جهازي يعلق له يومين

ا

ابو نايف العتيبي

زيزوومي نشيط
إنضم
9 يناير 2008
المشاركات
112
مستوى التفاعل
3
النقاط
120
غير متصل
السلام عليكم ورحمه الله وبركاته
كيف الحال شباااب
اخواني انا لي يومين الجهاز بطيئ ةوواحيانا الريل بلير يعلق والمتصفح يعلق بعدها يرجع لطبيعته
انا شيكت قلت يمكن من الرام كثرة البرامج في الجهاز
فشكيت واحس انه فايروس في جهازي لكن الحمايه ماصاده سويت سكان مالقيت شي ولما دخل الدي بطيئ
ابقى اطريقه احذف الفايروس ولا كيف اعرف ان جهازي فيه فايروس....
وان كانه فايروس عندي حدس اتوقع فايروس من الايميل يمكن احد من الاهل فاك رساله ولا شي ونزل فايروس
ما اتوقع من البرامج هذا احساس مجرد تخمين من عندي
عطوني حل قبل لا اسوي فورمات
ارجو الرد وعدم اهمال الموضوع
تحياتي لكم
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام
الله يحييك اخوي
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
باررك الله فيك وفي مجهود ك_وجزاك الله من واسع فضله اخوي المانسي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:54:42 ص, on 07/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tcg2\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: TBSB09737 - {36553CAC-7228-4F16-B057-28DE0A8A3839} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: TBSB01923 - {7FF4E31C-74EB-433D-A8AA-A12A99521674} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Bluetooth] C:\Program Files\Windows NT\Bluetooth\bluetooth.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Dead deaf] C:\DOCUME~1\Tcg2\APPLIC~1\MAILFU~1\Site 16 Dale.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\Windows NT\Bluetooth\bluetooth.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
O9 - Extra 'Tools' menuitem: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9648 bytes
 
تأييد 0
في البدايه من اضافة وازاله البرامج احذف Toolbar

احذف التالي يالغلا

O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)

O9 - Extra 'Tools' menuitem: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll

O9 - Extra button: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll

O4 - HKCU\..\Run: [Dead deaf] C:\DOCUME~1\Tcg2\APPLIC~1\MAILFU~1\Site 16 Dale.exe

O3 - Toolbar: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll

O2 - BHO: TBSB01923 - {7FF4E31C-74EB-433D-A8AA-A12A99521674} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll

O2 - BHO: TBSB09737 - {36553CAC-7228-4F16-B057-28DE0A8A3839} - C:\Program Files\IEToolbar\Sahate Toolbar\sahate.dll
طريقة الحذف للاكس بي


mg%20%283%29.png



mg%20%284%29.png


بعدين استخدم هذه الاداة للتنظيف

قبل تحميل الاداة اعمل للكاسبر خروج


i72j1t42q3.jpg


رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

شرح الاستخدام ,,,,,,

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور



000.png



001.png




002.png




003.png




004.png




005.png



 
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد 0
بارك الله فيك أخي الفاضل KoNaMi



SmitFraudFix
v2.400
Scan done at 16:54:58.76, Sat 03/07/2009
Run from C:\Documents and Settings\Tcg2\«ل¥ ںéêè¢ \SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A38865E8-69AF-4001-902A-DC14A604E20C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A38865E8-69AF-4001-902A-DC14A604E20C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A38865E8-69AF-4001-902A-DC14A604E20C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
تأييد 0
اعمل التالي
عطل استعادة النظام حسب الشرح التالي

dis_sys_xp.jpg


ثم هات تقرير اخر هايجيك
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:28, on 07/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tcg2\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Bluetooth] C:\Program Files\Windows NT\Bluetooth\bluetooth.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Dead deaf] C:\DOCUME~1\Tcg2\APPLIC~1\MAILFU~1\Site 16 Dale.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\Windows NT\Bluetooth\bluetooth.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7579 bytes
 
تأييد 0
طبق الحل التالي وبالترتيب اخوي

اولا

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
 بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
 انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثانيا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني

 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
ComboFix 09-03-06.02 - Tcg2 03/07/2009 20:04:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1014.613 [GMT 3:00]
Running from: c:\documents and settings\Tcg2\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Tcg2\Application Data\.#
c:\documents and settings\Tcg2\Application Data\.#\MBX@BEC@B64130.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@BEC@B64160.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@BEC@B64190.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@D00@B64130.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@D00@B64160.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@D00@B64190.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@F34@B64130.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@F34@B64160.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@F34@B64190.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@F8C@B64130.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@F8C@B64160.###
c:\documents and settings\Tcg2\Application Data\.#\MBX@F8C@B64190.###
c:\program files\IEToolbar
c:\windows\IE4 Error Log.txt
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\kakle.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 17:08 606,240 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-07 17:08 4,200 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-07 17:08 --------- d-----w c:\documents and settings\Tcg2\Application Data\DMCache
2009-03-07 17:06 20,776 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-07 17:06 2,386,976 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-07 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-06 20:25 67,960 ----a-w c:\windows\system32\drivers\btwusb.sys
2009-03-06 20:25 55,352 ----a-w c:\windows\system32\drivers\btwhid.sys
2009-03-06 20:25 539,072 ----a-w c:\windows\system32\drivers\btaudio.sys
2009-03-06 20:25 37,424 ----a-w c:\windows\system32\drivers\btport.sys
2009-03-06 20:25 37,280 ----a-w c:\windows\system32\drivers\btwmodem.sys
2009-03-06 20:25 149,123 ----a-w c:\windows\system32\drivers\btwdndis.sys
2009-03-06 17:04 --------- d-----w c:\program files\WIDCOMM
2009-03-06 16:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-05 21:31 --------- d-----w c:\program files\Circle Developeent
2009-03-05 06:09 --------- d-----w c:\documents and settings\Tcg2\Application Data\Skype
2009-03-05 05:43 --------- d-----w c:\documents and settings\Tcg2\Application Data\skypePM
2009-03-05 02:40 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-05 02:35 --------- d-----w c:\program files\Nero
2009-03-05 02:35 --------- d-----w c:\program files\Common Files\Nero
2009-03-05 02:35 --------- d-----w c:\documents and settings\Tcg2\Application Data\Nero
2009-02-27 16:10 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-02-27 16:08 --------- d-----w c:\program files\HP
2009-02-27 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-02-27 16:07 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-27 16:07 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-02-27 16:06 --------- d-----w c:\program files\Common Files\HP
2009-02-27 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-27 15:36 --------- d-----w c:\program files\Common Files\SWF Studio
2009-02-24 00:42 --------- d-----w c:\documents and settings\Tcg2\Application Data\MiniDm
2009-02-23 13:38 --------- d-----w c:\documents and settings\Tcg2\Application Data\dvdcss
2009-02-23 03:03 --------- d-----w c:\documents and settings\Tcg2\Application Data\Desktopicon
2009-02-23 02:57 --------- d-----w c:\program files\FormatFactory
2009-02-23 02:50 --------- d-----w c:\documents and settings\Tcg2\Application Data\IDM
2009-02-21 01:42 --------- d-----w c:\program files\Nokia
2009-02-21 01:42 --------- d-----w c:\program files\Common Files\PCSuite
2009-02-21 01:42 --------- d-----w c:\program files\Common Files\Nokia
2009-02-21 01:41 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-21 01:39 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-21 01:04 --------- d-----w c:\program files\Your Uninstaller 2008
2009-02-21 00:54 --------- d-----w c:\documents and settings\Tcg2\Application Data\URSoft
2009-02-20 23:25 --------- d-----w c:\documents and settings\Tcg2\Application Data\PC Suite
2009-02-20 23:25 --------- d-----w c:\documents and settings\Tcg2\Application Data\Nokia
2009-02-20 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-20 23:14 --------- d-----w c:\program files\Real Alternative
2009-02-20 22:46 --------- d-----w c:\program files\arabic2regclean
2009-02-20 22:44 --------- d-----w c:\program files\DIFX
2009-02-20 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-19 11:48 64,307 ----a-w c:\windows\BricoPackUninst.cmd
2009-02-19 11:48 6,104 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-02-18 14:54 --------- d-----w c:\program files\SaderAndWardAccess
2009-02-18 13:46 --------- d-----w c:\program files\Zoom Player
2009-02-16 02:44 --------- d-----w c:\program files\Java
2009-02-15 09:39 --------- d-----w c:\program files\Paltalk Messenger
2009-02-15 09:39 --------- d-----w c:\documents and settings\Tcg2\Application Data\Paltalk
2009-02-14 11:35 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-14 11:31 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2009-02-14 11:09 --------- d-----w c:\program files\Stardock
2009-02-14 00:37 --------- d-----w c:\program files\GRETECH
2009-02-14 00:31 --------- d-----w c:\documents and settings\Tcg2\Application Data\GRETECH
2009-02-14 00:28 --------- d-----w c:\documents and settings\Tcg2\Application Data\MAILFUNKWINDOW
2009-02-14 00:22 --------- d-----w c:\documents and settings\All Users\Application Data\Trans Once Mess Frag
2009-02-14 00:19 --------- d-----w c:\program files\MAILFUNKWINDOW
2009-02-14 00:18 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-14 00:13 --------- d-----w c:\program files\Webshots
2009-02-13 22:52 --------- d-----w c:\program files\Windows Live
2009-02-13 22:51 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-13 22:48 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-13 03:20 --------- d-----w c:\program files\Common Files\Real
2009-02-13 03:10 --------- d-----w c:\program files\SpeedyGuide 2
2009-02-13 03:04 --------- d-----w c:\documents and settings\Tcg2\Application Data\Media Player Classic
2009-02-13 03:02 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-13 02:41 --------- d-----w c:\documents and settings\Tcg2\Application Data\vlc
2009-02-13 02:39 --------- d-----w c:\program files\VideoLAN
2009-02-13 02:16 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-13 02:14 --------- d-----w c:\program files\Microsoft
2009-02-13 02:01 --------- d-----w c:\program files\Common Files\Skype
2009-02-13 02:01 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-13 02:01 --------- d-----r c:\program files\Skype
2009-02-13 01:30 --------- d-----w c:\documents and settings\Tcg2\Application Data\AdobeUM
2009-02-13 01:18 --------- d-----w c:\program files\Internet Download Manager
2009-02-13 00:58 --------- d-----w c:\documents and settings\Tcg2\Application Data\IEPro
2009-02-13 00:29 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-13 00:29 --------- d-----w c:\program files\IEPro
2009-02-12 23:48 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-12 09:01 --------- d-----w c:\program files\CONEXANT
2009-02-12 08:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 08:56 --------- d-----w c:\program files\SigmaTel
2009-02-12 08:50 405,504 ----a-w c:\windows\stsystra.exe
2009-02-12 08:50 1,222,840 ----a-w c:\windows\system32\drivers\sthda.sys
2009-02-12 08:27 --------- d-----w c:\program files\قاموس صخر الجديد
2009-02-12 08:20 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-12 08:20 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-12 08:20 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-12 08:09 --------- d-----w c:\program files\Kaspersky Lab
2009-02-12 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-12 07:59 --------- d-----w c:\program files\Microsoft.NET
2009-02-12 07:58 --------- d-----w c:\program files\Microsoft Works
2009-02-12 07:56 --------- d-----w c:\program files\UnH Solutions
2009-02-12 07:56 --------- d-----w c:\program files\mqreeb
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [02/13/2009 04:14 AM 2745776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [02/06/2009 06:53 PM 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [12/03/2008 12:47 PM 1205760]
"Dead deaf"="c:\docume~1\Tcg2\APPLIC~1\MAILFU~1\Site 16 Dale.exe" [02/14/2009 03:19 AM 552960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [07/03/2007 01:57 PM 1228800]
"Bluetooth"="c:\program files\Windows NT\Bluetooth\bluetooth.exe" [02/16/2009 04:13 AM 270441]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\Windows NT\Bluetooth\bluetooth.exe [2009-02-16 270441]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^سرعة تشغيل Adobe Reader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\سرعة تشغيل Adobe Reader.lnk
backup=c:\windows\pss\سرعة تشغيل Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tcg2^قائمة ابدأ^البرامج^بدء التشغيل^RocketDock.lnk]
path=c:\documents and settings\Tcg2\قائمة ابدأ\البرامج\بدء التشغيل\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth]
--a------ 02/16/2009 04:13 AM 270441 c:\program files\Windows NT\Bluetooth\bluetooth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:56 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dead deaf]
--a------ 02/14/2009 03:19 AM 552960 c:\docume~1\Tcg2\APPLIC~1\MAILFU~1\Site 16 Dale.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 07/03/2007 01:57 PM 1228800 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 06/07/2007 11:14 AM 118784 c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 11/15/2007 02:32 PM 166424 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 02/13/2009 04:14 AM 2745776 c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 11/15/2007 02:33 PM 141848 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 04/13/2006 11:09 AM 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mess frag body that]
--a------ 03/07/2009 08:07 PM 774144 c:\documents and settings\All Users\Application Data\Trans Once Mess Frag\Support proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 02/06/2009 06:53 PM 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 11/10/2008 03:07 PM 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
-ra------ 05/10/2007 01:01 AM 36864 c:\windows\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 12/03/2008 12:47 PM 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 11/15/2007 02:33 PM 137752 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 12/07/2005 10:57 PM 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 02/12/2009 11:50 AM 405504 c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 02/16/2009 05:44 AM 148888 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Windows NT\\Accessories\\en-UK\\System"=
"c:\\Documents and Settings\\Tcg2\\سطح المكتب\\صفر 16 1430 ‏(E‎)\\History.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2009-02-12 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2009-02-12 7424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
*******s of the 'Scheduled Tasks' folder
2009-03-07 c:\windows\Tasks\A57FB65D91DC2DB1.job
- c:\docume~1\tcg2\applic~1\mailfu~1\SHOWTHEISO.exe [02/14/2009 03:28 AM]
2009-03-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ww80.com/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: الدليل السريع - c:\windows\ww80.html
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\Tcg2\Application Data\Mozilla\Firefox\Profiles\q7by5ori.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Tcg2\Application Data\Mozilla\Firefox\Profiles\q7by5ori.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-07 20:08:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows NT\Accessories\en-UK\System
c:\program files\Windows NT\Accessories\en-UK\System
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\program files\Windows NT\Accessories\en-UK\System
c:\program files\Windows NT\Accessories\en-UK\System
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 03/07/2009 20:10:33 - machine was rebooted [Tcg2]
ComboFix-quarantined-files.txt 2009-03-07 17:10:29
Pre-Run: 51,367,358,464 bytes free
Post-Run: 51,271,028,736 bytes free
307 --- E O F --- 2009-02-25 02:57:58
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:05, on 07/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\Program Files\Windows NT\Accessories\en-UK\System
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tcg2\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Bluetooth] C:\Program Files\Windows NT\Bluetooth\bluetooth.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Dead deaf] C:\DOCUME~1\Tcg2\APPLIC~1\MAILFU~1\Site 16 Dale.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\Windows NT\Bluetooth\bluetooth.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7478 bytes
 
تأييد 0
تم حذف 26 فايروس وجاري تحليل التقرير لحظات ابن عمي
 
توقيع : السّاجد لله
تأييد 0
حدد القيم التالية واحذفها

O4 - HKCU\..\Run: [Dead deaf] C:\DOCUME~1\Tcg2\APPLIC~1\MAILFU~1\Site 16 Dale.exe


O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html


O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)



طريقة الحذف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي







وبذلك تكون تمت عملية الحذف

ثم احذف هذا البرنامج

SeaPort.exe

بعدها حمل هذه الأدآة



استخدم هذه الاداة للتنظيف




يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png



ثم ارفع تقرير جديد اخير للتأكد من سلامة الجهاز
 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
ابن عمي والله تعجز كلماتى عن شكرك لانك انسان تحب الخير لغيرك كما تحب لنفسك
اشكرك
 
تأييد 0
بارك الله فيك اعمل كما قلت لك بمشاركتي السابقة
 
توقيع : السّاجد لله
تأييد 0
ComboFix 09-03-06.02 - Tcg2 03/07/2009 21:07:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1014.591 [GMT 3:00]
Running from: c:\documents and settings\Tcg2\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 18:08 --------- d-----w c:\documents and settings\Tcg2\Application Data\DMCache
2009-03-07 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-07 18:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 17:19 606,240 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-07 17:19 4,200 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-07 17:19 20,776 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-07 17:19 2,386,976 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-06 20:25 749,568 ----a-w c:\windows\system32\btrez.dll
2009-03-06 20:25 67,960 ----a-w c:\windows\system32\drivers\btwusb.sys
2009-03-06 20:25 55,352 ----a-w c:\windows\system32\drivers\btwhid.sys
2009-03-06 20:25 539,072 ----a-w c:\windows\system32\drivers\btaudio.sys
2009-03-06 20:25 37,424 ----a-w c:\windows\system32\drivers\btport.sys
2009-03-06 20:25 37,280 ----a-w c:\windows\system32\drivers\btwmodem.sys
2009-03-06 20:25 149,123 ----a-w c:\windows\system32\drivers\btwdndis.sys
2009-03-06 17:04 --------- d-----w c:\program files\WIDCOMM
2009-03-05 21:31 --------- d-----w c:\program files\Circle Developeent
2009-03-05 06:09 --------- d-----w c:\documents and settings\Tcg2\Application Data\Skype
2009-03-05 05:43 --------- d-----w c:\documents and settings\Tcg2\Application Data\skypePM
2009-03-05 02:40 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-05 02:35 --------- d-----w c:\program files\Nero
2009-03-05 02:35 --------- d-----w c:\program files\Common Files\Nero
2009-03-05 02:35 --------- d-----w c:\documents and settings\Tcg2\Application Data\Nero
2009-02-27 16:10 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-02-27 16:08 --------- d-----w c:\program files\HP
2009-02-27 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-02-27 16:07 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-27 16:07 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-02-27 16:06 --------- d-----w c:\program files\Common Files\HP
2009-02-27 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-27 15:36 --------- d-----w c:\program files\Common Files\SWF Studio
2009-02-24 00:42 --------- d-----w c:\documents and settings\Tcg2\Application Data\MiniDm
2009-02-23 13:38 --------- d-----w c:\documents and settings\Tcg2\Application Data\dvdcss
2009-02-23 03:03 --------- d-----w c:\documents and settings\Tcg2\Application Data\Desktopicon
2009-02-23 02:57 --------- d-----w c:\program files\FormatFactory
2009-02-23 02:50 --------- d-----w c:\documents and settings\Tcg2\Application Data\IDM
2009-02-21 01:42 --------- d-----w c:\program files\Nokia
2009-02-21 01:42 --------- d-----w c:\program files\Common Files\PCSuite
2009-02-21 01:42 --------- d-----w c:\program files\Common Files\Nokia
2009-02-21 01:41 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-21 01:39 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-21 01:04 --------- d-----w c:\program files\Your Uninstaller 2008
2009-02-21 00:54 --------- d-----w c:\documents and settings\Tcg2\Application Data\URSoft
2009-02-20 23:25 --------- d-----w c:\documents and settings\Tcg2\Application Data\PC Suite
2009-02-20 23:25 --------- d-----w c:\documents and settings\Tcg2\Application Data\Nokia
2009-02-20 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-20 23:14 --------- d-----w c:\program files\Real Alternative
2009-02-20 22:46 40,960 ----a-w c:\windows\system32\SSubTmr6.dll
2009-02-20 22:46 --------- d-----w c:\program files\arabic2regclean
2009-02-20 22:44 --------- d-----w c:\program files\DIFX
2009-02-20 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-19 11:48 64,307 ----a-w c:\windows\BricoPackUninst.cmd
2009-02-19 11:48 6,104 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-02-19 11:48 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-02-18 14:54 --------- d-----w c:\program files\SaderAndWardAccess
2009-02-18 13:46 --------- d-----w c:\program files\Zoom Player
2009-02-16 02:44 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-16 02:44 --------- d-----w c:\program files\Java
2009-02-15 09:39 --------- d-----w c:\program files\Paltalk Messenger
2009-02-15 09:39 --------- d-----w c:\documents and settings\Tcg2\Application Data\Paltalk
2009-02-14 11:35 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-14 11:31 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2009-02-14 11:09 --------- d-----w c:\program files\Stardock
2009-02-14 00:37 --------- d-----w c:\program files\GRETECH
2009-02-14 00:31 --------- d-----w c:\documents and settings\Tcg2\Application Data\GRETECH
2009-02-14 00:28 --------- d-----w c:\documents and settings\Tcg2\Application Data\MAILFUNKWINDOW
2009-02-14 00:22 --------- d-----w c:\documents and settings\All Users\Application Data\Trans Once Mess Frag
2009-02-14 00:19 --------- d-----w c:\program files\MAILFUNKWINDOW
2009-02-14 00:18 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-14 00:13 --------- d-----w c:\program files\Webshots
2009-02-13 22:52 --------- d-----w c:\program files\Windows Live
2009-02-13 22:51 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-13 22:48 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-13 03:20 --------- d-----w c:\program files\Common Files\Real
2009-02-13 03:10 --------- d-----w c:\program files\SpeedyGuide 2
2009-02-13 03:04 --------- d-----w c:\documents and settings\Tcg2\Application Data\Media Player Classic
2009-02-13 03:02 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-13 02:41 --------- d-----w c:\documents and settings\Tcg2\Application Data\vlc
2009-02-13 02:39 --------- d-----w c:\program files\VideoLAN
2009-02-13 02:16 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-13 02:14 --------- d-----w c:\program files\Microsoft
2009-02-13 02:01 --------- d-----w c:\program files\Common Files\Skype
2009-02-13 02:01 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-13 02:01 --------- d-----r c:\program files\Skype
2009-02-13 01:30 --------- d-----w c:\documents and settings\Tcg2\Application Data\AdobeUM
2009-02-13 01:18 --------- d-----w c:\program files\Internet Download Manager
2009-02-13 00:58 --------- d-----w c:\documents and settings\Tcg2\Application Data\IEPro
2009-02-13 00:29 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-13 00:29 --------- d-----w c:\program files\IEPro
2009-02-12 23:48 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-12 09:01 --------- d-----w c:\program files\CONEXANT
2009-02-12 08:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 08:56 --------- d-----w c:\program files\SigmaTel
2009-02-12 08:50 405,504 ----a-w c:\windows\stsystra.exe
2009-02-12 08:50 270,336 ----a-w c:\windows\system32\stacapi.dll
2009-02-12 08:50 146,944 ----a-w c:\windows\system32\st325602.dll
2009-02-12 08:50 1,601,536 ----a-w c:\windows\system32\stlang.dll
2009-02-12 08:50 1,222,840 ----a-w c:\windows\system32\drivers\sthda.sys
2009-02-12 08:27 --------- d-----w c:\program files\قاموس صخر الجديد
2009-02-12 08:20 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-12 08:20 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
.
((((((((((((((((((((((((((((( SnapShot@Sat 03-07-2009_20.09.46.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-07 16:24:43 58,920 ----a-w c:\windows\system32\perfc001.dat
+ 2009-03-07 17:25:13 58,920 ----a-w c:\windows\system32\perfc001.dat
- 2009-03-07 16:24:43 58,930 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-07 17:25:13 58,930 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-07 16:24:43 328,690 ----a-w c:\windows\system32\perfh001.dat
+ 2009-03-07 17:25:13 328,690 ----a-w c:\windows\system32\perfh001.dat
- 2009-03-07 16:24:43 392,630 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-07 17:25:14 392,630 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-07 17:21:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [02/13/2009 04:14 AM 2745776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [02/06/2009 06:53 PM 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [12/03/2008 12:47 PM 1205760]
"Dead deaf"="c:\docume~1\Tcg2\APPLIC~1\MAILFU~1\Site 16 Dale.exe" [02/14/2009 03:19 AM 552960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [07/03/2007 01:57 PM 1228800]
"Bluetooth"="c:\program files\Windows NT\Bluetooth\bluetooth.exe" [02/16/2009 04:13 AM 270441]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\Windows NT\Bluetooth\bluetooth.exe [2009-02-16 270441]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^سرعة تشغيل Adobe Reader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\سرعة تشغيل Adobe Reader.lnk
backup=c:\windows\pss\سرعة تشغيل Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tcg2^قائمة ابدأ^البرامج^بدء التشغيل^RocketDock.lnk]
path=c:\documents and settings\Tcg2\قائمة ابدأ\البرامج\بدء التشغيل\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth]
--a------ 02/16/2009 04:13 AM 270441 c:\program files\Windows NT\Bluetooth\bluetooth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:56 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dead deaf]
--a------ 02/14/2009 03:19 AM 552960 c:\docume~1\Tcg2\APPLIC~1\MAILFU~1\Site 16 Dale.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 07/03/2007 01:57 PM 1228800 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--------- 06/07/2007 11:14 AM 118784 c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 11/15/2007 02:32 PM 166424 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 02/13/2009 04:14 AM 2745776 c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 11/15/2007 02:33 PM 141848 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 04/13/2006 11:09 AM 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mess frag body that]
--a------ 03/07/2009 08:20 PM 774144 c:\documents and settings\All Users\Application Data\Trans Once Mess Frag\Support proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 02/06/2009 06:53 PM 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 11/10/2008 03:07 PM 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
-ra------ 05/10/2007 01:01 AM 36864 c:\windows\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 12/03/2008 12:47 PM 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 11/15/2007 02:33 PM 137752 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 12/07/2005 10:57 PM 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 02/12/2009 11:50 AM 405504 c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 02/16/2009 05:44 AM 148888 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Windows NT\\Accessories\\en-UK\\System"=
"c:\\Documents and Settings\\Tcg2\\سطح المكتب\\صفر 16 1430 ‏(E‎)\\History.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2009-02-12 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2009-02-12 7424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
*******s of the 'Scheduled Tasks' folder
2009-03-07 c:\windows\Tasks\A57FB65D91DC2DB1.job
- c:\docume~1\tcg2\applic~1\mailfu~1\SHOWTHEISO.exe [02/14/2009 03:28 AM]
2009-03-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://ww80.com/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\Tcg2\Application Data\Mozilla\Firefox\Profiles\q7by5ori.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Tcg2\Application Data\Mozilla\Firefox\Profiles\q7by5ori.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-07 21:08:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1588)
c:\windows\system32\igfxdev.dll
.
Completion time: 03/07/2009 21:09:28
ComboFix-quarantined-files.txt 2009-03-07 18:09:26
ComboFix2.txt 2009-03-07 17:10:34
Pre-Run: 51,344,220,160 bytes free
Post-Run: 51,338,383,360 bytes free
271 --- E O F --- 2009-02-25 02:57:58
 
تأييد 0
الان اعطينا هايجاك اخير اخوي
 
توقيع : السّاجد لله
تأييد 0
شرح ولا اروع جعله الله في ميزان اعمالك والى الامامبيض الله وجهك ولد عمي 100%
بس ممكن سؤال احسن برنامج حماية من الفيروسات؟
يوجدعندي انا في جهازيKaspersky Anti-Virus 2009 8.0.0.506

وشكراااااااا
 
تأييد 0
ابقى على الكاسبر ان شاء الله يكفي واحرص دوما على تحديثة باستمرار
موفق حبيبي
 
توقيع : السّاجد لله
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى