[ تم حل المشكله ] !!][ الحقوا علي يا زيزمييين مجلد داخل هارديسك ما يفتح معي وبه ملفات مهمة ][!!

M A S T I R · 15 مايو 2009

بسم الله الرحمن الرحيم

كيف حالكم يا اخواني واخواتي .... عسااااااكم طيبين ان شاء الله

ندخل في الموضوووع :er: :er: :er:

بصراحة انا عندي هارديسك خارجي وبه ملفاات مهمة جدا جدا جدا جدا

وفيه مجموعة من مجلدات البعض مفتوحة بدون اي مشاكل والبعض منها تطلع زي هالصووورة :er:

وبصراحة اقولكم انا دخلت في قائمة من الهارديسك حقي من هنا وعدلت بعض الأشيااء ممكن تكون السبب :q:

وهذا في الوضع الأمن

وفي حال نقل الملف لسطح المكتب مثلاً ....

طلبتكم يا زيزومييين .... الله لا يهينكم

ارجوا مساعدتكم في هذي لأنها ملفاااااااات مهمة جدا جدا وهي ماخذه اكبر حجم بالهارديسك :er:

اخوكم في الله MAST!R

M A S T I R · 15 مايو 2009

M A S T I R · 15 مايو 2009

يا شبااااااااب وينكم

7 مشاهدااات ولا رد

:no:

Demo-dash · 15 مايو 2009

حاول في فتح المجلد من الوضع الامن

M A S T I R · 15 مايو 2009

اشكرك اخوي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
بردت قلبي والله

لكن للأسف ما فتح معي

M A S T I R · 16 مايو 2009

في انتظاركم يا خبرائنا

Corporation · 16 مايو 2009

أخي أعد رفع الصور هنا ,, لأنها لم تظهر معي ,,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

M A S T I R · 16 مايو 2009

سم اخوي هذا الصووووووووووووور

في الوضع الآمن

M A S T I R · 16 مايو 2009

وينكم شبااااب صار لي يومين يالغالي ولا احد افادني

61 مشاهدة

KoNaMi · 16 مايو 2009

طيب يالغلاا جرب تنقلها على سطح المكتب وبعدين تفتحها ....

M A S T I R · 16 مايو 2009

للأسف أخوي تطلع لي هالصووورة

مع العلم اني متأكد انه فيه ملفات داخل المجلد وماخذة مكان مو سهل في الهارديسك حقي

KoNaMi · 16 مايو 2009

لاهنت يالغلاا ارفع الصورة مره ثانيه على مركز المنتدى

M A S T I R · 16 مايو 2009

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

في الوضع الآمن

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وفي حال نقل الملف لسطح المكتب مثلاً ....

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

M A S T I R · 16 مايو 2009

للاعلى

M A S T I R · 16 مايو 2009

تم رفع الصور في الرد الأول ... راجع اول صفحة :er:

انا في انتظاركم

AbOdy · 16 مايو 2009

يعطيكم العافية

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم

M A S T I R · 16 مايو 2009

هلابك اخوي AbOdy

سم هذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:07 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: 0016541234768723mcinstcleanup - - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c279602173ea) (gupdate1c9c279602173ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8762 bytes

AbOdy · 16 مايو 2009

هلا بك زود

اعمل التالي

اشبك الهاردسك الخارجي في الجهاز

ومن ثم شغل هذه الأداة

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

اثناء الفحص ممكن يعاد تشغيل الجهاز

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى

وعطني التقرير الي يطلع لك مع تقرير هايجاك جديد

M A S T I R · 16 مايو 2009

هذا التقرير تبع الكمبوفيكس

ComboFix 09-05-16.01 - MATR!X 05/16/2009 22:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1023.621 [GMT 3:00]
Running from: c:\documents and settings\MATR!X\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\KeenSense.sys
c:\windows\system32\drivers\ksdevice.sys
c:\windows\system32\kakle.dll
c:\windows\system32\Ultra.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
h:\$recycle.bin\S-1-5-21-1016925245-2501639311-3946762001-1000\$RS8B1QI.rar

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JIURLPORTHIDE
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 12:33 . 2009-05-16 12:33 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-15 00:04 . 2009-05-15 00:04 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-14 12:04 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-14 12:04 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-05-14 12:04 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-14 12:04 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-14 12:04 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-05-14 12:04 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-05-14 12:04 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll
2009-05-14 12:04 . 2009-04-02 13:21 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-14 12:04 . 2009-05-14 12:05 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-10 06:02 . 2009-05-10 06:02 -------- d-----w c:\documents and settings\MATR!X\Application Data\Desktopicon
2009-05-10 06:01 . 2009-05-10 06:01 -------- d-----w c:\program files\FormatFactory
2009-05-10 05:55 . 2009-05-10 05:55 -------- d-----w c:\program files\Common Files\Common Share
2009-05-04 01:42 . 2009-05-04 01:42 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-04 01:22 . 2009-05-04 01:22 -------- d-----w c:\program files\Bonjour
2009-05-04 01:08 . 2009-05-04 01:08 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-02 23:54 . 2009-05-03 00:29 -------- d-----w c:\documents and settings\MATR!X\Application Data\AOL
2009-05-02 10:11 . 2009-05-02 10:12 -------- d-----w c:\program files\Command & Conquer Tiberian sun Includ Firestorm
2009-05-02 09:49 . 2009-05-02 09:49 -------- d-----w c:\documents and settings\Limit.MATRIX\Application Data\ATI
2009-05-02 09:49 . 2009-05-02 09:49 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\ATI
2009-05-02 09:49 . 2009-05-02 09:49 135 ----a-w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\fusioncache.dat
2009-05-02 09:49 . 2009-05-02 10:08 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\ApplicationHistory
2009-05-01 20:06 . 2008-04-13 21:21 101120 -c--a-w c:\windows\system32\dllcache\bthpan.sys
2009-05-01 20:06 . 2008-04-13 21:21 101120 ----a-w c:\windows\system32\drivers\bthpan.sys
2009-05-01 20:06 . 2008-04-13 21:16 59136 -c--a-w c:\windows\system32\dllcache\rfcomm.sys
2009-05-01 20:06 . 2008-04-13 21:16 59136 ----a-w c:\windows\system32\drivers\rfcomm.sys
2009-05-01 20:06 . 2008-04-13 21:16 17024 -c--a-w c:\windows\system32\dllcache\bthenum.sys
2009-05-01 20:06 . 2008-04-13 21:16 17024 ----a-w c:\windows\system32\drivers\BthEnum.sys
2009-05-01 20:06 . 2008-04-14 02:41 28160 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-05-01 20:06 . 2008-04-14 02:41 28160 ----a-w c:\windows\system32\irmon.dll
2009-05-01 20:06 . 2008-04-14 02:42 151552 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-05-01 20:06 . 2008-04-14 02:42 151552 ----a-w c:\windows\system32\irftp.exe
2009-05-01 20:05 . 2008-04-14 02:42 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-05-01 20:05 . 2008-04-14 02:42 8192 ----a-w c:\windows\system32\wshirda.dll
2009-05-01 20:05 . 2008-04-13 21:16 18944 -c--a-w c:\windows\system32\dllcache\bthusb.sys
2009-05-01 20:05 . 2008-04-13 21:16 18944 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2009-05-01 09:38 . 2009-05-01 09:38 -------- d-----w c:\documents and settings\MATR!X\Local Settings\Application Data\AOL
2009-05-01 06:09 . 2009-05-01 06:09 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\AOL
2009-04-30 21:28 . 2009-04-30 21:28 -------- d-----w c:\program files\Viewpoint
2009-04-30 21:27 . 2009-04-30 21:27 -------- d-----w c:\program files\Common Files\Nullsoft
2009-04-30 21:23 . 2009-04-30 21:23 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-30 21:23 . 2009-05-03 00:32 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-30 21:05 . 2009-04-30 21:05 -------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-04-30 00:14 . 2009-04-30 00:14 -------- d-----w c:\program files\Ashampoo
