فايروس خطير لم استطيع له انظر الصور

[SALEM666]

اخواني الاعزاء

لقد ظهر فايروس في جهاز اخي لم يستطع ان يتصفح النت ويظهر رسالة غريبة بانه لابد من صيانة الجهاز بمكافح فيروسات 2009 وحتى ان الكاسبرسكي لم يستطع عمل شي معه وتظهر رسالة الكاسبرسكي لا ادري مايقصد بها ارجو النظر في الرسائل حسب الصور ادناه:
اولا هذه صورة رسالة الكاسبرسكي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثانيا هذه الرسالة الاولى للفايروس

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثالثا هذه صورة ثانية للفايروس

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

لكن ارجو الانتباه الى ماعملته انا وهو كالتالي توفيرا للوقت :​

1- تم فحص الجهاز باداة compofix وهذا تقرير الاداه
ComboFix 08-10-14.07 - dodl 10/15/2008 19:43:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.85 [GMT -7:00]
Running from: C:\Documents and Settings\dodl\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 02:53 4,974,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-16 02:53 231,712 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-16 02:49 69,620 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-16 02:49 23,720 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-15 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-15 13:37 55,808 ----a-w C:\WINDOWS\system32\5BQj6wYU.exe
2008-10-14 20:35 --------- d-----w C:\Program Files\Windows Live
2008-10-14 20:14 --------- d-----w C:\Program Files\NeoImagic Computing
2008-10-14 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\vqfefmlo
2008-10-14 00:32 81,920 ----a-w C:\WINDOWS\system32\tunanexi.exe
2008-10-09 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-09 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-09 19:43 --------- d-----w C:\Program Files\SpeedItUpFree
2008-10-09 19:37 --------- d-----w C:\Program Files\Easy Video Downloader
2008-10-09 19:37 --------- d-----w C:\Documents and Settings\dodl\Application Data\DMCache
2008-10-08 10:59 --------- d-----w C:\Program Files\NetScream
2008-10-07 09:57 --------- d-----w C:\Program Files\AskSearch
2008-10-07 09:54 --------- d-----w C:\Documents and Settings\dodl\Application Data\Paltalk
2008-10-07 09:49 --------- d-----w C:\Program Files\Paltalk Messenger
2008-10-05 10:54 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-09-18 19:20 --------- d-----w C:\Program Files\Network Mechanic
2008-08-31 10:33 --------- d-----w C:\Program Files\Mobiola Web Camera USB
2008-08-30 21:06 --------- d-----w C:\Program Files\Innovative Solutions
2008-08-30 20:11 --------- d-----w C:\Program Files\Driver-Soft
2008-08-29 14:43 25,088 ----a-w C:\WINDOWS\system32\msxml3a.dll
2008-08-26 00:14 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-26 00:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-24 23:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-24 21:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-24 21:00 --------- d-----w C:\Documents and Settings\dodl\Application Data\vlc
2008-08-24 20:57 --------- d-----w C:\Program Files\VideoLAN
2008-08-24 20:55 --------- d-----w C:\Documents and Settings\dodl\Application Data\Media Player Classic
2008-08-24 20:52 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-24 08:43 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-24 08:42 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-24 08:42 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-24 06:56 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-24 06:56 --------- d-----w C:\Program Files\Common Files\Real
2008-08-24 06:55 --------- d-----w C:\Program Files\Google
2008-08-23 23:13 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-23 23:13 172,032 ------w C:\WINDOWS\Setup1.exe
2008-08-23 23:13 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-23 23:11 --------- d-----w C:\Documents and Settings\dodl\Application Data\GRETECH
2008-08-23 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-23 23:10 --------- d-----w C:\Program Files\GRETECH
2008-08-23 23:02 --------- d-----w C:\Program Files\Real
2008-08-23 23:01 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-23 23:01 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-23 07:25 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-23 07:24 --------- d-----w C:\Program Files\Nokia
2008-08-23 07:24 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-23 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-23 07:23 --------- d-----w C:\Program Files\Yahoo!
2008-08-23 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-23 06:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-23 05:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/06/2007 07:51 PM 3810544]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [11/07/2007 03:34 PM 3739672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 01:56 PM 15360]
"SpeedItUpEX"="C:\Program Files\SpeedItUpFree\SpeedItUp.exe" [03/26/2007 07:50 PM 1876992]
"uiapl"="C:\WINDOWS\system32\tunanexi.exe" [10/13/2008 05:32 PM 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/23/2008 11:54 PM 185896]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/10/2003 07:24 PM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/10/2003 07:11 PM 114688]
"SoundMan"="SOUNDMAN.EXE" [06/18/2002 03:44 AM 46592 C:\WINDOWS\SOUNDMAN.EXE]
"SMSERIAL"="sm56hlpr.exe" [12/28/2004 03:01 PM 544768 C:\WINDOWS\sm56hlpr.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 01:56 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 01:56 PM 15360]
C:\Documents and Settings\dodl\Start Menu\Programs\Startup\
Mobiola Web Camera USB for S60 3rd Edition.lnk - C:\Program Files\Mobiola Web Camera USB\BtCam.exe [2008-08-31 364544]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2008-09-10 11713536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
s of the 'Scheduled Tasks' folder
2008-10-15 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-16 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
2008-10-15 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\5BQj6wYU.exe [10/15/2008 06:37 AM]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)​

