ارجواااااا المساعده ....... فايروس على القرص c

captain.milan · 2 أكتوبر 2008

مرحبااااااا للجميع و كل عام وانتو بخير
ادخل بالموضوع
يا شباب في عندي فايروس نازل على c لما بفحصوا بالكاسبر بيعثر عليه بس ما بيرفعوا الفايروس
c:/windows:astinfo hidden هيك بكون مكتوب في الكاسبر اعذروني علشان مافي صور المهم وهادا مغلبني كتير و لما بعملوا حذف الكاسبر بيقلوا انو راح ينحذف بعد اعادة التشيغل برجع اعيد التشغيل بلاقي راح تقلولي بالسيف مود جربت بردو على الفاضي لانو بالسيف مود ما بيعثر عليه الكاسبر بس بيعثر عليه في الوضع العادي.............ز و العمل يا شباب ياريت تساعدوني
و تاني شغله في الريل بلير و winamp مش عارف يمكن بتاشير هادا الفيوس .....شو بيصير في هادي البرامج انو ما بترضى تشغل الاغاني مثلا الريل بلير بتضغط على play العداد الي تحت ما بيمشي و الونامب متلواااااا اما الويندوز ميديا بلير حالات حالات يعني مزاج الي شغال تمام الميديا بلير كلاسيك
فالرجاااااااااااس المساعده

البارون · 2 أكتوبر 2008

وعليكم السلام

حمل هذه الاداة من شركة كاسبر ::

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وفحص بها جهازك .. وقم بتنظيفه ..

وبعدها عطنا تقريرك بالهايجاك ..

والصقه بردك القادم .. للمتابعة

captain.milan · 2 أكتوبر 2008

عفواااااااااا بس شو هو الهايجاك و كيف بدي اعمل تقرير ..معلش استحملني

firas · 2 أكتوبر 2008

أخي الكريم

يمكنك الحصول على البرنامج و طريقة عمله عبر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

لأخ Abady
كلمة المرور : abady 18

أرجو لك التوفيق

MAAX · 2 أكتوبر 2008

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

captain.milan · 3 أكتوبر 2008

مرحباااااا
و هاي التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:20 PM, on 10/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\bayern\Desktop\protect\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: بدء التشغيل السريع لـ Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12877 bytes

السّاجد لله · 3 أكتوبر 2008

اعمل التالي لا هنت

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم

captain.milan · 3 أكتوبر 2008

اخي هي التقرير بالهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:06 PM, on 10/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Ares Ultra\Ares Ultra.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Desktop\protect\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\CF21868.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: بدء التشغيل السريع لـ Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12590 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:06 PM, on 10/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Ares Ultra\Ares Ultra.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Desktop\protect\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\CF21868.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: بدء التشغيل السريع لـ Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12590 bytes

السّاجد لله · 3 أكتوبر 2008

اين تقرير الاداة الاولى

captain.milan · 3 أكتوبر 2008

حاضر اخي بس تقرير الاداه الاولي بدو شويه وقت و انا بدياك تكون متابع معاياه

السّاجد لله · 3 أكتوبر 2008

المهم تعمل التقرير الاول وتكمله على اتم وجه وانا معك

captain.milan · 3 أكتوبر 2008

اخي الاداة الاولى ما بشتغل معي يعني بتيجي شاشه dos بالازرق و بعدها ما بيعيد التشغيل

السّاجد لله · 3 أكتوبر 2008

انتظر قليلا اخي وبعدين تكمل

captain.milan · 3 أكتوبر 2008

اخي الحمدلله هي التقريرComboFix 08-10-02.04 - bayern 2008-10-03 1:58:23.2 - NTFSx86 MINIMALMicrosoft Windows XP Professional 5.1.2600.2.1256.963.1033.18.325 [GMT 2:00]Running from: C:\Documents and Settings\bayern\Desktop\protect\ComboFix1.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. ADS - WINDOWS: deleted 0 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\bayern\s\HOILT.QEXC:\Documents and Settings\bayern\Favorites\Error Cleaner.urlC:\Documents and Settings\bayern\Favorites\Privacy Protector.urlC:\Documents and Settings\bayern\Favorites\Spyware&Malware Protection.urlC:\RECYCLER\ADAPT_Installer.exeC:\WINDOWS\regedit.comC:\WINDOWS\system32\CacheC:\WINDOWS\system32\taskmgr.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_IPRIP-------\Legacy_NPF-------\Service_Iprip-------\Service_NPF((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 ))))))))))))))))))))))))))))))).2008-10-03 01:51 . 2008-10-03 01:52 6,262,069 --a------ C:\WINDOWS\REGBK00.ZIP2008-10-03 01:50 . 2008-10-03 01:50 d-------- C:\Documents and Settings\bayern\Application Data\CyberScrub2008-10-03 01:50 . 2008-10-03 01:50 d-------- C:\Documents and Settings\bayern\Application Data\cleaner2008-10-03 01:47 . 2008-10-03 01:47 3,954 --a------ C:\WINDOWS\system32\tmp.reg2008-10-03 01:45 . 2008-07-08 14:54 148,496 --a------ C:\WINDOWS\system32\drivers\48321128.sys2008-10-03 01:12 . 2008-10-03 01:45 d-------- C:\WINDOWS\LastGood.Tmp2008-10-02 21:07 . 2008-10-03 01:43 27 --a------ C:\WINDOWS\Lic.xxx2008-10-02 21:06 . 2004-08-04 00:56 146,432 --a------ C:\WINDOWS\R.COM2008-10-02 21:06 . 2004-08-04 00:56 135,680 --a------ C:\WINDOWS\system32\T.COM2008-10-02 21:05 . 2008-10-02 21:05 d-------- C:\Documents and Settings\All Users\Application Data\MicroWorld2008-10-02 19:26 . 2008-10-02 19:54 d-------- C:\Program Files\Windows Live Safety Center2008-10-02 17:47 . 2008-10-02 17:47 d-------- C:\Program Files\Common Files\xing shared2008-10-02 15:02 . 2008-10-02 15:02 d-------- C:\Program Files\Symantec2008-10-02 15:02 . 2008-10-02 15:02 d-------- C:\Documents and Settings\bayern\Application Data\Symantec2008-10-02 15:01 . 2008-10-02 15:01 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations2008-10-02 13:50 . 2008-09-19 20:47 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll2008-10-02 13:03 . 2007-03-13 09:02 69,632 -r------- C:\WINDOWS\Alcmtr.exe2008-10-02 13:02 . 2008-10-02 13:02 315,392 --a------ C:\WINDOWS\HideWin.exe2008-09-30 07:21 . 2008-09-30 07:21 d-------- C:\Program Files\Common Files\PCSuite2008-09-30 07:20 . 2008-09-30 07:20 d-------- C:\Program Files\PC Connectivity Solution2008-09-30 07:20 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll2008-09-30 07:20 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll2008-09-30 07:20 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys2008-09-30 07:20 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys2008-09-30 07:20 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys2008-09-30 07:20 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys2008-09-30 07:20 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys2008-09-30 06:45 . 2008-09-30 06:45 d-------- C:\Documents and Settings\All Users\Application Data\Nokia2008-09-30 03:16 . 2008-09-30 03:16 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software2008-09-30 03:15 . 2008-09-30 03:15 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue2008-09-29 13:50 . 2008-09-29 13:50 d-------- C:\Program Files\Webteh2008-09-29 13:50 . 2008-09-29 13:50 d-------- C:\Documents and Settings\bayern\Application Data\BSplayer Pro2008-09-29 13:50 . 2008-10-01 23:42 d-------- C:\Documents and Settings\bayern\Application Data\BSplayer2008-09-28 17:18 . 2008-09-28 17:18 d-------- C:\Program Files\MSECache2008-09-27 22:41 . 2008-09-27 22:49 d-------- C:\Program Files\Your Uninstaller 20082008-09-27 22:41 . 2008-09-27 22:41 d-------- C:\Documents and Settings\bayern\Application Data\URSoft2008-09-27 22:41 . 2008-10-02 17:30 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-09-27 18:50 . 2008-10-02 00:44 d-------- C:\Documents and Settings\bayern\Application Data\LimeWire2008-09-27 18:45 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll2008-09-27 18:45 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys2008-09-27 10:09 . 2008-09-27 10:09 0 --a------ C:\WINDOWS\system32\cid_store.dat2008-09-27 09:56 . 2008-09-27 23:59 d-------- C:\Program Files\IEPro2008-09-27 09:54 . 2008-09-27 09:54 d-------- C:\Documents and Settings\bayern\Application Data\MiniDm2008-09-27 09:50 . 2008-09-27 22:51 d-------- C:\Documents and Settings\bayern\Application Data\IEPro2008-09-27 09:31 . 2008-09-27 22:48 d-------- C:\Documents and Settings\bayern\Application Data\SlipStream2008-09-27 09:29 . 2007-10-19 05:50 114,688 --a------ C:\WINDOWS\sliprt.dll.old2008-09-27 09:22 . 2008-09-27 09:22 d-------- C:\Program Files\uTorrent2008-09-27 09:21 . 2008-09-28 10:29 d-------- C:\Documents and Settings\bayern\Application Data\uTorrent2008-09-27 02:16 . 2008-09-27 02:21 d-------- C:\Program Files\QuickTime2008-09-27 02:16 . 2008-09-27 02:21 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer2008-09-27 02:15 . 2008-10-02 13:48 d-------- C:\Program Files\Common Files\Apple2008-09-27 01:59 . 2008-09-27 01:59 d-------- C:\Program Files\Shareaza2008-09-27 01:59 . 2008-09-28 00:45 d-------- C:\Documents and Settings\bayern\Application Data\Shareaza2008-09-27 01:52 . 2008-09-27 01:52 d-------- C:\Program Files\Plugin2008-09-26 18:51 . 2008-09-26 20:57 d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner2008-09-26 13:39 . 2008-09-26 18:52 d--h-c--- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}2008-09-26 13:38 . 2008-09-26 13:39 d--h-c--- C:\Documents and Settings\All Users\Application Data\{1377D272-D99F-4A4B-9C83-A918F678475B}2008-09-26 13:25 . 2008-09-26 18:51 d-------- C:\Documents and Settings\bayern\Application Data\uniblue2008-09-26 13:24 . 2008-09-26 18:51 d-------- C:\Program Files\Uniblue2008-09-26 13:04 . 2008-09-26 13:16 d-------- C:\WINDOWS\SxsCaPendDel2008-09-26 02:13 . 2008-09-26 02:13 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller2008-09-26 01:41 . 2008-09-26 01:41 d-------- C:\Documents and Settings\bayern\Application Data\kantaris2008-09-26 01:40 . 2008-10-02 17:32 d-------- C:\Program Files\Kantaris2008-09-25 22:24 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys2008-09-25 22:24 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys2008-09-25 17:11 . 2008-09-25 17:14 21,598 --a------ C:\WINDOWS\system32\oemlogo.bmp2008-09-25 17:11 . 2008-09-25 17:15 130 --a------ C:\WINDOWS\system32\oeminfo.ini2008-09-25 14:03 . 2008-09-26 13:24 d--h-c--- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}2008-09-25 13:37 . 2008-09-25 13:37 dr-h----- C:\AHCache2008-09-25 12:40 . 2008-09-30 17:31 d-------- C:\Program Files\MACMask2008-09-25 01:21 . 2008-10-02 13:43 d-------- C:\Program Files\Netlog Video Tool2008-09-24 22:22 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe2008-09-24 22:22 . 2008-10-02 14:09 63 --a------ C:\WINDOWS\key.lgl2008-09-24 19:40 . 2008-09-24 19:53 d-------- C:\Documents and Settings\bayern\Application Data\Goverlan2008-09-24 19:38 . 2003-04-03 12:10 46,080 --a------ C:\WINDOWS\system32\_easywall.dll2008-09-24 19:32 . 2008-09-24 19:32 d-------- C:\Documents and Settings\All Users\Application Data\GoverRMC2008-09-24 19:32 . 2007-02-16 20:08 57,344 --a------ C:\WINDOWS\system32\AstSrv.exe2008-09-24 17:14 . 2008-09-24 17:14 d-------- C:\Documents and Settings\bayern\Application Data\XArp2008-09-24 17:13 . 2008-09-24 17:13 4,100 --a------ C:\WINDOWS\system32\hdvirffo.dll2008-09-24 17:11 . 2008-09-24 17:29 d-------- C:\Program Files\XArp2008-09-24 17:01 . 2008-09-24 17:01 98,304 --a------ C:\WINDOWS\system32\SoftAheadCert.dll2008-09-24 10:20 . 2008-09-24 19:38 d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies2008-09-24 09:46 . 2008-09-24 18:29 d-------- C:\Program Files\SwitchSniffer2008-09-23 23:59 . 2008-09-23 23:59 d-------- C:\WINDOWS\Sun2008-09-23 23:57 . 2008-10-03 01:34 410,976 --a------ C:\WINDOWS\system32\deploytk.dll2008-09-23 11:16 . 2008-09-23 17:08 d-------- C:\Program Files\Download Direct2008-09-23 10:29 . 2008-09-23 10:29 d-------- C:\Program Files\Pcsx22008-09-22 10:20 . 2008-09-22 10:21 d-------- C:\Program Files\Flash Player Pro2008-09-20 21:05 . 2008-09-20 21:05 d-------- C:\Program Files\Common Files\Symantec Shared2008-09-20 18:31 . 2008-09-20 18:35 d-------- C:\WINDOWS\system32\Adobe2008-09-20 17:44 . 2008-10-02 17:42 d-------- C:\Documents and Settings\bayern\Application Data\MxBoost2008-09-20 17:40 . 2008-09-29 19:51 d-------- C:\Program Files\Maxthon22008-09-20 14:33 . 2008-09-20 14:33 d-------- C:\Program Files\Netlog Photo Tool2008-09-20 12:16 . 2008-09-20 12:18 d-------- C:\Documents and Settings\bayern\Application Data\RapidGet2008-09-20 11:34 . 2008-09-20 11:34 d-------- C:\Program Files\Ares Ultra2008-09-19 20:52 . 2008-09-29 00:41 d-------- C:\Documents and Settings\bayern\Application Data\FrostWire2008-09-19 20:47 . 2008-09-19 20:52 d-------- C:\Program Files\FrostWire2008-09-19 20:46 . 2008-09-19 20:46 d-------- C:\Program Files\ICQ6Toolbar2008-09-19 20:46 . 2008-09-19 20:46 d-------- C:\Documents and Settings\All Users\Application Data\ICQ2008-09-19 20:45 . 2008-09-19 20:51 d-------- C:\Documents and Settings\bayern\Application Data\ICQ2008-09-19 20:44 . 2008-09-19 20:51 d-------- C:\Program Files\ICQ62008-09-19 20:37 . 2008-09-19 20:37 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!2008-09-19 20:36 . 2008-09-19 20:36 d-------- C:\Program Files\Yahoo!2008-09-19 20:28 . 2008-09-28 00:48 d-------- C:\Program Files\LimeWire2008-09-19 20:10 . 2008-09-28 00:44 d-------- C:\Program Files\eMule2008-09-19 19:38 . 2008-09-26 13:07 d-------- C:\WINDOWS\system32\XPSViewer2008-09-19 19:38 . 2008-09-19 19:38 d-------- C:\Program Files\Reference Assemblies2008-09-19 19:38 . 2008-09-19 19:38 d-------- C:\Program Files\MSBuild2008-09-19 19:37 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll2008-09-19 19:37 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui2008-09-19 19:37 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll2008-09-19 19:33 . 2008-09-19 19:33 d-------- C:\Program Files\MSXML 6.02008-09-19 19:19 . 2008-10-03 01:34 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl2008-09-19 19:18 . 2008-09-23 23:57 d-------- C:\Program Files\Java2008-09-19 19:11 . 2008-09-19 19:11 d-------- C:\Program Files\Common Files\Java2008-09-19 19:08 . 2008-09-19 19:08 d-------- C:\WINDOWS\Logs2008-09-19 16:26 . 2008-09-19 16:26 d-------- C:\Documents and Settings\bayern\Application Data\Media Player Classic2008-09-19 15:58 . 2008-09-19 15:58 d--h----- C:\WINDOWS\PIF2008-09-19 15:45 . 2008-10-03 01:18 d-------- C:\Program Files\Total Video Converter2008-09-19 15:45 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx2008-09-19 15:43 . 2008-09-19 15:43 d-------- C:\Program Files\Samy_Soft2008-09-19 15:29 . 2008-09-19 15:29 d-------- C:\Program Files\OUP2008-09-19 15:28 . 2008-09-19 15:28 d-------- C:\Castle2008-09-19 13:17 . 2008-09-29 00:48 d-------- C:\Program Files\BitComet2008-09-19 12:44 . 2008-10-03 01:27 d-------- C:\Documents and Settings\bayern\Tracing.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-02 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-10-02 22:51 524,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat2008-10-02 22:51 2,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx2008-10-02 22:37 16,676 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx2008-10-02 22:37 1,996,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat2008-10-02 15:12 --------- d-----w C:\Documents and Settings\bayern\Application Data\U32008-10-02 11:03 --------- d-----w C:\Program Files\Realtek2008-09-30 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations2008-09-30 05:21 --------- d-----w C:\Program Files\Nokia2008-09-30 05:21 --------- d-----w C:\Program Files\Common Files\Nokia2008-09-29 18:52 --------- d-----w C:\Documents and Settings\bayern\Application Data\Nokia2008-09-29 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite2008-09-26 20:20 --------- d-----w C:\Program Files\Intel2008-09-21 10:01 --------- d-----w C:\Program Files\Microsoft Works2008-09-19 18:51 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-09-19 13:27 --------- d-----w C:\Program Files\Common Files\Adobe2008-09-18 22:35 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat2008-09-18 19:02 --------- d-----w C:\Program Files\Common Files\InstallShield2008-09-18 18:57 --------- d-----w C:\Program Files\MSXML 4.02008-09-18 18:27 --------- d-----w C:\Program Files\Microsoft.NET2008-09-18 18:20 --------- d-----w C:\Program Files\microsoft frontpage2008-09-18 18:16 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat2008-09-18 18:16 --------- d-----w C:\Documents and Settings\bayern\Application Data\PC Suite2008-09-18 18:15 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2008-09-18 18:15 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf2008-09-18 18:15 --------- d-----w C:\Program Files\Kaspersky Lab2008-09-18 18:08 --------- d-----w C:\Program Files\DIFX2008-08-23 03:47 86,523 ----a-w C:\WINDOWS\WinVerCheck.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper s\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll[HKEY_LOCAL_MACHINE\~\Browser Helper s\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]2008-09-02 21:13 953360 --a------ C:\Program Files\Windows Live\Toolbar\wltcore.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360][HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}][HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-22 68856]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-07-15 931248]"ares ultra"="C:\Program Files\Ares Ultra\Ares Ultra.exe" [2007-05-23 2831360]"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Privacy Suite"="C:\Documents and Settings\bayern\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [2007-11-03 6731312]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-28 141848]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-28 166424]"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-28 137752]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]"NortonAntiBot"="C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [2007-11-12 1378840]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-02 185896]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]"SkyTel"="SkyTel.EXE" [2007-03-13 C:\WINDOWS\SkyTel.exe]"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 C:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\§ک ںé¢¬نïé ںé«©ïم é• Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S"ares ultra"="C:\Program Files\Ares Ultra\Ares Ultra.exe" -h"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe""googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"="C:\\WINDOWS\\system32\\ftp.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"="C:\\WINDOWS\\system32\\java.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping"3540:UDP"= 3540:UDP

eer Name Resolution Protocol (PNRP)"22011:TCP"= 22011:TCP:BitComet 22011 TCP"22011:UDP"= 22011:UDP:BitComet 22011 UDP[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1)R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]R1 is-Q0AULdrv;is-Q0AULdrv;C:\WINDOWS\system32\DRIVERS\48321128.sys [2008-07-08 148496]R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2008-02-20 30816]S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-19 354560][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvcHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.s of the 'Scheduled Tasks' folder..------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\bayern\Application Data\Mozilla\Firefox\Profiles\5kiocnvc.default\FireFox -: prefs.js - STARTUP.HOMEPAGE -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

-: plugin - C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dllFF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dllFF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllFF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dllFF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

scan 2008-10-03 02:09:18Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... C:\Documents and Settings\bayern\Local Settings\Application Data\Ares Ultra\Data\PHashIdxTemp.dat 2782 bytesscan completed successfullyhidden files: 1**************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\AstSrv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\snmp.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Real\RealPlayer\realplay.exeC:\Program Files\Winamp\winamp.exe.**************************************************************************.Completion time: 2008-10-03 2:19:59 - machine was rebooted [bayern]ComboFix-quarantined-files.txt 2008-10-03 00:19:40Pre-Run: 10,503,098,368 bytes freePost-Run: 10,426,765,312 bytes free330

