[تم حل المشكلة] مشكلة فايروس في الجهاز + ( تقرير هايجاك)

الحالة
مغلق و غير مفتوح للمزيد من الردود.
M

merooo4ever

زيزوومى متألق
إنضم
4 يونيو 2008
المشاركات
357
مستوى التفاعل
6
النقاط
470
غير متصل
السلام عليكم ورحمة الله وبركاته ..

اعتقد بأن جهازي اصيب بفايروس ..

وهذا تقرير الهايجاك ..

وجزاكم الله خير ..



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:25 م, on 16/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Documents and Settings\أبو البراء\سطح المكتب\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D711C3A-14A3-438A-BCC1-CAC2EEFEFD5A}: NameServer = 192.168.0.140
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 9308 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات



اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
اخي الكريم انا ماطلبت تحليل التقرير للهايجاك ..

ولكن اعلم في حال وجود مشكلة الاخوة الخبراء اول مايطلبونه هو تقرير هايجاك لتحديد نوع الفايروس ..

وانا وفرت للاخوة طلبهم للتقرير ..

اتمنى اعادة الموضوع بعد اذنك اخي المراقب ..

 
تأييد 0
احذف القيم التاليه
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-


F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [] 

O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll

طريقة الحذف للاكس بي




mg%20%283%29.png




mg%20%284%29.png

 
التعديل الأخير بواسطة المشرف:
توقيع : زمان الصمت
تأييد 0
عطل برامج الحمايه واستعاده النظام
نزل هذه الاداة



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة

وشوف
ملف صغير ينظف الكثير] + [طريقة تنظيف ملفات استعادة النظام لتوفير مساحة]
 
توقيع : زمان الصمت
تأييد 0
ComboFix 09-04-17.01 - أبو البراء 04/17/2009 3:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1015.482 [GMT 3:00]
Running from: c:\documents and settings\أبو البراء\سطح المكتب\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\docume~1\12B5~1\LOCALS~1\Temp\svchost.exe
c:\restore\c-1-3-64-8794238531-8742492-9897532
c:\restore\c-1-3-64-8794238531-8742492-9897532\Desktop.ini
c:\restore\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\bversion.dll
c:\windows\system32\fhpatch.dll
c:\windows\system32\fiplock.dll
c:\windows\system32\IPHACTION.dll
c:\windows\system32\iphy.dll
c:\windows\system32\IpSvchostF.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.
2009-04-16 20:56 . 2004-08-03 21:55 26624 ----a-w c:\documents and settings\All Users\proto.dll
2009-04-16 20:49 . 2009-04-16 20:49 -------- d-----w c:\documents and settings\أبو البراء\Local Settings\Application Data\ESET
2009-04-16 20:46 . 2009-04-16 20:46 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-04-16 19:02 . 2009-04-16 19:02 -------- d-----w c:\windows\system32\ar-sa
2009-04-16 18:56 . 2009-02-20 16:50 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-16 18:56 . 2009-02-20 16:50 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-16 18:56 . 2009-02-20 16:50 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-16 18:56 . 2009-02-20 16:50 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-16 18:56 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-16 18:56 . 2009-02-20 16:50 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-16 18:56 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-16 18:56 . 2008-07-09 14:25 1019904 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-16 18:56 . 2009-02-20 16:50 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-16 18:45 . 2009-04-16 18:45 -------- d-----w c:\documents and settings\أبو البراء\Application Data\Media Player Classic
2009-04-16 11:54 . 2009-04-16 11:54 23392 ----a-w c:\windows\system32\nscompat.tlb
2009-04-16 11:54 . 2009-04-16 11:54 16832 ----a-w c:\windows\system32\amcompat.tlb
2009-04-15 17:24 . 2009-04-15 17:24 735232 ----a-w c:\windows\system32\AdvOcr.dll
2009-04-15 00:54 . 2009-04-15 00:54 40960 ----a-w c:\windows\system32\tcpd.exe
2009-04-15 00:54 . 2009-04-15 00:54 1351680 ----a-w c:\windows\system32\kernel32_check.dll
2009-04-14 11:54 . 2009-04-14 11:54 -------- d-----w c:\documents and settings\أبو البراء\Application Data\Windows Live Writer
2009-04-14 11:53 . 2009-04-14 11:54 -------- d-----w c:\documents and settings\أبو البراء\Local Settings\Application Data\Windows Live Writer
2009-04-14 06:38 . 2009-04-17 01:00 -------- d-----w c:\documents and settings\أبو البراء\Tracing
2009-04-14 06:38 . 2009-04-17 01:00 -------- d-----w c:\documents and settings\أبو البراء\Tracing
2009-04-14 06:32 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-12 22:15 . 2009-04-12 22:16 1100136 ----a-w C:\installin.exe
2009-04-11 12:43 . 2009-04-11 12:43 -------- d--h--w c:\windows\PIF
2009-04-09 15:26 . 2004-08-03 21:55 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-09 15:26 . 2004-08-03 21:55 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-09 15:26 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-09 15:26 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-09 07:42 . 2009-04-09 09:42 964533 ----a-w c:\windows\Winhleps32.exe
2009-04-09 07:42 . 2009-04-17 00:56 -------- d-sh--r C:\RESTORE
2009-04-09 07:42 . 2009-04-17 00:56 -------- d-sh--r C:\CONFIG
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 00:47 . 2009-02-06 14:29 -------- d-----w c:\program files\Common Files\Real
2009-04-16 22:57 . 2001-09-19 12:00 63626 ----a-w c:\windows\system32\perfc001.dat
2009-04-16 22:57 . 2001-09-19 12:00 340138 ----a-w c:\windows\system32\perfh001.dat
2009-04-16 20:46 . 2009-04-15 00:54 -------- d-sh--r c:\program files\ThunMail
2009-04-16 18:41 . 2009-02-08 03:04 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-16 18:38 . 2009-02-06 14:31 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-16 18:33 . 2009-02-05 15:23 269360 ----a-w c:\documents and settings\أبو البراء\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 18:31 . 2009-02-06 05:09 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-16 17:54 . 2009-02-05 23:15 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-16 17:51 . 2009-02-05 23:16 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-16 17:28 . 2009-02-06 14:29 -------- d-----w c:\program files\Real
2009-04-16 01:39 . 2009-04-16 01:39 -------- d-----w c:\program files\aod
2009-04-15 17:24 . 2009-04-15 17:24 -------- d-----w c:\program files\LanqiEngine
2009-04-14 06:35 . 2009-02-05 15:27 -------- d-----w c:\program files\Windows Live
2009-04-14 06:33 . 2009-04-14 06:33 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-14 06:32 . 2009-04-14 06:32 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-14 06:30 . 2009-04-14 06:30 -------- d-----w c:\program files\Microsoft
2009-04-14 06:30 . 2009-04-14 06:30 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-14 05:23 . 2009-04-14 05:23 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-12 04:58 . 2009-03-09 03:06 -------- d-----w c:\program files\FlashGet
2009-03-08 14:47 . 2009-02-07 22:46 -------- d-----w c:\documents and settings\أبو البراء\Application Data\DMCache
2009-03-07 22:39 . 2009-02-25 22:03 -------- d-----w c:\documents and settings\أبو البراء\Application Data\U3
2009-03-06 21:54 . 2009-03-06 21:54 4096 ----a-w c:\windows\d3dx.dat
2009-03-03 00:06 . 2004-08-03 21:55 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 05:59 . 2009-03-02 05:56 -------- d-----w c:\documents and settings\All Users\Application Data\iolo
2009-03-02 05:59 . 2009-03-02 05:59 74703 ----a-w c:\windows\system32\mfc45.dll
2009-03-02 05:56 . 2009-03-02 05:56 -------- d-----w c:\documents and settings\أبو البراء\Application Data\iolo
2009-03-02 05:54 . 2009-03-02 05:54 -------- d-----w c:\program files\AxBx
2009-02-27 14:47 . 2009-02-27 14:47 -------- d-----w c:\documents and settings\أبو البراء\Application Data\Ahead
2009-02-27 14:44 . 2009-02-27 14:44 -------- d-----w c:\program files\Common Files\Ahead
2009-02-27 14:44 . 2009-02-27 14:44 -------- d-----w c:\program files\Nero
2009-02-27 13:22 . 2009-02-27 13:22 -------- d-----w c:\program files\Windows Media Connect 2
2009-02-25 21:32 . 2009-02-25 21:32 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-02-25 21:32 . 2009-02-25 21:32 172032 ------w c:\windows\Setup1.exe
2009-02-25 21:31 . 2009-02-25 21:31 73216 ----a-w c:\windows\ST6UNST.EXE
2009-02-25 20:10 . 2009-02-25 20:10 -------- d-----w c:\program files\Windows Defender
2009-02-25 18:14 . 2009-02-05 23:16 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-25 18:14 . 2009-02-05 23:16 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-20 16:50 . 2004-08-03 21:55 78336 ------w c:\windows\system32\ieencode.dll
2009-02-19 19:21 . 2009-02-19 19:21 268 ---ha-w C:\sqmdata00.sqm
2009-02-19 19:21 . 2009-02-19 19:21 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-18 17:06 . 2009-02-08 17:58 11 ----a-w C:\trace.ini
2009-02-18 00:00 . 2009-02-18 00:00 -------- d-----w c:\program files\MSXML 4.0
2009-02-16 16:35 . 2009-02-06 21:50 -------- d-----w c:\documents and settings\أبو البراء\Application Data\COWON
2009-02-16 16:35 . 2009-02-05 14:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-16 16:12 . 2009-02-06 14:32 -------- d-----w c:\program files\iTunes
2009-02-11 14:46 . 2009-02-05 14:33 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-09 05:59 . 2009-02-09 05:59 133 ----a-w c:\documents and settings\أبو البراء\Local Settings\Application Data\fusioncache.dat
2009-02-08 17:58 . 2009-02-08 17:58 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-08 17:58 . 2009-02-08 17:58 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-05 15:02 . 2009-02-05 15:02 86 ----a-w C:\bcmwl5.log
2009-02-05 14:31 . 2009-02-05 14:31 22144 ----a-w c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2004-08-03 21:56 1029632 565403235F1424B1E8B0C0FE8CC2C7B6 c:\windows\explorer.exe
[-] 2008-04-14 15:59 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\SoftwareDistribution\Download\b86141217825998609b93e71cc29eb6e\explorer.exe
[7] 2004-08-03 21:56 1029632 932F97B77F2625F7FF7DFC97552548F8 c:\windows\SoftwareDistribution\Download\c160be1f23e8ed072176d3ca147b83b7\backup\sp2gdr\explorer.exe
[7] 2004-08-03 21:56 1029632 932F97B77F2625F7FF7DFC97552548F8 c:\windows\system32\dllcache\explorer.exe
[7] 2007-04-16 15:52 1352704 0ACBF4B0AB7F515D33D30F15C6C43BCA c:\windows\SoftwareDistribution\Download\530838b6e2b4a92c7b6d4774399a86eb\sp2gdr\kernel32.dll
[7] 2007-04-16 16:09 1354240 E231223E2BC28A0C7732E5DF968B3AFE c:\windows\SoftwareDistribution\Download\530838b6e2b4a92c7b6d4774399a86eb\sp2qfe\kernel32.dll
[-] 2008-04-14 15:59 1357824 94EBB9E7D65FDA05E515D6B70E4247E2 c:\windows\SoftwareDistribution\Download\b86141217825998609b93e71cc29eb6e\kernel32.dll
[-] 2009-04-15 00:54 1351680 5D734DE558104A7DD3067D6456BBCD41 c:\windows\system32\kernel32.dll
[7] 2004-08-03 21:55 1351680 458F1764A02B43A053D0E2CEF2A6AE5B c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 1306624]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-02-06 98304]
"DiskChk help"="c:\documents and settings\All Users\proto.dll" [2004-08-03 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-18 137752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-06 278528]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-17 180269]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\ڑ ي ںé ©ںک\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Reader Speed Launch.lnk - c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2009-2-15 25214]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli d3dpia.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\التدريب والتطوير\\الدورات التطويرية\\المدينة\\برامج منوعة خفيفة\\الذاكرة\\remind_tester\\remind_tester.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 aic32p;aic32p; [x]
R3 COH_Mon;COH_Mon; [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-02-10 45840]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-07-01 468224]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bc331ca-0388-11de-b729-001f3c85d235}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f4b7d6a-f39e-11dd-b700-001f3c85d235}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tazebama.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f4b7d6c-f39e-11dd-b700-001f3c85d235}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tazebama.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f4b7d6d-f39e-11dd-b700-001f3c85d235}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tazebama.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d4aa049-ff21-11dd-b71e-001f3c85d235}]
\Shell\AutoRun\command - G:\pook.com
\Shell\open\Command - G:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d4aa04a-ff21-11dd-b71e-001f3c85d235}]
\Shell\AutoRun\command - H:\pook.com
\Shell\open\Command - H:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d4aa04b-ff21-11dd-b71e-001f3c85d235}]
\Shell\AutoRun\command - I:\pook.com
\Shell\open\Command - I:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d4aa04c-ff21-11dd-b71e-001f3c85d235}]
\Shell\AutoRun\command - J:\pook.com
\Shell\open\Command - J:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af41b59c-02a3-11de-b71f-001f3c85d235}]
\Shell\AutoRun\command - G:\pook.com
\Shell\open\Command - G:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af41b59d-02a3-11de-b71f-001f3c85d235}]
\Shell\AutoRun\command - H:\pook.com
\Shell\open\Command - H:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af41b59e-02a3-11de-b71f-001f3c85d235}]
\Shell\AutoRun\command - I:\pook.com
\Shell\open\Command - I:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af41b59f-02a3-11de-b71f-001f3c85d235}]
\Shell\AutoRun\command - J:\pook.com
\Shell\open\Command - J:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f58adbb6-f694-11dd-b70d-001f3c85d235}]
\Shell\AutoRun\command - g:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
\Shell\open\command - g:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987192}]
c:\restore\c-1-3-64-8794238531-8742492-9897532\DriveFix.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
uInternet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4D711C3A-14A3-438A-BCC1-CAC2EEFEFD5A} = 192.168.0.140
.
.
------- File Associations -------
.
vbefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-04-17 04:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1644491937-790525478-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):46,ed,d3,dd,2a,e4,a0,9a,7e,67,cf,07,68,5b,ca,9f,f1,ae,e1,56,11,
aa,af,af,a1,33,81,0d,8c,58,96,54,42,a4,40,e6,4f,ee,c7,9c,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9678f5d8-360b-4679-9554-dc35e3bd5e9a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000042
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,a8,a5,91,e0,f3,36,42,6b,b5,66,4a,d0,23,02,d0,61,fc,5a,e1,75,44,d7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1372)
c:\windows\system32\msacm32.drv
- - - - - - - > 'lsass.exe'(1428)
c:\windows\d3dpia.dll
- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\msi.dll
c:\windows\d3dpia.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2009-04-17 4:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 01:02
Pre-Run: 20,944,756,736 bytes free
Post-Run: 22,507,851,776 bytes free
317 --- E O F --- 2009-02-19 16:43
 
تأييد 0
هذا هو آخر تقرير ولكم جزيل الشكر والإمتنان,,
 
تأييد 0
up
----------------------
 
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


التقارير الي يجب وضعها هي تقارير برامج الحمايه مسبقا وليس الهاي جاك

الهاي جاك هو الي عند لطلب

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
بس أخي العزيز أنا محمل النود
هل هذا يؤثر على البرنامج ,,,
 
تأييد 0
الاداه محموله وبدون تثبيت ولايؤثر ابدا
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Scan
----
Scanned: 574538
Detected: 15
Untreated: 0
Start time: 26/04/1430 03:41:30 م
Duration: 02:09:04
Finish time: 26/04/1430 05:50:34 م

Detected
--------
Status Object
------ ------
will be deleted when the computer is restarted: Trojan program Trojan.Win32.Agent.cbrc File: C:\WINDOWS\d3dpia.dll
will be deleted when the computer is restarted: Trojan program Trojan-Spy.Win32.Agent.ambw File: C:\Documents and Settings\All Users\proto.dll
deleted: Trojan program Trojan.Win32.Agent2.ibe File: C:\Qoobox\Quarantine\C\DOCUME~1\12B5~1\LOCALS~1\Temp\svchost.exe.vir
deleted: Trojan program Trojan-Spy.Win32.Agent.ambw File: C:\WINDOWS\adawilulokuzox.dll
deleted: Trojan program Trojan-Spy.Win32.Agent.ambw File: C:\WINDOWS\esonufuqoseje.dll
deleted: Trojan program Trojan-Spy.Win32.Agent.ambw File: C:\WINDOWS\ijatecoqa.dll
deleted: Trojan program Trojan-Spy.Win32.Agent.ambw File: C:\WINDOWS\otiqepoqu.dll
deleted: Trojan program Trojan-Spy.Win32.Agent.ambw File: C:\WINDOWS\ugegozavo.dll
deleted: Trojan program Trojan-Spy.Win32.Agent.ambw File: C:\WINDOWS\ujiluyet.dll
deleted: Trojan program Trojan-Spy.Win32.Agent.ambw File: C:\WINDOWS\upayeful.dll
deleted: adware not-a-virus:AdWare.Win32.Chiem.c File: E:\التدريب والتطوير\الدورات التطويرية\التنمية البشرية\حقائب تدريب 2008\simon_extreme.zip/simon_extreme.exe//setup.zip/4
deleted: Trojan program Trojan-Downloader.Win32.LoadAdv.gen File: E:\التدريب والتطوير\الدورات التطويرية\الجرافلوجي\برامج\برامج لتحليل الخط\Graphology Advisor\graphology_advisor.exe
deleted: Trojan program Trojan-Downloader.Win32.LoadAdv.gen File: E:\التدريب والتطوير\الدورات التطويرية\الجرافلوجي\ممارس متقدم جرافولوجي\الكتاب\برامج لتحليل الخط\Graphology Advisor\graphology_advisor.exe
deleted: Trojan program Trojan.JS.Agent.uo File: E:\صور\صور\صور1\سيارات القمة\سيارات\2000_tvr_cerbera_speed_12-1.jpg
deleted: Trojan program Trojan.JS.Agent.uo File: E:\صور\صور\صور1\سيارات القمة\سيارات\2000_tvr_cerbera_speed_12-2.jpg

Events
------
Time Name Status Reason
---- ---- ------ ------
26/04/1430 03:41:36 م Running module: smss.exe\smss.exe ok scanned

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Disinfect, delete if disinfection fails
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----
 
تأييد 0
هذا تقرير الكاسبر
ولكم جزيل الشكر والعرفان
 
تأييد 0
تم حذف 15 اصابة

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:59 م, on 21/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\CF21759.exe
C:\ComboFix\ComboFix-Download.cfexe
C:\Documents and Settings\أبو البراء\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D711C3A-14A3-438A-BCC1-CAC2EEFEFD5A}: NameServer = 192.168.0.140
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 9717 bytes
 
تأييد 0
احذف

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)



O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run



طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png


واستخدم اداة SDFix


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




حمل هالبرنامج (( المحمول )) لتنظيف جهازك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



فك الضغط وشغل البرنامج

ثم

zyzoom-d762122afb.jpg


zyzoom-8dbf27d5b7.jpg




zyzoom-c43ce2675a.jpg




ثم

zyzoom-13a981099e.jpg



zyzoom-749b8be64f.jpg



zyzoom-233e42ae23.jpg



zyzoom-2835265acc.jpg



zyzoom-0f820fb2e3.jpg





 
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:27:15 ص, on 22/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\أبو البراء\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D711C3A-14A3-438A-BCC1-CAC2EEFEFD5A}: NameServer = 192.168.0.140
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 9542 bytes
 
تأييد 0
توقيع : KoNaMi
تأييد 0
كذآ التقرير عسسل ,,

بآقي مشآكل ؟​
 
توقيع : Corporation
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


:ok:

بالظبط .. التقرير 100%

اتعاني من اي مشاكل اخرى ؟
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى