مشكلة بجهازي هذي صورتها

[الازرق الجنوبي]

أخواني بارك الله فيكم عندي مشكلة ضهرت بجاهزي هذي صورتها

وكذلك اشتكي من بطىء بالجهاز توقف مفاجاي وتعليق عند الانتقال للصفحات.هذي الصورة وهذا تقرير الهاي جاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40:12 ص, on 10/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\basil net\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: delxp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)
--
End of file - 8496 bytes

 

[أعتز بك]

جرب شوف هذا الموضوع ورد خبر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وقم بعمل التالي


نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة

بعدها هايجاك جديد​

 

[الازرق الجنوبي]

ياهلا اخوي اعتز بك المعذره على التاخيرهذا تقرير الاداة...



بخصوص اللغة فانا معرب الوندوز بتعريب حملته من هنا

وخياراترات اللغة هي العربية

ComboFix 09-05-08.03 - basil net 05/10/2009 9:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.510.153 [GMT 3:00]
Running from: c:\documents and settings\basil net\My Documents\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\kakle.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.

2009-05-09 12:43 . 2009-04-27 12:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-09 12:43 . 2009-05-09 12:43 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-09 12:14 . 2009-05-09 12:44 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-08 08:48 . 2009-05-08 08:48 -------- d-----w c:\documents and settings\basil net\Application Data\TuneUp Software
2009-05-08 08:47 . 2009-05-08 08:47 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-08 08:47 . 2009-05-09 12:44 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-08 08:45 . 2009-05-08 08:45 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-06 15:06 . 2009-05-06 15:06 -------- d-----w c:\windows\Sun
2009-05-06 14:59 . 2009-05-06 14:59 -------- dc-h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-05-06 14:28 . 2004-01-10 22:17 45568 ----a-w c:\windows\system32\YM11AUTH.DLL
2009-05-06 13:39 . 2009-05-06 13:39 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-05-06 07:59 . 2006-11-06 12:30 262144 ----a-w c:\windows\system32\lame_enc.dll
2009-05-06 07:58 . 2009-05-06 07:58 -------- d-----w c:\program files\Ozone
2009-05-06 05:22 . 2009-05-06 05:22 -------- d-----w c:\program files\Real_SC
2009-05-05 16:42 . 2009-05-06 18:12 -------- d-----w c:\program files\Norton Security Scan
2009-05-05 13:34 . 2009-05-05 13:34 -------- d-----w c:\windows\system32\Adobe
2009-05-04 16:17 . 2009-05-04 16:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-04 16:17 . 2009-05-04 16:17 -------- d-----w c:\program files\Java
2009-05-03 23:47 . 2009-05-08 21:32 -------- d-----w c:\program files\Photo Story 3 for Windows
2009-05-03 22:48 . 2009-05-03 22:48 -------- d-----w c:\documents and settings\basil net\Application Data\Uniblue
2009-05-02 01:26 . 2009-05-02 01:26 -------- d-----w c:\program files\RelevantKnowledge
2009-05-02 01:00 . 2005-05-26 17:00 403968 ----a-w c:\windows\system32\NCTWMAFile2.dll
2009-05-02 01:00 . 2005-02-24 17:11 479232 ----a-w c:\windows\system32\NCTAudioVisualization2.dll
2009-05-02 01:00 . 2005-03-10 21:00 454656 ----a-w c:\windows\system32\NCTAudioRecord2.dll
2009-05-02 01:00 . 2005-06-01 17:11 877568 ----a-w c:\windows\system32\NCTAudioFile2.dll
2009-05-02 01:00 . 2003-03-19 16:03 544768 ----a-w c:\windows\system32\msvcr71d.dll
2009-05-02 01:00 . 2009-05-02 01:00 -------- d-----w c:\program files\Fox Audio Recorder
2009-05-01 08:15 . 2009-05-01 08:18 -------- d-----w c:\program files\MP3Resizer
2009-04-28 19:09 . 2009-04-28 20:00 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-28 19:08 . 2009-04-29 01:32 -------- d-----w c:\program files\RM to MP3 Converter
2009-04-28 09:19 . 2009-04-28 09:19 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-27 06:11 . 2009-05-05 12:44 -------- d-----w c:\program files\Common Files\delet
2009-04-25 09:17 . 2004-01-27 22:24 991232 ----a-w c:\windows\system32\W22MLRES.dll
2009-04-25 09:11 . 2004-01-27 22:23 344064 ----a-w c:\windows\system32\w22NCPA.dll
2009-04-25 09:11 . 2004-03-08 15:43 1657344 ----a-w c:\windows\system32\drivers\w22n51.sys
2009-04-23 01:27 . 2009-04-23 01:27 -------- d-----w c:\documents and settings\basil net\Application Data\ZoomBrowser EX
2009-04-23 01:20 . 2009-04-23 01:20 -------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-04-23 01:20 . 2009-04-23 01:21 -------- d-----w c:\program files\Canon
2009-04-23 01:18 . 2009-04-23 01:18 -------- d-----w c:\program files\Common Files\Canon
2009-04-23 00:01 . 2009-04-27 21:07 -------- d-----w c:\documents and settings\basil net\Local Settings\Application Data\WMTools Downloaded Files
2009-04-22 13:22 . 2009-04-22 13:22 -------- d-----w C:\Temp
2009-04-22 13:13 . 2009-04-22 13:13 -------- d-----w c:\program files\Xilisoft
2009-04-20 22:33 . 2009-04-20 22:33 -------- d-----w c:\documents and settings\basil net\Application Data\Apple Computer
2009-04-20 20:30 . 2001-10-19 12:40 438608 ----a-w c:\windows\system32\wmv8dmod.dll
2009-04-20 20:30 . 2001-10-19 12:40 665424 ----a-w c:\windows\system32\wmv8dmoe.dll
2009-04-20 20:30 . 2002-10-09 10:21 566272 ----a-w c:\windows\system32\wmvdmoe.dll
2009-04-20 20:30 . 2001-10-19 12:40 1683792 ----a-w c:\windows\system32\wmvcore2.dll
2009-04-20 20:18 . 2009-05-10 05:57 -------- d-----w c:\program files\Sony
2009-04-20 18:48 . 2009-04-20 18:48 -------- d-----w c:\documents and settings\basil net\Application Data\Sony
2009-04-20 18:48 . 2009-04-20 18:48 -------- d-----w c:\documents and settings\basil net\Local Settings\Application Data\Sony
2009-04-20 18:43 . 2009-05-09 19:41 -------- d-----w c:\program files\Sony Setup
2009-04-19 11:54 . 2009-04-19 11:54 -------- d-----w c:\documents and settings\basil net\Application Data\FastStone
2009-04-19 11:54 . 2009-04-19 11:54 -------- d-----w c:\program files\FastStone Image Viewer
2009-04-19 09:48 . 2009-04-19 09:48 -------- d-----w c:\documents and settings\basil net\Local Settings\Application Data\Apple
2009-04-19 09:47 . 2009-04-19 09:47 -------- d-----w c:\program files\Apple Software Update
2009-04-19 09:47 . 2009-04-19 09:47 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-19 09:47 . 2009-04-19 09:47 -------- d-----w c:\documents and settings\basil net\Local Settings\Application Data\Apple Computer
2009-04-17 23:28 . 2009-04-17 23:28 -------- d-----w c:\documents and settings\basil net\Application Data\CyberScrub
2009-04-17 23:28 . 2009-04-23 23:31 -------- d-----w c:\documents and settings\basil net\Application Data\cleaner
2009-04-17 15:59 . 2009-04-17 15:59 -------- d-----w c:\documents and settings\basil net\Application Data\Windows Search
2009-04-17 13:10 . 2009-04-17 13:11 -------- d-----w c:\program files\Acoustica MP3 Audio Mixer
2009-04-17 10:29 . 2009-04-03 18:18 33256 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-04-17 01:10 . 2009-05-10 06:28 -------- d-----w c:\documents and settings\basil net\Tracing
2009-04-16 23:59 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 23:59 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 23:59 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 23:59 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 23:59 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 23:59 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 23:59 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 23:59 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 23:59 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 23:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 23:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 15:34 . 2009-04-16 16:07 -------- d-----w c:\windows\BDOSCAN8
2009-04-16 04:08 . 2009-05-09 21:28 -------- d-----w c:\documents and settings\basil net\Application Data\QuickScan
2009-04-15 18:12 . 2009-04-15 18:12 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-15 07:55 . 2008-06-21 15:54 11779 ----a-w c:\windows\REGTWEAK.REG
2009-04-14 10:45 . 2001-08-17 19:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-14 10:45 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-14 10:45 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-14 10:45 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-04-13 20:18 . 2009-04-13 20:18 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-13 19:10 . 2009-04-13 19:10 -------- d-----w c:\windows\system32\XPSViewer
2009-04-13 19:10 . 2009-04-13 19:10 -------- d-----w c:\program files\MSBuild
2009-04-13 19:09 . 2009-04-13 19:09 -------- d-----w c:\program files\Reference Assemblies
2009-04-13 19:08 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-13 19:08 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-13 19:08 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-13 19:08 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-13 19:08 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-13 19:08 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-13 19:08 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-13 19:08 . 2009-04-13 19:09 -------- d-----w C:\b6e3f98720f9e3ca75160572e99680
2009-04-13 17:43 . 2009-04-13 17:43 -------- d-----w c:\program files\Realtek
2009-04-13 17:43 . 2009-04-13 17:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 17:42 . 2008-08-25 13:17 528384 ----a-w c:\windows\RtlExUpd.dll
2009-04-13 17:42 . 2009-04-13 17:42 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 12:39 . 2009-04-13 16:57 -------- d-----w c:\documents and settings\basil net\Application Data\SlipStream
2009-04-12 19:25 . 2009-04-12 19:25 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2009-04-12 19:25 . 2009-04-25 08:28 -------- d-----w c:\documents and settings\متعب\Application Data\Intel
2009-04-12 19:25 . 2009-04-25 08:28 -------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2009-04-12 19:25 . 2009-04-25 08:28 -------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2009-04-12 19:25 . 2009-04-25 08:28 -------- d-----w c:\documents and settings\basil net\Application Data\Intel
2009-04-12 19:24 . 2009-04-25 08:28 -------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-04-12 17:40 . 2009-04-12 17:46 -------- d-----w c:\program files\ma-config.com
2009-04-12 17:40 . 2009-04-12 17:46 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-04-12 10:05 . 2009-04-12 10:05 -------- d-----w c:\program files\MSECache
2009-04-11 00:29 . 2009-04-11 00:29 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-04-11 00:23 . 2009-04-19 11:54 -------- d-----w c:\documents and settings\basil net\Local Settings\Application Data\Adobe
2009-04-11 00:19 . 2009-04-11 00:20 -------- d-----w c:\program files\FAHESS
2009-04-10 23:25 . 2009-04-25 09:39 -------- d-----w c:\documents and settings\basil net\Application Data\Motive
2009-04-10 23:24 . 2009-04-10 23:24 -------- d-----w c:\program files\Fahess_Activation
2009-04-10 23:23 . 2009-04-10 23:24 -------- d-----w c:\program files\Common Files\Motive
2009-04-10 23:22 . 2009-04-10 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-04-10 21:30 . 2009-04-10 21:30 132 ----a-w c:\documents and settings\basil net\Local Settings\Application Data\fusioncache.dat
2009-04-10 21:30 . 2009-04-10 21:35 -------- d-----w c:\documents and settings\basil net\Local Settings\Application Data\ApplicationHistory
2009-04-10 20:34 . 2009-04-17 01:05 -------- d-----w c:\program files\Microsoft
2009-04-10 20:34 . 2009-04-10 20:34 -------- d-----w c:\documents and settings\basil net\Local Settings\Application Data\Identities
2009-04-10 20:33 . 2009-04-23 01:23 -------- d-----w c:\program files\Windows Desktop Search
2009-04-10 20:33 . 2009-04-10 20:33 -------- d-----w c:\windows\system32\GroupPolicy
2009-04-10 20:33 . 2008-03-07 17:02 29696 -c----w c:\windows\system32\dllcache\mimefilt.dll
2009-04-10 20:33 . 2008-03-07 17:02 98304 -c----w c:\windows\system32\dllcache\nlhtml.dll
2009-04-10 20:33 . 2008-03-07 17:02 192000 -c----w c:\windows\system32\dllcache\offfilt.dll
2009-04-10 20:32 . 2009-04-10 20:32 -------- d-----w c:\program files\Windows Media Connect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 06:26 . 2009-04-10 11:44 5052 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-10 06:26 . 2009-04-10 11:44 36300 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-06 08:02 . 2009-04-08 20:19 98304 ----a-w c:\windows\system32\viscomtran.dll
2009-05-06 05:23 . 2009-04-06 18:14 1986560 ----a-w c:\windows\system32\akll.dll
2009-05-06 05:23 . 2009-04-06 18:14 196608 ----a-w c:\windows\system32\maag.dll
2009-05-06 05:23 . 2009-04-06 18:14 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-28 12:10 . 2009-04-06 19:03 -------- d-----w c:\program files\Hotspot Shield
2009-04-25 08:28 . 2009-04-09 10:56 -------- d-----w c:\program files\Common Files\Intel
2009-04-25 08:28 . 2009-04-09 10:54 -------- d-----w c:\program files\Intel
2009-04-25 06:55 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\435ZH7Z1.DAT
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\H7NB7LV1.DAT
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\DVNZBZNN.DAT
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\2ZPV3XRX.DAT
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\MK24OJTV.DAT
2009-04-24 08:46 . 2009-04-08 18:40 -------- d-----w c:\program files\Folder Lock
2009-04-19 12:43 . 2009-04-06 18:34 -------- d-----w c:\program files\Common Files\Adobe
2009-04-17 19:01 . 2009-04-06 17:41 74168 ----a-w c:\documents and settings\basil net\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 01:08 . 2009-04-06 19:04 -------- d-----w c:\program files\Windows Live
2009-04-10 11:44 . 2009-04-09 11:48 -------- d-----w c:\program files\Kaspersky Lab
2009-04-09 10:56 . 2009-04-09 10:56 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-08 20:22 . 2009-04-08 20:19 344064 ----a-w c:\windows\system32\dkll.dll
2009-04-08 18:40 . 2009-04-08 18:40 35363 ----a-w c:\windows\system32\windrvNT.sys
2009-04-07 19:09 . 2009-04-07 19:09 203776 ----a-w c:\windows\system32\clrviddc.dll
2009-04-07 18:53 . 2009-04-07 18:53 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-07 18:33 . 2009-04-07 18:33 -------- d-----w c:\program files\IEPro
2009-04-07 18:20 . 2009-04-07 18:20 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-07 18:20 . 2009-04-07 18:08 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-07 18:11 . 2009-04-06 18:18 -------- d-----w c:\program files\MSN Messenger
2009-04-07 17:16 . 2009-04-07 17:16 -------- d-----w c:\program files\Common Files\xing shared
2009-04-07 17:15 . 2009-04-06 18:12 -------- d-----w c:\program files\Common Files\Real
2009-04-07 17:14 . 2009-04-06 18:12 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-07 17:14 . 2009-04-06 18:10 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-07 17:13 . 2009-04-06 17:33 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-07 00:50 . 2009-04-07 00:35 592 ----a-w c:\windows\chgkey.vbs
2009-04-06 20:42 . 2009-04-06 20:42 0 ----a-w c:\windows\nsreg.dat
2009-04-06 20:20 . 2009-04-06 19:04 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-06 18:53 . 2009-04-06 18:53 -------- d-----w c:\program files\WIDCOMM
2009-04-06 18:43 . 2009-04-06 18:43 -------- d-----w c:\program files\Microsoft.NET
2009-04-06 18:43 . 2009-04-06 18:43 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-06 18:13 . 2009-04-06 18:13 -------- d-----w c:\program files\VideoLAN
2009-04-06 18:12 . 2009-04-06 18:12 -------- d-----w c:\program files\Real
2009-04-06 18:11 . 2009-04-06 18:11 2232 ----a-w c:\windows\java\Packages\Data\JZ5VXVV1.DAT
2009-04-06 18:11 . 2009-04-06 18:11 155995 ----a-w c:\windows\java\Packages\N13HF13T.ZIP
2009-04-06 18:10 . 2009-04-06 18:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-06 18:08 . 2009-04-06 18:08 -------- d-----w c:\program files\Nero
2009-04-06 18:06 . 2009-04-06 18:06 -------- d-----w c:\program files\AVG
2009-04-06 18:04 . 2009-04-06 18:04 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-06 18:04 . 2009-04-06 18:04 172032 ------w c:\windows\Setup1.exe
2009-04-06 18:04 . 2009-04-06 18:04 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-06 17:34 . 2009-04-06 17:34 -------- d-----w c:\program files\microsoft frontpage
2009-04-06 17:33 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-06 17:30 . 2009-04-06 17:30 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-29 17:29 . 2009-04-06 17:44 67584 ----a-r c:\windows\system32\drivers\tifm21.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-27 04:29 . 2009-02-27 04:29 204800 ----a-w c:\windows\system32\NetProvCredMan(2).dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-28 12:04 332776 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="c:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-26 118784]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-10 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-07 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\basil net\Start Menu\Programs\Startup\
delxp.exe [2007-11-26 130982]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"INetBooster"=c:\program files\SoftwareClub.ws\SC Net Speed Booster\ISpBos.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FAHESS_McciTrayApp"=c:\program files\FAHESS\McciTrayApp.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [06/04/2009 11:22 م 6784]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [22/04/2009 04:12 ص 328752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [09/05/2009 03:14 م 604416]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [17/04/2009 01:29 م 33256]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 24592]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [06/04/2009 11:22 م 16000]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [06/04/2009 08:49 م 987648]
R3 VSTHWICH;VSTHWICH;c:\windows\system32\drivers\VSTICH3.SYS [06/04/2009 08:49 م 242176]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [23/04/2009 12:34 ص 34352]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 ص 216232]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0676CE18-9B5E-3DB3-E313-6BA337B14FE2}]
c:\docume~1\BASILN~1\LOCALS~1\Temp\hr.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-05-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]

2009-05-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]

2009-05-10 c:\windows\Tasks\الصيانة بنقرة واحدة.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}\components\SDIIntegrator.dll
FF - component: c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-10 09:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-10 9:39
ComboFix-quarantined-files.txt 2009-05-10 06:39
ComboFix2.txt 2009-05-02 14:29

Pre-Run: 48,401,686,528 bytes free
Post-Run: 48,385,646,592 bytes free

328 --- E O F --- 2009-04-29 18:02
+++++++++++++++++++++++++++++++++++++++++++++++++++++

وهذا تقرير الهاي جاك بعد فحص الجهاز.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:39:53 ص, on 10/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\basil net\Desktop\Zyzoom_HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: delxp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

--
End of file - 8121 bytes

 

[format]

O4 - Startup: delxp.exe

احذفها فقط للطمائنان

 

[format]

انا اسف هذا التقرير الاول الي فوق خلينا اشوف بد الفحص الثاني

 

[format]

O4 - Startup: delxp.exe


احذفها زي ماحكيت اول مره نفسه

تحياتي جهازك سليم مافيه الا العافيه ^_^

 

[الازرق الجنوبي]

O4 - Startup: delxp.exe

احذفها فقط للطمائنان

مرحبا اخوي format

هذي اداة انا محملها من الموقع لأخونا البرونز ي موضوع تنضيف مخلفات الوندوز

اذا مسببة مشاكل راح احذفا ماهناك مشكلة...

كذلك الاحظ تعلييق عند كتابة موضوع او عند فتح ملفات بالجهاز

 

[الازرق الجنوبي]

تسلم اخوي فورمات طمنتني الله يطمن قلبك وتم حذف الاداة ...

طيب اخوي اذا ماعليك امر انا ملاحظ ان الماسنجر بيستهلك كثير بالتشغيل وعند فحص التقرير بموقع الهاي جاك كاني قريت انه يجيب التشيك من الفيروس مع اني محمل المسن من الموقع الرسمي

ولك وافر التحيا

 

[format]

تسلم اخوي فورمات طمنتني الله يطمن قلبك وتم حذف الاداة ...

طيب اخوي اذا ماعليك امر انا ملاحظ ان الماسنجر بيستهلك كثير بالتشغيل وعند فحص التقرير بموقع الهاي جاك كاني قريت انه يجيب التشيك من الفيروس مع اني محمل المسن من الموقع الرسمي 

ولك وافر التحيا

لا عادي واجبنا

امابنسبه اذا كان عندك الايميل بيفتح في بدء التشغيل هذا امر طبيعي او انا (افهمت منك غلط )؟

ان شاءالله تكون انحلت مشكلتك​

 

[الازرق الجنوبي]

تسلم والله اخوي فورمات فعلا المسن بيشتغل مع بداية التشغيل...

لكن لازالت مشكلة التعليق او التهنيق كما هو الدارج موجوده

والف شكرعلى الاهتمام وهذا العشم فيكم اخواني

 

[format]

بالنسبه للتعليق جرب الاوامر هذه

3- Start >>> Run >>>
إكتب
C:\Windows\System32\dllcache
إمسح كل اللى فى الفولدر ده ... كله
4- Start >>> Run >>>
إكتب
C:\WINDOWS\SoftwareDistribution\Download
إمسح كل اللى فى الفولدر ده
5- Start >>> Run >>>
إكتب
prefetch
إمسح كل اللى فى الفولدر ده
6- Start >>> Run >>>
إكتب
temp
إمسح كل اللى فى الفولدر ده
7- Start >>> Run >>>
إكتب
recent
إمسح كل اللى فى الفولدر ده

وهذا
%tmp%
​

 

[format]

ثم عيد التشغيل وشوف نفس التعليق ولا اخف ^_^

يالله في امان الله