ارجواااااا المساعده ....... فايروس على القرص c

C

captain.milan

زيزوومي جديد
إنضم
16 أغسطس 2008
المشاركات
16
مستوى التفاعل
0
النقاط
20
غير متصل
مرحبااااااا للجميع و كل عام وانتو بخير
ادخل بالموضوع
يا شباب في عندي فايروس نازل على c لما بفحصوا بالكاسبر بيعثر عليه بس ما بيرفعوا الفايروس
c:/windows:astinfo hidden هيك بكون مكتوب في الكاسبر اعذروني علشان مافي صور المهم وهادا مغلبني كتير و لما بعملوا حذف الكاسبر بيقلوا انو راح ينحذف بعد اعادة التشيغل برجع اعيد التشغيل بلاقي راح تقلولي بالسيف مود جربت بردو على الفاضي لانو بالسيف مود ما بيعثر عليه الكاسبر بس بيعثر عليه في الوضع العادي.............ز و العمل يا شباب ياريت تساعدوني
و تاني شغله في الريل بلير و winamp مش عارف يمكن بتاشير هادا الفيوس .....شو بيصير في هادي البرامج انو ما بترضى تشغل الاغاني مثلا الريل بلير بتضغط على play العداد الي تحت ما بيمشي و الونامب متلواااااا اما الويندوز ميديا بلير حالات حالات يعني مزاج الي شغال تمام الميديا بلير كلاسيك
فالرجاااااااااااس المساعده
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام

حمل هذه الاداة من شركة كاسبر ::

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



وفحص بها جهازك .. وقم بتنظيفه ..

وبعدها عطنا تقريرك بالهايجاك ..

والصقه بردك القادم .. للمتابعة

 
توقيع : البارون
تأييد 0
عفواااااااااا بس شو هو الهايجاك و كيف بدي اعمل تقرير ..معلش استحملني
 
تأييد 0
أخي الكريم

يمكنك الحصول على البرنامج و طريقة عمله عبر

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

لأخ Abady
كلمة المرور : abady 18

أرجو لك التوفيق
 
تأييد 0
حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
مرحباااااا
و هاي التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:20 PM, on 10/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\bayern\Desktop\protect\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: بدء التشغيل السريع لـ Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12877 bytes
 
تأييد 0
اعمل التالي لا هنت

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
اخي هي التقرير بالهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:06 PM, on 10/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Ares Ultra\Ares Ultra.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Desktop\protect\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\CF21868.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: بدء التشغيل السريع لـ Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12590 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:06 PM, on 10/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Ares Ultra\Ares Ultra.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Desktop\protect\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\CF21868.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: بدء التشغيل السريع لـ Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12590 bytes
 
تأييد 0
اين تقرير الاداة الاولى
 
توقيع : السّاجد لله
تأييد 0
حاضر اخي بس تقرير الاداه الاولي بدو شويه وقت و انا بدياك تكون متابع معاياه
 
تأييد 0
المهم تعمل التقرير الاول وتكمله على اتم وجه وانا معك
 
توقيع : السّاجد لله
تأييد 0
اخي الاداة الاولى ما بشتغل معي يعني بتيجي شاشه dos بالازرق و بعدها ما بيعيد التشغيل
 
تأييد 0
انتظر قليلا اخي وبعدين تكمل
 
توقيع : السّاجد لله
تأييد 0
اخي الحمدلله هي التقريرComboFix 08-10-02.04 - bayern 2008-10-03 1:58:23.2 - NTFSx86 MINIMALMicrosoft Windows XP Professional 5.1.2600.2.1256.963.1033.18.325 [GMT 2:00]Running from: C:\Documents and Settings\bayern\Desktop\protect\ComboFix1.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. ADS - WINDOWS: deleted 0 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\bayern\s\HOILT.QEXC:\Documents and Settings\bayern\Favorites\Error Cleaner.urlC:\Documents and Settings\bayern\Favorites\Privacy Protector.urlC:\Documents and Settings\bayern\Favorites\Spyware&Malware Protection.urlC:\RECYCLER\ADAPT_Installer.exeC:\WINDOWS\regedit.comC:\WINDOWS\system32\CacheC:\WINDOWS\system32\taskmgr.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_IPRIP-------\Legacy_NPF-------\Service_Iprip-------\Service_NPF((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 ))))))))))))))))))))))))))))))).2008-10-03 01:51 . 2008-10-03 01:52 6,262,069 --a------ C:\WINDOWS\REGBK00.ZIP2008-10-03 01:50 . 2008-10-03 01:50 d-------- C:\Documents and Settings\bayern\Application Data\CyberScrub2008-10-03 01:50 . 2008-10-03 01:50 d-------- C:\Documents and Settings\bayern\Application Data\cleaner2008-10-03 01:47 . 2008-10-03 01:47 3,954 --a------ C:\WINDOWS\system32\tmp.reg2008-10-03 01:45 . 2008-07-08 14:54 148,496 --a------ C:\WINDOWS\system32\drivers\48321128.sys2008-10-03 01:12 . 2008-10-03 01:45 d-------- C:\WINDOWS\LastGood.Tmp2008-10-02 21:07 . 2008-10-03 01:43 27 --a------ C:\WINDOWS\Lic.xxx2008-10-02 21:06 . 2004-08-04 00:56 146,432 --a------ C:\WINDOWS\R.COM2008-10-02 21:06 . 2004-08-04 00:56 135,680 --a------ C:\WINDOWS\system32\T.COM2008-10-02 21:05 . 2008-10-02 21:05 d-------- C:\Documents and Settings\All Users\Application Data\MicroWorld2008-10-02 19:26 . 2008-10-02 19:54 d-------- C:\Program Files\Windows Live Safety Center2008-10-02 17:47 . 2008-10-02 17:47 d-------- C:\Program Files\Common Files\xing shared2008-10-02 15:02 . 2008-10-02 15:02 d-------- C:\Program Files\Symantec2008-10-02 15:02 . 2008-10-02 15:02 d-------- C:\Documents and Settings\bayern\Application Data\Symantec2008-10-02 15:01 . 2008-10-02 15:01 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations2008-10-02 13:50 . 2008-09-19 20:47 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll2008-10-02 13:03 . 2007-03-13 09:02 69,632 -r------- C:\WINDOWS\Alcmtr.exe2008-10-02 13:02 . 2008-10-02 13:02 315,392 --a------ C:\WINDOWS\HideWin.exe2008-09-30 07:21 . 2008-09-30 07:21 d-------- C:\Program Files\Common Files\PCSuite2008-09-30 07:20 . 2008-09-30 07:20 d-------- C:\Program Files\PC Connectivity Solution2008-09-30 07:20 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll2008-09-30 07:20 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll2008-09-30 07:20 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys2008-09-30 07:20 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys2008-09-30 07:20 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys2008-09-30 07:20 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys2008-09-30 07:20 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys2008-09-30 06:45 . 2008-09-30 06:45 d-------- C:\Documents and Settings\All Users\Application Data\Nokia2008-09-30 03:16 . 2008-09-30 03:16 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software2008-09-30 03:15 . 2008-09-30 03:15 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue2008-09-29 13:50 . 2008-09-29 13:50 d-------- C:\Program Files\Webteh2008-09-29 13:50 . 2008-09-29 13:50 d-------- C:\Documents and Settings\bayern\Application Data\BSplayer Pro2008-09-29 13:50 . 2008-10-01 23:42 d-------- C:\Documents and Settings\bayern\Application Data\BSplayer2008-09-28 17:18 . 2008-09-28 17:18 d-------- C:\Program Files\MSECache2008-09-27 22:41 . 2008-09-27 22:49 d-------- C:\Program Files\Your Uninstaller 20082008-09-27 22:41 . 2008-09-27 22:41 d-------- C:\Documents and Settings\bayern\Application Data\URSoft2008-09-27 22:41 . 2008-10-02 17:30 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-09-27 18:50 . 2008-10-02 00:44 d-------- C:\Documents and Settings\bayern\Application Data\LimeWire2008-09-27 18:45 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll2008-09-27 18:45 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys2008-09-27 10:09 . 2008-09-27 10:09 0 --a------ C:\WINDOWS\system32\cid_store.dat2008-09-27 09:56 . 2008-09-27 23:59 d-------- C:\Program Files\IEPro2008-09-27 09:54 . 2008-09-27 09:54 d-------- C:\Documents and Settings\bayern\Application Data\MiniDm2008-09-27 09:50 . 2008-09-27 22:51 d-------- C:\Documents and Settings\bayern\Application Data\IEPro2008-09-27 09:31 . 2008-09-27 22:48 d-------- C:\Documents and Settings\bayern\Application Data\SlipStream2008-09-27 09:29 . 2007-10-19 05:50 114,688 --a------ C:\WINDOWS\sliprt.dll.old2008-09-27 09:22 . 2008-09-27 09:22 d-------- C:\Program Files\uTorrent2008-09-27 09:21 . 2008-09-28 10:29 d-------- C:\Documents and Settings\bayern\Application Data\uTorrent2008-09-27 02:16 . 2008-09-27 02:21 d-------- C:\Program Files\QuickTime2008-09-27 02:16 . 2008-09-27 02:21 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer2008-09-27 02:15 . 2008-10-02 13:48 d-------- C:\Program Files\Common Files\Apple2008-09-27 01:59 . 2008-09-27 01:59 d-------- C:\Program Files\Shareaza2008-09-27 01:59 . 2008-09-28 00:45 d-------- C:\Documents and Settings\bayern\Application Data\Shareaza2008-09-27 01:52 . 2008-09-27 01:52 d-------- C:\Program Files\Plugin2008-09-26 18:51 . 2008-09-26 20:57 d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner2008-09-26 13:39 . 2008-09-26 18:52 d--h-c--- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}2008-09-26 13:38 . 2008-09-26 13:39 d--h-c--- C:\Documents and Settings\All Users\Application Data\{1377D272-D99F-4A4B-9C83-A918F678475B}2008-09-26 13:25 . 2008-09-26 18:51 d-------- C:\Documents and Settings\bayern\Application Data\uniblue2008-09-26 13:24 . 2008-09-26 18:51 d-------- C:\Program Files\Uniblue2008-09-26 13:04 . 2008-09-26 13:16 d-------- C:\WINDOWS\SxsCaPendDel2008-09-26 02:13 . 2008-09-26 02:13 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller2008-09-26 01:41 . 2008-09-26 01:41 d-------- C:\Documents and Settings\bayern\Application Data\kantaris2008-09-26 01:40 . 2008-10-02 17:32 d-------- C:\Program Files\Kantaris2008-09-25 22:24 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys2008-09-25 22:24 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys2008-09-25 17:11 . 2008-09-25 17:14 21,598 --a------ C:\WINDOWS\system32\oemlogo.bmp2008-09-25 17:11 . 2008-09-25 17:15 130 --a------ C:\WINDOWS\system32\oeminfo.ini2008-09-25 14:03 . 2008-09-26 13:24 d--h-c--- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}2008-09-25 13:37 . 2008-09-25 13:37 dr-h----- C:\AHCache2008-09-25 12:40 . 2008-09-30 17:31 d-------- C:\Program Files\MACMask2008-09-25 01:21 . 2008-10-02 13:43 d-------- C:\Program Files\Netlog Video Tool2008-09-24 22:22 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe2008-09-24 22:22 . 2008-10-02 14:09 63 --a------ C:\WINDOWS\key.lgl2008-09-24 19:40 . 2008-09-24 19:53 d-------- C:\Documents and Settings\bayern\Application Data\Goverlan2008-09-24 19:38 . 2003-04-03 12:10 46,080 --a------ C:\WINDOWS\system32\_easywall.dll2008-09-24 19:32 . 2008-09-24 19:32 d-------- C:\Documents and Settings\All Users\Application Data\GoverRMC2008-09-24 19:32 . 2007-02-16 20:08 57,344 --a------ C:\WINDOWS\system32\AstSrv.exe2008-09-24 17:14 . 2008-09-24 17:14 d-------- C:\Documents and Settings\bayern\Application Data\XArp2008-09-24 17:13 . 2008-09-24 17:13 4,100 --a------ C:\WINDOWS\system32\hdvirffo.dll2008-09-24 17:11 . 2008-09-24 17:29 d-------- C:\Program Files\XArp2008-09-24 17:01 . 2008-09-24 17:01 98,304 --a------ C:\WINDOWS\system32\SoftAheadCert.dll2008-09-24 10:20 . 2008-09-24 19:38 d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies2008-09-24 09:46 . 2008-09-24 18:29 d-------- C:\Program Files\SwitchSniffer2008-09-23 23:59 . 2008-09-23 23:59 d-------- C:\WINDOWS\Sun2008-09-23 23:57 . 2008-10-03 01:34 410,976 --a------ C:\WINDOWS\system32\deploytk.dll2008-09-23 11:16 . 2008-09-23 17:08 d-------- C:\Program Files\Download Direct2008-09-23 10:29 . 2008-09-23 10:29 d-------- C:\Program Files\Pcsx22008-09-22 10:20 . 2008-09-22 10:21 d-------- C:\Program Files\Flash Player Pro2008-09-20 21:05 . 2008-09-20 21:05 d-------- C:\Program Files\Common Files\Symantec Shared2008-09-20 18:31 . 2008-09-20 18:35 d-------- C:\WINDOWS\system32\Adobe2008-09-20 17:44 . 2008-10-02 17:42 d-------- C:\Documents and Settings\bayern\Application Data\MxBoost2008-09-20 17:40 . 2008-09-29 19:51 d-------- C:\Program Files\Maxthon22008-09-20 14:33 . 2008-09-20 14:33 d-------- C:\Program Files\Netlog Photo Tool2008-09-20 12:16 . 2008-09-20 12:18 d-------- C:\Documents and Settings\bayern\Application Data\RapidGet2008-09-20 11:34 . 2008-09-20 11:34 d-------- C:\Program Files\Ares Ultra2008-09-19 20:52 . 2008-09-29 00:41 d-------- C:\Documents and Settings\bayern\Application Data\FrostWire2008-09-19 20:47 . 2008-09-19 20:52 d-------- C:\Program Files\FrostWire2008-09-19 20:46 . 2008-09-19 20:46 d-------- C:\Program Files\ICQ6Toolbar2008-09-19 20:46 . 2008-09-19 20:46 d-------- C:\Documents and Settings\All Users\Application Data\ICQ2008-09-19 20:45 . 2008-09-19 20:51 d-------- C:\Documents and Settings\bayern\Application Data\ICQ2008-09-19 20:44 . 2008-09-19 20:51 d-------- C:\Program Files\ICQ62008-09-19 20:37 . 2008-09-19 20:37 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!2008-09-19 20:36 . 2008-09-19 20:36 d-------- C:\Program Files\Yahoo!2008-09-19 20:28 . 2008-09-28 00:48 d-------- C:\Program Files\LimeWire2008-09-19 20:10 . 2008-09-28 00:44 d-------- C:\Program Files\eMule2008-09-19 19:38 . 2008-09-26 13:07 d-------- C:\WINDOWS\system32\XPSViewer2008-09-19 19:38 . 2008-09-19 19:38 d-------- C:\Program Files\Reference Assemblies2008-09-19 19:38 . 2008-09-19 19:38 d-------- C:\Program Files\MSBuild2008-09-19 19:37 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll2008-09-19 19:37 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui2008-09-19 19:37 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll2008-09-19 19:33 . 2008-09-19 19:33 d-------- C:\Program Files\MSXML 6.02008-09-19 19:19 . 2008-10-03 01:34 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl2008-09-19 19:18 . 2008-09-23 23:57 d-------- C:\Program Files\Java2008-09-19 19:11 . 2008-09-19 19:11 d-------- C:\Program Files\Common Files\Java2008-09-19 19:08 . 2008-09-19 19:08 d-------- C:\WINDOWS\Logs2008-09-19 16:26 . 2008-09-19 16:26 d-------- C:\Documents and Settings\bayern\Application Data\Media Player Classic2008-09-19 15:58 . 2008-09-19 15:58 d--h----- C:\WINDOWS\PIF2008-09-19 15:45 . 2008-10-03 01:18 d-------- C:\Program Files\Total Video Converter2008-09-19 15:45 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx2008-09-19 15:43 . 2008-09-19 15:43 d-------- C:\Program Files\Samy_Soft2008-09-19 15:29 . 2008-09-19 15:29 d-------- C:\Program Files\OUP2008-09-19 15:28 . 2008-09-19 15:28 d-------- C:\Castle2008-09-19 13:17 . 2008-09-29 00:48 d-------- C:\Program Files\BitComet2008-09-19 12:44 . 2008-10-03 01:27 d-------- C:\Documents and Settings\bayern\Tracing.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-02 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-10-02 22:51 524,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat2008-10-02 22:51 2,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx2008-10-02 22:37 16,676 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx2008-10-02 22:37 1,996,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat2008-10-02 15:12 --------- d-----w C:\Documents and Settings\bayern\Application Data\U32008-10-02 11:03 --------- d-----w C:\Program Files\Realtek2008-09-30 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations2008-09-30 05:21 --------- d-----w C:\Program Files\Nokia2008-09-30 05:21 --------- d-----w C:\Program Files\Common Files\Nokia2008-09-29 18:52 --------- d-----w C:\Documents and Settings\bayern\Application Data\Nokia2008-09-29 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite2008-09-26 20:20 --------- d-----w C:\Program Files\Intel2008-09-21 10:01 --------- d-----w C:\Program Files\Microsoft Works2008-09-19 18:51 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-09-19 13:27 --------- d-----w C:\Program Files\Common Files\Adobe2008-09-18 22:35 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat2008-09-18 19:02 --------- d-----w C:\Program Files\Common Files\InstallShield2008-09-18 18:57 --------- d-----w C:\Program Files\MSXML 4.02008-09-18 18:27 --------- d-----w C:\Program Files\Microsoft.NET2008-09-18 18:20 --------- d-----w C:\Program Files\microsoft frontpage2008-09-18 18:16 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat2008-09-18 18:16 --------- d-----w C:\Documents and Settings\bayern\Application Data\PC Suite2008-09-18 18:15 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2008-09-18 18:15 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf2008-09-18 18:15 --------- d-----w C:\Program Files\Kaspersky Lab2008-09-18 18:08 --------- d-----w C:\Program Files\DIFX2008-08-23 03:47 86,523 ----a-w C:\WINDOWS\WinVerCheck.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper s\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll[HKEY_LOCAL_MACHINE\~\Browser Helper s\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]2008-09-02 21:13 953360 --a------ C:\Program Files\Windows Live\Toolbar\wltcore.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360][HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}][HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-22 68856]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-07-15 931248]"ares ultra"="C:\Program Files\Ares Ultra\Ares Ultra.exe" [2007-05-23 2831360]"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Privacy Suite"="C:\Documents and Settings\bayern\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [2007-11-03 6731312]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-28 141848]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-28 166424]"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-28 137752]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]"NortonAntiBot"="C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [2007-11-12 1378840]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-02 185896]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]"SkyTel"="SkyTel.EXE" [2007-03-13 C:\WINDOWS\SkyTel.exe]"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 C:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\§ک ں颬نïé ںé«©ïم é• Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S"ares ultra"="C:\Program Files\Ares Ultra\Ares Ultra.exe" -h"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe""googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"="C:\\WINDOWS\\system32\\ftp.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"="C:\\WINDOWS\\system32\\java.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)"22011:TCP"= 22011:TCP:BitComet 22011 TCP"22011:UDP"= 22011:UDP:BitComet 22011 UDP[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1)R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]R1 is-Q0AULdrv;is-Q0AULdrv;C:\WINDOWS\system32\DRIVERS\48321128.sys [2008-07-08 148496]R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2008-02-20 30816]S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-19 354560][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvcHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.s of the 'Scheduled Tasks' folder..------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\bayern\Application Data\Mozilla\Firefox\Profiles\5kiocnvc.default\FireFox -: prefs.js - STARTUP.HOMEPAGE -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

-: plugin - C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dllFF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dllFF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllFF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dllFF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

scan 2008-10-03 02:09:18Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... C:\Documents and Settings\bayern\Local Settings\Application Data\Ares Ultra\Data\PHashIdxTemp.dat 2782 bytesscan completed successfullyhidden files: 1**************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\AstSrv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\snmp.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Real\RealPlayer\realplay.exeC:\Program Files\Winamp\winamp.exe.**************************************************************************.Completion time: 2008-10-03 2:19:59 - machine was rebooted [bayern]ComboFix-quarantined-files.txt 2008-10-03 00:19:40Pre-Run: 10,503,098,368 bytes freePost-Run: 10,426,765,312 bytes free330
 
تأييد 0
الان هات تقرير هايجاك
 
توقيع : السّاجد لله
تأييد 0
احذف التالي

R3 - URLSearchHook: (no name) - - (no file)


O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll


O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll


O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)


O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll


O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll


O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"


O4 - HKLM\..\RunOnce: [rpbrowserrecordplugin.dll OCX] regsvr32.exe /s "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll"


O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h


O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm


O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll


O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)


O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)


O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe


طريقة الحذف

zyzoom-47abf39087.gif



zyzoom-dc3770ae68.gif



نزل هالاداة لتنظيف الجهاز


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




zyzoom-3c0e283670.gif



بعدها اددخل على ازالة البرامج واحذف كل التولبارات لديك وهي

ICQToolBar

Google Toolbar

Windows Live Toolbar Beta

ثم نزل اداة الكاسبر هذه




يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل




تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير



zyzoom-3d6517b067.png



zyzoom-7717063ed7.png



zyzoom-cda271da05.png



zyzoom-26888dbf15.png



zyzoom-3f4576c288.png



وأحفظ التقرير وارفقه وان شاء الله تنتهي مشكلتك


 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
اخي معلش انا كنت طافي الجهاز و انا هلأ اعملت هاي جاك و حنفذ الي حكيتو بس هاي القيمة مش موجودة

O4 - HKLM\..\RunOnce: [rpbrowserrecordplugin.dll OCX] regsvr32.exe /s "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
و انا اصلا كل مشكلتي مع الريلبلير
 
تأييد 0
اخي هشام انا عملت زي ما انتا قلت بس لسا باقية مشكله الريل بلير شو بدي اعمل
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى