تم حل المشكلة اواجه مشكلة في المجلدات

المصدر: اواجه مشكلة في المجلدات
في منتدى : مشاكل الأعضاء التي تم الانتهاء منها

بعد التحية والسلام

اخواني لقد صادفتني رسالة خطأ واثارت ازعاجي جدا جدا

صادف وندز اكسبلور مشكلة ويجب اغلاقة

علما بأن الرسالة لاتظهر حين اتصفح بالاكسبلور

بل عندما افتح مجلدات موجودة في جهازي

حذفت الاكسبلور ورجعت نصبته مرة اخرى لكن لم تختفي تلك الرسالة

ارجوا ممن لدية خبرة الايبخل علي

ولا اعلم ان كان الموضوع في قسمه ام لا لكن المعذرة فلقد طفشت من الجهاز

 

[SIZE=3][B][FONT=Times New Roman][COLOR=black][SIZE=3][B][CENTER] [COLOR=Blue]حمل هذا البرنامج[/COLOR]

[URL="http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe"][FONT=Times New Roman][COLOR=Black][SIZE=3][B][CENTER][IMG]http://www.zyzoom1.com//uploads/images/zyzoom-a6501b45a2.gif[/IMG][/CENTER]
[/B][/SIZE][/COLOR][/FONT][/URL]
[SIZE=3][COLOR=Blue][FONT=Times New Roman][FONT=Times New Roman][B][SIZE=3][FONT=Times New Roman]شغل البرنامج ==> واضغط على[/FONT][/SIZE][/B][/FONT][/FONT][/COLOR][/SIZE]
[SIZE=3][FONT=Times New Roman][COLOR=black][FONT=Times New Roman][B][SIZE=3][COLOR=black][FONT=Times New Roman][COLOR=red]Do a system scan and save log[/COLOR][/FONT][/COLOR][/SIZE][/B][/FONT][/COLOR][/FONT][/SIZE]
[SIZE=3][COLOR=DarkGreen][FONT=Times New Roman][FONT=Times New Roman][B][SIZE=3][FONT=Times New Roman]لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه [COLOR=DarkGreen]بردك القادم[/COLOR][/FONT][/SIZE][/B][/FONT][/FONT][/COLOR][/SIZE][/CENTER]
[/B][/SIZE][/COLOR][/FONT][/B][/SIZE]​

 

اشكرك عزيزي هذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:17, on 04/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\4000002500002i\xttray.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Documents and Settings\Star1\My Documents\Downloads\Compressed\avant\avant.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C80111A-0741-4AC7-85DB-340A801143E3}: NameServer = 84.23.101.84 84.23.101.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C80111A-0741-4AC7-85DB-340A801143E3}: NameServer = 84.23.101.84 84.23.101.85
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
--
End of file - 2834 bytes

 

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

 

تفضل اخي هذا التقرير

ComboFix 09-06-03.04 - Star1 06/04/2009 18:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.446.124 [GMT 3:00]
Running from: c:\documents and settings\Star1\Desktop\ComboFix.exe
AV: AVG 7.5.516 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\Star1\Application Data\addons.dat
c:\program files\Bkav2006
c:\program files\Bkav2006\Backup\BootC.dat
c:\program files\Bkav2006\Backup\BootD.dat
c:\program files\Bkav2006\Backup\BootF.dat
c:\program files\Bkav2006\Backup\BootH.dat
c:\program files\Bkav2006\BKAV.LOG
c:\program files\Bkav2006\Bkav2006.exe
c:\program files\Bkav2006\Bkav2006.lnk
c:\program files\Bkav2006\BKAVE.LOG
c:\program files\Bkav2006\BkavMainDll.Dll
c:\program files\Bkav2006\BkavScanDll0.dll
c:\program files\Bkav2006\ContextMenu.dll
c:\program files\Bkav2006\CoreLib.dll
c:\program files\Bkav2006\FileList
c:\program files\Bkav2006\Help\bkav.css
c:\program files\Bkav2006\Help\chitiet.htm
c:\program files\Bkav2006\Help\chitiete.htm
c:\program files\Bkav2006\Help\HelpBanquyen.htm
c:\program files\Bkav2006\Help\Helpbtg.htm
c:\program files\Bkav2006\Help\Helpdiet.htm
c:\program files\Bkav2006\Help\HelpGth.htm
c:\program files\Bkav2006\Help\HelpLiqu.htm
c:\program files\Bkav2006\Help\HelpLiveUpdate.htm
c:\program files\Bkav2006\Help\Helpnhki.htm
c:\program files\Bkav2006\Help\Helpnhl.htm
c:\program files\Bkav2006\Help\HelpOpt.htm
c:\program files\Bkav2006\Help\HelpVrls.htm
c:\program files\Bkav2006\Help\images\arrow.gif
c:\program files\Bkav2006\Help\images\DangKy.gif
c:\program files\Bkav2006\UnInstall Bkav2006.lnk
c:\windows\Fonts\Vn.Fon
c:\windows\IE4 Error Log.txt
c:\windows\jestertb.dll
c:\windows\ksires32.dll
c:\windows\msxfcg32.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\bitcometres.dll
c:\windows\system32\BkavAuto.vxd
c:\windows\system32\drivers\BkavAuto.sys
c:\windows\system32\drivers\Msft_Kernel_winbondhidcir_01005.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
c:\windows\system32\drivers\SysLib.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BKAVAUTO
-------\Legacy_SYSLIB
-------\Service_BkavAuto
-------\Service_SysLib


