02:16 315,392 ----a-w c:\windows\HideWin.exe
2008-10-08 02:16 --------- d-----w c:\program files\Realtek
2008-10-08 02:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-08 00:46 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-31 39408]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-16 155648]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-06 22528]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-02 185872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-03-05 5205504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"ForceClassicControlPanel"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoChange"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ARCHICAD 10\\ArchiCAD 10\\ArchiCAD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9393:TCP"= 9393:TCP:BitComet 9393 TCP
"9393:UDP"= 9393:UDP:BitComet 9393 UDP


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002377c8-ab6c-11dd-8b65-001837050f72}]
\Shell\AutoRun\command - H:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7a86334-a375-11dd-8b47-001837050f72}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.dz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free Download Manager تحميل الفيديو بواسطة - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: تحميل المحددة بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlselected.htm
IE: تنزيل الكل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlall.htm
IE: تنزيل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dllink.htm
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7cha97m.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF -: plugin - c:\program files\Opera\program\plugins\NPOFF12.DLL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-06 14:55:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\windows\SYSTEM32\CAP3RSK.EXE
c:\program files\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
c:\program files\WINZIP\WZQKPICK.EXE
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-06 14:56:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 13:56:04

Pre-Run: 12 749 684 736 bytes free
Post-Run: 12,678,807,552 bytes free

251
أنقر للتوسيع...
شــــــــــــــــــــــــــــــــــــــــــــــــكرا
 
تأييد 0
الرد

hamza_39 قال:
ComboFix 08-12-05.06 - Administrator 2008-12-06 14:52:32.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.126 [GMT 1:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Cache\000EF836.bin
c:\program files\MyWebSearch\bar\Cache\000F5CFB.bin
c:\program files\MyWebSearch\bar\Cache\000F5ED0.bin
c:\program files\MyWebSearch\bar\Cache\000F63A2.bin
c:\program files\MyWebSearch\bar\Cache\0092995B
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-04 22:38 . 2008-12-04 22:38 <DIR> d-------- c:\program files\RM to MP3 Converter
2008-12-04 18:17 . 2008-12-04 18:17 <DIR> d--hs---- C:\FOUND.008
2008-12-03 18:17 . 2008-12-03 18:17 <DIR> d-------- c:\windows\system32\Adobe
2008-11-30 23:22 . 2008-11-30 23:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-30 23:22 . 2008-11-30 23:22 1,409 --a------ c:\windows\QTFont.for
2008-11-30 23:07 . 2008-11-30 23:07 <DIR> d--hs---- C:\FOUND.007
2008-11-28 20:45 . 2008-11-28 20:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM
2008-11-28 20:44 . 2008-11-28 20:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype
2008-11-28 19:34 . 2008-11-28 19:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire
2008-11-26 21:15 . 2008-11-26 21:15 <DIR> d-------- c:\program files\DAP
2008-11-26 21:15 . 2008-11-26 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2008-11-26 21:15 . 2008-11-26 21:15 479,298 --a------ c:\windows\system32\wbocx.ocx
2008-11-26 21:15 . 2008-11-26 21:15 172,032 --a------ c:\windows\system32\AniGIF.ocx
2008-11-26 21:15 . 2008-11-26 21:15 50,688 --a------ c:\windows\system32\wbhelp2.dll
2008-11-26 19:16 . 2008-11-26 19:16 <DIR> d-------- c:\program files\AnswerWorks 4.0
2008-11-26 19:14 . 2008-11-26 19:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2008-11-26 19:12 . 2008-11-26 19:12 <DIR> d-------- c:\program files\Autodesk
2008-11-26 18:45 . 2008-11-26 18:45 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-24 19:17 . 2008-11-24 19:17 <DIR> d-------- C:\Temp
2008-11-23 17:39 . 2008-11-23 17:39 <DIR> d-------- c:\windows\pdf2word
2008-11-23 17:39 . 2008-11-23 17:39 <DIR> d-------- c:\program files\UltiConverters
2008-11-23 17:38 . 2008-11-23 17:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UltiConverters
2008-11-22 22:34 . 2008-11-22 22:34 0 --a------ c:\windows\system32\FOXIT_PDF
2008-11-22 16:32 . 2004-08-04 01:55 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-22 16:30 . 2008-11-22 16:30 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-21 19:15 . 2008-11-21 19:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GRETECH
2008-11-21 18:41 . 2008-11-21 18:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Camfrog
2008-11-21 17:17 . 2008-11-21 17:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Autodesk
2008-11-21 11:41 . 2008-11-21 11:42 11,776 --ahs---- c:\windows\Thumbs.db
2008-11-19 21:07 . 2004-08-04 00:55 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-19 21:07 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-19 21:07 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-11-19 21:07 . 2001-09-18 14:04 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-19 18:44 . 2008-11-19 18:44 <DIR> d--hs---- C:\FOUND.006
2008-11-19 16:13 . 2008-11-19 16:13 <DIR> d--hs---- C:\FOUND.005
2008-11-10 19:37 . 2008-11-10 19:37 <DIR> d--hs---- C:\FOUND.004
2008-11-08 01:31 . 2008-11-08 01:31 <DIR> d-------- c:\program files\Avira
2008-11-08 01:31 . 2008-11-08 01:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-08 00:24 . 2008-11-08 00:24 0 --a------ c:\windows\PanelExe.INI
2008-11-08 00:06 . 2008-11-08 00:06 <DIR> d-------- c:\windows\system32\DRVSTORE
2008-11-08 00:05 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-11-08 00:03 . 2008-11-08 00:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2008-11-06 08:36 . 2001-09-18 13:38 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-06 08:36 . 2001-09-18 13:38 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2008-11-06 08:36 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-06 08:36 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 21:49 --------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2008-11-05 21:49 --------- d-----w c:\documents and settings\Administrator\Application Data\Free Download Manager
2008-11-05 21:48 --------- d-----w c:\program files\Free Download Manager
2008-11-04 16:01 --------- d-----w c:\program files\MSBuild
2008-11-04 16:01 --------- d-----w c:\program files\Microsoft Works
2008-11-04 16:00 --------- d-----w c:\program files\Microsoft.NET
2008-11-02 21:50 --------- d-----w c:\program files\Camfrog
2008-11-02 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-02 18:51 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-11-02 18:51 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-11-02 18:51 --------- d-----w c:\program files\Common Files\xing shared
2008-10-31 23:39 --------- d-----w c:\program files\Ela-Salaty
2008-10-31 23:20 --------- d-----w c:\program files\Quranzu1
2008-10-27 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-26 16:33 --------- d-----w c:\program files\AMT
2008-10-25 20:08 --------- d-----w c:\program files\CCleaner
2008-10-21 21:00 --------- d-----w c:\program files\ARCHICAD 10
2008-10-21 18:47 --------- d-----w c:\program files\WIBUKEY(2)
2008-10-17 22:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2008-10-16 19:40 --------- d-----w c:\documents and settings\Administrator\Application Data\Graphisoft
2008-10-16 19:24 --------- d-----w c:\program files\WIBU-SYSTEMS
2008-10-16 19:22 --------- d-----w c:\program files\QuickTime
2008-10-16 19:14 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-15 19:55 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2008-10-12 20:13 --------- d-----w c:\program files\Java
2008-10-11 22:25 --------- d-----w c:\program files\Foxit Software
2008-10-11 22:02 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-10-10 23:10 --------- d-----w c:\program files\Skype
2008-10-10 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-10 11:44 --------- d-----w c:\program files\Real
2008-10-10 11:44 --------- d-----w c:\program files\Common Files\Real
2008-10-10 11:14 --------- d-----w c:\program files\Opera
2008-10-10 10:48 --------- d-----w c:\program files\GRETECH
2008-10-10 10:48 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2008-10-10 09:47 --------- d-----w c:\program files\Google
2008-10-10 06:55 94,208 ----a-w c:\windows\system32\ScrUnZip.dll
2008-10-09 19:06 --------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2008-10-08 02:26 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-10-08 02:19 --------- d-----w c:\program files\Common Files\Adobe
2008-10-08 02:16 315,392 ----a-w c:\windows\HideWin.exe
2008-10-08 02:16 --------- d-----w c:\program files\Realtek
2008-10-08 02:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-08 00:46 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-31 39408]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-16 155648]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-06 22528]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-02 185872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-03-05 5205504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"ForceClassicControlPanel"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoChange"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ARCHICAD 10\\ArchiCAD 10\\ArchiCAD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9393:TCP"= 9393:TCP:BitComet 9393 TCP
"9393:UDP"= 9393:UDP:BitComet 9393 UDP


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002377c8-ab6c-11dd-8b65-001837050f72}]
\Shell\AutoRun\command - H:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7a86334-a375-11dd-8b47-001837050f72}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.dz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free Download Manager تحميل الفيديو بواسطة - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: تحميل المحددة بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlselected.htm
IE: تنزيل الكل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlall.htm
IE: تنزيل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dllink.htm
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7cha97m.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF -: plugin - c:\program files\Opera\program\plugins\NPOFF12.DLL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-06 14:55:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\windows\SYSTEM32\CAP3RSK.EXE
c:\program files\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
c:\program files\WINZIP\WZQKPICK.EXE
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-06 14:56:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 13:56:04

Pre-Run: 12 749 684 736 bytes free
Post-Run: 12,678,807,552 bytes free

251
أنقر للتوسيع...

شكرا
 
تأييد 0
AbOdy قال:
جهازك فيه اصابات وتم حذفها

اعمل التالي

(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
أنقر للتوسيع...
:ok:
 
التعديل الأخير بواسطة المشرف:
تأييد 0
التقرير2 الذي طلبت max

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:25, on 06/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\سطح المكتب\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE3833A5-BCB1-4CED-9E2C-D3A5D0123B4A}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 6993 bytes شــــــــــــــــــــــــــــــــــــتكرا
 
تأييد 0
حدد القيم التالية واحذفها

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


طريقة الحذف

mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))


استخدم هذه الاداة ,, شغلها وانتظر حتى تظهر رسالة تطلب اعادة التشغيل
اعد التشغيل وبلغنا النتائج
الحجم : 365 كيلوبايت
التوافق : ويندوز اكسبي ( فقط )



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى