خلل في جهازي

نسمه الفجر · ‏يوليو 10, 2009

المصدر: خلل في جهازي
في منتدى : منتدى مشاكـل وحلول الحـاسب

آلسلآم عليڪْم .. آخۉآني آنآ آۉآجهْ مشڪْلهْ ۉعرضٺ جهآزي ع آخصآئي ۉلم يجدي نفعآ به ۉجهآزي يطفئ من نفسه دائما مع اني لا احمل برامج الا نااااااااااادر آريد علآج له
ويعطيكم الف عافيه

فارس الملاك · ‏يوليو 10, 2009

حمل هذا البرنامج
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم

نسمه الفجر · ‏يوليو 10, 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28:13, on 19/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Users\user\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sa&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sa&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sa&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dashabout] "C:\ProgramData\uploadlitelite.mff43"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Corn vga thunk.xg0eksc"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: ???? ????? Google (gupdate1c9eb3fdfdb7676) (gupdate1c9eb3fdfdb7676) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10843 bytes

نسمه الفجر · ‏يوليو 10, 2009

هذا التقرير اخوي يعطيك العافيه

فارس الملاك · ‏يوليو 10, 2009

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
http://www.zyzoom.net/soft/security/...HijackThis.exe
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

نسمه الفجر · ‏يوليو 10, 2009

هذا التقرير الاول اخوي
ComboFix 09-07-09.06 - user 19/07/2009 1:39.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.1033 [GMT 3:00]
Running from: c:\users\user\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1732793773-4255875636-73055158-500
c:\$recycle.bin\S-1-5-21-769084810-1289005849-3747937148-500
c:\windows\Installer\20fd0.msi
c:\windows\Installer\361ba.msi
c:\windows\Installer\4c588c.msi
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 22:32 . 2009-07-18 22:32 -------- d-----w- c:\users\user\AppData\Roaming\PeerNetworking
2009-07-18 20:21 . 2009-07-09 11:42 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\NAVEX32A.DLL
2009-07-18 20:21 . 2009-07-09 11:42 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\NAVENG.SYS
2009-07-18 20:21 . 2009-07-09 11:42 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\NAVEX15.SYS
2009-07-18 20:21 . 2009-07-09 11:42 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\EECTRL.SYS
2009-07-18 20:21 . 2009-07-09 11:42 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\ERASER.SYS
2009-07-18 20:21 . 2009-07-09 11:42 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\NAVENG32.DLL
2009-07-18 20:21 . 2009-07-09 11:42 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\ECMSVR32.DLL
2009-07-18 20:21 . 2009-07-09 11:42 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\CCERASER.DLL
2009-07-16 18:22 . 2009-07-16 18:22 -------- d-----w- c:\programdata\Messenger Plus!
2009-07-16 15:14 . 2009-07-16 15:14 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-16 15:08 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\Scxpx86.dll
2009-07-16 15:08 . 2009-07-09 11:42 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSviA64.sys
2009-07-16 15:08 . 2009-07-09 11:42 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSvix86.sys
2009-07-16 15:08 . 2009-07-09 11:42 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSXpx86.sys
2009-07-16 15:08 . 2009-07-09 11:42 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSxpx86.dll
2009-07-16 15:02 . 2009-07-16 15:02 -------- d-----w- c:\program files\Circle Developeent
2009-07-11 11:30 . 2009-07-11 11:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 20:24 . 2009-07-09 20:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-09 20:16 . 2009-07-09 20:24 -------- d-----w- c:\program files\Common Files\Real
2009-07-09 20:16 . 2009-07-09 20:16 -------- d-----w- c:\program files\Real
2009-07-09 11:41 . 2009-07-09 11:41 -------- d-----w- c:\programdata\Norton
2009-07-09 11:41 . 2009-07-09 11:41 -------- d-----w- c:\program files\NortonInstaller
2009-07-09 11:36 . 2009-07-09 11:41 -------- d-----w- c:\programdata\NortonInstaller
2009-07-01 17:25 . 2009-07-01 17:25 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDB81.tmp.exe
2009-06-23 11:35 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-23 11:35 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-19 23:44 . 2007-05-01 17:20 91136 ----a-w- c:\programdata\CanonBJ\IJPrinter\CNMWindows\Canon MP220 series Printer\LanguageModules\0c0a\CNMsr8T.dll
2009-06-19 23:43 . 2009-06-19 23:43 -------- d--h--w- c:\programdata\CanonBJ
2009-06-19 23:41 . 2008-02-05 17:00 216064 ----a-w- c:\windows\system32\CNMLM8T.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 22:44 . 2009-05-08 14:24 -------- d-----w- c:\users\user\AppData\Roaming\Skype
2009-07-18 21:08 . 2009-05-08 14:28 -------- d-----w- c:\users\user\AppData\Roaming\skypePM
2009-07-18 20:11 . 2009-05-08 15:37 843776 ----a-w- c:\programdata\Okay meta anti lite\heart locks.exe
2009-07-18 10:26 . 2009-05-01 12:55 2484 ----a-w- c:\windows\bthservsdp.dat
2009-07-16 15:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-07-15 20:42 . 2009-05-24 11:12 680 ----a-w- c:\users\user\AppData\Local\d3d9caps.dat
2009-07-14 22:00 . 2009-05-08 15:22 -------- d-----w- c:\program files\Windows Live
2009-07-13 22:34 . 2009-05-01 13:03 27240 ----a-w- c:\users\user\AppData\Roaming\nvModes.dat
2009-07-13 12:21 . 2009-05-01 06:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 12:21 . 2009-05-01 15:46 -------- d-----w- c:\program files\Electronic Arts
2009-07-11 11:29 . 2009-05-01 06:43 -------- d-----w- c:\program files\Java
2009-07-09 21:25 . 2009-05-01 05:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-09 11:41 . 2009-05-01 05:09 -------- d-----w- c:\programdata\Symantec
2009-07-06 17:15 . 2009-05-08 15:36 -------- d-----w- c:\programdata\RoamEggsMove
2009-07-02 19:03 . 2009-05-01 05:04 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-02 19:01 . 2009-05-01 06:42 -------- d-----w- c:\program files\Hp
2009-06-20 18:05 . 2009-05-01 05:49 -------- d-----w- c:\program files\Microsoft Works
2009-06-19 23:27 . 2009-06-19 23:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-17 17:14 . 2009-05-01 07:11 -------- d-----w- c:\programdata\CyberLink
2009-06-14 10:33 . 2009-06-13 22:43 -------- d-----w- c:\programdata\NOS
2009-06-14 10:33 . 2009-06-13 22:43 -------- d-----w- c:\program files\NOS
2009-06-13 22:05 . 2009-06-13 22:05 -------- d-----w- c:\program files\WIDCOMM
2009-06-13 21:23 . 2009-05-01 15:52 67496 ----a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-12 09:28 . 2009-05-08 14:24 -------- d-----w- c:\program files\Google
2009-06-12 09:26 . 2009-06-12 09:26 -------- d-----w- c:\users\user\AppData\Roaming\DivX
2009-06-12 09:26 . 2009-06-12 09:26 -------- d-----w- c:\program files\DivX
2009-06-12 09:26 . 2009-06-12 09:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-12 09:26 . 2009-06-12 09:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-12 08:24 . 2009-05-01 16:09 -------- d-----w- c:\users\user\AppData\Roaming\CyberLink
2009-06-03 19:39 . 2009-06-03 19:39 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-06-03 19:35 . 2009-05-08 15:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-02 18:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 21:16 . 2009-05-28 21:16 -------- d-----w- c:\programdata\WLInstaller
2009-05-09 05:50 . 2009-06-20 15:54 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-20 15:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 15:37 . 2009-05-08 15:37 839680 ----a-w- c:\programdata\RoamEggsMove\deerhwsw.exe
2009-05-08 15:36 . 2009-05-08 15:36 487424 ----a-w- c:\programdata\RoamEggsMove\Math cash trans.exe
2009-05-08 14:28 . 2009-05-08 14:28 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-05-02 06:29 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-23 12:43 . 2009-06-20 15:54 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-20 15:54 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-20 15:54 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dashabout"="c:\programdata\uploadlitelite.mff43" [X]
"ANTI LITE TITLE DEBUG"="c:\programdata\Corn vga thunk.xg0eksc" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-08 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-11 148888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-09 198160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CEE6B414-4A93-4089-AB1D-064361F5748F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{62DA40CB-C6C0-4F80-83EF-751D90336C2E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{96B38216-68B8-4059-BD01-26CB8E384FFC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9CCF373F-4D98-40CA-B075-C0DD5A0B92AB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BF7B1F37-0078-421B-A2D5-4829A592A309}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [09/07/2009 14:42 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [09/07/2009 14:42 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [09/07/2009 14:42 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSvix86.sys [16/07/2009 18:08 292912]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [08/05/2009 18:27 55280]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [09/07/2009 14:42 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/07/2009 22:34 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [09/07/2009 14:42 39984]
S2 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" --> c:\program files\Windows Live\Family Safety\fsssvc.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 09:26]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 09:26]

