مشكله في النظام بسبب الإكسبلور..الحل رجاءاً!

ش

شمــــاليه

زيزوومي جديد
إنضم
5 يونيو 2008
المشاركات
11
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم..

عند طلبي لإحدى الخدمات الإلكترونية في موقع لبنك ما , كانت الخدمة تتطلب التصفح من إنترنت إكسبلور

النسخه السابعه او السادسه لا أذكر بالضبط فقمت بتحميل نسخه من إكسبلور وعند التثبيت يظهر لي بأنه

مثبت مسبقاً!

فقمت بحذف الإكسبلور بأكمله من الجهاز -أعذروني لا خبرة لي في هذه الأمور - وبعد حذفه

وبالرغم من أني أعدت تثبيت النسخه السابعه منه إلا أنه ظهرت لي مشاكل كثيييييره في الجهاز:

-عندما أريد القيام بإلغاء التجزئة تظهر لي هذه الرسالة:

يتطلب تثبيت MMC إنترنت إكسبلور 5.5 أو ما فوق!!

- أستعادة النظام تعطلت وتظهر لي نافذتها فارغه!!

- التصفح أصبح بطيئ جداً و الكمبيوتر "صار يعلق كثير"!!

أرجو ممن يملك حلاً لمشكلتي أن يفيدنا وجزاه الله خيراً
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
يعطيك العافيه أخوي عبودي..

حملت الأداة الأولى وعطلت الكاسبر

لكن عند تشغيل الأداه تظهر لي هذه الرسالة:

