الفزعة ياجماعة جهازي بيتدمر من البرامج

البارون · ‏سبتمبر 21, 2009

احذف التالي

O23 - Service: 0168671223464657mcinstcleanup - - (no file)

O23 - Service: 0228801218559696mcinstcleanup - - (no file)

O23 - Service: 0305361221502108mcinstcleanup - - (no file)

طريقة الحذف

استخدم هذه الاداة للتنظيف

http://www.atribune.org/ccount/click.php?id=1

ثم تقرير جديد

ريم البحر · ‏سبتمبر 21, 2009

تفضل هذا هو التقرير

*******

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:13:12 م, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.sa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ScreensaversList.com Toolbar - {ecaa769e-9def-401e-8019-8582ec52f8e2} - C:\Program Files\ArtGameStudio\tbArt1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ScreensaversList.com Toolbar - {ecaa769e-9def-401e-8019-8582ec52f8e2} - C:\Program Files\ArtGameStudio\tbArt1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: ScreensaversList.com Toolbar - {ecaa769e-9def-401e-8019-8582ec52f8e2} - C:\Program Files\ArtGameStudio\tbArt1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253314008656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 0168671223464657mcinstcleanup - - (no file)
O23 - Service: 0228801218559696mcinstcleanup - - (no file)
O23 - Service: 0305361221502108mcinstcleanup - - (no file)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: خدمة تحديث Google (gupdate1c9b1503d0d7744) (gupdate1c9b1503d0d7744) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9052 bytes

البارون · ‏سبتمبر 21, 2009

اولاا / لإعادة مدخلات مسجل النظام للوضع الا فتراضي

حمل هذا الملف وقوم بتشغيله
http://tools.zyzoom.org/tools/system/SREngLdr.EXE

واتبع التالي كما موجود بالصور

ثانيا / ولتنظيف الجهاز بالكامل من مخلفات الملفات المؤقته وتصفح الانترنت
حمل الملف هذا واتبع الارشادات

http://tools.zyzoom.org/tools/system/zyzoom_cleaner.com

ثالثا / وبعد الانتهاء منم جميع ما سبق ,, اعمل تقرير هايجاك جديد

ريم البحر · ‏سبتمبر 21, 2009

الله يجعلك ع القوة يارب جاري تنفيذ دلك

ريم البحر · ‏سبتمبر 21, 2009

ربي لايحرمنا من جهودك الكبيرة وعطائك
الا محدود خيي

تفضل هذا التقرير الجديد

*******

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:32:58 م, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: ScreensaversList.com Toolbar - {ecaa769e-9def-401e-8019-8582ec52f8e2} - C:\Program Files\ArtGameStudio\tbArt1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ScreensaversList.com Toolbar - {ecaa769e-9def-401e-8019-8582ec52f8e2} - C:\Program Files\ArtGameStudio\tbArt1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: ScreensaversList.com Toolbar - {ecaa769e-9def-401e-8019-8582ec52f8e2} - C:\Program Files\ArtGameStudio\tbArt1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Alcmtr] ; ALCMTR.EXE
O4 - HKLM\..\Run: [Flashget] ; "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [LanguageShortcut] ; "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] ; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] ; RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] ; SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] ; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] ; "C:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253314008656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 0168671223464657mcinstcleanup - - (no file)
O23 - Service: 0228801218559696mcinstcleanup - - (no file)
O23 - Service: 0305361221502108mcinstcleanup - - (no file)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: خدمة تحديث Google (gupdate1c9b1503d0d7744) (gupdate1c9b1503d0d7744) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9615 bytes

البارون · ‏سبتمبر 21, 2009

هل كان يوجد على جهازك برنامج الحماية مكافي

ريم البحر · ‏سبتمبر 21, 2009

لا اتذكر انه كان موجود انما كان
برنامج كاسبر ولكن انتهى
واستبدلته بافاست ربما اثناء محاولتي البحث عن برنامج حماية حاولت
تثبيت والله لا اتذكر غير الكاسبر ولكني اقول ربما
حاولت تثبيته رغم اني لا احب المكافي :i:

البارون · ‏سبتمبر 21, 2009

اداة McAfee

استخدميها في الوضع الامن safe mode

طريقة الدخول على الوضع الامن
نعيد تشغيل الجهاز ثم نضغط f8 تاتي شاشة سوداء بها عدة خيارات نختار safe mode

ريم البحر · ‏سبتمبر 21, 2009

خيي والله خجلانة منك لاني تعبتك
الحقيقة قمت بتحميل البرنامج وتشغيله
وقمت بالضغط على f8
ولكن لم تظهر الشاشة السوداء ولم استطع الدخول الى الوضع الامن
:b:

rd-19 · ‏سبتمبر 21, 2009

تفضلي اربع طريق لدخول للوضع الامن

http://www.zyzoom.org/vb/showthread.php?t=5677.html

ريم البحر · ‏سبتمبر 21, 2009

اسفة تاخرة بس والله تعبت لين استطعت ارجع افتح
اللاب توب على النظام الاول
عملت بالطريقة الثانية من الطرق للدخول للوضع الامن
وماعرفت ايش اعمل وبعدها لفات وتعب استطعت لكن
لمن فتح الجهاز ظهرت لي هذي الرسالة عارفة تعبتكم معي والله
بس املي بالله وفيكم كبير
:er:

ريم البحر · ‏سبتمبر 21, 2009

مت بتنظيف جهازي بادات combofix
وكان هذا التقرير

ComboFix 09-09-20.04 - Satellite 09/21/2009 23:05.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1015.481 [GMT 3:00]
Running from: c:\documents and settings\Satellite\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.
2009-09-21 18:05 . 2009-09-21 18:05 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-21 18:05 . 2009-09-21 18:05 -------- d-----w- c:\documents and settings\Satellite\Application Data\Nokia Multimedia Player
2009-09-21 18:05 . 2009-09-21 18:05 -------- d-----w- c:\program files\Orbitdownloader
2009-09-21 18:05 . 2009-09-21 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-21 18:05 . 2009-09-21 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-21 17:55 . 2009-09-21 17:55 -------- d-s---w- c:\documents and settings\Administrator
2009-09-21 17:55 . 2008-03-27 17:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-09-21 16:26 . 2009-09-21 16:26 -------- d-----w- c:\documents and settings\Satellite\Application Data\zyzcleaner
2009-09-21 16:12 . 2009-09-21 16:12 -------- d-----w- C:\Recycled(2)
2009-09-21 14:18 . 2009-09-21 14:18 -------- d-----w- c:\program files\Internet Download Manager
2009-09-20 23:21 . 2009-09-20 23:21 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-20 00:34 . 2009-09-20 00:34 -------- d-----w- c:\documents and settings\Satellite\Application Data\Malwarebytes
2009-09-20 00:34 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 00:34 . 2009-09-20 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-20 00:34 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-20 00:34 . 2009-09-20 00:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 00:03 . 2009-09-20 00:03 -------- d-----w- c:\documents and settings\Satellite\Application Data\CyberScrub
2009-09-20 00:02 . 2009-09-20 00:02 -------- d-----w- c:\documents and settings\Satellite\Application Data\cleaner
2009-09-19 20:16 . 2009-09-19 20:16 -------- d-----w- c:\documents and settings\Satellite\Local Settings\Application Data\Runscanner.net
2009-09-19 17:26 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-19 16:13 . 2009-09-19 16:13 -------- d-----w- c:\program files\Trend Micro
2009-09-19 14:35 . 2009-09-19 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-19 14:34 . 2009-09-19 14:34 -------- d-----w- c:\program files\Circl Developement
2009-09-19 14:34 . 2009-09-19 14:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-19 14:29 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-19 14:28 . 2009-09-19 14:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-19 13:35 . 2009-09-19 13:35 -------- d-sh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-09-19 13:35 . 2009-09-19 13:35 -------- d-----w- c:\program files\Windows Live
2009-09-19 13:35 . 2009-09-19 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-09-19 13:32 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-19 12:20 . 2009-09-19 12:20 -------- d-----w- c:\program files\MSECACHE
2009-09-18 20:43 . 2009-09-18 20:43 -------- d-----w- C:\FOUND.003
2009-09-18 19:14 . 2009-09-18 19:14 -------- d-----w- C:\FOUND.002
2009-09-17 23:49 . 2009-09-17 23:49 -------- d-----w- C:\FOUND.001
2009-09-17 20:34 . 2009-09-17 20:34 -------- d-----w- c:\windows\Sun
2009-09-16 15:22 . 2009-09-16 15:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-13 13:02 . 2009-09-13 13:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-13 10:14 . 2009-09-13 10:14 -------- d-----w- c:\program files\Java
2009-09-07 08:08 . 2009-09-07 08:08 -------- d-----w- c:\documents and settings\Satellite\Application Data\GrabPro
2009-09-07 08:08 . 2009-09-07 08:08 -------- d-----w- c:\documents and settings\Satellite\Application Data\Orbit
2009-09-07 07:55 . 2009-09-07 07:55 -------- d-----w- c:\program files\SpeedFan
2009-09-07 07:55 . 2009-09-07 07:55 -------- d-----w- c:\program files\Bonjour
2009-09-07 07:55 . 2009-09-07 07:55 -------- d-----w- c:\program files\NO1 Video Converter
2009-09-07 07:54 . 2009-09-07 07:55 -------- d-----w- c:\program files\Aimersoft
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- c:\program files\DVD X Studios
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- c:\program files\Apple Software Update
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- C:\OutputFolder
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- C:\برنامج الدون لود منجر
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- C:\CCleaner
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----r- C:\برنامج SKYPE
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- C:\convert-rm
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- C:\Downloads
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- C:\Registry_Clean_Expert_4.71
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- C:\FOUND.000
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- C:\كل البرامج المهمة
2009-09-06 07:20 . 2009-09-06 07:20 -------- d-----w- c:\program files\Aimersoft(2)
2009-09-05 12:32 . 2009-09-05 12:33 -------- d-----w- c:\documents and settings\Satellite\Local Settings\Application Data\AskToolbar
2009-08-31 17:31 . 2009-08-31 17:31 -------- d-----w- c:\program files\Rar Repair Tool
2009-08-31 13:10 . 2009-08-31 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-31 13:10 . 2009-08-31 13:10 -------- d-----w- c:\program files\Nufsoft
2009-08-30 17:29 . 2009-08-30 17:29 -------- d-----w- c:\documents and settings\Satellite\Application Data\vlc
2009-08-30 17:27 . 2009-08-30 17:27 -------- d-----w- c:\program files\VideoLAN
2009-08-27 19:32 . 2009-08-27 19:32 -------- d-----w- c:\program files\Registry Clean Expert
2009-08-27 12:09 . 2009-08-27 12:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ArtGameStudio
2009-08-27 12:09 . 2009-08-27 12:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-08-26 11:33 . 2009-08-26 11:33 -------- d-----w- c:\documents and settings\Satellite\Application Data\Apple Computer
2009-08-26 11:31 . 2009-08-26 11:31 -------- d-----w- c:\documents and settings\Satellite\Local Settings\Application Data\Apple
2009-08-26 11:31 . 2009-08-26 11:31 -------- d-----w- c:\program files\Common Files\Apple
2009-08-26 11:31 . 2009-08-26 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-26 11:30 . 2009-08-26 11:30 -------- d-----w- c:\documents and settings\Satellite\Local Settings\Application Data\Apple Computer
2009-08-26 11:29 . 2009-08-26 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-22 20:18 . 2009-08-22 20:18 -------- d-----w- c:\documents and settings\Satellite\Application Data\Vbuzzer Messenger
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 16:10 . 2009-04-16 13:35 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-04-16 13:35 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-04-16 13:35 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-04-16 13:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-04-16 13:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-04-16 13:35 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-04-16 13:35 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-04-16 13:35 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-04-16 13:35 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 19:59 . 2009-08-14 19:59 -------- d-----w- c:\program files\Zizisoft
2009-08-10 19:00 . 2009-08-10 19:00 -------- d-----w- c:\program files\iColorFolder
2009-08-05 09:01 . 2004-08-03 18:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 16:18 . 2009-08-03 16:18 -------- d-----w- c:\documents and settings\Satellite\Application Data\Netscape
2009-08-03 16:18 . 2009-08-03 16:18 -------- d-----w- c:\program files\Photodex
2009-08-03 16:18 . 2009-08-03 16:18 -------- d-----w- c:\documents and settings\Satellite\Application Data\Photodex
2009-07-31 13:42 . 2009-07-31 13:42 1826617 ----a-w- c:\windows\www.elmjeck.com installspeedfan437.zip
2009-07-30 21:21 . 2009-07-30 21:21 -------- d-----w- c:\program files\Allok 3GP PSP MP4 iPod Video Converter
2009-07-29 19:48 . 2009-07-29 19:48 -------- d-----w- c:\program files\Makayama Interactive
2009-07-29 17:50 . 2009-07-29 17:50 -------- d-----w- c:\program files\برنامج عمل التأثيرات المائيه
2009-07-29 10:31 . 2009-07-29 10:31 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-29 10:31 . 2009-07-29 10:30 -------- d-----w- c:\program files\AML Products
2009-07-29 04:37 . 2004-08-03 18:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2001-08-23 09:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-28 07:48 . 2009-07-28 07:48 -------- d-----w- c:\program files\Boilsoft Video Splitter
2009-07-28 07:43 . 2009-07-28 07:43 4772923 ----a-w- C:\avi_mpg_splitter.exe
2009-07-24 17:03 . 2009-07-24 17:03 -------- d-----w- c:\program files\PicaView32
2009-07-24 12:28 . 2009-07-24 12:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-24 12:28 . 2009-07-24 12:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-24 12:27 . 2009-07-24 12:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-07-24 12:27 . 2009-07-24 12:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-24 12:25 . 2009-07-24 12:25 -------- d-----w- c:\documents and settings\Satellite\Application Data\Nokia
2009-07-24 12:25 . 2009-07-24 12:25 -------- d-----w- c:\documents and settings\Satellite\Application Data\PC Suite
2009-07-24 12:25 . 2009-07-24 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-07-24 11:48 . 2009-07-24 11:48 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-24 11:48 . 2009-07-24 11:48 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-24 11:48 . 2009-07-24 11:48 -------- d-----w- c:\program files\DIFX
2009-07-24 11:48 . 2009-07-24 11:48 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-24 11:46 . 2009-07-24 11:46 -------- d-----w- c:\program files\Nokia
2009-07-24 11:09 . 2009-07-24 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-17 19:01 . 2004-08-03 18:56 58880 ----a-w- c:\windows\system32\atl.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-19_18.45.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-21 19:40 . 2009-09-21 19:41 16384 c:\windows\Temp\Perflib_Perfdata_718.dat
+ 2008-10-22 09:47 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2004-08-03 18:56 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-03 18:56 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2009-03-19 09:49 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2009-03-19 09:49 . 2007-11-30 02:39 17272 c:\windows\system32\spmsg.dll
+ 2001-08-23 09:00 . 2009-09-21 19:45 59774 c:\windows\system32\perfc009.dat
- 2001-08-23 09:00 . 2009-09-19 12:05 59774 c:\windows\system32\perfc009.dat
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-07-29 04:37 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
- 2004-08-03 18:56 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
+ 2004-08-03 18:56 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
+ 2008-03-29 05:38 . 2009-09-20 00:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-09-20 23:20 . 2009-09-20 23:21 5632 c:\windows\system32\pndx5032.dll
- 2009-04-13 11:46 . 2009-06-22 13:27 5632 c:\windows\system32\pndx5032.dll
- 2009-04-13 11:46 . 2009-06-22 13:27 6656 c:\windows\system32\pndx5016.dll
+ 2009-09-20 23:20 . 2009-09-20 23:21 6656 c:\windows\system32\pndx5016.dll
- 2008-03-29 05:38 . 2008-03-29 05:38 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-03 18:56 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
- 2004-08-03 18:56 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
+ 2009-09-20 23:21 . 2009-09-20 23:21 185944 c:\windows\system32\rmoc3260.dll
+ 2009-09-20 23:20 . 2009-09-20 23:21 278528 c:\windows\system32\pncrt.dll
- 2009-04-13 11:46 . 2009-06-22 13:27 278528 c:\windows\system32\pncrt.dll
+ 2001-08-23 09:00 . 2009-09-21 19:45 395534 c:\windows\system32\perfh009.dat
- 2001-08-23 09:00 . 2009-09-19 12:05 395534 c:\windows\system32\perfh009.dat
- 2004-08-03 18:56 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2004-08-03 18:56 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-07-29 04:37 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-03-29 05:38 . 2009-09-20 00:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-29 05:38 . 2009-09-20 00:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-29 05:38 . 2008-03-29 05:38 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-03-29 08:21 . 2009-09-21 18:06 1060260 c:\windows\system32\Restore\rstrlog.dat
+ 2005-10-26 11:59 . 2005-10-26 11:59 2883072 c:\windows\Installer\12170b2.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecaa769e-9def-401e-8019-8582ec52f8e2}"= "c:\program files\ArtGameStudio\tbArt1.dll" [2009-08-14 2215960]
[HKEY_CLASSES_ROOT\clsid\{ecaa769e-9def-401e-8019-8582ec52f8e2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecaa769e-9def-401e-8019-8582ec52f8e2}]
2009-08-14 11:06 2215960 ----a-w- c:\program files\ArtGameStudio\tbArt1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecaa769e-9def-401e-8019-8582ec52f8e2}"= "c:\program files\ArtGameStudio\tbArt1.dll" [2009-08-14 2215960]
[HKEY_CLASSES_ROOT\clsid\{ecaa769e-9def-401e-8019-8582ec52f8e2}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECAA769E-9DEF-401E-8019-8582EC52F8E2}"= "c:\program files\ArtGameStudio\tbArt1.dll" [2009-08-14 2215960]
[HKEY_CLASSES_ROOT\clsid\{ecaa769e-9def-401e-8019-8582ec52f8e2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-25 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-06 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-06 138008]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-06-29 1990704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-20 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DriveGuard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DriveGuard.lnk
backup=c:\windows\pss\DriveGuard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/04/2009 04:35 الفرج 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/04/2009 04:35 الفرج 20560]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [29/03/2008 04:15 الفرج 264576]
S2 0168671223464657mcinstcleanup;0168671223464657mcinstcleanup; [x]
S2 0228801218559696mcinstcleanup;0228801218559696mcinstcleanup; [x]
S2 0305361221502108mcinstcleanup;0305361221502108mcinstcleanup; [x]
S2 gupdate1c9b1503d0d7744;خدمة تحديث Google (gupdate1c9b1503d0d7744);c:\program files\Google\Update\GoogleUpdate.exe [30/03/2009 06:57 الفرج 133104]
.
Contents of the 'Scheduled Tasks' folder
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 15:57]
2009-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 15:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\System32\mswsock2.dll
Trusted Zone: aol.com\free
TCP: {66FE57D1-2A34-411C-9F0D-0F27A2C26F38} = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 23:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(900)
c:\windows\System32\mswsock2.dll
- - - - - - - > 'explorer.exe'(1760)
c:\windows\system32\msi.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\System32\mswsock2.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-21 23:10
ComboFix-quarantined-files.txt 2009-09-21 20:10
ComboFix2.txt 2009-09-21 15:14
ComboFix3.txt 2009-09-19 19:03
ComboFix4.txt 2009-09-19 18:47
Pre-Run: 71,427,555,328 bytes free
Post-Run: 71,427,407,872 bytes free
324 --- E O F --- 2009-09-20 00:01

ريم البحر · ‏سبتمبر 21, 2009

وبعدها عملت تقرير ب الهايجاك

تفضلوا:er:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:03 الفرج, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.sa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ScreensaversList.com Toolbar - {ecaa769e-9def-401e-8019-8582ec52f8e2} - C:\Program Files\ArtGameStudio\tbArt1.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ScreensaversList.com Toolbar - {ecaa769e-9def-401e-8019-8582ec52f8e2} - C:\Program Files\ArtGameStudio\tbArt1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: ScreensaversList.com Toolbar - {ecaa769e-9def-401e-8019-8582ec52f8e2} - C:\Program Files\ArtGameStudio\tbArt1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253314008656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66FE57D1-2A34-411C-9F0D-0F27A2C26F38}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 0168671223464657mcinstcleanup - - (no file)
O23 - Service: 0228801218559696mcinstcleanup - - (no file)
O23 - Service: 0305361221502108mcinstcleanup - - (no file)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: خدمة تحديث Google (gupdate1c9b1503d0d7744) (gupdate1c9b1503d0d7744) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10593 bytes

تعبت والله ومنحرجة منكم:er:

sa2020 · ‏سبتمبر 21, 2009

مقتبس من ريم البحر: ↑

أنقر للتوسيع...

بعد اذن الاخوان

طبقي التالي

من ابدا

تشغيل

دخلي هالامر

rundll32

واظغطي موافق

ثم ادخلي اضافه او ازالة برامج

هل نفس المشكله تواجهينها !!

ريم البحر · ‏سبتمبر 22, 2009

نعم خيي نفس المشكلة مازالت قائمة

sa2020 · ‏سبتمبر 22, 2009

من ابدا

لوحة التحكم

ادوات اداريه

خدمات

صور لي نفس الصفحه من اول سطر الى اخر سطر

ممكن ياخذ ثلاث صور منك

بإنتظارك

ريم البحر · ‏سبتمبر 22, 2009

اعتذر اخي لقد فصل النت والان رجع
تفضل الصور هم 8 لانه صفحتين مو 3:::b:

2

3

ريم البحر · ‏سبتمبر 22, 2009

باقي الصور
4

5

6

ريم البحر · ‏سبتمبر 22, 2009

7

8

اعتدر لتاخري بالرد من جديد
:b:

البارون · ‏سبتمبر 22, 2009

اختي لديك مشكلة في تغيير الريجستري

استخدمي هالبرنامج اسمة المرمم

http://www.yaman-tools.com/forums/download/file.php?id=456

وسوي اصلاح النظام

تسجيل الدخول

الفزعة ياجماعة جهازي بيتدمر من البرامج

البارون زيزوومى فضى

ريم البحر زيزوومى متألق

البارون زيزوومى فضى

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

البارون زيزوومى فضى

ريم البحر زيزوومى متألق

البارون زيزوومى فضى

ريم البحر زيزوومى متألق

rd-19 زيزوومى فضى

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

sa2020 زيزوومي جديد

ريم البحر زيزوومى متألق

sa2020 زيزوومي جديد

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

البارون زيزوومى فضى

مشاركة هذه الصفحة

تسجيل الدخول

الفزعة ياجماعة جهازي بيتدمر من البرامج

البارون زيزوومى فضى

ريم البحر زيزوومى متألق

البارون زيزوومى فضى

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

البارون زيزوومى فضى

ريم البحر زيزوومى متألق

البارون زيزوومى فضى

ريم البحر زيزوومى متألق

rd-19 زيزوومى فضى

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

sa2020 زيزوومي جديد

ريم البحر زيزوومى متألق

sa2020 زيزوومي جديد

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

ريم البحر زيزوومى متألق

البارون زيزوومى فضى

مشاركة هذه الصفحة

عمليات بحث مفيدة