captain.milan · 3 أكتوبر 2008

اخي هي التقرير

ComboFix 08-10-02.04 - bayern 2008-10-03 1:58:23.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1256.963.1033.18.325 [GMT 2:00]
Running from: C:\Documents and Settings\bayern\Desktop\protect\ComboFix1.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\bayern\s\HOILT.QEX
C:\Documents and Settings\bayern\Favorites\Error Cleaner.url
C:\Documents and Settings\bayern\Favorites\Privacy Protector.url
C:\Documents and Settings\bayern\Favorites\Spyware&Malware Protection.url
C:\RECYCLER\ADAPT_Installer.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Legacy_NPF
-------\Service_Iprip
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.
2008-10-03 01:51 . 2008-10-03 01:52 6,262,069 --a------ C:\WINDOWS\REGBK00.ZIP
2008-10-03 01:50 . 2008-10-03 01:50 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\CyberScrub
2008-10-03 01:50 . 2008-10-03 01:50 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\cleaner
2008-10-03 01:47 . 2008-10-03 01:47 3,954 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-03 01:45 . 2008-07-08 14:54 148,496 --a------ C:\WINDOWS\system32\drivers\48321128.sys
2008-10-03 01:12 . 2008-10-03 01:45 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-02 21:07 . 2008-10-03 01:43 27 --a------ C:\WINDOWS\Lic.xxx
2008-10-02 21:06 . 2004-08-04 00:56 146,432 --a------ C:\WINDOWS\R.COM
2008-10-02 21:06 . 2004-08-04 00:56 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-10-02 21:05 . 2008-10-02 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MicroWorld
2008-10-02 19:26 . 2008-10-02 19:54 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-02 17:47 . 2008-10-02 17:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-02 15:02 . 2008-10-02 15:02 <DIR> d-------- C:\Program Files\Symantec
2008-10-02 15:02 . 2008-10-02 15:02 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\Symantec
2008-10-02 15:01 . 2008-10-02 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-10-02 13:50 . 2008-09-19 20:47 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-10-02 13:03 . 2007-03-13 09:02 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-10-02 13:02 . 2008-10-02 13:02 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-09-30 07:21 . 2008-09-30 07:21 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-30 07:20 . 2008-09-30 07:20 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-30 07:20 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-09-30 07:20 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-09-30 07:20 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-09-30 07:20 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-09-30 07:20 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-09-30 07:20 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-09-30 07:20 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-09-30 06:45 . 2008-09-30 06:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-09-30 03:16 . 2008-09-30 03:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-09-30 03:15 . 2008-09-30 03:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-09-29 13:50 . 2008-09-29 13:50 <DIR> d-------- C:\Program Files\Webteh
2008-09-29 13:50 . 2008-09-29 13:50 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\BSplayer Pro
2008-09-29 13:50 . 2008-10-01 23:42 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\BSplayer
2008-09-28 17:18 . 2008-09-28 17:18 <DIR> d-------- C:\Program Files\MSECache
2008-09-27 22:41 . 2008-09-27 22:49 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-09-27 22:41 . 2008-09-27 22:41 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\URSoft
2008-09-27 22:41 . 2008-10-02 17:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-27 18:50 . 2008-10-02 00:44 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\LimeWire
2008-09-27 18:45 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-27 18:45 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-27 10:09 . 2008-09-27 10:09 0 --a------ C:\WINDOWS\system32\cid_store.dat
2008-09-27 09:56 . 2008-09-27 23:59 <DIR> d-------- C:\Program Files\IEPro
2008-09-27 09:54 . 2008-09-27 09:54 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\MiniDm
2008-09-27 09:50 . 2008-09-27 22:51 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\IEPro
2008-09-27 09:31 . 2008-09-27 22:48 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\SlipStream
2008-09-27 09:29 . 2007-10-19 05:50 114,688 --a------ C:\WINDOWS\sliprt.dll.old
2008-09-27 09:22 . 2008-09-27 09:22 <DIR> d-------- C:\Program Files\uTorrent
2008-09-27 09:21 . 2008-09-28 10:29 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\uTorrent
2008-09-27 02:16 . 2008-09-27 02:21 <DIR> d-------- C:\Program Files\QuickTime
2008-09-27 02:16 . 2008-09-27 02:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-27 02:15 . 2008-10-02 13:48 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-27 01:59 . 2008-09-27 01:59 <DIR> d-------- C:\Program Files\Shareaza
2008-09-27 01:59 . 2008-09-28 00:45 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\Shareaza
2008-09-27 01:52 . 2008-09-27 01:52 <DIR> d-------- C:\Program Files\Plugin
2008-09-26 18:51 . 2008-09-26 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-26 13:39 . 2008-09-26 18:52 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-09-26 13:38 . 2008-09-26 13:39 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{1377D272-D99F-4A4B-9C83-A918F678475B}
2008-09-26 13:25 . 2008-09-26 18:51 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\uniblue
2008-09-26 13:24 . 2008-09-26 18:51 <DIR> d-------- C:\Program Files\Uniblue
2008-09-26 13:04 . 2008-09-26 13:16 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-26 02:13 . 2008-09-26 02:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-26 01:41 . 2008-09-26 01:41 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\kantaris
2008-09-26 01:40 . 2008-10-02 17:32 <DIR> d-------- C:\Program Files\Kantaris
2008-09-25 22:24 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-09-25 22:24 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-09-25 17:11 . 2008-09-25 17:14 21,598 --a------ C:\WINDOWS\system32\oemlogo.bmp
2008-09-25 17:11 . 2008-09-25 17:15 130 --a------ C:\WINDOWS\system32\oeminfo.ini
2008-09-25 14:03 . 2008-09-26 13:24 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-25 13:37 . 2008-09-25 13:37 <DIR> dr-h----- C:\AHCache
2008-09-25 12:40 . 2008-09-30 17:31 <DIR> d-------- C:\Program Files\MACMask
2008-09-25 01:21 . 2008-10-02 13:43 <DIR> d-------- C:\Program Files\Netlog Video Tool
2008-09-24 22:22 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-09-24 22:22 . 2008-10-02 14:09 63 --a------ C:\WINDOWS\key.lgl
2008-09-24 19:40 . 2008-09-24 19:53 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\Goverlan
2008-09-24 19:38 . 2003-04-03 12:10 46,080 --a------ C:\WINDOWS\system32\_easywall.dll
2008-09-24 19:32 . 2008-09-24 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GoverRMC
2008-09-24 19:32 . 2007-02-16 20:08 57,344 --a------ C:\WINDOWS\system32\AstSrv.exe
2008-09-24 17:14 . 2008-09-24 17:14 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\XArp
2008-09-24 17:13 . 2008-09-24 17:13 4,100 --a------ C:\WINDOWS\system32\hdvirffo.dll
2008-09-24 17:11 . 2008-09-24 17:29 <DIR> d-------- C:\Program Files\XArp
2008-09-24 17:01 . 2008-09-24 17:01 98,304 --a------ C:\WINDOWS\system32\SoftAheadCert.dll
2008-09-24 10:20 . 2008-09-24 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-09-24 09:46 . 2008-09-24 18:29 <DIR> d-------- C:\Program Files\SwitchSniffer
2008-09-23 23:59 . 2008-09-23 23:59 <DIR> d-------- C:\WINDOWS\Sun
2008-09-23 23:57 . 2008-10-03 01:34 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-09-23 11:16 . 2008-09-23 17:08 <DIR> d-------- C:\Program Files\Download Direct
2008-09-23 10:29 . 2008-09-23 10:29 <DIR> d-------- C:\Program Files\Pcsx2
2008-09-22 10:20 . 2008-09-22 10:21 <DIR> d-------- C:\Program Files\Flash Player Pro
2008-09-20 21:05 . 2008-09-20 21:05 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-20 18:31 . 2008-09-20 18:35 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-09-20 17:44 . 2008-10-02 17:42 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\MxBoost
2008-09-20 17:40 . 2008-09-29 19:51 <DIR> d-------- C:\Program Files\Maxthon2
2008-09-20 14:33 . 2008-09-20 14:33 <DIR> d-------- C:\Program Files\Netlog Photo Tool
2008-09-20 12:16 . 2008-09-20 12:18 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\RapidGet
2008-09-20 11:34 . 2008-09-20 11:34 <DIR> d-------- C:\Program Files\Ares Ultra
2008-09-19 20:52 . 2008-09-29 00:41 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\FrostWire
2008-09-19 20:47 . 2008-09-19 20:52 <DIR> d-------- C:\Program Files\FrostWire
2008-09-19 20:46 . 2008-09-19 20:46 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-09-19 20:46 . 2008-09-19 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICQ
2008-09-19 20:45 . 2008-09-19 20:51 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\ICQ
2008-09-19 20:44 . 2008-09-19 20:51 <DIR> d-------- C:\Program Files\ICQ6
2008-09-19 20:37 . 2008-09-19 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-19 20:36 . 2008-09-19 20:36 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-19 20:28 . 2008-09-28 00:48 <DIR> d-------- C:\Program Files\LimeWire
2008-09-19 20:10 . 2008-09-28 00:44 <DIR> d-------- C:\Program Files\eMule
2008-09-19 19:38 . 2008-09-26 13:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-19 19:38 . 2008-09-19 19:38 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-19 19:38 . 2008-09-19 19:38 <DIR> d-------- C:\Program Files\MSBuild
2008-09-19 19:37 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-19 19:37 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-19 19:37 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-19 19:33 . 2008-09-19 19:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-19 19:19 . 2008-10-03 01:34 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-19 19:18 . 2008-09-23 23:57 <DIR> d-------- C:\Program Files\Java
2008-09-19 19:11 . 2008-09-19 19:11 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-19 19:08 . 2008-09-19 19:08 <DIR> d-------- C:\WINDOWS\Logs
2008-09-19 16:26 . 2008-09-19 16:26 <DIR> d-------- C:\Documents and Settings\bayern\Application Data\Media Player Classic
2008-09-19 15:58 . 2008-09-19 15:58 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-19 15:45 . 2008-10-03 01:18 <DIR> d-------- C:\Program Files\Total Video Converter
2008-09-19 15:45 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-09-19 15:43 . 2008-09-19 15:43 <DIR> d-------- C:\Program Files\Samy_Soft
2008-09-19 15:29 . 2008-09-19 15:29 <DIR> d-------- C:\Program Files\OUP
2008-09-19 15:28 . 2008-09-19 15:28 <DIR> d-------- C:\Castle
2008-09-19 13:17 . 2008-09-29 00:48 <DIR> d-------- C:\Program Files\BitComet
2008-09-19 12:44 . 2008-10-03 01:27 <DIR> d-------- C:\Documents and Settings\bayern\Tracing
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-02 22:51 524,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-02 22:51 2,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-02 22:37 16,676 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-02 22:37 1,996,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-02 15:12 --------- d-----w C:\Documents and Settings\bayern\Application Data\U3
2008-10-02 11:03 --------- d-----w C:\Program Files\Realtek
2008-09-30 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-30 05:21 --------- d-----w C:\Program Files\Nokia
2008-09-30 05:21 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-29 18:52 --------- d-----w C:\Documents and Settings\bayern\Application Data\Nokia
2008-09-29 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-26 20:20 --------- d-----w C:\Program Files\Intel
2008-09-21 10:01 --------- d-----w C:\Program Files\Microsoft Works
2008-09-19 18:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-19 13:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-18 22:35 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-18 19:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-18 18:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-18 18:27 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-18 18:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-18 18:16 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-18 18:16 --------- d-----w C:\Documents and Settings\bayern\Application Data\PC Suite
2008-09-18 18:15 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-18 18:15 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-18 18:15 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-18 18:08 --------- d-----w C:\Program Files\DIFX
2008-08-23 03:47 86,523 ----a-w C:\WINDOWS\WinVerCheck.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
2008-09-02 21:13 953360 --a------ C:\Program Files\Windows Live\Toolbar\wltcore.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-22 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-07-15 931248]
"ares ultra"="C:\Program Files\Ares Ultra\Ares Ultra.exe" [2007-05-23 2831360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="C:\Documents and Settings\bayern\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [2007-11-03 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-28 137752]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"NortonAntiBot"="C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [2007-11-12 1378840]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-02 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"SkyTel"="SkyTel.EXE" [2007-03-13 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
§ک ںé¢¬نïé ںé«©ïم é• Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
"ares ultra"="C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDPeer Name Resolution Protocol (PNRP)
"22011:TCP"= 22011:TCP:BitComet 22011 TCP
"22011:UDP"= 22011:UDP:BitComet 22011 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R1 is-Q0AULdrv;is-Q0AULdrv;C:\WINDOWS\system32\DRIVERS\48321128.sys [2008-07-08 148496]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2008-02-20 30816]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-19 354560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\bayern\Application Data\Mozilla\Firefox\Profiles\5kiocnvc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF -: plugin - C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-03 02:09:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\Documents and Settings\bayern\Local Settings\Application Data\Ares Ultra\Data\PHashIdxTemp.dat 2782 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Winamp\winamp.exe
.
**************************************************************************
.
Completion time: 2008-10-03 2:19:59 - machine was rebooted [bayern]
ComboFix-quarantined-files.txt 2008-10-03 00:19:40
Pre-Run: 10,503,098,368 bytes free
Post-Run: 10,426,765,312 bytes free
330

السّاجد لله · 3 أكتوبر 2008

الان هات تقرير هايجاك

captain.milan · 3 أكتوبر 2008

وهي التقرير خيو

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:35 AM, on 10/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CF13004.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\explorer.exe
C:\ComboFix1\handle.cfexe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\bayern\Desktop\protect\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [rpbrowserrecordplugin.dll OCX] regsvr32.exe /s "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: بدء التشغيل السريع لـ Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12962 bytes

السّاجد لله · 3 أكتوبر 2008

احذف التالي

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)

O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"

O4 - HKLM\..\RunOnce: [rpbrowserrecordplugin.dll OCX] regsvr32.exe /s "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll"

O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe

طريقة الحذف

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدها اددخل على ازالة البرامج واحذف كل التولبارات لديك وهي

ICQToolBar

Google Toolbar

Windows Live Toolbar Beta

ثم نزل اداة الكاسبر هذه

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

وأحفظ التقرير وارفقه وان شاء الله تنتهي مشكلتك

captain.milan · 3 أكتوبر 2008

اخي معلش انا كنت طافي الجهاز و انا هلأ اعملت هاي جاك و حنفذ الي حكيتو بس هاي القيمة مش موجودة

O4 - HKLM\..\RunOnce: [rpbrowserrecordplugin.dll OCX] regsvr32.exe /s "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
و انا اصلا كل مشكلتي مع الريلبلير

captain.milan · 3 أكتوبر 2008

اخي هشام انا عملت زي ما انتا قلت بس لسا باقية مشكله الريل بلير شو بدي اعمل

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومى متألق

عضوشرف

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومي جديد