2009-04-27 11:44 . 2009-04-27 11:44 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-27 02:03 . 2009-04-27 02:03 -------- d-----w c:\documents and settings\Limit.MATRIX\Application Data\PC Suite
2009-04-26 16:25 . 2009-04-27 17:58 64512 ---ha-w c:\documents and settings\MATR!X\Application Data\dach100.dll
2009-04-25 14:09 . 2009-04-25 14:09 -------- d-----w c:\documents and settings\Limit.MATRIX\Application Data\Apple Computer
2009-04-25 14:08 . 2009-04-25 14:08 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\Apple Computer
2009-04-25 14:02 . 2009-04-25 14:02 -------- d-----w c:\documents and settings\Limit.MATRIX\Application Data\Winamp
2009-04-25 13:57 . 2009-04-25 13:57 -------- d-sh--w c:\documents and settings\Limit.MATRIX\PrivacIE
2009-04-25 13:55 . 2009-05-01 06:37 -------- d-----w c:\documents and settings\Limit.MATRIX\Contacts
2009-04-25 13:54 . 2009-05-14 14:07 470248 ----a-w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 13:32 . 2009-04-25 13:32 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\Mozilla
2009-04-24 20:14 . 2009-04-24 20:14 -------- d-sh--w c:\documents and settings\Limit\IETldCache
2009-04-22 15:03 . 2009-04-22 15:07 -------- d-----w C:\Downloads
2009-04-22 11:48 . 2009-04-22 11:48 -------- d-----w c:\program files\vSoft
2009-04-21 12:04 . 2009-04-21 12:04 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-21 12:04 . 2009-04-21 12:07 -------- d-----w c:\program files\Google
2009-04-21 12:04 . 2009-04-21 12:08 -------- d-----w c:\documents and settings\MATR!X\Local Settings\Application Data\Google
2009-04-21 11:36 . 2009-04-21 11:36 -------- d-----w c:\documents and settings\MATR!X\Application Data\Nero
2009-04-20 18:23 . 2009-04-20 18:23 -------- d-----w c:\documents and settings\MATR!X\Application Data\Sofrayt
2009-04-20 18:23 . 2009-04-20 18:23 -------- d-----w c:\program files\GetSmile
2009-04-19 16:33 . 2006-03-17 11:49 368640 ----a-w c:\windows\system32\TwnLib4.dll
2009-04-19 16:33 . 2006-03-17 08:45 802816 ----a-w c:\windows\system32\imagXRA7.dll
2009-04-19 16:33 . 2006-03-17 08:45 258048 ----a-w c:\windows\system32\imagXR7.dll
2009-04-19 16:33 . 2006-03-17 08:45 497296 ----a-w c:\windows\system32\imagXpr7.dll
2009-04-19 16:33 . 2006-03-17 08:45 1757184 ----a-w c:\windows\system32\imagX7.dll
2009-04-19 16:33 . 2009-04-19 16:34 -------- d-----w c:\program files\Nero
2009-04-19 16:33 . 2009-04-19 16:33 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-04-19 16:33 . 2009-04-19 16:34 -------- d-----w c:\program files\Common Files\Nero
2009-04-19 16:32 . 2009-04-19 16:32 -------- d-----w C:\nero
2009-04-18 20:35 . 2009-05-14 14:01 -------- d-----w c:\program files\TheWorld 2.0
2009-04-17 20:32 . 2009-04-17 20:32 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-16 22:40 . 2009-04-16 22:40 -------- d-----w c:\program files\IObit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 19:12 . 2009-02-08 22:35 4802592 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-16 19:12 . 2009-02-08 22:35 40696 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-16 19:11 . 2009-02-08 22:35 892960 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-16 19:11 . 2009-02-08 22:35 6228 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-16 15:13 . 2009-02-08 23:07 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-14 13:54 . 2009-02-08 22:14 470248 ----a-w c:\documents and settings\MATR!X\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 04:32 . 2009-02-08 22:57 -------- d-----w c:\program files\PCBugDoctor
2009-05-09 08:30 . 2009-02-10 02:21 18599936 ----a-w c:\windows\system32\videoencode.dll
2009-05-09 08:30 . 2009-02-10 02:21 90112 ----a-w c:\windows\system32\ssvideo.dll
2009-05-09 08:30 . 2009-02-10 02:21 1128128 ----a-w c:\windows\system32\NMSDVDXU.dll
2009-05-09 08:30 . 2009-02-10 02:21 18595840 ----a-w c:\windows\system32\coredata.dll
2009-05-04 01:22 . 2009-02-08 21:56 -------- d-----w c:\program files\Common Files\Adobe
2009-04-30 21:05 . 2009-02-11 23:55 335 ----a-w c:\windows\nsreg.dat
2009-04-30 01:03 . 2009-03-20 10:25 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-04-27 17:58 . 2001-10-17 14:09 66 ----a-w c:\windows\anticrash.dat
2009-04-26 23:39 . 2009-04-08 02:31 225 ---ha-w c:\windows\winshell.dat
2009-04-15 12:54 . 2009-04-15 12:54 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-10 18:26 . 2009-04-10 18:26 -------- d-----w c:\program files\Common Files\TechSmith Shared
2009-04-10 18:26 . 2009-02-08 22:19 -------- d-----w c:\program files\TechSmith
2009-04-10 10:11 . 2009-04-10 10:11 -------- d-----w c:\program files\NextSecurity.NET
2009-04-10 10:11 . 2009-02-09 21:59 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 02:42 . 2009-04-08 02:41 918045 ---ha-w C:\DH Temp.tmp
2009-04-08 02:31 . 2009-04-08 02:31 -------- d-----w c:\program files\Dachshund Software
2009-04-08 02:15 . 2009-02-21 05:25 676224 ----a-w c:\windows\system32\ogacheckcontrol.dll
2009-04-07 06:09 . 2009-04-07 06:09 -------- d-----w c:\program files\CCleaner
2009-04-06 04:43 . 2009-04-06 04:43 -------- d-----w c:\program files\SeePassword
2009-04-05 22:13 . 2009-04-05 22:13 -------- d-----w c:\program files\HiYo
2009-04-03 15:31 . 2009-03-12 07:50 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-02 12:24 . 2009-02-08 22:18 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-29 22:34 . 2009-02-08 21:39 -------- d-----w c:\program files\Windows Live
2009-03-29 21:58 . 2009-03-29 21:58 129 ----a-w c:\documents and settings\MATR!X\Local Settings\Application Data\fusioncache.dat
2009-03-29 15:58 . 2009-03-29 15:58 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-29 15:49 . 2009-03-24 21:08 -------- d-----w c:\program files\VS Revo Group
2009-03-29 08:48 . 2009-03-29 08:48 -------- d-----w c:\program files\Perfect Uninstaller
2009-03-27 10:27 . 2009-02-10 07:30 -------- d-----w c:\program files\nLite
2009-03-26 13:49 . 2009-03-12 07:51 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 13:49 . 2009-03-12 07:51 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-20 23:39 . 2009-02-15 06:33 -------- d-----w c:\program files\MSBuild
2009-03-20 23:39 . 2009-03-20 23:39 -------- d-----w c:\program files\Reference Assemblies
2009-03-08 01:34 . 2008-04-14 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2008-04-14 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2008-04-14 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2008-04-14 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2008-04-14 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2008-04-14 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2008-04-14 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2008-04-14 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2008-04-14 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2008-04-14 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 23:16 . 2009-03-03 23:16 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-02-28 08:18 . 2009-02-28 08:18 0 ----a-r C:\logwmemory.bin
2009-02-26 11:38 . 2009-02-26 11:38 451072 ----a-w c:\windows\Radeon Omega Drivers v3.8.360 Uninstall.exe
2009-02-24 10:30 . 2009-02-24 10:30 618 ----a-w c:\windows\eReg.dat
2009-02-23 20:57 . 2009-02-23 20:57 298 ----a-w c:\windows\EReg072.dat
2009-02-22 10:16 . 2009-02-22 10:16 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-22 10:16 . 2009-02-22 10:16 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-16 14:57 . 2009-02-16 12:29 127443 ----a-w c:\windows\hpoins11.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-02-12 23:36 204248 ----a-w c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-28 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-08 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MATR!X^Start Menu^Programs^Startup^AntiCrash.lnk]
path=c:\documents and settings\MATR!X\Start Menu\Programs\Startup\AntiCrash.lnk
backup=c:\windows\pss\AntiCrash.lnkStartup

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^IDETool.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\IDETool.lnk
backup=c:\windows\pss\IDETool.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hiyo

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12311:TCP"= 12311:TCP:uTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2/6/2009 12:56 AM 117208]
R3 CX88VID;Conexant 2388x AvStream Video Capture;c:\windows\system32\drivers\cxavsvid.sys [7/17/2007 7:16 PM 301104]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
S2 0016541234768723mcinstcleanup;0016541234768723mcinstcleanup; [x]
S2 gupdate1c9c279602173ea;Google Update Service (gupdate1c9c279602173ea);c:\program files\Google\Update\GoogleUpdate.exe [4/21/2009 3:04 PM 133104]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [1/24/2009 2:46 PM 216232]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 12:04]

2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{7B4E0B7C-8B7B-4279-9372-1C0560B4AB36}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MATR!X\Application Data\Mozilla\Firefox\Profiles\8vr18iw9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\MATR!X\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\MATR!X\Application Data\Mozilla\Firefox\Profiles\8vr18iw9.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\MATR!X\Application Data\Mozilla\Firefox\Profiles\8vr18iw9.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\MATR!X\Application Data\Mozilla\Firefox\Profiles\8vr18iw9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-16 22:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a1,af,a9,08,f9,b3,97,1d,77,ee,f0,4d,23,6e,3c,59,8f,2f,44,55,d4,
78,f3,04,a5,39,a7,94,a9,eb,6b,f1,64,20,3b,a8,f3,0b,34,13,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9fff72c9-8cb9-475c-9adf-5e516a657e52}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006c
"Therad"=dword:0000000e
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,76,53,20,8d,e2,08,3c,85,49,f5,68,62,d0,c2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1880)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-16 22:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-16 19:17

Pre-Run: 11,072,385,024 bytes free
Post-Run: 11,173,359,616 bytes free

334 --- E O F --- 2009-04-11 02:41

بس احب انوه على شئ اخوي عبوودي فيه نافذة لازالت موجودة وما طلعت في هالصوورة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهذا تقرير للهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:06 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 0016541234768723mcinstcleanup - - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c279602173ea) (gupdate1c9c279602173ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8177 bytes

AbOdy · 16 مايو 2009

احذف هالقيمه

O23 - Service: 0016541234768723mcinstcleanup - - (no file)

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

ثم ارجع شغل اداة الكمبوفيكس في الوضع الأمن

الدخول للوضع الامن

اعد التشغيل وقبل ظهور شاشة الويندوز

اضغط باستمرار على زر f8

ستاتيك شاشة فيهاا عدة خيارات اختر منهاا

safemode

ثم اختر التالي

من الشاشة التالية اختر حساب الادمن او اي حساب تريد

اخيرا اضغط موافق للدخول لسطح المكتب

وعطني تقرير الكمبو من جديد في الوضع الامن

وتقرير هايجاك في الوضع العادي

زيزوومي نشيط

توقيع : M A S T I R

زيزوومي نشيط

توقيع : M A S T I R

زيزوومي نشيط

توقيع : M A S T I R

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومي نشيط

توقيع : M A S T I R

زيزوومي نشيط

توقيع : M A S T I R

زيزوومى فضى

توقيع : Corporation

زيزوومي نشيط

توقيع : M A S T I R

زيزوومي نشيط

توقيع : M A S T I R

زيزوومى فضى

توقيع : KoNaMi

زيزوومي نشيط

توقيع : M A S T I R

زيزوومى فضى

توقيع : KoNaMi

زيزوومي نشيط

توقيع : M A S T I R

زيزوومي نشيط

توقيع : M A S T I R

زيزوومي نشيط

توقيع : M A S T I R

عضو شرف

توقيع : AbOdy

زيزوومي نشيط

توقيع : M A S T I R

عضو شرف

توقيع : AbOdy

زيزوومي نشيط

توقيع : M A S T I R

عضو شرف

توقيع : AbOdy

توقيع : Demo-dash