لا يعد "واسم البرنامج وموقعه على سطح المكتب" تطبيق صالح من تطبيقات Win32

؟؟
 
تأييد 0
حط الأداة على سطح المكتب واعد تسميتها مرة اخرى


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




وشغلها وإذا ما نفع شغلها في الوضع الأمن ااماا اداة الهايجاك شغلها بالوضع العادي
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
:?: هذا تقرير الـ Combo Fix:
ComboFix 08-09-04.09 - almjed 09/05/2008 21:50:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.237 [GMT 3:00]
Running from: C:\Documents and Settings\almjed\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Application Data\Starware322
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\Dating0.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\Free_Credit_Score0.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\Free_Music0.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\Ringtones0.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\WeatherHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware322\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware322\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware322\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware322\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware322\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware322\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware322\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware322\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware322\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware322\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware322\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\almjed\Application Data\FunWebProducts
C:\Documents and Settings\almjed\Application Data\Starware322
C:\Documents and Settings\almjed\Application Data\Starware322\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\almjed\Application Data\Starware322\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Configurator\Configurator.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Configurator\Configurator.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Dating\DatingOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Dating\DatingOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Free_Music\Free_MusicOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Free_Music\Free_MusicOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Layouts\ToolbarLayout.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Manager\ManagerOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Reference\ReferenceOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Ringtones\RingtonesOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Ringtones\RingtonesOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Tem25A.tmp
C:\Documents and Settings\almjed\Application Data\Starware322\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\almjed\Application Data\Starware322\Weather\AlertArchive.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Weather\WeatherOptions.xml
C:\Documents and Settings\almjed\Application Data\Starware322\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\almjed\s\almjed@flipcorp[2].txt
C:\Documents and Settings\almjed\s\almjed@mybrandcentral[1].txt
C:\Documents and Settings\almjed\err.log
C:\Documents and Settings\almjed\Favorites\Download programs.url
C:\Documents and Settings\almjed\Favorites\Games.url
C:\Documents and Settings\almjed\Favorites\Translator.url
C:\Documents and Settings\almjed\Favorites\Videos.url
C:\Program Files\alexa toolbar
C:\Program Files\alexa toolbar\uninstall.exe
C:\Program Files\BulletProofSoft.com
C:\Program Files\BulletProofSoft.com\Youtube Google Video Grabber\Clip.exe
C:\Program Files\BulletProofSoft.com\Youtube Google Video Grabber\Help.chm
C:\Program Files\BulletProofSoft.com\Youtube Google Video Grabber\Main.swf
C:\Program Files\BulletProofSoft.com\Youtube Google Video Grabber\unins000.dat
C:\Program Files\BulletProofSoft.com\Youtube Google Video Grabber\unins000.exe
C:\Program Files\BulletProofSoft.com\Youtube Google Video Grabber\YG VideoGrabber.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\IEToolbar
C:\Program Files\IEToolbar\شريط أدوات الدرر السنية\rtl.dll
C:\Program Files\IEToolbar\شريط أدوات الدرر السنية\uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00038C24
C:\Program Files\MyWebSearch\bar\Cache\000399E0
C:\Program Files\MyWebSearch\bar\Cache\0005C105
C:\Program Files\MyWebSearch\bar\Cache\000C7312
C:\Program Files\MyWebSearch\bar\Cache\001B721F
C:\Program Files\MyWebSearch\bar\Cache\0035E8C8.bin
C:\Program Files\MyWebSearch\bar\Cache\0035F22E.bin
C:\Program Files\MyWebSearch\bar\Cache\0035FE15.bin
C:\Program Files\MyWebSearch\bar\Cache\005950AF.bin
C:\Program Files\MyWebSearch\bar\Cache\00596139.bin
C:\Program Files\MyWebSearch\bar\Cache\00596706.bin
C:\Program Files\MyWebSearch\bar\Cache\00596ADE.bin
C:\Program Files\MyWebSearch\bar\Cache\00596E68.bin
C:\Program Files\MyWebSearch\bar\Cache\00756921
C:\Program Files\MyWebSearch\bar\Cache\00756FA8.bin
C:\Program Files\MyWebSearch\bar\Cache\0075AC25.bin
C:\Program Files\MyWebSearch\bar\Cache\0075C059.bin
C:\Program Files\MyWebSearch\bar\Cache\0075CD1A.bin
C:\Program Files\MyWebSearch\bar\Cache\0075D884.bin
C:\Program Files\MyWebSearch\bar\Cache\007A7CA0
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\deb.log
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\Starware322\icons\star_16.ico
C:\Program Files\Starware322\Setup.exe
C:\Program Files\Starware322\Starware322Config.xml
C:\Program Files\Starware322\Starware322Uninstall.exe
C:\WINDOWS\jestertb.dll
C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\rnplf23.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 18:58 33,211,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-05 18:58 --------- d-----w C:\Documents and Settings\almjed\Application Data\Orbit
2008-09-05 18:56 587,296 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-05 18:56 56,060 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-05 18:56 445,556 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-05 18:55 --------- d-----w C:\Program Files\Starware322
2008-09-05 18:55 --------- d-----w C:\Documents and Settings\almjed\Application Data\Free Download Manager
2008-09-05 18:55 --------- d-----w C:\Documents and Settings\almjed\Application Data\DNA
2008-09-05 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-05 16:43 --------- d-----w C:\Program Files\SpeederXP
2008-09-05 15:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-05 12:51 --------- d-----w C:\Program Files\KGB Archiver
2008-09-04 23:30 --------- d-----w C:\Program Files\DNA
2008-09-04 22:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 14:40 --------- d-----w C:\Program Files\Aladdin
2008-09-03 14:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-03 14:28 --------- d-----w C:\Program Files\Nitto 1320 Legends
2008-09-03 14:27 --------- d-----w C:\Program Files\Multi Theft Auto
2008-09-01 12:05 --------- d-----w C:\Documents and Settings\almjed\Application Data\BitTorrent
2008-09-01 12:03 --------- d-----w C:\Program Files\BitTorrent
2008-08-30 12:38 --------- d-----w C:\Program Files\PopCap Games
2008-08-30 07:47 --------- d-----w C:\Program Files\YoGen Software
2008-08-30 07:45 --------- d-----w C:\Program Files\Kelk 2000
2008-08-30 04:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 04:26 --------- d-----w C:\Program Files\Armor2net
2008-08-30 01:09 --------- d-----w C:\Program Files\الموسوعة الطبية
2008-08-29 05:56 --------- d-----w C:\Documents and Settings\almjed\Application Data\uTorrent
2008-08-24 03:30 --------- d-----w C:\Program Files\uTorrent
2008-08-22 20:22 --------- d-----w C:\Documents and Settings\almjed\Application Data\DMCache
2008-08-22 20:21 --------- d-----w C:\Program Files\TurboSpiritXTTrial_at
2008-08-22 17:18 45,056 -c--a-w C:\WINDOWS\NCUNINST.EXE
2008-08-22 16:23 --------- d-----w C:\Program Files\MessengerDiscovery
2008-08-21 18:28 --------- d-----w C:\Program Files\Executive Software
2008-08-21 04:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 03:43 --------- d-----w C:\Program Files\GetData
2008-08-20 01:36 --------- d-----w C:\Documents and Settings\almjed\Application Data\IDM
2008-08-20 01:12 --------- d-----w C:\Program Files\eMule
2008-08-20 00:52 --------- d-----w C:\Program Files\P2P_Torrent
2008-08-20 00:40 --------- d-----w C:\Program Files\Free Download Manager
2008-08-19 22:24 --------- d-----w C:\Documents and Settings\almjed\Application Data\Doblon
2008-08-19 22:09 --------- d-----w C:\Program Files\Power_Karaoke
2008-08-19 22:09 --------- d-----w C:\Program Files\Doblon
2008-08-19 22:09 --------- d-----w C:\Program Files\Conduit
2008-08-19 22:00 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-08-17 21:18 --------- d-----w C:\Program Files\SWiSH Max2
2008-08-17 18:38 --------- d-----w C:\Program Files\Orbitdownloader
2008-08-17 18:38 --------- d-----w C:\Documents and Settings\almjed\Application Data\GrabPro
2008-08-16 23:29 --------- d-----w C:\Program Files\Real
2008-08-16 22:39 --------- d-----w C:\Documents and Settings\almjed\Application Data\Internet Download Accelerator
2008-08-16 22:18 --------- d-----w C:\Program Files\IDA
2008-08-16 00:07 --------- d-----w C:\Documents and Settings\almjed\Application Data\Nokia Multimedia Player
2008-08-15 23:43 --------- d-----w C:\Program Files\RM to MP3 Converter
2008-08-14 20:17 --------- d-----w C:\Program Files\Super Mahjong
2008-08-14 19:03 --------- d-----w C:\Program Files\worldTVRT
2008-08-14 19:01 --------- d-----w C:\Program Files\Google
2008-08-14 15:31 --------- d-----w C:\Program Files\Jungle Book
2008-08-14 15:28 --------- d-----w C:\Program Files\Addams Family
2008-08-14 15:26 --------- d-----w C:\Program Files\Adventures of Batman and Robin
2008-08-14 15:19 --------- d-----w C:\Program Files\Death and Return of Superman, The
2008-08-14 15:18 --------- d-----w C:\Program Files\Immortal
2008-08-14 15:17 --------- d-----w C:\Program Files\Incredible Hulk
2008-08-14 15:08 --------- d-----w C:\Program Files\James Bond - The Duel
2008-08-14 14:56 --------- d-----w C:\Program Files\Jurassic Park
2008-08-14 14:51 --------- d-----w C:\Program Files\Jurassic Park 2 - The Lost World
2008-08-06 17:13 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 04:12 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptd9293.sys
2008-08-06 04:12 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-03 00:18 --------- d-----w C:\Documents and Settings\almjed\Application Data\JLC's Software
2008-08-02 10:31 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-08-01 15:06 --------- d-----w C:\Program Files\AxySnake
2008-08-01 11:15 --------- d-----w C:\Program Files\MSN Messenger
2008-08-01 10:32 --------- d-----w C:\Program Files\hanet
2008-07-31 14:46 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-31 14:42 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-31 12:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-31 11:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-31 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 11:23 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-07-31 11:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 09:38 --------- d-----w C:\Program Files\ChrisTV PVR
2008-07-18 07:04 --------- d-----w C:\Program Files\PremierOpinion
2008-07-12 06:49 12 ----a-w C:\Documents and Settings\almjed\USERDATA.DAT
2008-07-10 11:04 --------- d-----w C:\Program Files\Power Memory Booster
2008-07-10 10:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-10 10:50 172,032 ------w C:\WINDOWS\Setup1.exe
2008-07-09 18:42 --------- d-----w C:\Documents and Settings\almjed\Application Data\Vso
2008-07-09 11:27 --------- d-----w C:\Program Files\FLV Player
2008-07-07 00:40 --------- d-----w C:\Program Files\SWiSHmax
2008-07-06 07:20 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2006-09-16 13:20 3,808 -c--a-w C:\Program Files\SETUP.LST
2006-09-16 13:20 1,880,140 -c--a-w C:\Program Files\Anti NetCut.CAB
2002-07-28 19:40 1,059,840 -c--a-w C:\Program Files\DS_Bonus_Plugin.8bf
1998-06-17 21:00 140,800 -c--a-w C:\Program Files\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{1f14c084-987a-4e33-9cd6-879c0dc42729}]
03/02/2008 12:26 PM 1555480 --a--c--- C:\Program Files\Free_games_way\tbFre0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
03/13/2008 10:30 AM 1524248 --a------ C:\Program Files\Power_Karaoke\tbPowe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
08/05/2008 02:13 AM 1610264 --a------ C:\Program Files\P2P_Torrent\tbP2P_.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM 2321600]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [05/20/2008 05:27 PM 2474031]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [06/26/2008 12:10 PM 2294308]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [02/14/2008 06:08 PM 2179072]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [09/01/2008 03:03 PM 290112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM 517768]
"CloneCDTray"="C:\Program Files\Rockstar Games\CloneCD\CloneCDTray.exe" [09/28/2006 10:21 PM 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/17/2008 04:05 PM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
"SoundMan"="SOUNDMAN.EXE" [06/20/2005 04:42 PM 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Azalea Purple.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Azalea Red.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Azalea Yellow.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Cactus Pink.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Cactus Purple.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Cactus White.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Cactus Yellow.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Maple Tree.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Philodendron.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Sunflower.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^Reboot.exe]
backup=C:\WINDOWS\pss\Reboot.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialerDetect
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERSW_Check
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UERScw
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Thomson SpeedTouch\\ST330\\service\\st330service.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\Kids Web Menu\\kidsmenu.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Super Internet TV\\OnlineTV.exe"=
"C:\\SpeedTouch_upgrade_wizard_R4421\\SpeedTouch_upgrade_wizard_R4421\\upgradeST.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\Rockstar Games\\Grand Theft Auto Vice City\\gtaT\\Server\\gtatserver.exe"=
"C:\\Program Files\\Rockstar Games\\Grand Theft Auto Vice City\\gtatclient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [06/26/2008 12:23 AM 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [06/26/2008 12:23 AM 280184]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [11/17/2005 04:17 PM 30464]
R3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [11/17/2005 04:17 PM 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [06/10/2007 08:55 AM 40320]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [08/03/2004 11:01 PM 25856]
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)
MSConfigStartUp-My Web Search Bar - C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\almjed\Application Data\Mozilla\Firefox\Profiles\gw1brb5p.default\
FF -: plugin - C:\Program Files\DivX\DivX Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2008-09-05 21:58:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Completion time: 09/05/2008 22:12:23 - machine was rebooted [almjed]
ComboFix-quarantined-files.txt 2008-09-05 19:11:16

Pre-Run: 6,347,878,400 bytes free
Post-Run: 7,308,939,264 bytes free

456 --- E O F --- 2008-09-05 14:26:00
 
تأييد 0
وهذا تقرير الهايجاك:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:58 م, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rockstar Games\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\almjed\Desktop\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Free Games Way Toolbar - {1f14c084-987a-4e33-9cd6-879c0dc42729} - C:\Program Files\Free_games_way\tbFre0.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P_.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Rockstar Games\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{088F9943-B21B-4B9C-A4F9-ECF9F1592A3C}: NameServer = 212.71.37.200 212.71.32.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{088F9943-B21B-4B9C-A4F9-ECF9F1592A3C}: NameServer = 212.71.37.200 212.71.32.19
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\hanet\saudiakar-demo\asofast\www\aqary\fz.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 7530 bytes
 
تأييد 0
المعذره

:cr: جهازك رايح فيها فعلااا

عطل نقطة استعادة النظام


dis_sys_xp.jpg



ثم حددي التالي واحذفيه :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll

O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P_.dll

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O15 - Trusted Zone:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



O17 - HKLM\System\CCS\Services\Tcpip\..\{088F9943-B21B-4B9C-A4F9-ECF9F1592A3C}: NameServer =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



O17 - HKLM\System\CS1\Services\Tcpip\..\{088F9943-B21B-4B9C-A4F9-ECF9F1592A3C}: NameServer =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





طريقة الحذف

9ofccez7zg03e2edjckj.png


ستظهر لك هذا النافذه : اضغط Yes

r2yz0bxm9ksfpd6fs507.png



بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


حمل هذه الاداة دبل كليك واختر apply

db6eaf218e.png



تحميل الاداة



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png



ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png


ثم هاتي تقرير هاجاك جديد​
 
توقيع : Al jNtEeL
تأييد 0
تأييد 0
اخوي حمل هذه الأداة وشغلها في الوضع الأمن


حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png


ثم هاتي تقرير هاجاك جديد مع تقرير الأداة الي عطيتك


بالأنتظار
 
توقيع : AbOdy
تأييد 0
هذا تقرير الأداه الأولى:
SmitFraudFix v2.346

Scan done at 2:47:11.00, Sat 09/06/2008
Run from C:\Documents and Settings\almjed\سطح المكتب\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

وهذا تقرير الهايجاك:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:58:24, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rockstar Games\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\almjed\سطح المكتب\Zyzoom_HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Free Games Way Toolbar - {1f14c084-987a-4e33-9cd6-879c0dc42729} - C:\Program Files\Free_games_way\tbFre0.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Rockstar Games\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{088F9943-B21B-4B9C-A4F9-ECF9F1592A3C}: NameServer = 212.71.37.200 212.71.32.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{088F9943-B21B-4B9C-A4F9-ECF9F1592A3C}: NameServer = 212.71.37.200 212.71.32.19
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\hanet\saudiakar-demo\asofast\www\aqary\fz.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 6122 bytes

لكن أغلب الإيقونات اللي على سطح المكتب أختفت فكيف أرجعهم؟

وظهرت رساله بأن الكاسبر تم إيقافه مع إنه لازال شغال!!
 
تأييد 0
طيب الأن

ياليت تلخص لنا مشكالك حتى نقوم بالتعامل مع مشاكلك
 
توقيع : AbOdy
تأييد 0
مثل ما ذكرت لكم من أول:

-عندما أريد القيام بإلغاء التجزئة تظهر لي هذه الرسالة:

يتطلب تثبيت MMC إنترنت إكسبلور 5.5 أو ما فوق!!

- التصفح أصبح بطيئ جداً و الكمبيوتر "صار يعلق كثير"!!

- بعد اتباع الخطوات اللي ذكرتموها جميع الإيقونات اختفت من سطح المكتب ماعدا الإيقونات الرئيسيه!
 
تأييد 0
طيب رح نمشي خطوة خطوة


اول شي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



ثبت الأكسبلور من هالرابط

إذا كان جهازك عربي حمل الأكسبلور من هنا


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




وإذا كان جهازك انجليزي حمله من هنا


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





اعمل التالي مرة اخرى



==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



هذه بسبب الأداة الي عطيتك ياه وهذه الأداة تقضي على الأعلانات ومختطفات سطح المكتب

انصحك بعدم ارجاع هذه الأيقوانات لأنها لو لم تكن ضارة لم تحذفها الأداة




بالأنتظار لعمل المطلوب​
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
بارك الله فيك..جاري تحميل الإكسبلور

أما الإيقونات اللي تمّ حذفها أغلبها مجلدات وبرامج عاديه مثل الفوتوشوب وغيره!

ورايحه أضع لك التقارير بعد شوي
 
تأييد 0
بالأنتظار
 
توقيع : AbOdy
تأييد 0
هذا تقرير الـ Combo Fix:
ComboFix 08-09-05.01 - almjed 09/06/2008 3:40:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.253 [GMT 3:00]
Running from: C:\Documents and Settings\almjed\سطح المكتب\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Starware322

.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 01:03 594,464 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-06 01:03 --------- d-----w C:\Documents and Settings\almjed\Application Data\Orbit
2008-09-06 00:45 56,708 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-06 00:45 446,732 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-06 00:45 33,503,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-06 00:44 --------- d-----w C:\Documents and Settings\almjed\Application Data\Free Download Manager
2008-09-06 00:44 --------- d-----w C:\Documents and Settings\almjed\Application Data\DNA
2008-09-05 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-05 23:18 --------- d-----w C:\Program Files\P2P_Torrent
2008-09-05 16:43 --------- d-----w C:\Program Files\SpeederXP
2008-09-05 15:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-05 12:51 --------- d-----w C:\Program Files\KGB Archiver
2008-09-04 23:30 --------- d-----w C:\Program Files\DNA
2008-09-04 22:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-03 14:40 --------- d-----w C:\Program Files\Aladdin
2008-09-03 14:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-03 14:28 --------- d-----w C:\Program Files\Nitto 1320 Legends
2008-09-03 14:27 --------- d-----w C:\Program Files\Multi Theft Auto
2008-09-01 12:05 --------- d-----w C:\Documents and Settings\almjed\Application Data\BitTorrent
2008-09-01 12:03 --------- d-----w C:\Program Files\BitTorrent
2008-08-30 12:38 --------- d-----w C:\Program Files\PopCap Games
2008-08-30 07:47 --------- d-----w C:\Program Files\YoGen Software
2008-08-30 07:45 --------- d-----w C:\Program Files\Kelk 2000
2008-08-30 04:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 04:26 --------- d-----w C:\Program Files\Armor2net
2008-08-30 01:09 --------- d-----w C:\Program Files\الموسوعة الطبية
2008-08-29 05:56 --------- d-----w C:\Documents and Settings\almjed\Application Data\uTorrent
2008-08-24 03:30 --------- d-----w C:\Program Files\uTorrent
2008-08-22 20:22 --------- d-----w C:\Documents and Settings\almjed\Application Data\DMCache
2008-08-22 20:21 --------- d-----w C:\Program Files\TurboSpiritXTTrial_at
2008-08-22 17:18 45,056 -c--a-w C:\WINDOWS\NCUNINST.EXE
2008-08-22 16:23 --------- d-----w C:\Program Files\MessengerDiscovery
2008-08-21 18:28 --------- d-----w C:\Program Files\Executive Software
2008-08-21 04:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 03:43 --------- d-----w C:\Program Files\GetData
2008-08-20 01:36 --------- d-----w C:\Documents and Settings\almjed\Application Data\IDM
2008-08-20 01:12 --------- d-----w C:\Program Files\eMule
2008-08-20 00:40 --------- d-----w C:\Program Files\Free Download Manager
2008-08-19 22:24 --------- d-----w C:\Documents and Settings\almjed\Application Data\Doblon
2008-08-19 22:09 --------- d-----w C:\Program Files\Power_Karaoke
2008-08-19 22:09 --------- d-----w C:\Program Files\Doblon
2008-08-19 22:09 --------- d-----w C:\Program Files\Conduit
2008-08-19 22:00 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-08-17 21:18 --------- d-----w C:\Program Files\SWiSH Max2
2008-08-17 18:38 --------- d-----w C:\Program Files\Orbitdownloader
2008-08-17 18:38 --------- d-----w C:\Documents and Settings\almjed\Application Data\GrabPro
2008-08-16 23:29 --------- d-----w C:\Program Files\Real
2008-08-16 22:39 --------- d-----w C:\Documents and Settings\almjed\Application Data\Internet Download Accelerator
2008-08-16 22:18 --------- d-----w C:\Program Files\IDA
2008-08-16 00:07 --------- d-----w C:\Documents and Settings\almjed\Application Data\Nokia Multimedia Player
2008-08-15 23:43 --------- d-----w C:\Program Files\RM to MP3 Converter
2008-08-14 20:17 --------- d-----w C:\Program Files\Super Mahjong
2008-08-14 19:03 --------- d-----w C:\Program Files\worldTVRT
2008-08-14 19:01 --------- d-----w C:\Program Files\Google
2008-08-14 15:31 --------- d-----w C:\Program Files\Jungle Book
2008-08-14 15:28 --------- d-----w C:\Program Files\Addams Family
2008-08-14 15:26 --------- d-----w C:\Program Files\Adventures of Batman and Robin
2008-08-14 15:19 --------- d-----w C:\Program Files\Death and Return of Superman, The
2008-08-14 15:18 --------- d-----w C:\Program Files\Immortal
2008-08-14 15:17 --------- d-----w C:\Program Files\Incredible Hulk
2008-08-14 15:08 --------- d-----w C:\Program Files\James Bond - The Duel
2008-08-14 14:56 --------- d-----w C:\Program Files\Jurassic Park
2008-08-14 14:51 --------- d-----w C:\Program Files\Jurassic Park 2 - The Lost World
2008-08-06 17:13 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 04:12 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptd9293.sys
2008-08-06 04:12 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-03 00:18 --------- d-----w C:\Documents and Settings\almjed\Application Data\JLC's Software
2008-08-02 10:31 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-08-01 15:06 --------- d-----w C:\Program Files\AxySnake
2008-08-01 11:15 --------- d-----w C:\Program Files\MSN Messenger
2008-08-01 10:32 --------- d-----w C:\Program Files\hanet
2008-07-31 14:46 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-31 14:42 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-31 12:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-31 11:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-31 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 11:23 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-07-31 11:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 09:38 --------- d-----w C:\Program Files\ChrisTV PVR
2008-07-18 07:04 --------- d-----w C:\Program Files\PremierOpinion
2008-07-12 06:49 12 ----a-w C:\Documents and Settings\almjed\USERDATA.DAT
2008-07-10 11:04 --------- d-----w C:\Program Files\Power Memory Booster
2008-07-10 10:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-10 10:50 172,032 ------w C:\WINDOWS\Setup1.exe
2008-07-09 18:42 --------- d-----w C:\Documents and Settings\almjed\Application Data\Vso
2008-07-09 11:27 --------- d-----w C:\Program Files\FLV Player
2008-07-07 00:40 --------- d-----w C:\Program Files\SWiSHmax
2008-07-06 07:20 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2006-09-16 13:20 3,808 -c--a-w C:\Program Files\SETUP.LST
2006-09-16 13:20 1,880,140 -c--a-w C:\Program Files\Anti NetCut.CAB
2002-07-28 19:40 1,059,840 -c--a-w C:\Program Files\DS_Bonus_Plugin.8bf
1998-06-17 21:00 140,800 -c--a-w C:\Program Files\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{1f14c084-987a-4e33-9cd6-879c0dc42729}]
03/02/2008 12:26 PM 1555480 --a--c--- C:\Program Files\Free_games_way\tbFre0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{3303e956-2a3a-48e0-be39-2e0ef11a2f44}]
03/13/2008 10:30 AM 1524248 --a------ C:\Program Files\Power_Karaoke\tbPowe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM 2321600]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [05/20/2008 05:27 PM 2474031]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [06/26/2008 12:10 PM 2294308]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [02/14/2008 06:08 PM 2179072]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [09/01/2008 03:03 PM 290112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="C:\Program Files\Rockstar Games\CloneCD\CloneCDTray.exe" [09/28/2006 10:21 PM 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/17/2008 04:05 PM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
"SoundMan"="SOUNDMAN.EXE" [06/20/2005 04:42 PM 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Azalea Purple.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Azalea Red.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Azalea Yellow.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Cactus Pink.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Cactus Purple.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Cactus White.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Cactus Yellow.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Maple Tree.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Philodendron.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^DesktopPlant Sunflower.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^almjed^Start Menu^Programs^Startup^Reboot.exe]
backup=C:\WINDOWS\pss\Reboot.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialerDetect
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERSW_Check
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UERScw
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Thomson SpeedTouch\\ST330\\service\\st330service.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\Kids Web Menu\\kidsmenu.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Super Internet TV\\OnlineTV.exe"=
"C:\\SpeedTouch_upgrade_wizard_R4421\\SpeedTouch_upgrade_wizard_R4421\\upgradeST.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\Rockstar Games\\Grand Theft Auto Vice City\\gtaT\\Server\\gtatserver.exe"=
"C:\\Program Files\\Rockstar Games\\Grand Theft Auto Vice City\\gtatclient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [06/26/2008 12:23 AM 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [06/26/2008 12:23 AM 280184]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [11/17/2005 04:17 PM 30464]
R3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [11/17/2005 04:17 PM 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [06/10/2007 08:55 AM 40320]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [08/03/2004 11:01 PM 25856]
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\almjed\Application Data\Mozilla\Firefox\Profiles\gw1brb5p.default\
FF -: plugin - C:\Program Files\DivX\DivX Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2008-09-06 04:02:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Completion time: 09/06/2008 4:17:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 01:15:57
ComboFix2.txt 2008-09-05 19:12:25

Pre-Run: 10,054,987,776 bytes free
Post-Run: 10,058,924,032 bytes free

256 --- E O F --- 2008-09-05 14:26:00


وهذا تقرير الهايجاك:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:17:50, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rockstar Games\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\almjed\سطح المكتب\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Free Games Way Toolbar - {1f14c084-987a-4e33-9cd6-879c0dc42729} - C:\Program Files\Free_games_way\tbFre0.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPowe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Rockstar Games\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{088F9943-B21B-4B9C-A4F9-ECF9F1592A3C}: NameServer = 212.71.37.200 212.71.32.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{088F9943-B21B-4B9C-A4F9-ECF9F1592A3C}: NameServer = 212.71.37.200 212.71.32.19
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\hanet\saudiakar-demo\asofast\www\aqary\fz.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 6217 bytes
 
تأييد 0
طيب الحين اعمل التالي




حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

zyzoom-3d6517b067.png


zyzoom-7717063ed7.png


zyzoom-cda271da05.png


zyzoom-26888dbf15.png


zyzoom-3f4576c288.png


ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




بالأنتظار لتقرير الكاسبر​
 
توقيع : AbOdy
تأييد 0
أخي الكريم هذا تقرير أداة الكاسبر لإزالة الفايروسات:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



لكن لازالت غير قادرة على تثبيت الإكسبلور وتظهر لي رساله بأنه لا يعد تطبيق صالح من تطبيقات Win32

وصيغة الوقت في جهازي تغيرت لنظام 24 ساعه وتظهر لي الآن رساله بأن الكمبيوتر في خطر لأنه تم إيقاف

برنامج الحماية الكاسبر..وتظهرلي رساله من الكاسبر بأن لازم أسوي update ..أجي اعمل update

يظهر لي خطأ Not enough rights for file operation

وكل هذه المشاكل تعتبر جديده وتضاف للمشاكل السابقه!!
 
تأييد 0
اخوي تم حذف 25 فايروس

الحين اعمل التالي

ابدأ ... كافة البرامج ... الكاسبر ....Modify, Repair or Remove ... بتطلع لك نافذه اختار منها الخيار الثاني

واعمل اصلاح للكاسبر


وركب مفتاح فعاال من هنا


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي






وبعد ما تخلص اعمل تحديث للكاسبر




؟؟
 
توقيع : AbOdy
تأييد 0
أولاً أعذرني لتأخري في الرد وشكرك على جهودك ومساعدتك لي بسبب إنقطاع الإنترنت الفترة الماضيه :b:

الحمدلله التصفح أصبح أفضل بكثير الآن..:smile:

جزاك الله خيراً أخي عبودي وجعله في موازين حسناتك
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى