مشكله اعاده تشغيل الجهاز

[متزعم شغب الشوارع]

السلام عليكم ورحمه الله
الله يعطيك العافيه انا عندي مشكله وهي اعاده تشغيل الجهاز
اول مااشغل الجهاز وبعدها تطلع لي شاشه الويندوز السوده يرجع ويعيد التشغيل
ولما اشغله على الوضع الامن واروح للقرص شي وبعدين خصائص وبعدين خصائص بعدين تدقيق الاخطأء وبعد مااحدد الخيارات الي بالتدقيق اعيد التشغيل وبعدها يدقق في الاخطاء ولما يخلص من التدقيق يشتغل الجهاز طبيعي
ابغى اعرف وش المشكله وحلها الله لايهينكم

 

[KoNaMi]

يعني الحين يالغلا كل شوي تسوي ها الخطوة عشان مايعيد التشغيل ؟؟؟

ممكن تفصل اكثر .. :q:
​

 

[متزعم شغب الشوارع]

اي والله كل هذا الي ذكرته اسويه عشان مايعد التشغيل
شوف اول مااشغل الجهاز تجي الشاشه السوده الي مكتوب فيها ويندوز اكس بي
بعدها المفروض الجهاز يشتغل ويحمل البرامج
هو مايشتغل يرجع يعيد التشغيل انا اقوم اشغله على الوضع الامن واسوي الي ذكرته فوق
عشان لما تجي شاشه الويندوز السوده يشتغل الجهاز مايعيد التشغيل

 

[KoNaMi]

طيب يالغلا اعمل الاتي


تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
​

 

[متزعم شغب الشوارع]

اخوي الرابط الي عطتيني يحولني على الموقع تأكد من الرابط

 

[KoNaMi]

هذا رابط اخر يالغلا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[متزعم شغب الشوارع]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:18:00 ص, on 24/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\WLTRYSVC.EXE
C:\windows\System32\bcmwltry.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\windows\system32\crypserv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\Explorer.EXE
C:\windows\stsystra.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\windows\V0330Mon.exe
C:\Documents and Settings\winxp\My Documents\Downloads\Programs\zyzoom_hijackthis_1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.71.37.130:8080
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dupe amok gram atom] C:\Documents and Settings\All Users\Application Data\Once Dog Dupe Amok\Curb road.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [V0330Mon.exe] C:\windows\V0330Mon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [user gpl] C:\DOCUME~1\winxp\APPLIC~1\COOLJU~1\lite nurb stop.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: أضافة إلى مضاد الأعلان - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\windows\System32\WLTRYSVC.EXE
--
End of file - 10397 bytes

 

[KoNaMi]

الحين اعمل الاتي


عطل جميع برامج الحمايه
​

نزل هذه الاداة
​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة​

 

[متزعم شغب الشوارع]

ComboFix 09-04-23.A3 - winxp 04/24/2009 2:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.502.223 [GMT 3:00]
Running from: c:\documents and settings\winxp\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
c:\windows\system32\tmp.reg
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.
2009-04-23 17:47 . 2004-08-04 01:07 46592 -c--a-w c:\windows\system32\dllcache\coadmin.dll
2009-04-23 17:47 . 2004-08-04 01:07 290816 -c--a-w c:\windows\system32\dllcache\adsiis51.dll
2009-04-23 17:47 . 2004-08-04 01:07 43520 -c--a-w c:\windows\system32\dllcache\admwprox.dll
2009-04-23 17:46 . 2004-08-04 01:07 76288 -c--a-w c:\windows\system32\dllcache\cnfgprts.ocx
2009-04-23 17:46 . 2004-08-04 01:07 275968 -c--a-w c:\windows\system32\dllcache\certwiz.ocx
2009-04-23 17:46 . 2004-08-04 01:07 94720 -c--a-w c:\windows\system32\dllcache\certmap.ocx
2009-04-23 16:48 . 2004-08-03 21:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-23 16:48 . 2001-08-17 19:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-23 16:46 . 2004-08-03 19:29 12127 -c--a-w c:\windows\system32\dllcache\wadv02nt.sys
2009-04-23 16:45 . 2004-08-03 20:00 149376 -c--a-w c:\windows\system32\dllcache\tffsport.sys
2009-04-23 16:44 . 2004-08-03 21:56 73796 -c--a-w c:\windows\system32\dllcache\slserv.exe
2009-04-23 16:43 . 2004-08-03 19:31 20992 -c--a-w c:\windows\system32\dllcache\rtl8139.sys
2009-04-23 16:42 . 2001-08-17 09:12 26153 -c--a-w c:\windows\system32\dllcache\pcmlm56.sys
2009-04-23 16:41 . 2001-08-17 19:36 7168 -c--a-w c:\windows\system32\dllcache\mxport.dll
2009-04-23 16:40 . 2001-08-17 09:12 164586 -c--a-w c:\windows\system32\dllcache\mdgndis5.sys
2009-04-23 16:39 . 2001-08-17 09:12 45632 -c--a-w c:\windows\system32\dllcache\ip5515.sys
2009-04-23 16:38 . 2001-08-17 10:28 199711 -c--a-w c:\windows\system32\dllcache\hsf_faxx.sys
2009-04-23 16:37 . 2001-08-17 09:13 27165 -c--a-w c:\windows\system32\dllcache\fetnd5.sys
2009-04-23 16:36 . 2004-08-03 21:56 20992 -c--a-w c:\windows\system32\dllcache\dshowext.ax
2009-04-23 16:35 . 2001-08-17 19:36 28672 -c--a-w c:\windows\system32\dllcache\cyycoins.dll
2009-04-23 16:34 . 2001-09-19 12:00 66594 -c--a-w c:\windows\system32\dllcache\c_858.nls
2009-04-23 16:33 . 2004-08-03 21:56 516768 -c--a-w c:\windows\system32\dllcache\ativvaxx.dll
2009-04-23 16:32 . 2001-08-17 19:37 24576 -c--a-w c:\windows\system32\dllcache\agcgauge.ax
2009-04-23 16:31 . 2001-08-17 11:56 66048 -c--a-w c:\windows\system32\dllcache\s3legacy.dll
2009-04-22 23:22 . 2007-07-24 10:02 5372 -c--a-r c:\windows\VF0330.uns
2009-04-22 23:22 . 2006-09-19 05:56 57656 -c--a-r c:\windows\system32\V0330PC.bmp
2009-04-22 23:22 . 2006-08-28 06:22 188891 -c--a-r c:\windows\system32\V0330Cvw.bff
2009-04-18 10:09 . 2009-04-18 16:11 -------- dc----w c:\windows\CtDrvInstall
2009-04-18 09:47 . 2009-04-18 09:47 -------- dc----w C:\Live! Cam
2009-04-17 10:36 . 2009-02-06 17:24 2180480 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-17 10:35 . 2009-02-06 16:49 2057728 -c--a-w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-15 23:32 . 2009-04-15 23:32 -------- dc----w c:\windows\NU_DATA
2009-04-14 23:15 . 2009-04-14 23:19 -------- dc----w c:\documents and settings\All Users\Application Data\Creative
2009-04-14 23:05 . 2006-10-05 14:17 53248 -c----w c:\windows\Ctregrun.exe
2009-04-14 23:05 . 2003-06-12 20:25 7062 -c--a-w c:\windows\system32\audiopid.vxd
2009-04-14 22:08 . 2007-06-14 01:52 90112 -c--a-r c:\windows\CtDrvIns.exe
2009-03-30 20:07 . 2009-04-23 12:37 551424 -c--a-w c:\windows\system32\agsaame.dll
2009-03-30 20:07 . 2009-04-23 12:37 403968 -c--a-w c:\windows\system32\ALOWMAFile2.dll
2009-03-30 20:07 . 2009-04-23 12:37 495104 -c--a-w c:\windows\system32\ALOVideoCoreM.dll
2009-03-30 20:07 . 2009-04-23 12:37 249856 -c--a-w c:\windows\system32\ALOQuickTimeFile.dll
2009-03-30 20:07 . 2009-04-23 12:37 877568 -c--a-w c:\windows\system32\ALOAudioFile2.dll
2009-03-30 20:07 . 2009-04-23 12:37 382464 -c--a-w c:\windows\system32\ALOAVIFile.dll
2009-03-30 20:06 . 2009-04-23 12:37 452608 -c--a-w c:\windows\system32\videoformat.dll
2009-03-30 20:06 . 2009-04-23 12:37 19456 -c--a-w c:\windows\system32\videocore.dll
2009-03-29 13:46 . 2009-03-29 13:46 -------- dc----w c:\documents and settings\winxp\Application Data\PC Suite
2009-03-29 13:43 . 2007-09-17 12:53 21632 -c--a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-03-29 13:34 . 2009-03-29 13:34 207432 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-29 13:30 . 2009-03-29 13:30 -------- dc----w c:\windows\system32\XPSViewer
2009-03-29 13:27 . 2006-06-29 10:07 14048 -c----w c:\windows\system32\spmsg2.dll
2009-03-28 14:51 . 2009-03-28 14:58 -------- dc----w c:\documents and settings\winxp\Application Data\Smart PC Solutions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 23:32 . 2008-03-09 18:19 117675296 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 23:32 . 2008-03-09 18:19 4187424 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-23 23:29 . 2007-10-09 16:00 -------- dc----w c:\documents and settings\winxp\Application Data\DMCache
2009-04-23 22:20 . 2007-04-15 10:34 -------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-23 16:49 . 2008-03-09 18:19 398144 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-23 16:49 . 2008-03-09 18:19 1579292 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 12:38 . 2008-05-26 06:08 81920 -c--a-w c:\windows\system32\viscomwave.dll
2009-04-23 12:38 . 2008-05-26 06:08 98304 -c--a-w c:\windows\system32\viscomtran.dll
2009-04-23 12:38 . 2008-05-26 06:08 48640 -c--a-w c:\windows\system32\viscomsamplerate.dll
2009-04-23 12:38 . 2008-05-26 06:08 118784 -c--a-w c:\windows\system32\viscomrmenc.dll
2009-04-23 12:38 . 2008-05-26 06:08 602112 -c--a-w c:\windows\system32\viscomqtde.dll
2009-04-23 12:38 . 2008-05-26 06:08 147456 -c--a-w c:\windows\system32\viscomqtenc.dll
2009-04-23 12:38 . 2008-05-26 06:08 1470464 -c--a-w c:\windows\system32\viscomm4aenc.dll
2009-04-23 12:38 . 2008-05-26 06:08 86016 -c--a-w c:\windows\system32\viscomframe.dll
2009-04-23 12:38 . 2008-05-26 06:08 1462272 -c--a-w c:\windows\system32\viscomflvenc.dll
2009-04-23 12:38 . 2007-02-12 22:25 2846720 -c--a-w c:\windows\system32\agsaamj.dll
2009-04-17 20:58 . 2007-02-12 23:23 -------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-17 14:05 . 2009-04-17 11:10 -------- dc----w c:\program files\Unlocker
2009-04-17 10:53 . 2007-09-10 21:40 -------- dc----w c:\program files\LeapFTP
2009-04-15 00:05 . 2007-02-12 22:18 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-04-15 00:03 . 2008-03-03 22:26 -------- dc----w c:\documents and settings\winxp\Application Data\Creative
2009-04-14 23:58 . 2007-09-26 09:18 -------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 23:54 . 2008-03-09 15:50 -------- dc----w c:\program files\Your Uninstaller 2008
2009-04-14 23:18 . 2007-02-13 00:11 -------- dc----w c:\program files\Dell
2009-04-12 15:08 . 2007-03-07 04:21 -------- dc----w c:\program files\MSN Messenger
2009-04-10 20:32 . 2008-05-25 23:54 -------- dc----w c:\program files\Messenger Plus! Live
2009-04-03 20:31 . 2008-11-07 19:51 -------- dc----w c:\documents and settings\winxp\Application Data\IDM
2009-04-03 20:21 . 2009-04-03 20:20 6318 -c--a-w c:\program files\un_Internet Download Manager_16575.txt
2009-04-03 20:21 . 2008-11-07 19:51 -------- dc----w c:\program files\Internet Download Manager
2009-03-31 02:12 . 2007-02-12 22:27 -------- dc----w c:\program files\Google
2009-03-30 12:27 . 2009-03-30 12:27 -------- dc----w c:\program files\Trend Micro
2009-03-30 09:02 . 2009-03-30 09:02 -------- dc----w c:\program files\MSXML 6.0
2009-03-30 07:27 . 2009-03-30 07:01 -------- dc----w c:\program files\RegCure
2009-03-30 07:16 . 2008-07-15 01:10 -------- dc----w c:\program files\Zend
2009-03-30 07:16 . 2007-02-13 00:31 -------- dc----w c:\program files\Modem Helper
2009-03-30 07:16 . 2007-02-12 22:27 -------- dc----w c:\program files\DivX
2009-03-29 13:43 . 2007-02-13 00:17 -------- dc----w c:\program files\DIFX
2009-03-29 13:43 . 2009-03-29 13:43 -------- dc----w c:\program files\PC Connectivity Solution
2009-03-29 13:39 . 2007-02-12 22:05 106072 -c--a-w c:\documents and settings\winxp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-29 13:34 . 2007-02-12 23:31 -------- dc----w c:\program files\MSBuild
2009-03-29 13:29 . 2009-03-29 13:29 -------- dc----w c:\program files\Reference Assemblies
2009-03-17 02:47 . 2007-08-23 23:43 -------- dc----w c:\program files\Common Files\Adobe
2009-03-17 02:25 . 2009-03-17 02:25 -------- dc----w c:\program files\ONH1986
2009-03-13 00:15 . 2009-03-13 00:14 -------- dc----w c:\program files\IP Address Shield
2009-03-09 17:19 . 2009-03-09 17:19 -------- dc----w c:\program files\Common Files\xing shared
2009-03-09 17:19 . 2007-02-12 22:30 -------- dc----w c:\program files\Common Files\Real
2009-03-06 14:44 . 2004-08-03 21:56 283648 -c--a-w c:\windows\system32\pdh.dll
2009-03-05 01:09 . 2008-08-19 05:03 -------- dc----w c:\program files\PhotoZoom Pro 2
2009-03-05 00:11 . 2009-03-05 00:11 -------- dc----w c:\program files\STOIK Imaging
2009-03-04 23:23 . 2008-07-18 03:22 -------- dc----w c:\program files\CEDP Stealer 6.0 for Messenger
2009-02-28 14:16 . 2008-01-28 02:13 -------- dc----w c:\program files\AdVantage
2009-02-27 20:09 . 2009-02-27 19:21 -------- dc----w c:\program files\RM Converter
2009-02-27 19:15 . 2009-02-27 15:47 -------- dc----w c:\program files\RM to MP3 Converter
2009-02-26 22:55 . 2008-04-14 01:49 -------- dc----w c:\program files\Folder Lock
2009-02-20 08:14 . 2004-08-03 21:56 668160 -c--a-w c:\windows\system32\wininet.dll
2009-02-20 08:14 . 2004-08-03 21:56 81920 -c--a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2004-08-03 21:56 399360 -c--a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-03 21:56 723456 -c--a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-03 21:56 616960 -c--a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-03 21:56 714752 -c--a-w c:\windows\system32\ntdll.dll
2009-02-09 10:19 . 2004-08-03 20:17 1846272 -c--a-w c:\windows\system32\win32k.sys
2009-02-06 17:22 . 2004-08-03 20:18 2136064 -c--a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2004-08-03 21:56 110592 -c--a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-08-23 11:00 35328 -c--a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-03 22:59 2015744 -c--a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 15:52 . 2009-02-06 15:52 49504 -c--a-w c:\windows\system32\sirenacm.dll
2009-02-03 20:08 . 2004-08-03 21:56 55808 -c--a-w c:\windows\system32\secur32.dll
2008-09-28 19:00 . 2009-04-03 20:20 439440 -c--a-w c:\program files\un_Internet Download Manager_16575.exe
2008-03-09 07:16 . 2008-03-09 07:16 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-03-27 171448]
"user gpl"="c:\docume~1\winxp\APPLIC~1\COOLJU~1\lite nurb stop.exe" [2009-04-10 659456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"dupe amok gram atom"="c:\documents and settings\All Users\Application Data\Once Dog Dupe Amok\Curb road.exe" [2009-04-23 831488]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-04 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-09 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624]
"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2003-11-24 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-25 622653]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^winxp^Start Menu^Programs^Startup^Internet Download Manager.lnk]
path=c:\documents and settings\winxp\Start Menu\Programs\Startup\Internet Download Manager.lnk
backup=c:\windows\pss\Internet Download Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
R3 CAM1210;SM0121 USB 2.0 Video Camera;c:\windows\system32\Drivers\cam1210.sys [2006-07-25 89856]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys [2003-12-12 911488]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\DRIVERS\V0330Vid.sys [2007-08-08 157696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb4aeb64-572b-11dc-b371-00197dfd49d6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-23 c:\windows\Tasks\AD631A6590E492E5.job
- c:\docume~1\winxp\applic~1\coolju~1\Downloadflawbore.exe [2009-02-06 17:36]
2009-04-21 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-23 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 07:25]
2009-04-23 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 07:25]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-CTSysVol - c:\program files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
HKLM-Run-CTDVDDET - c:\program files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 212.71.37.130:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: أضافة إلى مضاد الأعلان - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} - hxxp://qtr13.talkok.com/imscp/talkc38.cab
DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} - hxxp://74.53.69.70/cp/files/talk08.cab
DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} - hxxp://qtr13.talkok.com/imscp/talka.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://209.11.243.139/ReadUid.CAB
FF - ProfilePath - c:\documents and settings\winxp\Application Data\Mozilla\Firefox\Profiles\kaup30jw.default\
FF - prefs.js: browser.startup.homepage -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - component: c:\documents and settings\winxp\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-24 02:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1957994488-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="ba"
"b"="NOTEPAD.EXE"
[HKEY_USERS\S-1-5-21-1957994488-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithProgids]
"ctt‎_auto_file"=hex(0):
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5b,7d,13,aa,dc,2a,fb,2b,b0,fe,f0,ba,b7,03,88,98,df,ce,17,07,38,
54,d7,88,60,94,1a,48,0a,0a,53,7b,af,a1,87,2c,be,91,b1,31,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5fd1b36e-b722-49e0-919d-36c1d7b33325}]
@Denied: (Full) (Everyone)
"Model"=dword:00000061
"Therad"=dword:00000002
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,f9,06,c6,00,a2,
61,3b,d0,05,98,32,02,34,2b,da,61,c4,e7,19,69,15,f1,4d,24,09,c9,c8,e9,6b,2b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):13,63,96,e7,f0,d0,b4,ca,f1,a6,a6,28,30,47,05,69,f8,2e,74,83,c5,
1d,bf,13,f1,de,81,eb,a4,14,94,ea,6f,fe,ea,78,9d,80,1e,ef,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fe12d8bb-68de-4994-86c4-4d0b332f5e5a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000132
"Therad"=dword:0000000f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'lsass.exe'(868)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
Completion time: 2009-04-23 2:34
ComboFix-quarantined-files.txt 2009-04-23 23:34
Pre-Run: 11,970,387,968 bytes free
Post-Run: 12,036,247,552 bytes free
291 --- E O F --- 2009-04-23 11:16

 

[KoNaMi]

الحين اديني تقرير جديد للهاجيك ...
​

 

[متزعم شغب الشوارع]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:44:46 ص, on 24/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\WLTRYSVC.EXE
C:\windows\System32\bcmwltry.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\windows\system32\crypserv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\windows\V0330Mon.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\notepad.exe
C:\windows\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\winxp\My Documents\Downloads\Programs\zyzoom_hijackthis_1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.71.37.130:8080
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dupe amok gram atom] C:\Documents and Settings\All Users\Application Data\Once Dog Dupe Amok\Curb road.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [V0330Mon.exe] C:\windows\V0330Mon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [user gpl] C:\DOCUME~1\winxp\APPLIC~1\COOLJU~1\lite nurb stop.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: أضافة إلى مضاد الأعلان - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\windows\System32\WLTRYSVC.EXE
--
End of file - 10038 bytes

 

[KoNaMi]

احذف التالي يالغلا

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

طريقة الحذف للاكس بي​

​

​

​

​

​

وبعدين استخدم هذة الاداوت

التحميل من هنا​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

التوافق : ويندوز اكسبي فقط ​

​

شرح الاستخدام ,,,,,,​

​

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )​

​

​

​

​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

​

​

​

استخدم هذه الاداة للتنظيف

​

​

​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

​

​

وبعدين اعمل الاتي

حمل هذه الاداة من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد تنزيل الاداة دبل كلك ستظهر لديك مثل هذه النافذة خذ صورة لها وارفقها بردك القادم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

​

​

​

​

​

 

[متزعم شغب الشوارع]

 

[KoNaMi]

ازل علامة الصح عن الجميع ماعدا الكاسبر والبلوتوث واعيد التشغيل وبلغني بالنتائج ...
​

 

[متزعم شغب الشوارع]

مبدع انحلت المشكله
ماقصرت ياغالي وعسك على القوه