ساعدوني في حذف باتشBifrost

[MOZY_55]

السلام عليكم ورحمة الله وبركاتة
المشكلة هي اني حملت برنامج مدموج بباتش Bifrost ولم يكتشفها كاسبر8.0.0.506محدث
رحت لمجلد البرامج وأضهرت المجلدات المخفية وحذفت السيرفر طبعا وفحصت بالكاسبرولم يكتشف تهديدات المشكلة هي اني لاحضت ان اقلاع الجهاز بطيء وعند ضهور سطح المكتب يجي مربع مكتوب علية
اعدادات شخصية يطول شوي
ارجوكم هل هناك حل

​

 

[MOZY_55]

وللعلم اني ايضا فحصت ببرنامجAVG Anti-Spyware محدث
​

 

[KoNaMi]

حياك اخوي اعمل الاتي



(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[MOZY_55]

هلا اخوي هذا تقرير ComboFix
ComboFix 08-12-12.02 - mozy 12/14/2008 23:28:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.958.542 [GMT 3:00]
Running from: c:\documents and settings\mozy\سطح المكتب\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mozy\Application Data\.#
c:\documents and settings\mozy\Application Data\addons.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 20:34 50,339,872 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-14 20:33 --------- d-----w c:\documents and settings\mozy\Application Data\DMCache
2008-12-14 20:31 592,268 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-14 20:31 4,464 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-14 20:31 376,864 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-14 19:47 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-14 11:55 --------- d-----w c:\program files\TechSmith
2008-12-14 01:47 286,720 ----a-w c:\windows\iun506.exe
2008-12-14 01:47 --------- d-----w c:\program files\AL Wafi For Learning English
2008-12-14 00:18 20 ----a-w C:\sccfg.sys
2008-12-13 23:57 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-13 23:57 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-13 23:48 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-13 18:24 --------- d-----w c:\program files\TestCopy
2008-12-13 15:10 --------- d-----w c:\documents and settings\mozy\Application Data\CyberScrub
2008-12-13 15:10 --------- d-----w c:\documents and settings\mozy\Application Data\cleaner
2008-12-13 13:48 --------- d-----w c:\documents and settings\mozy\Application Data\Thinstall
2008-12-13 02:01 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-12-13 01:11 --------- d-----w c:\program files\Ashalshaikh
2008-12-13 00:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-12 22:54 --------- d-----w c:\program files\Google
2008-12-12 20:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 18:31 --------- d-----w c:\program files\Internet Download Manager
2008-12-12 08:15 --------- d-----w c:\documents and settings\mozy\Application Data\Uniblue
2008-12-12 05:42 --------- d-----w c:\documents and settings\mozy\Application Data\IDM
2008-12-12 04:03 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-12 02:50 --------- d-----w c:\program files\Inno Setup 5
2008-12-11 23:46 --------- d-----w c:\documents and settings\mozy\Application Data\skypePM
2008-12-11 22:53 --------- d-----w c:\documents and settings\mozy\Application Data\uTorrent
2008-12-11 21:05 --------- d-----w c:\program files\Kaspersky Lab
2008-12-11 20:37 --------- d-----w c:\program files\BitDefender
2008-12-11 20:14 --------- d-----w c:\program files\Realtek AC97
2008-12-11 19:10 7,168 ----a-w c:\windows\system32\drivers\utmymjk3.sys
2008-12-11 17:16 5,376 ----a-w c:\windows\system32\drivers\MS1000.sys
2008-12-11 08:34 --------- d-----w c:\documents and settings\mozy\Application Data\Ashampoo
2008-12-11 00:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-11 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-11 00:13 --------- d-----w c:\documents and settings\mozy\Application Data\VSRevoGroup
2008-12-10 23:46 --------- d-----w c:\documents and settings\mozy\Application Data\trust second each
2008-12-10 21:46 --------- d-----w c:\documents and settings\mozy\Application Data\SlipStream
2008-12-10 21:46 --------- d-----w c:\documents and settings\mozy\Application Data\Blueberry
2008-12-10 19:15 --------- d-----w c:\documents and settings\All Users\Application Data\That Face Camp Shim
2008-12-10 18:42 --------- d-----w c:\program files\AvRack
2008-12-10 18:31 --------- d-----w c:\program files\trust second each
2008-12-10 18:30 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-10 13:52 --------- d-----w c:\documents and settings\mozy\Application Data\Sunbelt Software
2008-12-10 13:42 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-10 13:36 --------- d-----w c:\program files\ReflexiveArcade
2008-12-09 21:39 --------- d-----w c:\documents and settings\mozy\Application Data\pe explorer
2008-12-09 16:44 --------- d-----w c:\documents and settings\mozy\Application Data\Desktopicon
2008-12-09 15:51 96,320 ----a-w c:\windows\system32\drivers\snapman.sys
2008-12-09 15:51 30,688 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-12-09 15:51 249,152 ----a-w c:\windows\system32\drivers\timntr.sys
2008-12-09 15:51 --------- d-----w c:\program files\Common Files\Acronis
2008-12-09 15:51 --------- d-----w c:\program files\Acronis
2008-12-09 13:38 --------- d-----w c:\program files\Disk Drive Administrator
2008-12-09 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-09 12:07 --------- d-----w c:\program files\Ashampoo
2008-12-09 09:10 --------- d-----w c:\program files\Microsoft Works
2008-12-08 05:31 --------- d-----w c:\documents and settings\All Users\Application Data\Acronis
2008-12-08 04:28 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-08 03:58 --------- d-----w c:\program files\MSXML 4.0
2008-12-08 02:22 --------- d-----w c:\program files\Arabic Reader v1.3
2008-12-08 02:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-07 22:28 --------- d-----w c:\documents and settings\mozy\Application Data\VitySoft
2008-12-07 22:22 --------- d-----w c:\program files\Java
2008-12-07 22:21 --------- d-----w c:\program files\Common Files\Java
2008-12-07 21:53 --------- d-----w c:\program files\Common Files\SourceTec
2008-12-07 20:01 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-07 15:43 --------- d-----w c:\documents and settings\mozy\Application Data\IndigoRose
2008-12-07 14:18 --------- d-----w c:\program files\Common Files\Adobe
2008-12-07 14:18 --------- d-----w c:\program files\Bonjour
2008-12-07 14:06 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-07 00:07 --------- d-----w c:\documents and settings\All Users\Application Data\IndigoRose
2008-12-07 00:06 --------- d-----w c:\documents and settings\mozy\Application Data\Downloaded Installations
2008-12-06 21:53 --------- d-----w c:\program files\MSECache
2008-12-06 21:47 --------- d-----w c:\program files\MSBuild
2008-12-06 21:46 --------- d-----w c:\program files\Microsoft.NET
2008-12-06 21:44 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-12-06 21:29 --------- d-----w c:\documents and settings\mozy\Application Data\IObit
2008-12-06 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-06 18:24 --------- d-----w c:\program files\Windows Live
2008-12-06 18:03 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-06 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-06 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\Blueberry
2008-12-06 17:24 2,944 ----a-w c:\windows\system32\drivers\bbcap.sys
2008-12-06 17:24 --------- d-----w c:\program files\Common Files\Blueberry Software
2008-12-06 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\{F9228DAD-21AA-4BC3-8B63-E19AA9EEA5F8}
2008-12-06 17:16 --------- d-----w c:\program files\Reference Assemblies
2008-12-06 17:07 --------- d-----w c:\program files\Realtek Sound Manager
2008-12-06 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo
2008-12-06 16:57 --------- d-----w c:\documents and settings\mozy\Application Data\Media Player Classic
2008-12-06 16:56 --------- d-----w c:\documents and settings\mozy\Application Data\TuneUp Software
2008-12-06 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-06 16:46 --------- d-----w c:\program files\microsoft frontpage
2008-11-11 16:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 08:29 PM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [12/12/2008 08:43 AM 2607872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [11/11/2008 07:59 PM 206088]
"VTTimer"="VTTimer.exe" [09/21/2006 08:36 AM 53248 c:\windows\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM 577536 c:\windows\soundman.exe]
"VTTrayp"="VTtrayp.exe" [08/27/2007 11:03 AM 200704 c:\windows\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 08:29 PM 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/14/2008 09:30 PM 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 10/18/2007 11:34 AM 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"UIWatcher"=d:\ashampoo uninstaller 3\UIWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="d:\unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\تورنت\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2008-12-06 2944]
R1 is-1U8A7drv;is-1U8A7drv;c:\windows\system32\DRIVERS\62914652.sys [2008-12-11 148496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 autorun;autorun;\??\C:\huadio.tmp []
S3 utmymjk3;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utmymjk3.sys [2008-12-11 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\1-Click Maintenance.job
- D:\9 []
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sorry, your 30-day trial period has expired. - c:\program files\Common Files\Products\FMCapt.dll/savemedia.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\mozy\Application Data\Mozilla\Firefox\Profiles\o937p3kl.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-14 23:33:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1136)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\combofix\hidec.exe
c:\windows\system32\wscntfy.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 12/14/2008 23:37:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-14 20:35:57

Pre-Run: 31,272,202,240 bytes free
Post-Run: 31,297,830,912 bytes free

233 --- E O F --- 2008-12-14 19:03:11

​

 

[MOZY_55]

وهذا تقرير الهاجيك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:05 م, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mozy\سطح المكتب\Setup.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O2 - BHO: (no name) - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - (no file)
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sorry, your 30-day trial period has expired. - res://C:\Program Files\Common Files\Products\FMCapt.dll/savemedia.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6063 bytes

​

 

[KoNaMi]

احذف التالي حبيبي

O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)

O2 - BHO: (no name) - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - (no file)

O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)

O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

طريقة الحذف​

​

​

وبذلك تكون تمت عملية الحذف​

بعدها حمل هذه الأدآة​

استخدم هذه الاداة للتنظيف​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

بعدين استخدم هذة الاداة

استخدم اداة دكتور ويب ^_^

فحص وتنظيف وهي بدون تثبيت ومحدث بتاريخ اليوم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

وقولي ايش حالة جهازك
​

 

[MOZY_55]

الف الف الف شكرلك اخي العزيز
رجع الكمبيوتر كماكان والاقلاع اسرع من اول
الله يجزاك خير
حلت المشكلة الحمدلله
​