((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 14:53 . 2009-06-04 14:53 76288 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\1000000b00002i\rundll32.exe
2009-06-04 14:53 . 2009-06-04 14:53 76288 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\1000000400002i\CONTROL.EXE
2009-06-04 14:34 . 2009-06-04 14:34 8280064 ----a-w- c:\windows\system32\drivers\SysLib0.sys
2009-06-04 14:30 . 2004-08-03 21:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-06-04 14:30 . 2001-08-17 19:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-06-04 14:30 . 2001-08-17 19:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-06-04 14:30 . 2001-08-17 19:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-06-04 14:30 . 2001-08-17 19:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-06-04 14:28 . 2001-08-17 10:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2009-06-04 14:27 . 2001-08-17 11:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2009-06-04 14:26 . 2001-08-17 19:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-06-04 14:25 . 2004-08-04 12:00 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2009-06-04 14:24 . 2004-08-03 19:41 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2009-06-04 14:23 . 2004-08-03 19:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-06-04 14:22 . 2001-08-17 19:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2009-06-04 14:21 . 2001-08-17 19:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-06-04 14:20 . 2001-08-17 09:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2009-06-04 14:19 . 2001-08-17 11:02 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2009-06-04 14:18 . 2001-08-17 09:11 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys
2009-06-04 14:17 . 2001-08-17 10:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2009-06-04 14:16 . 2004-05-12 21:39 598071 -c--a-w- c:\windows\system32\dllcache\fpmmc.dll
2009-06-04 11:14 . 2009-06-04 11:14 110592 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\COWON Media Center - jetAudio Plus VX\400000700002i\Splash.exe
2009-06-04 10:56 . 2009-06-04 10:56 19968 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\AVG 7.5\400000e00002i\avgupsvc.exe
2009-06-04 10:56 . 2009-06-04 10:56 19968 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\AVG 7.5\4000006a00002i\avgamsvr.exe
2009-06-04 10:52 . 2009-06-04 10:52 -------- d-----w- c:\documents and settings\Star1\Application Data\Apple Computer
2009-06-04 09:56 . 2009-06-04 09:56 -------- d-----w- c:\documents and settings\Star1\Local Settings\Application Data\Thinstall
2009-06-04 09:37 . 2009-06-04 09:37 396288 ----a-w- c:\program files\HijackThis.exe
2009-06-04 09:24 . 2009-06-04 09:24 76288 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\4000001c400002i\ffencryptor.exe
2009-06-04 09:23 . 2009-06-04 09:23 76288 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\4000005800002i\ramsavercp.exe
2009-06-04 09:23 . 2009-06-04 09:23 76288 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\40000011800002i\extradrivepro.exe
2009-06-04 09:17 . 2009-06-04 09:17 76288 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\40000013d00002i\armortools.exe
2009-06-04 08:56 . 2009-06-04 08:56 76288 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\10000006600002i\regedit.exe
2009-06-04 08:02 . 2009-06-04 08:02 76288 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\40000023d00002i\wintools.exe
2009-06-04 08:02 . 2009-06-04 08:02 76288 ----a-w- c:\documents and settings\Star1\Application Data\Thinstall\GD XtraTools 2009 ver. 1.0\4000002500002i\xttray.exe
2009-06-04 08:02 . 2009-06-04 11:14 -------- d-----w- c:\documents and settings\Star1\Application Data\Thinstall
2009-06-03 23:00 . 2009-06-03 23:00 -------- d-----w- c:\program files\Trend Micro
2009-06-03 22:58 . 2008-02-16 17:34 34855 ----a-w- c:\program files\cmd.exe
2009-06-03 22:53 . 2009-06-03 22:53 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-06-03 22:53 . 2009-06-03 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-06-03 22:53 . 2009-06-03 22:53 -------- d-----w- c:\program files\Diskeeper Corporation
2009-06-03 22:40 . 2009-06-03 22:40 -------- d-----w- c:\documents and settings\Star1\Application Data\gtk-2.0
2009-06-03 22:38 . 2009-06-03 22:38 -------- d-----w- c:\documents and settings\Star1\Sarah.part5
2009-06-03 22:38 . 2009-06-03 22:38 -------- d-----w- c:\documents and settings\Star1\Sarah.part4
2009-06-03 22:37 . 2009-06-03 22:37 -------- d-----w- c:\documents and settings\Star1\Sarah.part2
2009-06-03 22:37 . 2009-06-03 22:37 -------- d-----w- c:\documents and settings\Star1\Sarah.part3
2009-06-03 22:36 . 2009-06-03 22:38 -------- d-----w- c:\documents and settings\Star1\Sarah.part1
2009-06-03 22:26 . 2009-06-04 13:27 -------- d-----w- c:\documents and settings\Star1\.tucan
2009-06-03 22:25 . 2009-06-04 01:05 -------- d-----w- C:\Tucan
2009-06-03 17:44 . 2009-06-03 17:44 0 ----a-w- C:\osy3.sys
2009-06-03 17:36 . 2009-06-03 17:42 -------- d-----w- c:\program files\Common Files\delet
2009-06-03 17:25 . 2009-06-03 17:28 -------- d-----w- c:\program files\Ace Utilities
2009-06-03 17:10 . 2006-12-25 01:29 9488 ----a-r- c:\windows\kill.exe
2009-06-03 17:09 . 2009-06-03 17:09 0 ----a-w- c:\windows\system32\WinWare.sys
2009-06-01 21:23 . 2009-06-02 00:20 -------- d-----w- C:\QUARANTINE
2009-06-01 21:22 . 2009-06-01 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-01 05:02 . 2009-06-01 06:59 64512 ---ha-w- c:\documents and settings\Star1\Application Data\dach100.dll
2009-05-31 21:13 . 2009-05-31 21:23 206 ---ha-w- c:\windows\winshell.dat
2009-05-31 17:00 . 2009-03-27 00:04 110592 -c--a-w- c:\documents and settings\Star1\Application Data\Mozilla\Firefox\Profiles\za87hvvf.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-05-31 11:04 . 2009-05-31 11:04 -------- d-----w- c:\documents and settings\Star1\Local Settings\Application Data\Abadisoft_Group
2009-05-31 09:00 . 2009-05-31 09:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-05-31 07:16 . 2009-05-31 07:16 -------- d-----w- C:\zyz_mcafee
2009-05-29 19:10 . 2008-10-16 21:06 268648 ---ha-w- c:\windows\system32\mucltui.dll
2009-05-29 18:08 . 2009-05-29 18:08 -------- d-----w- c:\documents and settings\Star1\Application Data\Uniblue
2009-05-29 18:07 . 2009-05-27 12:31 2568238 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-05-29 18:07 . 2009-05-29 18:07 -------- d-----w- c:\program files\Uniblue
2009-05-29 18:07 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-05-29 18:07 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-05-29 18:07 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-05-29 18:07 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-05-29 18:07 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-05-29 18:07 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-05-29 18:07 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-05-29 15:39 . 2009-06-01 05:01 -------- d-----w- c:\program files\IE Doctor
2009-05-29 15:38 . 2009-05-29 18:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-05-29 14:59 . 2009-05-29 14:59 -------- d-----w- c:\program files\Windows Doctor
2009-05-29 14:12 . 2009-05-29 14:12 -------- d-sh--w- c:\documents and settings\Star1\IECompatCache
2009-05-29 14:11 . 2009-05-29 14:11 -------- d-sh--w- c:\documents and settings\Star1\PrivacIE
2009-05-28 19:31 . 2009-05-28 19:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-28 19:29 . 2009-05-28 19:29 -------- d-sh--w- c:\documents and settings\Star1\IETldCache
2009-05-28 19:22 . 2009-05-28 19:22 -------- d--h--w- c:\windows\ie8updates
2009-05-28 19:18 . 2009-05-28 19:18 -------- d-----w- c:\documents and settings\Star1\Local Settings\Application Data\PCHealth
2009-05-28 19:17 . 2009-05-28 19:19 -------- dc-h--w- c:\windows\ie8
2009-05-28 18:56 . 2009-05-28 18:56 -------- d-----w- c:\program files\Windows Defender
2009-05-28 18:45 . 2009-05-28 18:46 -------- d-----w- c:\documents and settings\Star1\Application Data\IE7Pro
2009-05-28 15:20 . 2009-05-28 15:20 -------- d-----w- c:\documents and settings\Star1\Application Data\CyberScrub
2009-05-28 09:41 . 2009-05-28 09:42 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-27 19:12 . 2009-05-27 19:12 -------- d--h--w- c:\windows\DownUp Utilities 2009
2009-05-27 19:12 . 2009-05-27 19:12 -------- d-----w- c:\program files\DownUp Utilities 2009
2009-05-27 07:25 . 1999-09-10 11:06 5600 -c-ha-w- c:\windows\system\winaspi.dll
2009-05-27 07:25 . 1999-09-10 11:06 4672 -c-ha-w- c:\windows\system\wowpost.exe
2009-05-27 07:25 . 1999-09-10 11:06 25244 -c-ha-w- c:\windows\system32\drivers\aspi32.sys
2009-05-27 07:25 . 1999-09-10 11:06 45056 -c-ha-w- c:\windows\system32\wnaspi32.dll
2009-05-25 06:07 . 2004-08-04 04:07 221184 ---ha-w- c:\windows\system32\wmpns.dll
2009-05-25 03:34 . 1999-02-19 14:54 40960 ---ha-w- c:\windows\system32\SSubTmr6.dll
2009-05-25 03:34 . 2009-05-25 20:36 -------- d-----w- c:\program files\SubFind
2009-05-24 08:59 . 2006-03-17 00:38 28672 ---ha-w- c:\windows\system32\verclsid.exe
2009-05-24 07:56 . 2009-05-24 07:56 -------- d-sha-r- C:\autorun.inf.bak
2009-05-24 07:43 . 2009-06-04 14:59 -------- d--h--w- c:\windows\system32\NtmsData
2009-05-24 06:20 . 2009-05-24 06:20 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-24 06:18 . 2009-05-24 06:18 -------- d-----w- c:\documents and settings\Star1\Application Data\Malwarebytes
2009-05-24 06:18 . 2009-04-06 22:32 15504 ---ha-w- c:\windows\system32\drivers\mbam.sys
2009-05-24 06:18 . 2009-04-06 22:32 38496 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 06:18 . 2009-05-24 06:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-24 06:18 . 2009-05-24 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-24 06:14 . 2009-05-24 06:14 -------- d-----w- c:\documents and settings\Star1\Application Data\TrojanHunter
2009-05-24 04:04 . 2009-05-24 07:10 -------- d-----w- c:\program files\TrojanHunter 5.0
2009-05-24 03:58 . 2009-05-24 03:58 -------- d-----w- c:\documents and settings\Star1\Local Settings\Application Data\Mayoko
2009-05-24 02:57 . 2009-05-24 03:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-24 02:05 . 2009-05-24 07:08 -------- d-----w- c:\program files\Anti Trojan Elite
2009-05-23 15:29 . 2003-03-01 01:26 139536 ---ha-w- c:\windows\system32\javaee.dll
2009-05-23 15:29 . 2003-03-01 01:26 15120 ---ha-w- c:\windows\system32\jdbgmgr.exe
2009-05-23 06:37 . 2009-06-04 10:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-23 01:40 . 2009-05-23 05:49 -------- d--h--w- c:\windows\system32\CatRoot_bak
2009-05-21 06:39 . 2009-05-21 06:39 626688 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\msvcr80.dll
2009-05-21 06:39 . 2009-05-21 06:39 548864 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\msvcp80.dll
2009-05-21 06:39 . 2009-05-21 06:39 1757184 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\fdmbtsupp.dll
2009-05-21 06:38 . 2009-05-21 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Torrent2Exe
2009-05-21 06:33 . 2009-05-21 06:33 -------- d-----w- c:\program files\BT Engine
2009-05-21 05:23 . 2008-06-13 13:10 272128 -c--a-w- c:\windows\system32\dllcache\bthport.sys
2009-05-21 05:23 . 2008-06-13 13:10 272128 ---ha-w- c:\windows\system32\drivers\bthport.sys
2009-05-21 05:18 . 2009-02-06 17:22 2136064 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-21 05:18 . 2009-02-06 16:49 2015744 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-20 21:50 . 2009-05-20 22:03 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-20 03:07 . 2009-05-20 03:07 198064 ----a-w- c:\documents and settings\Star1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-20 02:48 . 2009-05-28 19:21 -------- d--h--w- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 15:33 . 2009-04-21 06:45 -------- d-----w- c:\documents and settings\Star1\Application Data\DMCache
2009-06-04 14:42 . 2009-03-13 03:59 -------- d-----w- c:\program files\Google
2009-06-04 14:37 . 2009-06-03 05:00 463200 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-03 15:54 . 2009-05-28 15:19 -------- d-----w- c:\documents and settings\Star1\Application Data\cleaner
2009-05-31 11:02 . 2009-04-14 14:07 -------- d-----w- c:\program files\Mobily Connect Card
2009-05-28 19:17 . 2009-03-14 13:14 -------- d-----w- c:\documents and settings\Star1\Application Data\okayblueuser
2009-05-26 14:11 . 2009-04-21 06:45 -------- d-----w- c:\documents and settings\Star1\Application Data\IDM
2009-05-26 05:36 . 2009-03-13 00:29 172775 ---ha-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-23 15:29 . 2009-05-23 15:29 2678 ---ha-w- c:\windows\java\Packages\Data\29JHBP7Z.DAT
2009-05-23 15:29 . 2009-05-23 15:29 2678 ---ha-w- c:\windows\java\Packages\Data\AR7HN97D.DAT
2009-05-23 15:29 . 2009-05-23 15:29 2678 ---ha-w- c:\windows\java\Packages\Data\Z1RJXR3X.DAT
2009-05-23 15:29 . 2009-05-23 15:29 2678 ---ha-w- c:\windows\java\Packages\Data\HJVZ97VB.DAT
2009-05-23 15:29 . 2009-05-23 15:29 2678 ---ha-w- c:\windows\java\Packages\Data\26QTVRBD.DAT
2009-05-21 06:03 . 2009-05-21 06:03 360320 ---ha-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-05-20 15:27 . 2009-04-21 06:45 -------- d-----w- c:\program files\Internet Download Manager
2009-05-13 16:35 . 2009-03-13 04:04 -------- d-----w- c:\program files\CCleaner
2009-05-12 16:05 . 2009-04-24 02:04 -------- d-----w- c:\program files\Western Digital
2009-05-05 14:29 . 2009-03-13 03:08 10 -c-ha-w- c:\windows\popcinfo.dat
2009-05-04 11:16 . 2009-05-04 11:12 53248 ---ha-w- c:\windows\PSEXESVC.EXE
2009-05-04 11:16 . 2009-05-04 11:15 -------- d-----w- c:\documents and settings\Star1\Application Data\cleaner1
2009-05-02 06:31 . 2009-05-02 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-05-02 06:31 . 2009-05-02 06:31 -------- d-----w- c:\documents and settings\Star1\Application Data\GRETECH
2009-05-02 06:28 . 2009-05-02 06:28 -------- d-----w- c:\program files\GRETECH
2009-04-27 15:21 . 2009-04-27 15:21 -------- d-----w- c:\program files\Common Files\xing shared
2009-04-27 15:21 . 2009-03-13 01:22 -------- d-----w- c:\program files\Common Files\Real
2009-04-27 15:21 . 2009-03-13 01:22 348160 ---ha-w- c:\windows\system32\msvcr71.dll
2009-04-27 15:21 . 2009-03-13 01:22 499712 ---ha-w- c:\windows\system32\msvcp71.dll
2009-04-26 17:36 . 2009-04-26 17:36 390664 ----a-w- c:\documents and settings\Star1\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-24 02:22 . 2009-04-24 02:03 -------- d-----w- c:\program files\Common Files\eSellerate
2009-04-24 02:17 . 2009-04-24 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon
2009-04-24 02:15 . 2009-04-24 02:15 -------- d-----w- c:\documents and settings\Star1\Application Data\Memeo
2009-04-24 01:58 . 2009-04-24 01:58 -------- d-----w- c:\program files\Western Digital Corporation
2009-03-13 04:05 . 2009-03-13 04:05 73216 -c-ha-w- c:\windows\ST6UNST.EXE
2009-03-13 04:05 . 2009-03-13 04:05 172032 -c-ha-w- c:\windows\Setup1.exe
2009-03-13 04:02 . 2009-03-13 00:38 94632 -c--a-w- c:\documents and settings\Star1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-13 03:56 . 2009-03-13 03:56 720896 -c-ha-w- c:\windows\system32\maad.dll
2009-03-13 03:56 . 2009-03-13 03:56 425984 -c-ha-w- c:\windows\system32\maai.dll
2009-03-13 03:56 . 2009-03-13 03:56 335872 -c-ha-w- c:\windows\system32\maac.dll
2009-03-13 03:56 . 2009-03-13 03:56 327680 -c-ha-w- c:\windows\system32\maae.dll
2009-03-13 03:56 . 2009-03-13 03:56 315392 -c-ha-w- c:\windows\system32\maab.dll
2009-03-13 03:56 . 2009-03-13 03:56 307200 -c-ha-w- c:\windows\system32\maaf.dll
2009-03-13 03:56 . 2009-03-13 03:56 1871872 -c-ha-w- c:\windows\system32\maaa.dll
2009-03-13 03:56 . 2009-03-13 03:56 1028096 -c-ha-w- c:\windows\system32\maah.dll
2009-03-13 03:56 . 2009-03-13 03:20 196608 -c-ha-w- c:\windows\system32\maag.dll
2009-03-13 03:56 . 2003-08-07 23:01 237568 -c-ha-w- c:\windows\system32\lame_enc.dll
2009-03-13 03:21 . 2009-03-13 03:21 90112 -c-ha-w- c:\windows\system32\ALOAudioFormatSettings3.dll
2009-03-13 03:21 . 2009-03-13 03:21 780288 -c-ha-w- c:\windows\system32\ALOVideoCompress.dll
2009-03-13 03:21 . 2009-03-13 03:21 778240 -c-ha-w- c:\windows\system32\ALOAudioCompress2.dll
2009-03-13 03:21 . 2009-03-13 03:21 2846720 -c-ha-w- c:\windows\system32\ALOAudioCompress3.dll
2009-03-13 03:21 . 2009-03-13 03:21 215552 -c-ha-w- c:\windows\system32\ALOWMVFile.dll
2009-03-13 03:21 . 2009-03-13 03:21 188416 -c-ha-w- c:\windows\system32\ALOVideoFile.dll
2009-03-13 03:21 . 2009-03-13 03:20 1245184 -c-ha-w- c:\windows\system32\bkll.dll
2009-03-13 03:20 . 2009-03-13 03:20 90112 -c-ha-w- c:\windows\system32\agsaami.dll
2009-03-13 03:20 . 2009-03-13 03:20 610304 -c-ha-w- c:\windows\system32\agsaamg.dll
2009-03-13 03:20 . 2009-03-13 03:20 372736 -c-ha-w- c:\windows\system32\agsaamc.dll
2009-03-13 03:20 . 2009-03-13 03:20 2535424 -c-ha-w- c:\windows\system32\agsaamj.dll
2009-03-13 03:20 . 2009-03-13 03:20 1986560 -c-ha-w- c:\windows\system32\akll.dll
2009-03-13 03:20 . 2009-03-13 03:20 1212416 -c-ha-w- c:\windows\system32\ckll.dll
2009-03-13 03:15 . 2009-03-13 03:15 512096 -c-ha-w- c:\windows\system32\drivers\amon.sys
2009-03-13 03:15 . 2009-03-13 03:15 298104 ---ha-w- c:\windows\system32\imon.dll
2009-03-13 03:15 . 2009-03-13 03:15 15424 -c-ha-w- c:\windows\system32\drivers\nod32drv.sys
2009-03-13 03:10 . 2009-03-13 03:10 9856 -c-ha-w- c:\windows\system32\drivers\pfc.sys
2009-03-13 03:09 . 2009-03-13 03:09 2232 -c-ha-w- c:\windows\java\Packages\Data\N3LNJ93T.DAT
2009-03-13 03:09 . 2009-03-13 03:09 155995 -c-ha-w- c:\windows\java\Packages\BRBDRNRR.ZIP
2009-03-13 00:26 . 2009-03-13 00:26 21640 -c-ha-w- c:\windows\system32\emptyregdb.dat
2009-03-08 11:34 . 2004-08-04 04:07 914944 ---ha-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2004-08-04 04:07 43008 ---ha-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2004-08-04 04:07 18944 ---ha-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2004-08-04 04:07 420352 ---ha-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2004-08-04 04:07 72704 ---ha-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2004-08-04 04:07 71680 ---ha-w- c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2004-08-04 04:07 34816 ---ha-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2004-08-04 04:07 48128 ---ha-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2004-08-04 04:07 45568 ---ha-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2004-08-04 04:07 156160 ---ha-w- c:\windows\system32\msls31.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-03-19 630784]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"AFProg"="c:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-26 118784]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-25 2807216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-27 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-7-9 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMoreProgram"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\zyz_mcafee\\AutoPlay\\Docs\\VirusScan Enterprise\\11.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"12140:TCP"= 12140:TCP:BitComet 12140 TCP
"12140:UDP"= 12140:UDP:BitComet 12140 UDP
"14988:TCP"= 14988:TCP:BitComet 14988 TCP
"14988:UDP"= 14988:UDP:BitComet 14988 UDP
"23232:TCP"= 23232:TCP:*isabled:BitComet 23232 TCP
"23232:UDP"= 23232:UDP:*isabled:BitComet 23232 UDP
"21186:TCP"= 21186:TCP:BitComet 21186 TCP
"21186:UDP"= 21186:UDP:BitComet 21186 UDP
"14710:TCP"= 14710:TCP:BitComet 14710 TCP
"14710:UDP"= 14710:UDP:BitComet 14710 UDP
"12586:TCP"= 12586:TCP:BitComet 12586 TCP
"12586:UDP"= 12586:UDP:BitComet 12586 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13/03/2009 06:15 ص 15424]
R1 SysLib0;SysLib0;c:\windows\system32\drivers\SysLib0.sys [04/06/2009 05:34 م 8280064]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [04/11/2006 05:19 ص 13592]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [13/03/2009 07:36 ص 5632]
R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [13/03/2009 07:36 ص 21504]
S0 mvsezrh;mvsezrh;c:\windows\system32\drivers\vkezcdes.sys --> c:\windows\system32\drivers\vkezcdes.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [04/05/2009 02:12 م 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-06-04 c:\windows\Tasks\User_Feed_Synchronization-{E6EF1CF1-6346-4DEA-B93B-058003BF7F17}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BkavFw - c:\program files\Bkav2006\Bkav2006.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = google.net-studio.org
mWindow Title = Microsoft Internet Explorer
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Star1\Application Data\Mozilla\Firefox\Profiles\za87hvvf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT731628&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - fbmgamesetup Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\Star1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Star1\Application Data\Mozilla\Firefox\Profiles\za87hvvf.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 18:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-73586283-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD4D6288-3527-657F-CA82-5BAA3D59024C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):35,90,f6,5c,de,1b,d3,64,46,22,78,49,d0,af,77,34,6f,4d,41,c8,a4,
e8,a5,04,87,82,6b,7e,dd,6d,21,8c,75,00,1a,d6,30,c9,57,f9,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bf3b1c1c-5617-405f-904e-304b95ff1956}]
@Denied: (Full) (Everyone)
"Model"=dword:00000090
"Therad"=dword:00000017
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3636)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\wscntfy.exe
c:\program files\Google\Web Accelerator\GoogleWebAccClient.exe
.
**************************************************************************
.
Completion time: 2009-06-04 18:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 15:34

Pre-Run: 27,879,763,968 bytes free
Post-Run: 27,742,150,656 bytes free

410

لاتزال المشكلة قلئمة

الان ظهرت لي رسالة خطأ

خطأ في النظام - اكسبلور.اي اكس اي

خطأ تطبيق

حدث الاستثناء 0اكس سي 0000094 يونكنوون سوفت وير اكسيبتيشن في التطبيق في الموقع 0اكس69سي3633

المعذرة بعد هذه الاداة لم استطع الكتابة بالانجليزي

حل من حل

 

حمل هذا البرنامج

http://www.spywarefri.dk/downloads1/mbam-setup.exe

ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير



وبعد انتهاء الفحص اعمل التالي



انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

 

هذا التقرير عزيزي

Malwarebytes' Anti-Malware 1.37
Database version: 2230
Windows 5.1.2600 Service Pack 2

04/06/2009 11:39:31 م
mbam-log-2009-06-04 (23-39-31).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 144289
Time elapsed: 25 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

وايضا مافي فايده

 

اولاا / لإعادة مدخلات مسجل النظام للوضع الا فتراضي

حمل هذا الملف وقوم بتشغيله
http://tools.zyzoom.org/tools/system/SREngLdr.EXE

واتبع التالي كما موجود بالصور






ثانيا / ولتنظيف الجهاز بالكامل من مخلفات الملفات المؤقته وتصفح الانترنت
حمل الملف هذا واتبع الارشادات

http://tools.zyzoom.org/tools/system/zyzoom_cleaner.com



ثالثا / وبعد الانتهاء منم جميع ما سبق ,, اعمل تقرير هايجاك جديد
وارفقه بردك القادم

 

عفوا اخي الكريم فجميع البرامج لم تحل المشكلة

بالنسبة الى التقرير لم يظهر لي في اي برنامج مما سبق لك وضعه في المشاركة الاخيرة

 

هناك سؤال هل بعد فورمات الجهاز ترجع المجلدات الى وضعها الطبيعي حيث اني سوف انسخها في الهارردسك الخارجي

ولكني اخاف انها ترجع لنفس المشكلة بعد الفورمات

 

اخي سبب المشكلة تم حذفه وتنظيفه

كود:

[FONT=Times New Roman]HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully[/FONT]

والفورمات يحل كل المشاكل

 

بس المشكلة لا زالت انا على العموم وجدت الحل في منتديات الصايرة واشكر الاخ raaj على وضع الادات



هذه الصورة هي مشكلتي

ولاخواننا سوف اضع الرابط للاداة وارجوا منكم عدم حذفها ليستفيد منها الاخوان

http://www.snapfiles.com/get/shellexview.html

_________

وهذا شرح لها من الاخ raaj

ان فساد Windows Explorer تأتي إما بسبب فيروس او سباي وير
وتأتي ايضا نتيجة 3rd party shell extensions والتي لا تعمل
بطريقة سليمة.

فإذا كنت أخي قد عملت فحص لازالة الفيروسات
والسباي وير ولم تنتهي مشكلتك فتعال معي لنحاول حلها سوياً
حمل هذه الاداة الصغيرة ShellExView


هذه الاداة تظهر لك كل shell extensions التابعة للميكروسوفت
ولغيرها أي 3rd party shell extensions أيضا

الآن نعطل كل 3rd party shell extensions وذلك بإختيارها والضغط
على الزر الاحمر في الاداة. الان نقوم بأي عمل يؤدي الى حدوث
الرسالة المزعجة ......

فإذا لم تأتِ الرسالة فمعنى ذلك أننا تمكنا من توقيف مسبب الفساد
عن العمل...

يبقى علينا الآن ان نعرفه وهذا يتم بأن نقوم بتشغيل
ال shell extensions واحداً تلو الآخر ونجرب بعد تشغيل كل واحد
القيام بذاك العمل الذي يؤدي الى ظهور الرسالةز

ونعيد ذلك مع كل اكستنشن الى ان تظهر الرسالة فنعرف الفاعل
ونعطله الى الابد واذا كنا لا نستغني عن البرنامج الام لهذا extension
فنحاول استخدام إصدار آخر من البرنامج.

إعادة تشغيل extension المختلفة تتم بالضغط على الزر الاخضر

 

اشكرك عزيزي على المجهود المبذلي لحل مشكلتي واتمنى اني اكون خفيف على قلبك وعدم ازعاجي لك

تحياتي

 

كل عام وانتم بخير وطابت اوقاتكم بالخير والمسرات

 

!!!!!
يمنع رفع المواضيع القديمه !
يغلق !