2009-07-18 c:\windows\Tasks\User_Feed_Synchronization-{F3DDA2E3-AFDC-4297-B1F2-4DA69B14A237}.job
- c:\windows\system32\msfeedssync.exe [2009-05-01 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-fssui - c:\program files\Windows Live\Family Safety\fsui.exe

.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sa&c=81&bd=Pavilion&pf=laptop
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y2oyd2ez.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 01:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-18 1:52
ComboFix-quarantined-files.txt 2009-07-18 22:52

Pre-Run: 96,646,864,896 bytes free
Post-Run: 96,761,548,800 bytes free

229 --- E O F --- 2009-07-04 15:12

فارس الملاك · ‏يوليو 10, 2009

استخدم هذه الاداة للتنظيف

http://www.atribune.org/ccount/click.php?id=1

نسمه الفجر · ‏يوليو 10, 2009

هذا تقرير الهايجك
ComboFix 09-07-09.06 - user 19/07/2009 1:39.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.1033 [GMT 3:00]
Running from: c:\users\user\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1732793773-4255875636-73055158-500
c:\$recycle.bin\S-1-5-21-769084810-1289005849-3747937148-500
c:\windows\Installer\20fd0.msi
c:\windows\Installer\361ba.msi
c:\windows\Installer\4c588c.msi
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 22:32 . 2009-07-18 22:32 -------- d-----w- c:\users\user\AppData\Roaming\PeerNetworking
2009-07-18 20:21 . 2009-07-09 11:42 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\NAVEX32A.DLL
2009-07-18 20:21 . 2009-07-09 11:42 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\NAVENG.SYS
2009-07-18 20:21 . 2009-07-09 11:42 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\NAVEX15.SYS
2009-07-18 20:21 . 2009-07-09 11:42 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\EECTRL.SYS
2009-07-18 20:21 . 2009-07-09 11:42 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\ERASER.SYS
2009-07-18 20:21 . 2009-07-09 11:42 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\NAVENG32.DLL
2009-07-18 20:21 . 2009-07-09 11:42 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\ECMSVR32.DLL
2009-07-18 20:21 . 2009-07-09 11:42 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090709.003\CCERASER.DLL
2009-07-16 18:22 . 2009-07-16 18:22 -------- d-----w- c:\programdata\Messenger Plus!
2009-07-16 15:14 . 2009-07-16 15:14 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-16 15:08 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\Scxpx86.dll
2009-07-16 15:08 . 2009-07-09 11:42 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSviA64.sys
2009-07-16 15:08 . 2009-07-09 11:42 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSvix86.sys
2009-07-16 15:08 . 2009-07-09 11:42 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSXpx86.sys
2009-07-16 15:08 . 2009-07-09 11:42 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSxpx86.dll
2009-07-16 15:02 . 2009-07-16 15:02 -------- d-----w- c:\program files\Circle Developeent
2009-07-11 11:30 . 2009-07-11 11:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 20:24 . 2009-07-09 20:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-09 20:16 . 2009-07-09 20:24 -------- d-----w- c:\program files\Common Files\Real
2009-07-09 20:16 . 2009-07-09 20:16 -------- d-----w- c:\program files\Real
2009-07-09 11:41 . 2009-07-09 11:41 -------- d-----w- c:\programdata\Norton
2009-07-09 11:41 . 2009-07-09 11:41 -------- d-----w- c:\program files\NortonInstaller
2009-07-09 11:36 . 2009-07-09 11:41 -------- d-----w- c:\programdata\NortonInstaller
2009-07-01 17:25 . 2009-07-01 17:25 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDB81.tmp.exe
2009-06-23 11:35 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-23 11:35 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-19 23:44 . 2007-05-01 17:20 91136 ----a-w- c:\programdata\CanonBJ\IJPrinter\CNMWindows\Canon MP220 series Printer\LanguageModules\0c0a\CNMsr8T.dll
2009-06-19 23:43 . 2009-06-19 23:43 -------- d--h--w- c:\programdata\CanonBJ
2009-06-19 23:41 . 2008-02-05 17:00 216064 ----a-w- c:\windows\system32\CNMLM8T.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 22:44 . 2009-05-08 14:24 -------- d-----w- c:\users\user\AppData\Roaming\Skype
2009-07-18 21:08 . 2009-05-08 14:28 -------- d-----w- c:\users\user\AppData\Roaming\skypePM
2009-07-18 20:11 . 2009-05-08 15:37 843776 ----a-w- c:\programdata\Okay meta anti lite\heart locks.exe
2009-07-18 10:26 . 2009-05-01 12:55 2484 ----a-w- c:\windows\bthservsdp.dat
2009-07-16 15:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-07-15 20:42 . 2009-05-24 11:12 680 ----a-w- c:\users\user\AppData\Local\d3d9caps.dat
2009-07-14 22:00 . 2009-05-08 15:22 -------- d-----w- c:\program files\Windows Live
2009-07-13 22:34 . 2009-05-01 13:03 27240 ----a-w- c:\users\user\AppData\Roaming\nvModes.dat
2009-07-13 12:21 . 2009-05-01 06:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 12:21 . 2009-05-01 15:46 -------- d-----w- c:\program files\Electronic Arts
2009-07-11 11:29 . 2009-05-01 06:43 -------- d-----w- c:\program files\Java
2009-07-09 21:25 . 2009-05-01 05:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-09 11:41 . 2009-05-01 05:09 -------- d-----w- c:\programdata\Symantec
2009-07-06 17:15 . 2009-05-08 15:36 -------- d-----w- c:\programdata\RoamEggsMove
2009-07-02 19:03 . 2009-05-01 05:04 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-02 19:01 . 2009-05-01 06:42 -------- d-----w- c:\program files\Hp
2009-06-20 18:05 . 2009-05-01 05:49 -------- d-----w- c:\program files\Microsoft Works
2009-06-19 23:27 . 2009-06-19 23:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-17 17:14 . 2009-05-01 07:11 -------- d-----w- c:\programdata\CyberLink
2009-06-14 10:33 . 2009-06-13 22:43 -------- d-----w- c:\programdata\NOS
2009-06-14 10:33 . 2009-06-13 22:43 -------- d-----w- c:\program files\NOS
2009-06-13 22:05 . 2009-06-13 22:05 -------- d-----w- c:\program files\WIDCOMM
2009-06-13 21:23 . 2009-05-01 15:52 67496 ----a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-12 09:28 . 2009-05-08 14:24 -------- d-----w- c:\program files\Google
2009-06-12 09:26 . 2009-06-12 09:26 -------- d-----w- c:\users\user\AppData\Roaming\DivX
2009-06-12 09:26 . 2009-06-12 09:26 -------- d-----w- c:\program files\DivX
2009-06-12 09:26 . 2009-06-12 09:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-12 09:26 . 2009-06-12 09:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-12 08:24 . 2009-05-01 16:09 -------- d-----w- c:\users\user\AppData\Roaming\CyberLink
2009-06-03 19:39 . 2009-06-03 19:39 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-06-03 19:35 . 2009-05-08 15:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-02 18:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 21:16 . 2009-05-28 21:16 -------- d-----w- c:\programdata\WLInstaller
2009-05-09 05:50 . 2009-06-20 15:54 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-20 15:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 15:37 . 2009-05-08 15:37 839680 ----a-w- c:\programdata\RoamEggsMove\deerhwsw.exe
2009-05-08 15:36 . 2009-05-08 15:36 487424 ----a-w- c:\programdata\RoamEggsMove\Math cash trans.exe
2009-05-08 14:28 . 2009-05-08 14:28 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-05-02 06:29 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-23 12:43 . 2009-06-20 15:54 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-20 15:54 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-20 15:54 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dashabout"="c:\programdata\uploadlitelite.mff43" [X]
"ANTI LITE TITLE DEBUG"="c:\programdata\Corn vga thunk.xg0eksc" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-08 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-11 148888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-09 198160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CEE6B414-4A93-4089-AB1D-064361F5748F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{62DA40CB-C6C0-4F80-83EF-751D90336C2E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{96B38216-68B8-4059-BD01-26CB8E384FFC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9CCF373F-4D98-40CA-B075-C0DD5A0B92AB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BF7B1F37-0078-421B-A2D5-4829A592A309}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [09/07/2009 14:42 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [09/07/2009 14:42 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [09/07/2009 14:42 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSvix86.sys [16/07/2009 18:08 292912]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [08/05/2009 18:27 55280]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [09/07/2009 14:42 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/07/2009 22:34 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [09/07/2009 14:42 39984]
S2 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" --> c:\program files\Windows Live\Family Safety\fsssvc.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 09:26]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 09:26]

2009-07-18 c:\windows\Tasks\User_Feed_Synchronization-{F3DDA2E3-AFDC-4297-B1F2-4DA69B14A237}.job
- c:\windows\system32\msfeedssync.exe [2009-05-01 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-fssui - c:\program files\Windows Live\Family Safety\fsui.exe

.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sa&c=81&bd=Pavilion&pf=laptop
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y2oyd2ez.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 01:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-18 1:52
ComboFix-quarantined-files.txt 2009-07-18 22:52

Pre-Run: 96,646,864,896 bytes free
Post-Run: 96,761,548,800 bytes free

229 --- E O F --- 2009-07-04 15:12

نسمه الفجر · ‏يوليو 10, 2009

استخدمت اداه التنظيف وقامت بتفريغ سله المهملات

algnral · ‏يوليو 10, 2009

هذي الفايروسات قضت عليها الاداه
c:\$recycle.bin\S-1-5-21-1732793773-4255875636-73055158-500
c:\$recycle.bin\S-1-5-21-769084810-1289005849-3747937148-500
c:\windows\Installer\20fd0.msi
c:\windows\Installer\361ba.msi
c:\windows\Installer\4c588c.msi
c:\windows\system32\KBL.LOG
هاتي تقرير هايجاك

نسمه الفجر · ‏يوليو 10, 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:13:58, on 19/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\p2phost.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\user\Downloads\HiJackThis(2).exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\user\Downloads\HiJackThis(3).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sa&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sa&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dashabout] "C:\ProgramData\uploadlitelite.mff43"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Corn vga thunk.xg0eksc"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: ???? ????? Google (gupdate1c9eb3fdfdb7676) (gupdate1c9eb3fdfdb7676) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10128 bytes

نسمه الفجر · ‏يوليو 10, 2009

هذا تقرير الهايجك الثالث
ويعطيكم الف عافيه

نورسيان · ‏يوليو 10, 2009

طيب عقب ذا الحوسه زان جهازك ولا لا

فارس الملاك · ‏يوليو 10, 2009

انتظري بس اشوف التقارير

نسمه الفجر · ‏يوليو 10, 2009

الله يجزاك خير يافارس الملاك ويوفقك لاني صراحه تعبت ان شاء الله تقدر تحل المشكله
انا ببريطانيا وديته لمحل صيانه ونظفه وخذ عليه تقريبا 400ريال ونفس القصه يطفى اذا فتحت النت وقبل جلس بالسعوديه عند الوكاله شهرين ولاتعدل شي غير انه فرمته

فارس الملاك · ‏يوليو 10, 2009

اختي احذفي هالقيم

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKCU\..\Run: [dashabout] "C:\ProgramData\uploadlitelite.mff43"

O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Corn vga thunk.xg0eksc"

=================================
طريقة الحذف

=====================================

استخدم هذه الاداة للتنظيف

http://www.atribune.org/ccount/click.php?id=1

فارس الملاك · ‏يوليو 10, 2009

بعدها اعملي اعادة تشغيل وقولي لي الاوضاع

فول سوداني · ‏يوليو 10, 2009

آخوي طفى عليهآ آلحين من جديد
كل مآبغت تسوي خطوه يطفى

فارس الملاك · ‏يوليو 10, 2009

مقتبس من فول سوداني: ↑

آخوي طفى عليهآ آلحين من جديد
كل مآبغت تسوي خطوه يطفى
أنقر للتوسيع...

هل انتي صاحبة الموضوع ؟؟

فول سوداني · ‏يوليو 10, 2009

لا آنـآ آلتي آجلس بآلقربب منهآ

تسجيل الدخول

خلل في جهازي

نسمه الفجر زيزوومي جديد

فارس الملاك زيزوومى محترف

نسمه الفجر زيزوومي جديد

نسمه الفجر زيزوومي جديد

فارس الملاك زيزوومى محترف

نسمه الفجر زيزوومي جديد

فارس الملاك زيزوومى محترف

نسمه الفجر زيزوومي جديد

نسمه الفجر زيزوومي جديد

algnral زيزوومى مميز

نسمه الفجر زيزوومي جديد

نسمه الفجر زيزوومي جديد

نورسيان زيزوومي جديد

فارس الملاك زيزوومى محترف

نسمه الفجر زيزوومي جديد

فارس الملاك زيزوومى محترف

فارس الملاك زيزوومى محترف

فول سوداني زيزوومي نشيط

فارس الملاك زيزوومى محترف

فول سوداني زيزوومي نشيط

مشاركة هذه الصفحة

تسجيل الدخول

خلل في جهازي

نسمه الفجر زيزوومي جديد

فارس الملاك زيزوومى محترف

نسمه الفجر زيزوومي جديد

نسمه الفجر زيزوومي جديد

فارس الملاك زيزوومى محترف

نسمه الفجر زيزوومي جديد

فارس الملاك زيزوومى محترف

نسمه الفجر زيزوومي جديد

نسمه الفجر زيزوومي جديد

algnral زيزوومى مميز

نسمه الفجر زيزوومي جديد

نسمه الفجر زيزوومي جديد

نورسيان زيزوومي جديد

فارس الملاك زيزوومى محترف

نسمه الفجر زيزوومي جديد

فارس الملاك زيزوومى محترف

فارس الملاك زيزوومى محترف

فول سوداني زيزوومي نشيط

فارس الملاك زيزوومى محترف

فول سوداني زيزوومي نشيط

مشاركة هذه الصفحة

عمليات بحث مفيدة