جهازي ممنوع من الاتصال والنسخ واللصق ولاقادر على استعادة النظام

thany_1 · 19 أبريل 2009

السلام عليكم ورحمة الله وبركاته
شباب افزعوا لي ...جهازي ماني عارف اشفيه صابته حاله غريبه أول مره اشوفها.. مادري بسبب فايروس أولا مني قادر اعمل معاه شي .. والمشكله فيه ملفات وأشياء خاصه وما ودي أفرمت الجهاز ..
حالة الجهاز كتالي:
1- رجع شكله وندوز كلاسيكي...بعد يومين طلعت رسالة النجمه الزرقاء لتنشيط الوندوز ونشطته بدون مشاكل .. عند التشغيل سريع ولا يهنق مابه إلا العافيه وهذا اللي قاهرني :?:
2- مايتصل بالانترنت
3-مايفتح كثير من البرامج ومنها-المتصفحات -حرق السيدهات مثل النيرو - برامج تحسين الأداء وتعديل أخطاء الرجستري مثل tuneup- انقطاع الصوت عند تشغيل برامج الملتميديا
4-ماهو قادر ينسخ اي ملف ..يعني ماأقدر أخذ منه اي ملف أبداً حاولت بكل الطرق اللي أعرفه ماقدرت
5-ماني قادر أخذ نسخه من تقرير.... يطلع التقرير بس الخبره ماتساعد على الاستفادة منه
6- استعادة النظام ماتفتح معي ابدااااً
يعني الجهاز شغال بس مااستفيد منه اي شي
افزعوا يربع تكفوووووووووووووون لو فيه طريقه نسخ الملفات على الأقل
على فكره حاولت عن طريق أدوات النظام ..معالج نقل الملفات والإعدادات .. وفعلاً نقلي ملفات على هاردسك خارجي بس ماقدرت أستفيد منها حاولت أنقلها لجهاز ثاني بس تطلع الملفات امتداد dat ومجزئه ماقدرت اتعامل معها ..اقل شي لو تفيدوني في نقل الملفات

مع الشكر ,,

MAAX · 20 أبريل 2009

PrinceOfPersia قال:
عذراً استاذي الحبيب
كنت أرتب الرد ولم أرى ردك...

ردك كافي ووافي

الله لا يهينك
كلامك سليم ولكن ودنا بالادوات لتنظيف الريجستري :f:

MAAX · 20 أبريل 2009

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

بعد الانتهاء لن يعمل الجهاز وسيطلب التنشيط
انت استخدم الكراك اللي بالموضوع السابق عن طريق الوضع الامن

محمد عيدروس علي · 20 أبريل 2009

رد عليّ عندك cd اويندوز ؟؟؟؟؟؟
شغل (تشغيل) من قائمة ابدأ وأكتب :
sfc /scannow

thany_1 · 20 أبريل 2009

ComboFix 09-04-21.01 - Hail 04/20/2009 22:47.1 - NTFSx86
Running from: I:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 5283 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\قائمة ابدأ\البرامج\ADSTechnology
c:\documents and settings\All Users\قائمة ابدأ\البرامج\ADSTechnology\Uninstall.lnk
c:\documents and settings\Hail\Application Data\.#
c:\documents and settings\Hail\Application Data\.#\MBX@C60@383240.###
c:\documents and settings\Hail\Application Data\inst.exe
c:\program files\ADSTechnology
c:\program files\ADSTechnology\Uninstall.exe
c:\windows\system32\digeste.dll
c:\windows\system32\digiwet.dll
c:\windows\system32\wpv861235998315.cpx
c:\windows\Temp\4239553157.exe
c:\windows\wiaserviv.log
I:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RSVPWMDMPMSN
-------\Service_RSVPWmdmPmSN