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R1 -: HKCU-SearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{03E1ADBB-0FC7-4499-ADD5-FBDA0E3B9C16}: NameServer = 65.162.184.33 65.162.184.34
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-15 19:51:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 10/15/2008 19:59:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-16 02:59:12
Pre-Run: 6,542,602,240 bytes free
Post-Run: 6,495,338,496 bytes free
278 --- E O F --- 2008-10-13 16:58:34

2- عملت تقرير هاي جاك وهو كالتالي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:18 م, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedItUpFree\SpeedItUp.exe
C:\WINDOWS\system32\tunanexi.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\5BQj6wYU.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\dodl\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [uiapl] C:\WINDOWS\system32\tunanexi.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Web Camera USB for S60 3rd Edition.lnk = C:\Program Files\Mobiola Web Camera USB\BtCam.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E1ADBB-0FC7-4499-ADD5-FBDA0E3B9C16}: NameServer = 65.162.184.33 65.162.184.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{03E1ADBB-0FC7-4499-ADD5-FBDA0E3B9C16}: NameServer = 65.162.184.33 65.162.184.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{03E1ADBB-0FC7-4499-ADD5-FBDA0E3B9C16}: NameServer = 65.162.184.33 65.162.184.34
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O24 - Desktop Component 0: (no name) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

--
End of file - 5318 bytes
ارجو التكرم بسرعة الرد مع شكري لكم​

 

[فارس الملاك]

احذف هذه القيم


R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [uiapl] C:\WINDOWS\system32\tunanexi.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{03E1ADBB-0FC7-4499-ADD5-FBDA0E3B9C16}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CS1\Services\Tcpip\..\{03E1ADBB-0FC7-4499-ADD5-FBDA0E3B9C16}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CS2\Services\Tcpip\..\{03E1ADBB-0FC7-4499-ADD5-FBDA0E3B9C16}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O24 - Desktop Component 0: (no name) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

طريقة الحذف
​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=================================​

استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واحذف تولبار قوقل من اضافة وازالة البرامج​

​

بعدها اعمل اعادة تشغيل للجهاز وشوف لنا الوضع​

 

[SALEM666]

مشكور اخوي فارس الملاك

 

[فارس الملاك]

اذا واجهتك مشاكل لا تردد في طرحها​

 

[SALEM666]

اخي فارس الملاك هاك تقرير الهاي جاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50:53 م, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\dodl\Desktop\مجلد جديد\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
--
End of file - 2495 bytes

 

[*النمر المقنع*]

الله يعينك اخي salem666 على هالفيروس

 

[SALEM666]

الحمد لله