أرجو من الاخوه الاعزااء الفزعه ..احس جهازي مو طبيعي

[صدفه]

السلام عليكم ورحمة الله وبركاته.....
اخواني الاعزاء انا بصراحه ادخل كذا منتدى بس بعد نصيحه احد الاصدقاء في منتداكم ...ودخل وشفته وشف متابعتكم وردودكم بصراحه صابني الطمع اني اطرح مشكلتي .. وماهو بشي غريب فزعتكم ...شاكر لكم..
وهذا تقرير combofix

ComboFix 09-03-03.01 - sawab 03/05/2009 2:23:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1014.662 [GMT 3:00]
Running from: c:\documents and settings\sawab\سطح المكتب\exam\مجلد جديد\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\program files\Bifrost
c:\windows\IE4 Error Log.txt
c:\windows\ktd32.atm
c:\windows\system32\kakle.dll
c:\windows\system32\logondll.dll
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\tx14.dll
c:\windows\system32\tx14_doc.dll
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 23:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-04 23:26 442,400 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-04 23:26 3,640 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-04 23:26 16,884 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-04 23:26 1,888,800 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-04 23:11 --------- d-----w c:\program files\NCH Swift Sound
2009-03-04 01:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-03 14:20 --------- d-----w c:\program files\CubeDesktop
2009-03-03 14:20 --------- d-----w c:\documents and settings\sawab\Application Data\Thinking Minds Budiling Bytes
2009-03-03 01:27 --------- d-----w c:\program files\Passware
2009-02-20 03:44 16,299,862 ------w C:\Persi0.sys
2009-02-20 03:44 --------- d-----w c:\program files\Faronics
2009-02-20 03:34 --------- d-----w c:\documents and settings\sawab\Application Data\U3
2009-02-18 00:03 --------- d-----w c:\program files\Trojan Remover
2009-02-17 13:33 --------- d-----w c:\program files\Obsidium Software Protection System
2009-02-17 08:03 --------- d-----w c:\program files\No-IP
2009-02-17 07:03 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-16 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-15 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-15 23:05 --------- d-----w c:\program files\Yahoo!
2009-02-15 23:05 --------- d-----w c:\documents and settings\sawab\Application Data\Yahoo!
2009-02-15 18:07 --------- d-----w c:\program files\SoftLogica
2009-02-15 17:49 --------- d-----w c:\program files\IP Hider
2009-02-14 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-14 04:25 --------- d-----w c:\program files\Imageshackert
2009-02-14 02:28 --------- d-----w c:\documents and settings\sawab\Application Data\Simply Super Software
2009-02-14 02:28 --------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-12 12:26 737,280 ----a-w c:\windows\iun6002.exe
2009-02-12 12:26 --------- d-----w c:\program files\AutoPlay me
2009-02-12 00:49 650,752 ----a-w c:\windows\is-FQ6J8.exe
2009-02-12 00:49 --------- d-----w c:\program files\Softinterface, Inc
2009-02-12 00:15 --------- d-----w c:\program files\Common Files\Adobe
2009-02-10 11:26 --------- d-----w c:\documents and settings\sawab\Application Data\DMCache
2009-02-10 08:54 --------- d-----w c:\program files\Real_SC
2009-02-10 08:54 --------- d-----w c:\program files\iVocalize Web Conference 4
2009-02-10 08:45 --------- d-----w c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-02-09 22:16 --------- d-----w c:\program files\ShaPlus Google Translator
2009-02-06 13:26 --------- d-----w c:\documents and settings\sawab\Application Data\Talkback
2009-02-06 13:22 --------- d-----w c:\program files\Common Files\xing shared
2009-02-06 13:22 --------- d-----w c:\program files\Common Files\Real
2009-02-06 13:21 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-06 13:21 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-06 13:00 --------- d-----w c:\documents and settings\sawab\Application Data\Xilisoft Corporation
2009-02-06 12:16 --------- d-----w c:\program files\MSN Messenger
2009-02-06 12:16 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-05 18:19 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-04 16:54 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-04 16:54 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-04 16:13 --------- d-----w c:\program files\Kaspersky Lab
2009-02-04 16:12 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-03 13:41 --------- d-----w c:\program files\Common Files\Download Manager
2009-01-31 21:44 --------- d-----w c:\documents and settings\sawab\Application Data\IDM
2009-01-27 21:34 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-27 10:01 --------- d-----w c:\program files\Circle Developement
2009-01-23 01:42 405,504 ----a-r c:\windows\stsystra.exe
2009-01-23 01:42 155,648 ----a-w c:\windows\system32\NeroCheck.exe
2009-01-18 00:51 --------- d--h--w c:\documents and settings\All Users\Application Data\1D2C5
2009-01-05 15:46 --------- d-----w c:\documents and settings\sawab\Application Data\iolo
2009-01-05 15:46 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2009-01-05 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2009-01-05 15:25 74,703 ----a-w c:\windows\system32\mfc45.dll
2009-01-04 15:26 --------- d-----w c:\program files\LtUcx
2008-12-31 20:53 90,112 ----a-w c:\windows\system32\agsaami.dll
2008-12-31 20:53 610,304 ----a-w c:\windows\system32\agsaamg.dll
2008-12-31 20:53 372,736 ----a-w c:\windows\system32\agsaamc.dll
2008-12-31 20:53 2,535,424 ----a-w c:\windows\system32\agsaamj.dll
2008-12-31 20:53 196,608 ----a-w c:\windows\system32\maag.dll
2008-12-31 20:53 1,986,560 ----a-w c:\windows\system32\akll.dll
2008-12-31 20:53 1,245,184 ----a-w c:\windows\system32\bkll.dll
2008-12-31 20:53 1,212,416 ----a-w c:\windows\system32\ckll.dll
2008-12-31 20:52 155,995 ----a-w c:\windows\java\Packages\PVPN3NZ3.ZIP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:55 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [02/05/2009 09:19 PM 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [02/06/2009 04:21 PM 185872]
"IPHider"="c:\program files\IP Hider\IP Hider.exe" [01/06/2009 11:11 AM 1351680]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\sawab\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-02-14 1172992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Bluetooth.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^sawab^قائمة ابدأ^البرامج^بدء التشغيل^AMSN.lnk]
path=c:\documents and settings\sawab\قائمة ابدأ\البرامج\بدء التشغيل\AMSN.lnk
backup=c:\windows\pss\AMSN.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 10/15/2008 01:04 AM 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 12:56 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 09/05/2007 05:13 PM 166424 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 02/04/2009 04:57 PM 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 01/23/2009 03:19 AM 1667584 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 01/19/2007 12:55 PM 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 01/23/2009 04:42 AM 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 09/05/2007 05:13 PM 137752 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
-ra------ 01/23/2009 04:40 AM 405504 c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 02/01/2008 05:22 PM 21898024 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 02/06/2009 04:21 PM 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 02/18/2009 03:01 AM 1214856 c:\program files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IP Hider\\IP Hider.exe"=
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2007-10-25 131472]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-31 105984]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{774e9e60-fcc9-11dd-b17c-001e4cddb9a0}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-CubeDesktop - (no file)
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)
HKLM-Explorer_Run-61D2C - d:\spymypc_proحفظ كل مايكتب بالكمبيوتر\61D2C.exe
Notify-DfLogon - LogonDll.dll
MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
MSConfigStartUp-IDMan - c:\documents and settings\sawab\سطح المكتب\Internet Download Manage1r\IDMan.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\documents and settings\sawab\سطح المكتب\Internet Download Manage1r\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\documents and settings\sawab\سطح المكتب\Internet Download Manage1r\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\documents and settings\sawab\سطح المكتب\Internet Download Manage1r\IEGetVL.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
txtfile=NOTEPAD %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
vbefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-05 02:28:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-861567501-1123561945-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{66A3C523-FDA7-AFA9-155E-9FD89C630AA8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"habjgdnnggmifglh"=hex:61,61,00,7c
"jabjgdnnggmifglhhjib"=hex:63,61,63,6c,68,69,00,7c
"pajidhmhbicglalbdpinbdccipaknjcg"=hex:65,61,6f,69,64,6f,6d,6b,6d,63,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):61,c4,5f,8a,8e,63,ab,3c,e9,70,06,5b,d3,3b,34,d3,9a,3c,63,9d,52,
00,a9,c5,88,01,fd,d8,6d,f2,fb,37,03,4b,36,41,26,b8,1f,45,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b04241d2-d699-405b-b67f-bdf678b0fe7f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000021
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,74,a0,9a,84,ea,d4,5b,16,bf,07,c7,47,59,bf,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\windows\system32\stacsv.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 03/05/2009 2:32:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 23:31:58
Pre-Run: 30,776,475,648 bytes free
Post-Run: 31,230,533,632 bytes free
273 --- E O F --- 2009-02-28 12:57:01

 

[المانسي]

الله يبارك فيك
هات تقرير هايجيك

 

[صدفه]

وهذا تقرير الهايجاك وتقبل تحياتي .. واشكرك على مرورك واهتمامك اخوي ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:02, on 07/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Documents and Settings\sawab\Local Settings\Temporary Internet Files\*******.IE5\WXYFSPUV\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Win32 Service] C:\Program Files\server.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Win32 Service] C:\Program Files\server.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Documents and Settings\sawab\سطح المكتب\Internet Download Manage1r\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Documents and Settings\sawab\سطح المكتب\Internet Download Manage1r\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Documents and Settings\sawab\سطح المكتب\Internet Download Manage1r\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 7693 bytes

 

[صدفه]

يالذيب مابي اغلبك معاي .. بس على أئل من مهلك<<كذا بالمصري صح :d:
يعني متى مافضيت شوفلياه لاهنت

 

[المانسي]

حدد التالي ثم احذفه

O4 - HKLM\..\Run: [Win32 Service] C:\Program Files\server.exe

O4 - HKCU\..\Run: [Win32 Service] C:\Program Files\server.exe


طريقة الحذف

​

​

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود​

ثم نزل هذه الاداة واتبع الشرح التالي​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط ​

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

ثم

عطل استعادة النظام حسب الشرح التالي

​

ثم حدث برنامج الكاسبر وافحص جهازك كاملا​

​

 

[صدفه]

يعطيك العافيه يالغلا تعبناك معنا ...
بس عندي مشكله .. اذا سويت ابديت لكاسبر يعطيني باللون الاحمر your computer security is at risk
ومايقبل التحديث حتى لو سويت سكان له يقول الكمبيوتر في خطر ..
أنا يطلعلي كمبيوترك في خطر :y:
سويت كل الي قلتلي بس ياخي مدري وش سالفته :b:
كاسبر انتي سكيورتي 2009
تشكراتي ،،،،