((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.
2009-04-18 19:01 . 2009-04-18 19:01 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-16 03:31 . 2009-04-16 10:09 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-14 16:03 . 2009-04-14 16:03 162968 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 02:07 . 2009-04-10 02:07 -------- d-----w c:\documents and settings\Hail\Application Data\GPass
2009-04-10 02:01 . 2009-04-10 02:05 -------- d-----w c:\documents and settings\Hail\Application Data\3
2009-04-01 17:11 . 2009-04-01 17:11 -------- d-----w c:\program files\Trend Micro
2009-03-31 20:36 . 2009-03-31 20:36 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 19:54 . 2009-02-14 23:51 32 ----a-w c:\windows\system32\drivers\mshcmd.sys.
2009-04-20 19:53 . 2008-07-05 11:37 819232 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-20 19:53 . 2008-07-05 11:37 8060448 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-20 19:53 . 2008-07-05 11:37 66148 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-20 19:53 . 2008-07-05 11:37 4928 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-20 19:26 . 2007-10-27 07:56 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-16 10:15 . 2007-11-08 10:42 -------- d-----w c:\documents and settings\Hail\Application Data\Vso
2009-04-16 03:17 . 2007-11-01 05:54 -------- d-----w c:\program files\BitComet
2009-04-14 16:11 . 2008-01-21 23:24 -------- d-----w c:\program files\TuneUp Utilities 2008
2009-04-13 21:18 . 2007-11-09 21:10 -------- d-----w c:\documents and settings\Hail\Application Data\Free Download Manager
2009-04-13 16:15 . 2004-08-04 12:00 60864 ----a-w c:\windows\system32\perfc001.dat
2009-04-13 16:15 . 2004-08-04 12:00 336546 ----a-w c:\windows\system32\perfh001.dat
2009-04-11 17:34 . 2007-11-27 22:37 -------- d-----w c:\program files\Hewlett-Packard
2009-04-02 02:34 . 2007-10-31 12:39 162968 ----a-w c:\documents and settings\Hail\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 16:41 . 2008-05-27 09:25 107292 ---ha-w c:\windows\system32\mlfcache.dat
2009-03-21 22:16 . 2008-10-21 20:35 360320 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-03-21 22:16 . 2008-10-21 20:35 360320 ----a-w c:\windows\system32\dllcache\tcpip.sys
2009-03-17 15:14 . 2009-02-20 04:37 -------- d-----w c:\program files\Demonoid
2009-03-15 22:04 . 2009-03-15 22:04 -------- d-----w c:\program files\cic
2009-03-14 23:22 . 2008-11-20 16:32 237 ----a-w C:\gmail_debug_headers4.txt
2009-03-14 23:22 . 2008-11-20 16:32 231 ----a-w C:\gmail_debug_response4.txt
2009-03-14 23:22 . 2008-11-20 16:32 830 ----a-w C:\gmail_debug_headers2.txt
2009-03-14 23:22 . 2008-11-20 16:32 251 ----a-w C:\gmail_debug_headers3.txt
2009-03-14 23:22 . 2008-11-20 16:32 1650 ----a-w C:\gmail_debug_response2.txt
2009-03-14 23:22 . 2008-11-20 16:32 145 ----a-w C:\gmail_debug_response3.txt
2009-03-14 23:22 . 2008-11-20 16:32 872 ----a-w C:\gmail_debug_response1.txt
2009-03-14 23:22 . 2008-11-20 16:32 829 ----a-w C:\gmail_debug_headers1.txt
2009-03-12 09:50 . 2009-03-12 09:50 -------- d-----w c:\program files\Harf
2009-03-02 21:31 . 2009-03-02 21:31 -------- d-----w c:\program files\Everstrike Software
2009-03-02 21:31 . 2009-03-02 21:31 -------- d-----w c:\program files\Common Files\Everstrike Software
2009-03-01 00:09 . 2007-10-31 12:45 -------- d-----w c:\program files\Hotspot Shield
2009-02-28 21:58 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-28 21:58 . 2008-05-23 00:00 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-28 21:58 . 2008-05-23 00:00 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-22 20:23 . 2008-08-09 01:44 -------- d-----w c:\documents and settings\Hail\Application Data\LimeWire
2009-02-20 16:11 . 2007-12-20 04:22 -------- d-----w c:\program files\BT Engine
2009-02-20 04:21 . 2009-02-20 04:21 -------- d-----w c:\program files\Torrent Harvester
2008-09-03 12:55 . 2008-09-03 12:55 0 ----a-w c:\program files\temp01
2008-06-27 02:26 . 2007-11-08 10:42 47360 ----a-w c:\documents and settings\Hail\Application Data\pcouffin.sys
2008-06-27 02:25 . 2007-11-08 10:42 81920 ----a-w c:\documents and settings\Hail\Application Data\ezpinst.exe
2008-12-11 10:2008-12-10 19:46 45:11 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2005-03-02 18:19 576512 C287C8218DAC8EE3AEF1FB2018064699 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 577536 ADC5A589D00030F03FC315F18EACF05F c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2004-08-04 12:00 576512 EDE1D5F29B2752953F3D5D11004154C1 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 576512 48A5A51EBCD5056A245397E1EA1F78EE c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 15:59 578048 F95655E872967AE2CD4C19D8914BABB7 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\user32.dll
[-] 2007-03-08 15:36 577024 9A432140628841A7D5B489A4AC2EB154 c:\windows\system32\user32.dll
[-] 2007-03-08 15:36 577024 9A432140628841A7D5B489A4AC2EB154 c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 15:59 82432 8A2B77E2A2F2AD328EE3A2ED91F08EBB c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\ws2_32.dll
[-] 2004-08-04 12:00 82944 C3B9FD7B0D0824FC224684B73302A0FD c:\windows\system32\ws2_32.dll
[-] 2004-08-04 12:00 82944 C3B9FD7B0D0824FC224684B73302A0FD c:\windows\system32\dllcache\ws2_32.dll
[-] 2007-08-22 12:56 664064 631AEA3DE7379BED883CBE0C54400E4B c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-10-11 06:11 664576 0C1ABA0B3FFF16ABD6AEA11DE03DE96F c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-12-07 00:46 664576 C008430A0E29DAF3242487B4DF316151 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2007-12-07 01:41 825344 C1448AB7A5567A905BE41FB117C7D356 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-02-16 09:30 664576 3DEE02D98E6729A99E510E50BCA91051 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2008-03-01 12:33 827392 DAA4F32CDBDB1267211B159D8442D2E6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 04:19 827392 154282AE8E63D03A7ADD87E50D061836 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 15:38 827904 BD4BE2824BC805DA1F29385519B865F9 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 BCEB6D8A6BEA74628DB977215081652A c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 19:32 827904 A513D53F4AD728F9F866691C52B8FCC2 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:46 827904 B7515B5012855F6A3BDE9BE849054067 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2004-08-04 12:00 654848 1E1CEF80A11BDAB92B2A83F885D214D5 c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-08-22 13:11 657408 AA24845A20DF9825164900EA3E7E1B91 c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-10-11 06:12 657920 2E96E68AFE5A10861B30DC90C4850A77 c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2007-12-07 01:06 657920 F1C7F9CA751BED07DAE456C43949A4C0 c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2008-02-16 09:00 657920 51C2BAEB7BCD903D402B7D21C0000205 c:\windows\ie7\wininet.dll
[-] 2007-08-13 15:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:04 824832 A5C9A185D3BC36E1D837795B581C1EC8 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 12:53 826368 59CD4239EE0AC57D3CC95773D11ECAC0 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 565098F166F21E24874EBC8CF89C623C c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:15 826368 3F4BCA25F29394995161E8E85D925C1A c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:57 826368 8D2003BBFFFD5FF95EA66350E4D1E4C7 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:04 826368 1B24950F5EC729B69B671BA14D272B24 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-04-14 15:59 664576 699B4DBFBA7D4201D67C521E5DF0670D c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\wininet.dll
[-] 2008-03-01 12:53 826368 59CD4239EE0AC57D3CC95773D11ECAC0 c:\windows\SoftwareDistribution\Download\4227e5b84bf238652fc31ee7bdc39e92\SP2GDR\wininet.dll
[-] 2008-03-01 12:33 827392 DAA4F32CDBDB1267211B159D8442D2E6 c:\windows\SoftwareDistribution\Download\4227e5b84bf238652fc31ee7bdc39e92\SP2QFE\wininet.dll
[-] 2007-12-07 02:04 824832 A5C9A185D3BC36E1D837795B581C1EC8 c:\windows\SoftwareDistribution\Download\dad66cd1d098e9b562ebb1ff5f0c6663\SP2GDR\wininet.dll
[-] 2007-12-07 01:41 825344 C1448AB7A5567A905BE41FB117C7D356 c:\windows\SoftwareDistribution\Download\dad66cd1d098e9b562ebb1ff5f0c6663\SP2QFE\wininet.dll
[-] 2008-12-20 22:31 826368 5B35855D3E98567AA2C85B2183EA84A7 c:\windows\system32\wininet.dll
[-] 2008-12-20 22:31 826368 5B35855D3E98567AA2C85B2183EA84A7 c:\windows\system32\dllcache\wininet.dll
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2007-11-02 12:25 359808 BA57942C0029B0878AFBA052A3E33689 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\SoftwareDistribution\Download\a1c8b8d6896ab783c320f2b6e9fdb4e3\sp2gdr\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\SoftwareDistribution\Download\a1c8b8d6896ab783c320f2b6e9fdb4e3\sp2qfe\tcpip.sys
[-] 2009-03-21 22:16 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\dllcache\tcpip.sys
[-] 2009-03-21 22:16 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 16:00 506880 BCEDF9DCCBC807108CE34C9834074C34 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\winlogon.exe
[-] 2004-08-04 12:00 501248 BA4E08425B62BE257AE4557DA058F1AA c:\windows\system32\winlogon.exe
[-] 2004-08-04 12:00 501248 BA4E08425B62BE257AE4557DA058F1AA c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\ndis.sys
[-] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\ip6fw.sys
[-] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 18:12 2058496 D4BD251B437E841CE93C4AFA19B9B788 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:05 2060928 07EC56EB800A64228A42157D2FF161F3 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 13:37 2064512 03707FBDEAD155480A9F100FB62180A0 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 13:20 2067584 C0B601D30C9B2E1B2F37423775E26983 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 16:24 2067584 5BE9C85582D409F6B0520F671B7C4EA7 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2004-08-04 12:00 2016768 0CBE3942657196CB871738E5D4A9DA79 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:06 2016768 FACBCF4A5490EA352AD39971C45075F2 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2007-02-28 16:01 2017280 9A73EDC5AAF21CC934A163E1B9D9BB53 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-08-14 13:42 2059264 8C7491ADE5147A5E8FAE7E93EC955159 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 15:42 2067456 38ADD7143295F3C2CEAE688F4583DE30 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\ntkrnlpa.exe
[-] 2008-08-14 13:42 2017280 3F1311721A96542F63D81913EA116BF1 c:\windows\system32\ntkrnlpa.exe
[-] 2008-08-14 13:42 2059264 8C7491ADE5147A5E8FAE7E93EC955159 c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 18:12 2181120 C7D8DB9C1F072D6E22D9A2B354CCE5B2 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:05 2183680 BD6DEA71816E48DE42ADAB538296F596 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 13:37 2187520 5D43A393467AE76138E25C3ACAF27F75 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 13:20 2190720 9D9953C83765C024A5289F625714ED33 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 16:24 2190720 8D99ACB2CD1A686E7A98CC22119DE324 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2004-08-04 12:00 2149888 10AC039A4734D143A84763AEBACBCD89 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:06 2137088 69E84522A4F67E3ED23D416FB08888E6 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2007-02-28 16:01 2137600 A5ED1014910BFFF7E147E0164A2BBB66 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-08-14 13:42 2181888 572CD3393619EB7EF75FD897C7DC78EE c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 15:42 2190592 D08BABE3CB9FA5C6DF025E101B51F76B c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\ntoskrnl.exe
[-] 2008-08-14 13:42 2137600 58F4EF0043EECE9A35A4DEB07A760B18 c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 13:42 2181888 572CD3393619EB7EF75FD897C7DC78EE c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2007-06-13 13:22 1030656 4E877303248A09847FB303EE173FBD70 c:\windows\explorer.exe
[-] 2007-06-13 13:10 1030656 D0DC9258122F39129966649085F45880 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 12:00 1029632 932F97B77F2625F7FF7DFC97552548F8 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 15:59 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\explorer.exe
[-] 2007-06-13 13:22 1030656 4E877303248A09847FB303EE173FBD70 c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-14 16:00 108544 940B71D9046A5356E9B5A3CD5A75B064 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\services.exe
[-] 2004-08-04 12:00 108032 706B1ED77D90DFAFC71AC86AFCC1CC03 c:\windows\system32\services.exe
[-] 2004-08-04 12:00 108032 706B1ED77D90DFAFC71AC86AFCC1CC03 c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 15:59 13312 99AE1390A271B02D752178DF9E8442A3 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\lsass.exe
[-] 2004-08-04 12:00 13312 E0C58B25FA2A8AC9EA18A0A5ABB8A932 c:\windows\system32\lsass.exe
[-] 2004-08-04 12:00 13312 E0C58B25FA2A8AC9EA18A0A5ABB8A932 c:\windows\system32\dllcache\lsass.exe
[-] 2008-04-14 15:59 15360 252F972131EB23596C20B82CA190DC5C c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\ctfmon.exe
[-] 2004-08-04 12:00 15360 B87D2319441038F62BDDAEEB6BCE156D c:\windows\system32\ctfmon.exe
[-] 2004-08-04 12:00 15360 B87D2319441038F62BDDAEEB6BCE156D c:\windows\system32\dllcache\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-04 12:00 57856 5917EF4B63693507C1BE9D1986D2E1DB c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 16:00 57856 42ECA7EA7D2E8B874BB9E4D147A5F783 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 16:00 26112 B2B4E4722CAAFE109BEC13773BCB75B0 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\userinit.exe
[-] 2004-08-04 12:00 24576 E5B1BAFAC265460493B1A12B65C1CF52 c:\windows\system32\userinit.exe
[-] 2004-08-04 12:00 24576 E5B1BAFAC265460493B1A12B65C1CF52 c:\windows\system32\dllcache\userinit.exe
[-] 2008-04-14 15:59 295424 58E202572D3251BF2687BF841EA00CE0 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\termsrv.dll
[-] 2004-08-04 12:00 295424 4D42FE6F795DEA7917F329A40A175294 c:\windows\system32\termsrv.dll
[-] 2004-08-04 12:00 295424 4D42FE6F795DEA7917F329A40A175294 c:\windows\system32\dllcache\termsrv.dll
[-] 2007-04-16 16:09 1354240 E231223E2BC28A0C7732E5DF968B3AFE c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2004-08-04 12:00 1351680 458F1764A02B43A053D0E2CEF2A6AE5B c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 15:59 1357824 94EBB9E7D65FDA05E515D6B70E4247E2 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\kernel32.dll
[-] 2007-04-16 15:52 1352704 0ACBF4B0AB7F515D33D30F15C6C43BCA c:\windows\system32\kernel32.dll
[-] 2007-04-16 15:52 1352704 0ACBF4B0AB7F515D33D30F15C6C43BCA c:\windows\system32\dllcache\kernel32.dll
[-] 2008-04-14 15:59 17408 DC4CD0AAD9A26C4FB63D75FB54FDFDA7 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\powrprof.dll
[-] 2004-08-04 12:00 17408 A8C31D5B403B48E98F352DCBCFCEEB9E c:\windows\system32\powrprof.dll
[-] 2004-08-04 12:00 17408 A8C31D5B403B48E98F352DCBCFCEEB9E c:\windows\system32\dllcache\powrprof.dll
[-] 2008-04-14 15:59 110080 437820B0DB7A11FB58660CE6C40A05F6 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\imm32.dll
[-] 2004-08-04 12:00 110080 E3FE07E893352F48748790DA6FD04A42 c:\windows\system32\imm32.dll
[-] 2004-08-04 12:00 110080 E3FE07E893352F48748790DA6FD04A42 c:\windows\system32\dllcache\imm32.dll
[-] 2008-04-14 15:59 1571328 6B8B7B206FA0C50B4CF99EEE2AC14BC7 c:\windows\SoftwareDistribution\Download\29b963ecf70b78e059e10e3af5e25c03\sfcfiles.dll
[-] 2004-08-04 12:00 1547776 A253EDE6E4DA90E8254B8C2E4838A3CB c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 12:00 1547776 A253EDE6E4DA90E8254B8C2E4838A3CB c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-03-21 11:51 1470488 ----a-w c:\program files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}]
2009-03-17 15:15 1883672 ----a-w c:\program files\Demonoid\tbDem1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC7BD467-1714-44D7-923E-04B20C14E50A}]
2008-03-13 14:11 2371584 ----a-w c:\program files\FALCOM\FALCOM Arabic Toolbar\FalcomToolbarAr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-01-20 22:54 1784856 ----a-w c:\program files\Hotspot_Shield\tbHot1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-02-28 21:29 204248 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\program files\speed-bit\tbspe1.dll" [2008-03-21 1470488]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-01-20 1784856]
"{35b675b9-7f34-40df-8f49-5fab6b7e4aef}"= "c:\program files\Demonoid\tbDem1.dll" [2009-03-17 1883672]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "c:\program files\speed-bit\tbspe1.dll" [2008-03-21 1470488]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-01-20 1784856]
"{35B675B9-7F34-40DF-8F49-5FAB6B7E4AEF}"= "c:\program files\Demonoid\tbDem1.dll" [2009-03-17 1883672]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Free Upload Manager"="c:\program files\Free Download Manager\fum\fum.exe" [2007-07-29 253952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\Hail\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-03-09 2564408]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-08-15 2420783]
"Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
"Nektra OEAPI"="c:\program files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe" [2007-08-26 851968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 8597586]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-28 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-28 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-27 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [2007-11-03 6731312]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-10 29744]
"SlipStream"="c:\program files\ONSPEED\onspeedcore.exe" [2007-06-14 344064]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-04-06 499712]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2007-11-16 2997984]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"ماركت بروف"="c:\marketprof\MarketProf.exe" [2008-01-06 4198400]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-28 1519616]
"atwtusb"="atwtusb.exe" - c:\windows\system32\ATWTUSB.EXE [2006-02-21 294912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalStart.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Hail^قائمة ابدأ^البرامج^بدء التشغيل^Morpheus.lnk]
path=c:\documents and settings\Hail\قائمة ابدأ\البرامج\بدء التشغيل\Morpheus.lnk
backup=c:\windows\pss\Morpheus.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Documents and Settings\\Hail\\My Documents\\برامج\\أفلام\\torrent\\utorrent.exe"=
"c:\\Program Files\\ExtraTools\\ExtraDNS\\ExtraDNS.dll"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Russian\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BT Engine\\btengine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21086:TCP"= 21086:TCP:BitComet 21086 TCP
"21086:UDP"= 21086:UDP:BitComet 21086 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"18104:TCP"= 18104:TCP:BitComet 18104 TCP
"18104:UDP"= 18104:UDP:BitComet 18104 UDP
"24110:TCP"= 24110:TCP:BitComet 24110 TCP
"24110:UDP"= 24110:UDP:BitComet 24110 UDP
"21110:TCP"= 21110:TCP:betcomet
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-28 33808]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2008-10-03 87264]
R2 gupdate1c98ae3a2f2fcd4;Google Update Service (gupdate1c98ae3a2f2fcd4);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-05 117208]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488]
R2 NwSapAgent;SAP Agent; [x]
R2 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2009-02-15 259584]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [2008-05-15 104192]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-10 29744]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\DRIVERS\HssDrv.sys [2009-02-05 31704]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

--- Other Services/Drivers In Memory ---
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - AvgAsCln
*Deregistered* - Beep
*Deregistered* - Cdfs
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - Fastfat
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - KSecDD
*Deregistered* - MountMgr
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - rdpdr
*Deregistered* - sr
*Deregistered* - swenum
*Deregistered* - TermDD
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fa1ef9e-9861-11dc-af49-0012179a73a9}]
\Shell\AutoRun\command - SSCVIHOST.exe
\Shell\Open\command - SSCVIHOST.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be01dbe0-3a15-11dd-af08-00167638c57e}]
\Shell\AutoRun\command - G:\ybj8df.exe
\Shell\explore\Command - G:\ybj8df.exe
\Shell\open\Command - G:\ybj8df.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21DB17A7-9EB9-0768-D9C5-22A71AD280F1}]
c:\windows\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 10:31]
2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 14:57]
2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 18:10]
2009-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1343024091-839522115-1003.job
- c:\documents and settings\Hail\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 10:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &BitSpirit حمله باستخدام - c:\program files\BitSpirit\bsurl.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Download all with Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dllink.htm
IE: Free Download Manager تحميل الفيديو بواسطة -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlfvideo.htm
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: تحميل المحددة بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlselected.htm
IE: تنزيل الكل بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlall.htm
IE: تنزيل بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dllink.htm
IE: سأ±بجط¾«ءéدآشط(&B)
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
LSP: c:\progra~1\ONSPEED\sliplsp.dll
TCP: {B2E95AF3-E1FF-422F-908A-D032E368A11C} = 10.9.128.1
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-20 22:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1060284298-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*, p*d*f*\OpenWithList]
@Class="Shell"
"a"="firefox.exe"
"MRUList"="ba"
"b"="AcroRd32.exe"
[HKEY_USERS\S-1-5-21-1060284298-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*, p*d*f*\OpenWithProgids]
"?pdf_auto_file"=hex(0):
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{26a7c3ee-df9b-4847-b923-882a98927d7c}]
@Denied: (Full) (Everyone)
"Model"=dword:0000011f
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,ba,8f,13,b7,fa,
a6,f0,d3,04,a3,b7,bd,5b,11,77,40,b0,16,92,99,24,72,0f,e8,3a,74,89,cd,a4,38,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bc,a4,b9,c1,42,19,ad,6c,09,93,7b,b3,16,3c,05,20,cb,c4,fa,25,90,
e2,f8,b0,77,b2,b1,2a,65,3e,17,3b,7b,b5,b3,8f,91,75,94,3e,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\, p*d*f*_*a*u*t*o*_*f*i*l*e*\shell\Read\command]
@="\"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe\" \"%1\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\klogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
.
**************************************************************************
.
Completion time: 2009-04-20 23:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-20 20:05
Pre-Run: 24,896,512,000 bytes free
Post-Run: 25,281,712,128 bytes free
445 --- E O F --- 2009-03-23 18:55

thany_1 · 20 أبريل 2009

محمد عيدروس علي قال:
رد عليّ عندك cd اويندوز ؟؟؟؟؟؟
شغل (تشغيل) من قائمة ابدأ وأكتب :
Sfc /scannow

لا والله مش موجود السيدي للوندوز

MAAX · 20 أبريل 2009

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

thany_1 · 21 أبريل 2009

maax قال:
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

معليش اتعبتك معي
البرنامج مو راضي يركب معي حاولت فيه رافض..ركبته على الهاردسك الخارجي بعد مو قابل
على فكره انا جالس شغال في السف مود
نسخة الوندوز رافضه تتحدث معي ...استخدمت الملف اللي حطيته قبل كذا ما نفع...استخدمت ملف للأخ الجنتل برضو ما نفع

MAAX · 21 أبريل 2009

طيب اعمل تقرير هايجاك جديد

thany_1 · 21 أبريل 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:20:37 ص, on 21/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
R3 - URLSearchHook: Demonoid Toolbar - {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - C:\Program Files\Demonoid\tbDem1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Demonoid Toolbar - {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - C:\Program Files\Demonoid\tbDem1.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: TBSB01631 - {AC7BD467-1714-44D7-923E-04B20C14E50A} - C:\Program Files\FALCOM\FALCOM Arabic Toolbar\FalcomToolbarAr.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Demonoid Toolbar - {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - C:\Program Files\Demonoid\tbDem1.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hail\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1060284298-1343024091-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-1343024091-839522115-1003\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-1060284298-1343024091-839522115-1003\..\Run: [Google Update] "C:\Documents and Settings\Hail\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1060284298-1343024091-839522115-1003 Startup: IMTranslator.lnk = C:\Program Files\Smart Link\IMTrans\IMTrans.exe (User '?')
O4 - Startup: IMTranslator.lnk = C:\Program Files\Smart Link\IMTrans\IMTrans.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedloader.exe
O8 - Extra context menu item: &BitSpirit حمله باستخدام
- C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all with Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2E95AF3-E1FF-422F-908A-D032E368A11C}: NameServer = 10.9.128.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98ae3a2f2fcd4) (gupdate1c98ae3a2f2fcd4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAP Agent (NwSapAgent) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Upload Manager (uploadmgr) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TuneUp Theme Extension (UxTuneUp) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
--
End of file - 19022 bytes

MAAX · 21 أبريل 2009

حدد التالي واحذفه

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll

R3 - URLSearchHook: Demonoid Toolbar - {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - C:\Program Files\Demonoid\tbDem1.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll

O2 - BHO: Demonoid Toolbar - {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - C:\Program Files\Demonoid\tbDem1.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: TBSB01631 - {AC7BD467-1714-44D7-923E-04B20C14E50A} - C:\Program Files\FALCOM\FALCOM Arabic Toolbar\FalcomToolbarAr.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll

O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll

O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Demonoid Toolbar - {35b675b9-7f34-40df-8f49-5fab6b7e4aef} - C:\Program Files\Demonoid\tbDem1.dll

O4 - S-1-5-21-1060284298-1343024091-839522115-1003 Startup: IMTranslator.lnk = C:\Program Files\Smart Link\IMTrans\IMTrans.exe (User

O4 - Startup: IMTranslator.lnk = C:\Program Files\Smart Link\IMTrans\IMTrans.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

جهازي ممنوع من الاتصال والنسخ واللصق ولاقادر على استعادة النظام

thany_1

زيزوومي جديد

MAAX

عضوشرف

MAAX

عضوشرف

محمد عيدروس علي

زيزوومى فعال

توقيع : محمد عيدروس علي

thany_1

زيزوومي جديد

thany_1

زيزوومي جديد

MAAX

عضوشرف

thany_1

زيزوومي جديد

MAAX

عضوشرف

thany_1

زيزوومي جديد

MAAX

عضوشرف