عندي مشكله ف ال task manager

ه

همس الجوري

زيزوومي جديد
إنضم
7 مارس 2009
المشاركات
84
مستوى التفاعل
0
النقاط
80
الإقامة
Qــطـر
غير متصل
السلام عليكم ..

انا لين اضغط على ctrl + alt + delete تطلع لي رساله خطأ

والي سمعته ان هاي فايروس ..
قولولي شالحل الله يخليكم =S

وهاي تقرير الهاي جيك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:15:42 ?, on 23/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\SSVICHOSST.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\SSVICHOSST.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\''Hms''\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.qu.edu.qa:80
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [vEmotion] C:\Program Files\freebird\vEmotion\vEmotion.exe /autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6892 bytes


وماعندي برنامج حمايه ..
لما جيت ابي احمل الكاسبر مايتحمل عندي ماعرف ليش =S


وبعد اول مافتح اللابتوب تطلع لي رساله مكتوب فيها ..
the system DLL user32. dll was relocated in memory. The application will not run propertly. The relocation occurred because the DLL C:/WINDOWS/system32/SHELL32.dll occupied an adress rang reserved for Wondows system DLLs . The vendor supplying the DLL should be contacted for a new DLL.


:er:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
هلااا بك

اعمل التالي

عطل استعادة النظام وابقها معطلة حسب الشرح التالي

dis_sys_xp.jpg


ثم

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها فتظهر لك واجهة الاداة
احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة
 
تأييد 0
كانت عندي المشكلة .. وهي من هذه القيمه .. O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

بس وش المشكلة فيها ..

كل ما تحذفها ترجع مررة ثااني ^^ ..

بعد ما خررب جهازي وانعدم ورحت فيها ..

فرمته وعلى طووول حملت خلطه ..

والحمد لله ساار الجهاز 100% ..

..

وللعلم جهاازك معدوووووم فيروساات و تروجناات و تجسس وكل البلاوي فيه :p
 
تأييد 0
Engine Version : 5300.2777
Engine Load Time : 38250 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 11 يناير, 2009
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\hiberfil.sys : Scan Failed
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\''Hms''\NTUSER.DAT : Scan Failed
c:\Documents and Settings\''Hms''\ntuser.dat.LOG : Scan Failed
File : c:\Documents and Settings\''Hms''\DoctorWeb\Quarantine\ssvichoss0.exe : contains "Virus" called "W32/YahLover.worm.gen" (Deleted )
c:\Documents and Settings\''Hms''\DoctorWeb\Quarantine\ssvichoss0.exe : Deleted
File : c:\Documents and Settings\''Hms''\DoctorWeb\Quarantine\ssvichosst.exe : contains "Virus" called "W32/YahLover.worm.gen" (Deleted )
c:\Documents and Settings\''Hms''\DoctorWeb\Quarantine\ssvichosst.exe : Deleted
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{1a8977a7-7952-4518-b2f5-36babb2d0d83}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{1a8977a7-7952-4518-b2f5-36babb2d0d83}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{1a8977a7-7952-4518-b2f5-36babb2d0d83}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{1b35ae3c-7e80-4777-91be-043cf2a51b9d}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{1b35ae3c-7e80-4777-91be-043cf2a51b9d}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{1b35ae3c-7e80-4777-91be-043cf2a51b9d}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{93bbf3b1-1db3-4b43-a108-a8c20aba7d0e}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{93bbf3b1-1db3-4b43-a108-a8c20aba7d0e}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{93bbf3b1-1db3-4b43-a108-a8c20aba7d0e}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{93bbf3b1-1db3-4b43-a108-a8c20aba7d0e}\DBStore\LogFiles\edbtmp.log : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{e2aa0fd3-944a-4427-99ce-893dd0cf2ae8}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{e2aa0fd3-944a-4427-99ce-893dd0cf2ae8}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{e2aa0fd3-944a-4427-99ce-893dd0cf2ae8}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Application Data\Microsoft\Windows Live Contacts\{e2aa0fd3-944a-4427-99ce-893dd0cf2ae8}\DBStore\LogFiles\edbtmp.log : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Temp\Perflib_Perfdata_b3c.dat : Scan Failed
c:\Documents and Settings\''Hms''\Local Settings\Temp\Photoshop Temp92379 : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
File : c:\Program Files\Common Files\Microsoft Shared\jvouiko.inf : contains "Trojan" called "Generic!atr" (Deleted )
c:\Program Files\Common Files\Microsoft Shared\jvouiko.inf : Deleted
File : c:\Program Files\Common Files\System\jvouiko.inf : contains "Trojan" called "Generic!atr" (Deleted )
c:\Program Files\Common Files\System\jvouiko.inf : Deleted
File : c:\WINDOWS\system32\autorun.ini : contains "Virus" called "W32/Hakaglan.inf" (Deleted )
c:\WINDOWS\system32\autorun.ini : Deleted
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 91229
FilesScanned : 43842
FilesNotScanned : 47387

ObjectsFound : 149900
ObjectsInfected : 5
ObjectsCleaned : 0
ObjectsDeleted : 5

FilesInfected : 5
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 5

Started at : 07:41:47 م 23 مارس, 2009
Ended at : 08:52:13 م 23 مارس, 2009
Duration : 1 hours 10 minutes 25 seconds
7845 MB scanned in 4225 seconds = 1901 KB/s
Engine Version : 5300.2777
Engine Load Time : 25204 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 11 يناير, 2009
Extra DAT : 0 detections


Summary :-
FilesFound : 1783
FilesScanned : 1413
FilesNotScanned : 370

ObjectsFound : 1943
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 08:52:43 م 23 مارس, 2009
Ended at : 08:53:50 م 23 مارس, 2009
Duration : 1 minutes 6 seconds
179 MB scanned in 66 seconds = 2 MB/s


هاي الي طلع لي


..

واعرف ان لابي مليان فايروسات لوووووول
لانه مافيه انتي فايروس ^^
 
تأييد 0
حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيل الاداة نضغط كما محدد بالصورة التالية


wh_61624949.png



ونوافق على الرسائل التي تخرج وفي حال خروج تحذير من برنامج الحماية نعمل له سماح
ثم يعاد تشغيل الجهاز
بعد اعادة التشغيل ارفع تقرير هايجاك جديد
 
تأييد 0
هاي التقرير ..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:00 ?, on 23/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\''Hms''\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.qu.edu.qa:80
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [vEmotion] C:\Program Files\freebird\vEmotion\vEmotion.exe /autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5585 bytes
 
تأييد 0
بس ابي اسالك اخوي ..

اخلي استعادة النظام معطلة ولا خلاص ..؟
 
تأييد 0
الان اعمل هذه الخطوات بعدها اعد تشغيل الاستعادة

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

ثم

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها واعمل كما الشرح

zyzoom-c58c4476a3.png


zyzoom-c3a429056c.png


بعدها اعد تشغيل الجهاز

وبلغنا اخر التطورات
 
تأييد 0
الحمدلله التاسك مانيجر صار شغال عندي

يعطيك العافيه ..


بس ابي اسالك
ليش لما افتح صفحتين يشير عندي ولازم اسكرهم كلهم =S

انا مره وحدا تغير نظام الوندوز عندي وصار قديم .!

do.php



هاي الي اقصده ..!
الـ fav والهيستوري و و
 
تأييد 0
وهاي التقرير الي طلع لي ..

