جهازي صابة الجنوون .. يعطي اوامر من كيفه ..!

M

Mr.FahooDy

زيزوومي نشيط
إنضم
16 يونيو 2008
المشاركات
146
مستوى التفاعل
2
النقاط
170
غير متصل
.
.

السلام عليكم ورحمة الله وبركاتة :king:

.
.

اخواني ..

جهازي صابة جنوون غير طبيعي يعطي اوامر من كيفه .. :?:

على سبيل المثال .. يكبر صفحات ويصغر صفحات ويعطي اوامر اغلاق

واشياااء كثيرة .. :cr:

مدري ليش

جتني فجأه هالحالة اليوم .. :no:

استخدم برنامج حماية Kaspersky Anti-Virus 2009 محدث ..

هذا تقرير الهايجاك ذيس
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:34:36 ص, on 16/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
D:\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'Default user')
O4 - Startup: One Click Destruction.lnk = C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [URL]http://download.bitdefender.com/resources/scan8/oscan8.cab[/URL]
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - [URL]http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - [URL]https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/URL]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 9196 bytes

صورة لمواصفات الجهاز
index.php


يا اخوان انا طبقت كل شي مطلوب مني عشان تنحل المشكلة .. اتمنى الحل :b:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​
 
توقيع : السّاجد لله
تأييد 0
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
أنقر للتوسيع...

ابشر ..



اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
أنقر للتوسيع...

شفه موجود فوق :)
 
تأييد 0
كود: 
ComboFix 08-09-15.02 - computer 09/16/2008  9:37:39.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1256.1.1025.18.655 [GMT 3:00]
Running from: D:\My Documents\Downloads\Programs\ComboFix.exe
 * Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\computer\s\computer@ad.yieldmanager[1].txt
C:\Documents and Settings\computer\s\computer@ehg-nokiafin.hitbox[2].txt
C:\Program Files\Bifrost
C:\Program Files\Bifrost\server.exe
C:\WINDOWS\system32\ali.exe
C:\WINDOWS\system32\Ultra.dll
.
(((((((((((((((((((((((((   Files Created from 2008-08-16 to 2008-09-16  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 06:39 --------- d-----w C:\Documents and Settings\computer\Application Data\DMCache
2008-09-16 06:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-16 04:49 606,240 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-16 04:49 4,200 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-16 02:01 19,456 ----a-w C:\shutdown.exe
2008-09-16 01:45 --------- d-----w C:\Program Files\PCBugDoctor
2008-09-16 01:20 3,250,720 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-16 01:20 27,524 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-15 00:32 --------- d-----w C:\Program Files\Nokia
2008-09-15 00:32 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-15 00:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 23:29 --------- d-----w C:\Program Files\Paltalk Messenger
2008-09-12 14:28 --------- d-----w C:\Program Files\TeamViewer3
2008-09-09 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 04:13 --------- d-----w C:\Documents and Settings\computer\Application Data\Ashampoo
2008-09-09 04:12 --------- d-----w C:\Program Files\Ashampoo
2008-09-09 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-08 03:09 65,385 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-08 03:09 6,112 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-08 00:21 --------- d-----w C:\Program Files\PrtSc
2008-09-01 21:02 --------- d-----w C:\Documents and Settings\computer\Application Data\ACD Systems
2008-08-31 18:50 --------- d-----w C:\Documents and Settings\computer\Application Data\Nokia
2008-08-31 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-31 18:47 --------- d-----w C:\Documents and Settings\computer\Application Data\PC Suite
2008-08-31 18:31 --------- d-----w C:\Program Files\DIFX
2008-08-31 18:30 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-27 22:25 230,432 ----a-w C:\StiImg.dat
2008-08-26 16:21 --------- d-----w C:\Program Files\مصحف خديجة الإكتروني
2008-08-26 16:08 --------- d-----w C:\Program Files\Total Video Converter
2008-08-26 16:07 --------- d-----w C:\Program Files\Video Convert Master
2008-08-26 15:51 81,920 ----a-w C:\Documents and Settings\computer\Application Data\ezpinst.exe
2008-08-26 15:51 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-26 15:51 47,360 ----a-w C:\Documents and Settings\computer\Application Data\pcouffin.sys
2008-08-26 15:51 --------- d-----w C:\Documents and Settings\computer\Application Data\Vso
2008-08-26 15:18 --------- d-----w C:\Program Files\Digital Sound Recorder
2008-08-26 14:25 --------- d--h--r C:\Documents and Settings\computer\Application Data\yahoo!
2008-08-26 14:13 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-08-26 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-26 14:04 --------- d-----w C:\Program Files\Yahoo!
2008-08-26 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-24 19:34 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-24 19:33 --------- d-----w C:\Documents and Settings\computer\Application Data\IDM
2008-08-22 01:30 --------- d-----w C:\Documents and Settings\computer\Application Data\TeamViewer
2008-08-21 08:29 --------- d-----w C:\Program Files\Unlocker
2008-08-18 21:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 00:57 --------- d-----w C:\Program Files\NSS
2008-08-17 09:28 --------- d-----w C:\Program Files\ManyCam 2.3
2008-08-17 09:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\uPlayMe
2008-08-17 09:23 --------- d-----w C:\Program Files\VideoCAM GF112
2008-08-17 09:23 --------- d-----w C:\Program Files\Common Files\PCCamera
2008-08-17 09:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 01:36 --------- d-----w C:\Program Files\ma-config.com
2008-08-16 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-15 18:02 --------- d-----w C:\Program Files\Driver-Soft
2008-08-15 17:00 --------- d-----w C:\Documents and Settings\computer\Application Data\Ahead
2008-08-15 16:59 --------- d-----w C:\Program Files\Nero
2008-08-15 16:59 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-15 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-15 05:37 --------- d-----w C:\Program Files\Motorola
2008-08-14 17:39 --------- d-----w C:\Program Files\Stardock
2008-08-14 16:25 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-13 14:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-13 01:24 --------- d-----w C:\Program Files\Windows Defender
2008-08-12 23:31 --------- d-----w C:\Program Files\S3
2008-08-12 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-08-12 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-12 22:58 --------- d-----w C:\Program Files\Ahead
2008-08-10 00:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-09 10:54 --------- d-----w C:\Program Files\Google
2008-08-08 19:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-08 12:49 --------- d-----w C:\Documents and Settings\computer\Application Data\GRETECH
2008-08-08 12:41 --------- d-----w C:\Program Files\GRETECH
2008-08-08 12:31 --------- d-----w C:\Documents and Settings\computer\Application Data\AvaFind Data
2008-08-08 02:54 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-08 02:52 --------- d-----w C:\Program Files\Ringz Studio
2008-08-08 02:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-08 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-08-08 01:46 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-08 01:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-08 01:45 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-08 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-08 00:00 --------- d-----w C:\Documents and Settings\computer\Application Data\Media Player Classic
2008-08-07 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-08-07 22:14 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-07 22:14 --------- d-----w C:\Program Files\ACD Systems
2008-08-07 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-06 23:32 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 13:26 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-08-06 12:03 --------- d-----w C:\Documents and Settings\computer\Application Data\Paltalk
2008-08-06 09:31 --------- d-----w C:\Program Files\QuickTime
2008-08-06 09:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-06 09:30 --------- d-----w C:\Program Files\Bonjour
2008-08-06 09:22 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-05 22:35 --------- d-----w C:\Program Files\Windows Live
2008-08-05 22:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-05 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-05 22:02 --------- d-----w C:\Program Files\Free FLV to AVI Video Converter
2008-08-05 22:02 --------- d-----w C:\Documents and Settings\computer\Application Data\Desktopicon
2008-08-05 21:59 155,995 ----a-w C:\WINDOWS\java\Packages\G3V7DR5J.ZIP
2008-08-05 21:58 --------- d-----w C:\Program Files\BitComet
2008-04-14 15:59 59,904 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.
------- Sigcheck -------
04/21/2008 09:56 AM  665088  5e6599f286dca71723cae03c388770c5 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
04/21/2008 09:42 AM  664576  908b749bc0864b68b5be77bc530b63bd C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
04/21/2008 09:24 AM  665088  5d9314f5fad444882b68d49b23429d75 C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
06/23/2008 06:38 PM  827904  bd4be2824bc805da1f29385519b865f9 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
08/04/2004 12:55 AM  654848  1e1cef80a11bdab92b2a83f885d214d5 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
04/21/2008 10:01 AM  657920  087391c34ae510d222ea2b4753bb8f5d C:\WINDOWS\ie7\wininet.dll
08/13/2007 06:54 PM  818688  a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
06/23/2008 07:15 PM  817152  80716256f266066bd98b846e7562db76 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
06/23/2008 07:15 PM  817152  80716256f266066bd98b846e7562db76 C:\WINDOWS\system32\wininet.dll
06/23/2008 07:15 PM  826368  3f4bca25f29394995161e8e85d925c1a C:\WINDOWS\system32\dllcache\wininet.dll
04/14/2008 06:59 PM  974848  5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\explorer.exe
08/04/2004 12:56 AM  1029632  932f97b77f2625f7ff7dfc97552548f8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
04/14/2008 06:59 PM  974848  5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
07/18/2008 10:10 PM  68808  136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
07/18/2008 10:10 PM  68808  136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
07/18/2008 10:10 PM  53448  d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [08/06/2008 12:57 AM 5728112]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [08/20/2008 09:50 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/25/2008 10:32 AM 185896]
"SkyTel"="SkyTel.EXE" [10/11/2007 11:04 AM 1826816 C:\WINDOWS\SkyTel.exe]
"VTTimer"="VTTimer.exe" [04/16/2008 12:51 PM 81920 C:\WINDOWS\system32\VTTimer.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 07:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 06:30 PM 16855552 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" [09/03/2004 04:02 PM 241664]
C:\Documents and Settings\computer\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
One Click Destruction.lnk - C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe [2004-09-03 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^computer^قائمة ابدأ^البرامج^بدء التشغيل^AMSN.lnk]
path=C:\Documents and Settings\computer\قائمة ابدأ\البرامج\بدء التشغيل\AMSN.lnk
backup=C:\WINDOWS\pss\AMSN.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^computer^قائمة ابدأ^البرامج^بدء التشغيل^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\computer\قائمة ابدأ\البرامج\بدء التشغيل\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 08/24/2007 07:00 AM 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITD7]
--a------ 09/03/2004 04:02 PM 241664 C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra------ 11/22/2006 12:31 PM 630784 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 07/12/2007 04:00 AM 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 06/25/2008 10:32 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 05/02/2008 07:15 AM 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 11/03/2006 07:20 PM 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
--a------ 09/30/2007 03:50 PM 200704 C:\WINDOWS\system32\S3Trayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
--a------ 09/13/2000 04:30 AM 159744 C:\WINDOWS\system32\TWEAKUI.CPL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [10/18/2007 01:28 PM 16896]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [09/21/2007 12:49 PM 9216]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [10/18/2007 01:28 PM 52224]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [03/16/2005 09:23 AM 13696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM 24592]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [01/14/2008 01:06 PM 21632]
R3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [04/08/2005 10:46 AM 162176]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [05/23/2008 11:35 AM 604160]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [08/29/2006 05:56 PM 32377]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [01/25/2008 12:12 PM 25088]
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F18C5B55-AA6D-4849-8EC0-6EE2B01F6B08}]
C:\Program Files\Bifrost\server.exe s
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AvaFind - C:\Program Files\AvaFind\AvaFind.exe
MSConfigStartUp-Dynamic Notes - C:\Program Files\Power Soft\Dynamic Notes\DynamicNotes.exe
MSConfigStartUp-NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe
MSConfigStartUp-NSLauncher - C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
MSConfigStartUp-StormCodec_Helper - C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\lzb50shr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://s16.travian.ae/login.php
FF -: plugin - C:\Documents and Settings\computer\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2008-09-16 09:39:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 

**************************************************************************
.
Completion time: 09/16/2008  9:43:05
ComboFix-quarantined-files.txt  2008-09-16 06:42:01
Pre-Run: 25,742,422,016 bytes free
Post-Run: 25,726,455,808 bytes free
272 --- E O F --- 2008-09-12 22:58:59

هذا الي طلبته .. :b:
 
تأييد 0
بعد اذن الحبايب :b:

احد مهكر عليك وهذا واضح من اداة الكومبو فكس

ياعيني بالكاسبر نايم !! :q:

عطني تقرير جديد لااهنت​
 
توقيع : LINEZERO
تأييد 0
طيب وش الحل عشان اقلع هلي هكر علي :( ..
 
تأييد 0
الحل عندي وانا ابو هندي :q:​

اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
 
توقيع : LINEZERO
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:35:49 ص, on 17/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\itd7.exe" -firstboot (User 'Default user')
O4 - Startup: One Click Destruction.lnk = C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 8614 bytes
 
تأييد 0
ولا رد ..!
 
تأييد 0
Mr.FahooDy قال:
ولا رد ..!
أنقر للتوسيع...

ياخي الاخوان عندهم مشاكل كما انت فيه غيرك والاخوان مايقصرون بس انت طول بالك

احذف هالقيم (( كلها بسيطة ))

O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

4 - Startup: One Click Destruction.lnk = C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe


واستخدم هالبرنامجين



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعدين هالاداة لتنظيف الجهاز​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png

001.png

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png



وحيعيد تشغيل الجهاز بعدها

عطني تقرير
 
التعديل الأخير بواسطة المشرف:
توقيع : البارون
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى