حل مشكلة صادف ,, Generic Host Process for Win32 Service,, ويجب إغلاقه

boob77 · ‏أكتوبر 11, 2009

مقتبس من ahmed faheim: ↑

موضوع اكثر من رائع بارك الله فيك اخى boob77 وجعله فى ميزان حسناتك انا بتوجهنى نفس المشكله وجارى تجربه الحلول وفقك الله
أنقر للتوسيع...

الاروع تواجدك يالغالي

وان شاء الله المشكلة تحل

مقتبس من أميرة الاحلام: ↑

بارك الله فيك
أنقر للتوسيع...

وفيك بارك الله خيتي

عاشق العميد · ‏أكتوبر 11, 2009

بارك الله فيك

joey · ‏أكتوبر 11, 2009

والله موضوع حساس وانا كنت ادور عليه بس المشكلة ان نظامي فستا فهل ينجح ام هناك برنامج للفستا
وشكرا

boob77 · ‏أكتوبر 12, 2009

مقتبس من عاشق العميد: ↑

بارك الله فيك
أنقر للتوسيع...

وفيك بارك الله

مقتبس من joey: ↑

والله موضوع حساس وانا كنت ادور عليه بس المشكلة ان نظامي فستا فهل ينجح ام هناك برنامج للفستا
وشكرا
أنقر للتوسيع...

جرب اعمل تحديث للويندوز + طبق التالي

حمل هذه الاداة واحفظها على سطح المكتب
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

يجب ان تكون جميع النوافذ مغلقة تماما
--------------------------------------------

( 2 )

حمل هذه الاداة واحفظها على سطح المكتب
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

joey · ‏أكتوبر 13, 2009

مشكور اخي على سرعة الاستجابة وهذا هو التقرير الاول
ComboFix 09-10-12.03 - joey 10/13/2009 16:37.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.964.1033.18.1013.205 [GMT 3:00]
Running from: c:\users\joey\Documents\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3030908190-1396182209-2581696601-500
c:\$recycle.bin\S-1-5-21-4214898707-607555799-2004620691-500
c:\$recycle.bin\S-1-5-21-864547194-220137812-69340660-500
c:\programdata\ntuser.dat{0dd9af55-9d0b-11db-8678-0016d42a45f8}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{0dd9af65-9d0b-11db-8678-0016d42a45f8}.TMContainer00000000000000000001.regtrans-ms
c:\windows\Installer\24c5bf.msi
c:\windows\Installer\3817e.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-13 13:47 . 2009-10-13 13:47 -------- d-----w- c:\users\joey\AppData\Local\temp
2009-10-13 12:12 . 2009-10-13 12:12 -------- d-----w- c:\users\joey\AppData\Local\Adobe
2009-10-12 23:59 . 2009-10-12 23:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-10 23:17 . 2008-06-12 16:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 23:17 . 2008-06-08 19:58 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-10-10 23:17 . 2009-10-10 23:17 -------- d-----w- c:\program files\ffdshow
2009-10-10 22:11 . 2009-10-10 22:11 -------- d-----w- C:\movies
2009-10-10 22:10 . 2009-10-10 22:11 -------- d-----w- c:\program files\Power Video Converter
2009-10-10 09:19 . 2009-10-10 09:19 -------- d-----w- c:\users\joey\AppData\Local\Apple Computer
2009-10-10 06:17 . 2009-10-10 09:12 -------- d-----w- c:\users\joey\AppData\Local\Ahead
2009-10-09 22:27 . 2009-10-09 22:27 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-06 21:04 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-06 21:04 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-06 21:04 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-06 21:04 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-06 21:03 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-06 21:03 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-06 21:03 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-06 21:03 . 2009-08-06 16:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-06 21:03 . 2009-08-06 15:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-04 21:04 . 2009-10-04 21:04 -------- d-----w- c:\windows\system32\ebay
2009-10-04 21:04 . 2009-10-04 21:04 -------- d-----w- c:\program files\Ashampoo
2009-10-03 19:05 . 2009-10-01 07:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-22 23:34 . 2009-09-22 23:34 -------- d-----w- c:\users\joey\AppData\Local\Yahoo!
2009-09-15 21:11 . 2009-09-15 21:11 -------- d-----w- c:\program files\Common Files\Apple
2009-09-15 21:09 . 2009-09-15 21:10 -------- d-----w- c:\program files\QuickTime
2009-09-15 21:09 . 2009-09-15 21:09 -------- d-----w- c:\programdata\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 13:48 . 2009-04-23 21:16 -------- d-----w- c:\users\joey\AppData\Roaming\uTorrent
2009-10-13 13:47 . 2009-04-23 16:12 -------- d-----w- c:\users\joey\AppData\Roaming\DMCache
2009-10-13 13:34 . 2009-04-04 21:13 19034656 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-13 11:19 . 2009-04-04 21:13 -------- d-----w- c:\programdata\Kaspersky Lab
2009-10-13 11:14 . 2009-04-04 21:13 256400 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-13 11:13 . 2009-08-17 19:47 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-13 10:35 . 2009-04-04 13:46 -------- d-----w- c:\programdata\Babylon
2009-10-13 09:56 . 2009-09-09 12:39 -------- d-----w- c:\programdata\Microsoft Help
2009-10-10 20:56 . 2009-04-23 16:12 -------- d-----w- c:\users\joey\AppData\Roaming\IDM
2009-10-10 20:32 . 2009-09-08 00:36 -------- d-----w- c:\users\joey\AppData\Roaming\Free Download Manager
2009-09-22 23:50 . 2009-09-09 13:41 -------- d-----w- c:\users\joey\AppData\Roaming\Ahead
2009-09-22 20:29 . 2009-04-10 18:55 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-22 20:29 . 2009-04-10 18:55 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-13 21:28 . 2009-04-04 01:20 128904 ----a-w- c:\users\joey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-12 21:18 . 2009-05-07 17:54 -------- d-----w- c:\users\joey\AppData\Roaming\Autodesk
2009-09-12 21:04 . 2009-05-07 17:58 -------- d-----w- c:\programdata\Autodesk
2009-09-12 18:26 . 2009-09-12 19:04 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-09-11 21:00 . 2009-04-23 17:01 -------- d-----w- c:\program files\Common Files\Real
2009-09-11 20:59 . 2009-09-11 20:59 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-11 20:57 . 2009-04-23 17:01 -------- d-----w- c:\program files\Real
2009-09-11 19:55 . 2009-09-11 19:51 -------- d-----w- c:\program files\Windows Live
2009-09-11 19:54 . 2009-09-11 19:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-11 19:52 . 2009-09-11 19:52 -------- d-----w- c:\program files\Microsoft
2009-09-11 19:52 . 2009-09-11 19:52 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-10 17:37 . 2009-09-10 17:37 -------- d-----w- c:\program files\Sephonics
2009-09-10 16:00 . 2009-04-04 13:46 -------- d-----w- c:\users\joey\AppData\Roaming\Babylon
2009-09-10 15:58 . 2009-09-10 15:58 -------- d-----w- c:\program files\Medical Dictionary 2.0
2009-09-10 15:57 . 2009-09-10 15:58 720896 ----a-w- c:\windows\iun6002.exe
2009-09-10 03:33 . 2009-09-10 02:57 -------- d-----w- c:\users\joey\AppData\Roaming\TheSage
2009-09-10 02:57 . 2009-09-10 02:57 -------- d-----w- c:\program files\TheSage
2009-09-09 23:22 . 2009-09-08 00:37 -------- d-----w- c:\users\joey\AppData\Roaming\Software Informer
2009-09-09 13:40 . 2009-09-09 13:40 -------- d-----w- c:\programdata\Ahead
2009-09-09 13:39 . 2009-09-09 13:35 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-09 13:35 . 2009-09-09 13:35 -------- d-----w- c:\programdata\Nero
2009-09-09 13:35 . 2009-09-09 13:35 -------- d-----w- c:\program files\Nero
2009-09-09 12:51 . 2009-09-09 12:51 -------- d-----w- c:\program files\Microsoft Works
2009-09-09 12:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-09-09 12:43 . 2009-09-09 12:43 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-08 01:02 . 2007-01-05 23:23 -------- d-----w- c:\programdata\WildTangent
2009-09-08 00:37 . 2009-09-08 00:36 -------- d-----w- c:\program files\Free Download Manager
2009-09-08 00:36 . 2009-09-08 00:36 -------- d-----w- c:\program files\Software Informer
2009-09-08 00:36 . 2009-09-08 00:36 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2009-09-07 14:05 . 2007-01-05 22:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-07 14:05 . 2007-01-05 22:25 -------- d-----w- c:\program files\Toshiba
2009-08-29 00:27 . 2009-09-07 12:38 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-07 12:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-18 17:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-17 18:54 . 2009-08-17 18:54 -------- d-----w- c:\users\joey\AppData\Roaming\Ulead Systems
2009-08-14 16:27 . 2009-09-09 00:43 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 00:43 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 00:43 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 00:43 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 00:43 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 00:43 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 00:43 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 00:43 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 00:43 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 00:43 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 00:43 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 12:07 . 2009-08-03 12:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 12:07 . 2009-08-03 12:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 12:07 . 2009-08-03 12:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 13:44 . 2009-07-26 13:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-08-18 13:27 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-18 13:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-18 13:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-18 13:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-17 20:48 71680 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0400Ext.ax"="c:\windows\system32\V0400Ext.ax" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-06-03 32768]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^joey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):2f,12,d7,09,3a,f6,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DBAF5C7D-25E8-479E-83A9-AF8215ABEBF6}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{5F820C8A-A04E-4661-98AE-7844B4B690F2}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{9BF5ACB3-152B-49A4-8175-31CEB5B6E874}"= Profile=Public|c:\program files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{AADB50B5-FDF7-46AA-AAF6-D651D010AEA9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F61089E7-0612-4BC3-87BA-5777D0CE3B75}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2162F1B6-097D-46D1-8ECA-FC7E69474A66}"= Profile=Public|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{D1578D5C-0ED3-41BF-A156-9A898CD11F92}c:\\program files\\toshiba games\\jeopardy\\jeopardy!.exe"= UDP:c:\program files\toshiba games\jeopardy\jeopardy!.exe:JEOPARDY!
"UDP Query User{60093657-FA36-491A-B70D-443BA6C66E9F}c:\\program files\\toshiba games\\jeopardy\\jeopardy!.exe"= TCP:c:\program files\toshiba games\jeopardy\jeopardy!.exe:JEOPARDY!
"TCP Query User{13440CBD-E7E0-4C4A-8398-461B97B4869D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4E6B3490-F341-44F4-8B4D-515749FE4FCD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{FF1B3D88-4CB7-4257-AC9C-48AB4CD2243C}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe2P service of Orbit Downloader
"UDP Query User{A253D92C-2DB4-421B-962B-56C8371ADA93}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe2P service of Orbit Downloader
"TCP Query User{0AA0E228-A958-44E7-9613-0B20DD82EBA6}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"UDP Query User{9BF0848F-59AF-4628-91E0-2CC18A4123EB}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"TCP Query User{B7E72CCD-2942-4E56-8B6F-14EDE63950FA}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{8D880993-36D7-48D4-969D-6B42B53A74B4}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{CD6C78D0-1A37-4106-A909-D9C4AFF58F48}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{7CA00AF5-D466-4FC7-8549-2D7E83265FF3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{45E40B8B-5270-4910-AFE9-A07459078F6F}c:\\program files\\game\\need for speed 6\\nfshp2.exe"= UDP:c:\program files\game\need for speed 6\nfshp2.exe:NFSHP2
"UDP Query User{1E1AE971-1A30-4923-873A-A6400307A076}c:\\program files\\game\\need for speed 6\\nfshp2.exe"= TCP:c:\program files\game\need for speed 6\nfshp2.exe:NFSHP2
"{D01F54B0-C9FA-4930-85F2-F85071C7D963}"= UDP:c:\program files\Metacafe\Metacafe.exe:Metacafe
"{624E876D-B131-4F6E-9F73-2DBD2046AFCB}"= TCP:c:\program files\Metacafe\Metacafe.exe:Metacafe
"TCP Query User{B2FAB356-71F2-48C5-A08E-A20FF24D1E83}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"UDP Query User{02B2EC0E-C530-4B97-A01E-FF6E985D5C5F}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"{6617D35C-7878-48A5-A6D0-40E27703BB29}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FE63B139-0F32-474B-A351-071E2E8770BF}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0595CBDC-9735-4081-A21B-E0B4A19288FD}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3C193645-9BDF-4571-9702-7E96F32FAA26}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{854488E2-6820-4646-BC53-09886DD0CFC4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7BE0AB8E-5AD1-45E0-B90C-C44319A16B9D}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{0F12C035-4819-4597-8454-AFED5A18E605}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"TCP Query User{1F2FFD6C-2B12-4E6D-8E34-884F78B95F10}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{146D114A-28B6-4A84-A1CF-A8604E649569}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{5DC7100C-AE00-4027-9287-B16E87E8F9E1}c:\\program files\\free download manager\\fdmwi.exe"= UDP:c:\program files\free download manager\fdmwi.exe:fdmwi
"UDP Query User{EA208495-0C79-4D36-B932-F85DC236E103}c:\\program files\\free download manager\\fdmwi.exe"= TCP:c:\program files\free download manager\fdmwi.exe:fdmwi

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [04/04/2007 02:59 م 20760]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 09:31 م 29263712]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29/07/2008 04:45 ص 904192]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/07/2009 03:07 م 30192]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\System32\drivers\V0400Afx.sys [10/04/2009 09:35 م 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\System32\drivers\V0400Vfx.sys [10/04/2009 09:35 م 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\System32\drivers\V0400Vid.sys [10/04/2009 09:35 م 166720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030908190-1396182209-2581696601-1003Core.job
- c:\users\joey\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-10 03:11]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030908190-1396182209-2581696601-1003UA.job
- c:\users\joey\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-10 03:11]

2009-10-12 c:\windows\Tasks\User_Feed_Synchronization-{553B6945-A1C7-4640-BB6D-13EECFA0F0DB}.job
- c:\windows\system32\msfeedssync.exe [2009-08-18 20:13]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: الدليل السريع - c:\windows\ww80.html
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: تحميل الفيديو بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
IE: تحميل الكل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: تحميل المحددة بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: تحميل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: {{46012075-ED62-464b-9554-AD0BEC35D1EC} - http://ww80.com
IE: {{46012076-ED62-464b-9554-AD0BEC35D1EC}
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowseupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-CubeDesktop - (no file)
HKCU-Run-fsm - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 16:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-3030908190-1396182209-2581696601-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F39F170-3A7C-523F-64D9-B7C88EEFC958}*]
"jangimojnmgbeabbepdg"=hex:66,61,69,63,6d,6c,67,66,6e,6e,6b,6d,00,00
"pafeffoifjohhjojflegbfnfiifpidla"=hex:65,61,69,63,69,6c,6a,64,6d,68,00,6d
"hangimojnmgbeabb"=hex:6e,62,69,63,67,6d,66,6c,67,67,6f,6d,6f,69,68,69,62,6a,
62,63,6b,65,62,68,66,64,6c,70,66,66,66,65,6d,63,65,70,6c,64,65,6a,70,6a,63,\

[HKEY_USERS\S-1-5-21-3030908190-1396182209-2581696601-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e6,72,29,ab,97,8b,ff,76,5d,d7,31,cb,50,ab,4f,f7,89,4e,cd,6c,50,
59,c1,2b,d7,ca,62,70,dd,00,9d,2e,95,c1,a7,e9,ae,00,e3,32,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3030908190-1396182209-2581696601-1003_Classes\CLSID\{b28e9fd3-83b2-49ef-8a65-b6a2e50776b4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ca
"Therad"=dword:00000018
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,02,13,1b,ac,46,2d,79,c9,c9,87,e3,75,2d,c0,2e,ec,6e,25,17,12,57,5b,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

- - - - - - - > 'lsass.exe'(776)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
.
Completion time: 2009-10-13 16:50
ComboFix-quarantined-files.txt 2009-10-13 13:50

Pre-Run: 33,068,560,384 bytes free
Post-Run: 33,432,358,912 bytes free

343 --- E O F --- 2009-10-13 09:57
وهذا هو تقرير الهاي جاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:54:55 م, on 13/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\V0400Mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Users\joey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll (file missing)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4295\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4295\SiteAdv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Power Video Converter\msdxm.ocx
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0400Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0400Ext.ax
O4 - HKLM\..\Run: [V0400Mon.exe] C:\Windows\V0400Mon.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: الدليل السريع - C:\Windows\ww80.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} - http://ww80.com (file missing)
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: download.windowsupdate.com
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4295\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9100 bytes
COLOR]

boob77 · ‏أكتوبر 13, 2009

مقتبس من joey: ↑

مشكور اخي على سرعة الاستجابة وهذا هو التقرير الاول

--
End of file - 9100 bytes
COLOR]
أنقر للتوسيع...

حدد هالقيم واحفهاا

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll (file missing)

O4 - HKLM\..\Run: [C:\Windows\system32\V0400Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0400Ext.ax

O4 - HKLM\..\Run: [V0400Mon.exe] C:\Windows\V0400Mon.exe

O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} - http://ww80.com (file missing)

O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - (no file)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab

طريقة الحذف

ثم من اضافة وازالة البرامج احذف التالي

Toolbar: &Google -

Toolbar: Babylon

Toolbar: McAfee SiteAdvisor

Toolbar: @msdxmLC.dll,

ثم نزل هالاداة لتنظيف الجهاز

http://www.atribune.org/ccount/click.php?id=1

اعد التشغيل واعمل تقرير ثاني وان شاء اله خير

joey · ‏أكتوبر 14, 2009

[COLOR="Blue"[COLOR="RoyalBlue"]]شكرا لك اخي على الاستجابة وقد عملت ماطلب مني الا انني لم استطع حذف شريط المكافي لانني لم اجده في قائمة حذف البرامج ولا في قائمة البرامج العادية اما بخصوص البقية فبالحرف الواحد واليك التقرير

[Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:02 ص, on 14/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Users\joey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joey\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4295\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4295\SiteAdv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Power Video Converter\msdxm.ocx
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: الدليل السريع - C:\Windows\ww80.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: download.windowsupdate.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4295\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7953 bytes

ومشكووووووووووووووووووووووووووووورين للجهدCOLOR][/COLOR]

boob77 · ‏أكتوبر 14, 2009

مقتبس من joey: ↑

[COLOR="Blue"]شكرا لك اخي على الاستجابة وقد عملت ماطلب مني الا انني لم استطع حذف شريط المكافي لانني لم اجده في قائمة حذف البرامج ولا في قائمة البرامج العادية اما بخصوص البقية فبالحرف الواحد واليك التقرير

ومشكووووووووووووووووووووووووووووورين للجهدCOLOR]
أنقر للتوسيع...

التقرير الان سليم بالنسبة للتول بارات حمل هالاداة

http://www.mediafire.com/download.php?2moy0xzmhmt

joey · ‏أكتوبر 14, 2009

السلام عليكم
مشكور اخي بوب على هالمجهود الحلو والتعب معانا
لكن انا هالايام بعيد عن الابتوب وفي غير مكان وان شاء الله تلقى رسالتي باتمام الموضوع عن قريب.
شكرا مرة اخرى

boob77 · ‏أكتوبر 14, 2009

مقتبس من joey: ↑

السلام عليكم
مشكور اخي بوب على هالمجهود الحلو والتعب معانا
لكن انا هالايام بعيد عن الابتوب وفي غير مكان وان شاء الله تلقى رسالتي باتمام الموضوع عن قريب.
شكرا مرة اخرى
أنقر للتوسيع...

وعليكم السلام ورحمة الله

ان شاء الله اخي

ahmed faheim · ‏أكتوبر 20, 2009

اخىboob77 بارك الله فيك على هذا الموضوع كان ليه استفسار هل رسائل الخطاء بتاعه الموضوع عباره عن فايرس فى الجهاز ولا عيب فى السوفت

boob77 · ‏أكتوبر 21, 2009

مقتبس من ahmed faheim: ↑

اخىboob77 بارك الله فيك على هذا الموضوع كان ليه استفسار هل رسائل الخطاء بتاعه الموضوع عباره عن فايرس فى الجهاز ولا عيب فى السوفت
أنقر للتوسيع...

وفيك بارك الله

الرسالة لهاا اسباب كثيرة احياناا فايروس واحياناا نقص تحديثات

واحياناا خطا بالنظام

chayeeb54 · ‏نوفمبر 12, 2009

شكرا جزيلا على الحل .
وفعلا رأيت الكثير يعانون منه.

blakhole · ‏نوفمبر 13, 2009

مشكووووووووووووور وجزاك الله كل خير

الفتى الذهبي100 · ‏نوفمبر 13, 2009

[CENTER] [FONT=Times New Roman][COLOR=Black][SIZE=3][B][CENTER][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][IMG]http://zyzoom.net/annass/kingooo/smiles/THANK%20YOU/9%20%2868%29.gif[/IMG][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B]

[B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [COLOR=Blue]واصل الأبداع يالغالي[/COLOR][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B]

[B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][COLOR=Magenta] وتسلم إيدك اللي كتيت الموضوع[/COLOR][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B]

[B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [FONT=Times New Roman][COLOR=Black][SIZE=3][B][FONT=Times New Roman][COLOR=Black][SIZE=3][B][COLOR=Magenta] [COLOR=Teal]منتظر جديدك[/COLOR][/COLOR][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B][/B][/SIZE][B][/b][/COLOR][B][/b][/FONT][B][/B]

[B][FONT=Times New Roman][COLOR=Black][SIZE=3][B] [FONT=Times New Roman][COLOR=Black][SIZE=3][B][IMG][/IMG][/B][/SIZE][/COLOR][/FONT][/B][/SIZE][/COLOR][/FONT][/B][/B][/B][/B][/CENTER][B][B][B]
[/B][/b][/b][/B][/SIZE][B][B][B][/b][/b][/b][/COLOR][B][B][B][/b][/b][/b][/FONT][B][B][B][/b][/b][/b][/CENTER][B][B][B]
[/B][/b][/b][B][/b]

فيصل العتيبى · ‏نوفمبر 27, 2009

السلام عليكم

اخوى انا واجهتنى ها المشكله وجننتنى واحاول بكل الطرق مرات تطلع لى رسالة خطا اخرى

المهم ان المشكله ما راحت يفصل النت فجئه الشاشه تقلب ابيض ثم يتعلق الاتصال لازم اسوي رستارت

سويت تقرير وان شاء الله اللقى حل بارك الله فيك ويا ليت يكون صح التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:40:41 ص, on 26/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1259069626546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1259191089703
O17 - HKLM\System\CCS\Services\Tcpip\..\{F689B1A1-CD5A-4BC9-8D2D-338EF7DDD805}: NameServer = 84.23.102.172 84.23.101.84
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGR A~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASP ER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 5524 bytes

البرنامج البشري · ‏نوفمبر 30, 2009

جزآكـ الله خير

و الله يعطيكـ العافيهـ

soyaso2009 · ‏ديسمبر 1, 2009

جزاك الله كل خير دكتورنا

^ROODE^ · ‏ديسمبر 2, 2009

يعآفيك ربي يآ طيب على الآدآة الرآئعة والله يعآفيك

azemalzanan · ‏ديسمبر 2, 2009

شكرا لك وجزاك الله خيرا

تسجيل الدخول

حل مشكلة صادف ,, Generic Host Process for Win32 Service,, ويجب إغلاقه

boob77 زيزوومى فضى

عاشق العميد زيزوومى فعال

joey زيزوومي جديد

boob77 زيزوومى فضى

joey زيزوومي جديد

boob77 زيزوومى فضى

joey زيزوومي جديد

boob77 زيزوومى فضى

joey زيزوومي جديد

boob77 زيزوومى فضى

ahmed faheim زيزوومي جديد

boob77 زيزوومى فضى

chayeeb54 زيزوومي جديد

blakhole زيزوومى محترف

الفتى الذهبي100 زيزوومى فضى

فيصل العتيبى زيزوومي جديد

البرنامج البشري زيزوومي جديد

soyaso2009 زيزوومى مميز

^ROODE^ زيزوومى مميز

azemalzanan زيزوومى مميز

مشاركة هذه الصفحة

تسجيل الدخول

حل مشكلة صادف ,, Generic Host Process for Win32 Service,, ويجب إغلاقه

boob77 زيزوومى فضى

عاشق العميد زيزوومى فعال

joey زيزوومي جديد

boob77 زيزوومى فضى

joey زيزوومي جديد

boob77 زيزوومى فضى

joey زيزوومي جديد

boob77 زيزوومى فضى

joey زيزوومي جديد

boob77 زيزوومى فضى

ahmed faheim زيزوومي جديد

boob77 زيزوومى فضى

chayeeb54 زيزوومي جديد

blakhole زيزوومى محترف

الفتى الذهبي100 زيزوومى فضى

فيصل العتيبى زيزوومي جديد

البرنامج البشري زيزوومي جديد

soyaso2009 زيزوومى مميز

^ROODE^ زيزوومى مميز

azemalzanan زيزوومى مميز

مشاركة هذه الصفحة

عمليات بحث مفيدة