ComboFix 09-03-23.01 - ''Hms'' 03/24/2009 19:43:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.144 [GMT 3:00]
Running from: c:\documents and settings\''Hms''\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\''Hms''\Start Menu\Programs\Uninstall.lnk
c:\windows\IE4 Error Log.txt
c:\windows\system32\au3305arc.dll
c:\windows\system32\setting.ini
c:\windows\system32\sexit.dat
.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 15:47 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-20 12:32 --------- d-----w c:\program files\Internet Download Manager
2009-03-20 12:26 --------- d-----w c:\documents and settings\''Hms''\Application Data\IDM
2009-03-20 12:22 --------- d-----w c:\documents and settings\''Hms''\Application Data\DMCache
2009-03-18 12:14 --------- d-----w c:\documents and settings\All Users\Application Data\Tick Find Close Surf
2009-03-18 12:02 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-17 23:07 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-17 21:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-13 19:15 --------- d-----w c:\program files\AuditionSEA
2009-03-13 13:38 --------- d-----w c:\program files\GrandBilliards
2009-03-13 13:24 --------- d-----w c:\program files\TGTSoft
2009-03-13 13:16 46,719 ----a-w c:\windows\BricoPackUninst.cmd
2009-03-13 13:16 4,837 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-03-13 13:16 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-03-12 21:29 --------- d-----w c:\program files\IDA
2009-03-12 21:17 --------- d-----w c:\documents and settings\''Hms''\Application Data\Internet Download Accelerator
2009-03-11 19:51 --------- d-----w c:\program files\Arc DVD Copy
2009-03-11 17:50 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-11 17:50 --------- d-----w c:\program files\Microsoft
2009-03-11 17:11 --------- d-----w c:\program files\MSN Messenger
2009-03-11 17:11 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-09 17:05 --------- d-----w c:\documents and settings\''Hms''\Application Data\Vbuzzer Messenger
2009-03-09 13:53 --------- d-----w c:\program files\Common Files\xing shared
2009-03-09 13:53 --------- d-----w c:\program files\Common Files\Real
2009-03-09 13:52 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-09 13:52 --------- d-----w c:\program files\Real
2009-03-07 23:04 --------- d-----w c:\documents and settings\''Hms''\Application Data\CyberScrub
2009-03-07 20:31 --------- d-----w c:\program files\Trend Micro
2009-03-06 13:58 --------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-03-06 13:07 --------- d-----w c:\program files\DAP
2009-03-06 13:00 --------- d-----w c:\program files\Quick Screenshot Maker
2009-03-05 01:18 --------- d-----w c:\program files\Bricks of Camelot
2009-03-01 13:11 --------- d-----w c:\program files\Java
2009-03-01 12:47 --------- d-----w c:\program files\Folderico
2009-02-28 17:07 --------- d-----w c:\documents and settings\''Hms''\Application Data\PetShowCraze
2009-02-28 16:45 --------- d-----w c:\documents and settings\''Hms''\Application Data\Realore_DressUpRush
2009-02-28 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Playfirst
2009-02-28 15:42 --------- d-----w c:\documents and settings\''Hms''\Application Data\Playfirst
2009-02-28 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\NevoSoft Games
2009-02-27 23:08 --------- d-----w c:\documents and settings\''Hms''\Application Data\GameInvest
2009-02-27 14:48 --------- d-----w c:\documents and settings\''Hms''\Application Data\Skype
2009-02-27 13:44 --------- d-----w c:\documents and settings\All Users\Application Data\SugarGames
2009-02-27 13:07 --------- d-----w c:\documents and settings\''Hms''\Application Data\Alawar
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:19 1,846,272 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-06 15:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-28 17:55 --------- d-----w c:\program files\Farm Mania
2009-01-27 04:17 --------- d-----w c:\documents and settings\''Hms''\Application Data\skypePM
2009-01-14 16:51 167,936 ----a-w c:\windows\system32\mswsock2.dll
2008-08-07 11:42 100 -c--a-w c:\program files\_xr.bat
2008-08-07 07:02 0 -c--a-w c:\program files\3.hiv
2008-04-24 16:34 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-11-28 10:44 182,488 -c--a-w c:\documents and settings\''Hms''\Application Data\GDIPFONTCACHEV1.DAT
2006-10-05 19:26 582 -c--a-w c:\documents and settings\''Hms''\Application Data\wklnhst.dat
2006-09-06 17:10 22 -csha-w c:\windows\SMINST\HPCD.sys
.
------- Sigcheck -------
07/03/2005 05:09 AM 659456 6e533d155b259eb2363d3e04b5be309f c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
01/09/2006 09:02 PM 662016 dde9597a3311748c1519444e2bc147bd c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
06/23/2006 02:25 PM 664576 64ce26db72810b30f7855ea51e1df836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
09/14/2006 11:31 AM 664576 d207370287cf769aebebf03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
10/23/2006 06:34 PM 664576 231ef4179acabe486376b5ca893f1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
03/07/2007 08:40 PM 823296 b8f4db39ca7353752f245379d285c80e c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
04/25/2007 12:08 PM 823808 431defbb4a3d7b0dc062c1b064623a2f c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
06/27/2007 05:40 PM 824320 d6ed5e042c5207553e7f5e842918137f c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
08/20/2007 01:02 PM 825344 357d54bf94fe9d6d8505a96b5c2a3bca c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
10/11/2007 02:47 AM 825344 0e5d918f87efa7d2424d66b499c7eb04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
12/07/2007 05:01 AM 825344 b5b411bb229ae6ead7652a32ed47bfb9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
03/01/2008 04:03 PM 827392 6316c2f0c61271c8abdff7429174879e c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
04/23/2008 06:35 AM 827392 41546b396a526918da7995a02ea04e51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
10/16/2008 04:00 AM 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
10/16/2008 04:04 AM 667136 e8fce58a470999350f64c591557f9e42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
08/04/2004 11:00 AM 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\$NtUninstallKB896727$\wininet.dll
01/09/2006 09:08 PM 658432 d9e3f8440d208698b3f0e5cfac26daa1 c:\windows\$NtUninstallKB918899$\wininet.dll
06/23/2006 02:02 PM 658944 2b4db890936430c71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
10/23/2006 06:17 PM 658944 6b2735adff5a5d3b9130ca4a794722f0 c:\windows\$NtUninstallKB925454$\wininet.dll
09/14/2006 11:39 AM 658944 621af3f6174a3f60677f5230e28bcc07 c:\windows\$NtUninstallKB925454_0$\wininet.dll
10/23/2006 06:34 PM 664576 231ef4179acabe486376b5ca893f1076 c:\windows\$NtUninstallKB958215$\wininet.dll
03/07/2007 08:45 PM 822784 5b35dae6e4886f64d1da58c4e3e01eb9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
10/11/2007 02:56 AM 824832 30c1e0f34ad2972c72a01db5c74ab065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
03/01/2008 04:06 PM 826368 ad21461aef8244edec2ef18e55e1dcf3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
10/16/2008 01:37 PM 659456 6f1e4bfd78c4e0d05ff3725d59b72925 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll
10/16/2008 01:20 PM 667648 93c9d0a216498ee14eb9b26119bb95ee c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll
10/16/2008 04:00 AM 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll
10/16/2008 04:04 AM 667136 e8fce58a470999350f64c591557f9e42 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll
10/16/2008 01:20 PM 1145344 ef291f20aaeef02a3d2724e1a45863ea c:\windows\system32\WININET.DLL
10/16/2008 01:20 PM 1145344 ef291f20aaeef02a3d2724e1a45863ea c:\windows\system32\dllcache\wininet.dll
06/13/2007 01:23 PM 2711552 48d6dadc2888560a62a80cca324dd4d1 c:\windows\explorer.exe
06/13/2007 02:26 PM 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
08/04/2004 11:00 AM 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe
10/16/2008 02:09 PM 213528 f879978f7e8e4ab8d6689a001848ecbe c:\windows\system32\wuauclt.exe
10/16/2008 02:09 PM 213528 f879978f7e8e4ab8d6689a001848ecbe c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 11:00 AM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [02/06/2009 06:51 PM 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 09:05 PM 344064]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [10/11/2005 10:23 AM 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/13/2005 04:45 PM 507904]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/09/2009 04:52 PM 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 11:00 AM 15360]
c:\documents and settings\''Hms''\Start Menu\Programs\Startup\
VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2008-03-11 474808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1028e925-d731-11dd-94af-101111111111}]
\Shell\AutoRun\command - nplrssy.exe
\Shell\explore\Command - nplrssy.exe
\Shell\open\Command - nplrssy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d1abafe-274b-11dc-b427-0014a5b31774}]
\Shell\AutoRun\command - F:\itsduel.exe
\Shell\explore\Command - F:\itsduel.exe
\Shell\open\Command - F:\itsduel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1db19c0f-a070-11dd-941b-101111111111}]
\Shell\AutoRun\command - F:\nplrssy.exe
\Shell\explore\Command - F:\nplrssy.exe
\Shell\open\Command - F:\nplrssy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2db9f466-0277-11de-954a-101111111111}]
\Shell\AutoRun\command - F:\nplrssy.exe
\Shell\explore\Command - F:\nplrssy.exe
\Shell\open\Command - F:\nplrssy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d9d9fe5-c774-11dd-948a-101111111111}]
\Shell\AutoRun\command - nplrssy.exe
\Shell\explore\Command - nplrssy.exe
\Shell\open\Command - nplrssy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3eeaafc-07f0-11de-955e-101111111111}]
\Shell\AutoRun\command - F:\downloads.exe
\Shell\explore\Command - F:\downloads.exe
\Shell\open\Command - F:\downloads.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d37e6eec-0e48-11de-9582-0014a5b31774}]
\Shell\AutoRun\command - G:\itsduel.exe
\Shell\explore\Command - G:\itsduel.exe
\Shell\open\Command - G:\itsduel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{deaa001d-97d1-11dd-93f6-101111111111}]
\Shell\AutoRun\command - F:\nplrssy.exe
\Shell\explore\Command - F:\nplrssy.exe
\Shell\open\Command - F:\nplrssy.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\At1.job
- c:\windows\system32\SSVICHOSST.exe []
2009-03-18 c:\windows\Tasks\At2.job
- c:\windows\system32\SSVICHOSST.exe []
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{E4000AC4-5E5F-4956-807A-C5854405D64F} - %SystemRoot%\system32\VirtualExpander\VEShellExt.dll
HKCU-Run-Vbuzzer Messenger - c:\program files\vbuzzer\VBuzzer.exe
HKCU-Run-Internet Download Accelerator - c:\program files\IDA\ida.exe
HKCU-Run-vEmotion - c:\program files\freebird\vEmotion\vEmotion.exe
ShellExecuteHooks-{A93A4625-6216-499C-B360-BBD0A7C0D479} - c:\program files\Common Files\Microsoft Shared\MSINFO\QQGS1.dll
SafeBoot-Wdf01000.sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.qa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = proxy.qu.edu.qa:80
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Download ALL with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-24 19:45:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1724063861-1861203147-2568744903-1006\Software\Microsoft\ActiveMovie\devenum\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\û*QúOw]
"VFWIndex"=dword:00000000
[HKEY_USERS\S-1-5-21-1724063861-1861203147-2568744903-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27A50ADF-AE52-6888-B337-964986CBA67E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"falakpcgmcgh"=hex:66,61,62,67,69,6a,70,64,6f,69,65,6f,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):82,00,9c,4f,66,80,01,35,d4,c0,53,6e,9d,22,c4,e7,72,aa,5d,56,89,
9a,4f,32,04,f6,9a,bb,9d,72,74,19,fc,90,2d,a6,2c,84,4f,a7,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93ffb61c-79d2-46d6-8910-7079fc7d0f0d}]
@Denied: (Full) (Everyone)
"Model"=dword:0000004d
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 03/24/2009 19:49:03
ComboFix-quarantined-files.txt 2009-03-24 16:48:15
Pre-Run: 48,308,981,760 bytes free
Post-Run: 48,475,070,464 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
251 --- E O F --- 2009-03-24 11:45:17
 
تأييد 0
همس الجوري قال:
الحمدلله التاسك مانيجر صار شغال عندي

يعطيك العافيه ..


بس ابي اسالك
ليش لما افتح صفحتين يشير عندي ولازم اسكرهم كلهم =s

انا مره وحدا تغير نظام الوندوز عندي وصار قديم .!

do.php



هاي الي اقصده ..!
الـ fav والهيستوري و و
أنقر للتوسيع...

اخوي والله ما فهمت عليك
لكن انصحك بتثبيت اصدار احدث من الاكسبلورر ويفضل الاصدار الثامن
 
تأييد 0
ثبته ^^


يسلمووو اخوي والله ماقصرت
 
تأييد 0
روح الى قسم مشاكل وحلول وابحث عن مواضيع
الاخ زيزووم للدرس دراسه وحلول وانشاء الله يفيدك
 
توقيع : زمان الصمت
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى