مشكلة تغير شكل الملفات والمجلدات

sasm99 · 23 مايو 2009

عندكم المشكلة بالصور

وهذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:00:56 ص, on 22/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Golden Filter Pro\GFPro.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GoldenFilterPro] C:\Program Files\Golden Filter Pro\GFPro.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5185 bytes

MMA_LORD_735 · 23 مايو 2009

طبق التالي ...

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

اثناء الفحص ممكن يعاد تشغيل الجهاز

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى

sasm99 · 23 مايو 2009

وهذا الرد يا أخي

combofix 09-05-22.07 - administrator 05/22/2009 15:37.1 - ntfsx86
microsoft windows xp professional 5.1.2600.3.1256.966.1025.18.2046.1484 [gmt 3:00]
running from: C:\documents and settings\administrator\سطح المكتب\combofix.exe
av: Kaspersky internet security *on-access scanning disabled* (updated) {2c4d4bc6-0793-4956-a9f9-e252435469c0}
fw: Kaspersky internet security *disabled* {2c4d4bc6-0793-4956-a9f9-e252435469c0}

warning -this machine does not have the recovery console installed !!
.
ads - windows: Deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\prefs_bg.dll
c:\windows\system32\data(10).dll
c:\windows\system32\data(3).dll
c:\windows\system32\data(7).dll
c:\windows\system32\ijl11.dll
c:\windows\system32\kakle.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\win.dll
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((( files created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-22 02:00 . 2009-05-22 02:00 -------- d-----w c:\program files\trend micro
2009-05-21 15:49 . 2009-05-21 15:50 10 ----a-w c:\windows\popcinfo.dat
2009-05-19 17:19 . 2009-05-19 17:19 1486171 ----a-w c:\triviamachine.dat
2009-05-19 17:15 . 2009-05-19 17:15 1024 ----a-w c:\windows\jericho_game_ra.dat
2009-05-19 16:48 . 2009-05-19 16:48 1024 ----a-w c:\windows\chamber_game_ra.dat
2009-05-19 16:38 . 2009-05-19 16:38 1300939 ----a-w c:\puzzleexpress.dat
2009-05-17 17:17 . 2009-05-17 17:17 -------- d-----w c:\program files\ariss
2009-05-17 15:39 . 2009-05-17 15:39 4096 ----a-w c:\windows\d3dx.dat
2009-05-16 19:42 . 2009-05-16 19:42 999563 ----a-w c:\holidayexpress.dat
2009-05-16 19:29 . 2009-05-16 19:29 -------- d-----w c:\gamerival
2009-05-15 19:50 . 2009-05-15 19:51 -------- d-----w c:\documents and settings\all users\application data\go go gourmet
2009-05-15 15:23 . 2009-05-15 15:23 -------- d-----w c:\documents and settings\administrator\application data\ashampoo
2009-05-15 15:23 . 2009-05-15 15:23 -------- d-----w c:\documents and settings\administrator\local settings\application data\ashampoo
2009-05-15 15:23 . 2009-05-15 15:23 -------- d-----w c:\documents and settings\all users\application data\ashampoo
2009-05-15 15:23 . 2009-05-15 15:23 -------- d-----w c:\program files\ashampoo
2009-05-14 17:40 . 2009-05-14 17:40 -------- d-----w c:\program files\reflexivearcade
2009-05-13 20:07 . 2006-06-29 10:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-13 20:03 . 2009-05-13 20:07 -------- d-----w c:\windows\system32\xpsviewer
2009-05-13 20:03 . 2009-05-13 20:03 -------- d-----w c:\program files\reference assemblies
2009-05-13 20:03 . 2009-05-13 20:03 -------- d-----w c:\7f454970272f91a209e48e4d51189928
2009-05-13 20:03 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-13 20:03 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-13 20:03 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-13 20:03 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-13 20:03 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-13 20:03 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-13 20:03 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-11 16:50 . 2009-05-11 16:52 223 ----a-w c:\windows\bbbconfig.dat
2009-05-11 09:50 . 2009-05-11 09:50 -------- d-----w c:\documents and settings\administrator\application data\viquasoft
2009-05-11 09:49 . 2009-05-11 09:49 -------- d-----w c:\documents and settings\administrator\application data\my games
2009-05-11 09:44 . 2009-05-11 09:44 -------- d-----w c:\documents and settings\all users\application data\escape from paradise
2009-05-11 08:38 . 2009-05-11 08:38 -------- d-----w c:\documents and settings\administrator\application data\yahoo!
2009-05-11 08:13 . 2009-05-11 08:13 -------- d-----w c:\documents and settings\all users\application data\barbie fashion show
2009-05-11 01:15 . 2009-05-11 01:15 -------- d-----w c:\documents and settings\administrator\local settings\application data\adobe
2009-05-10 13:28 . 2009-05-11 09:41 -------- d-----w c:\documents and settings\all users\application data\playfirst
2009-05-10 13:28 . 2009-05-10 13:28 -------- d-----w c:\documents and settings\administrator\application data\playfirst
2009-05-10 11:32 . 2009-05-10 11:32 -------- d-sh--w c:\windows\ftpcache
2009-05-10 05:45 . 2009-05-10 05:45 -------- d-----w c:\documents and settings\all users\application data\temp
2009-05-10 03:28 . 2009-05-10 03:29 -------- d-----w c:\documents and settings\all users\application data\ubisoft
2009-05-10 03:27 . 2009-05-10 03:27 -------- d-----w c:\documents and settings\administrator\local settings\application data\eidos
2009-05-10 03:25 . 2008-06-14 17:31 271616 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-10 03:25 . 2008-06-14 17:31 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-05-10 03:20 . 2009-02-09 11:22 2190592 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-10 03:20 . 2009-02-09 11:22 2146816 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-10 03:20 . 2009-02-09 11:22 2025472 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-10 03:16 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-10 03:04 . 2009-05-10 09:36 -------- d--h--w c:\windows\$hf_mig$
2009-05-10 03:03 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-05-10 03:02 . 2009-05-10 03:02 -------- d-----w c:\program files\microsoft works
2009-05-10 03:02 . 2009-05-10 03:02 -------- d-----w c:\program files\msbuild
2009-05-10 03:01 . 2009-05-10 03:01 -------- d-----w c:\program files\microsoft.net
2009-05-10 03:00 . 2009-05-10 03:00 -------- d-----w c:\program files\microsoft visual studio 8
2009-05-10 02:59 . 2009-05-10 03:01 -------- d-----w c:\windows\shellnew
2009-05-10 02:57 . 2009-05-10 02:57 -------- d--h--r c:\msocache
2009-05-09 18:21 . 2009-05-17 17:17 724992 ----a-w c:\windows\iun6002.exe
2009-05-09 18:21 . 2009-05-09 18:21 -------- d-----w c:\documents and settings\administrator\local settings\application data\identities
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\documents and settings\administrator\local settings\application data\microsoft help
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\program files\microsoft visual studio .net
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\program files\common files\aliaswavefront shared
2009-05-09 14:58 . 2009-05-10 03:03 -------- d-----w c:\documents and settings\all users\application data\microsoft help
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\program files\microsoft directx 9.0 sdk (february 2005)
2009-05-09 14:41 . 2009-05-09 14:42 -------- d-----w c:\documents and settings\administrator\application data\media player classic
2009-05-09 14:27 . 2009-05-13 20:14 -------- d-----w c:\program files\yahoo!
2009-05-09 14:26 . 2009-05-09 14:27 -------- d-----w c:\program files\flv player
2009-05-09 14:14 . 2009-05-09 14:14 -------- d-----w c:\program files\nokia
2009-05-09 14:09 . 2009-05-09 14:09 7680 ----a-r c:\documents and settings\administrator\application data\microsoft\installer\{9b459e23-720a-11d8-86f7-00c0df0b28b1}\icon9b459e231.exe
2009-05-09 14:09 . 2009-05-09 14:09 -------- d-----w c:\windows\crystal
2009-05-09 14:09 . 2009-05-09 14:09 -------- d-----w c:\program files\albaniv2
2009-05-09 14:09 . 2009-05-09 14:09 -------- d-----w c:\program files\common files\wise installation wizard
2009-05-09 14:03 . 2009-05-09 14:03 -------- d-----w c:\windows\system32\systemfiles
2009-05-09 14:03 . 2009-05-20 15:00 1046 ----a-w c:\windows\system32\data(2).dll
2009-05-09 14:03 . 2009-05-09 14:03 -------- d-sha-r c:\program files\golden filter pro
2009-05-09 14:03 . 2008-04-07 13:30 3 ------w c:\windows\system32\data(4).dll
2009-05-09 14:03 . 2008-04-06 22:22 61 ------w c:\windows\system32\data(1).dll
2009-05-09 14:03 . 2008-04-04 13:17 4 ------w c:\windows\system32\data(9).dll
2009-05-09 14:03 . 2008-03-19 15:34 65536 ------w c:\windows\system32\data(8).dll
2009-05-09 14:03 . 2006-10-25 19:02 1583 ------w c:\windows\system32\data(6).dll
2009-05-09 14:03 . 2006-10-25 19:02 1582 ------w c:\windows\system32\data(5).dll
2009-05-09 14:03 . 2004-08-03 22:56 561179 ------w c:\windows\system32\dao360.dll
2009-05-09 13:58 . 2009-05-09 13:58 203776 ----a-w c:\windows\system32\clrviddc.dll
2009-05-09 13:53 . 2009-05-14 15:26 -------- d-----w c:\program files\muslim bag
2009-05-09 13:53 . 2009-05-09 13:53 -------- d-----w c:\windows\muslim bag
2009-05-09 13:53 . 2009-05-09 13:53 -------- d-----w c:\documents and settings\administrator\application data\desktopicon
2009-05-09 13:53 . 2009-05-09 13:53 -------- d-----w c:\program files\formatfactory
2009-05-09 13:25 . 2009-05-09 13:25 -------- d-----w c:\documents and settings\administrator\application data\urse games
2009-05-09 13:19 . 2009-05-09 13:19 -------- d-----w c:\program files\boom voyage

.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 12:41 . 2009-05-09 04:23 -------- d-----w c:\documents and settings\all users\application data\kaspersky lab
2009-05-22 12:39 . 2009-05-09 04:23 622624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-22 12:39 . 2009-05-09 04:23 5304 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-22 12:39 . 2009-05-09 04:23 3526688 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-22 12:39 . 2009-05-09 04:23 32824 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-22 08:54 . 2008-04-15 12:00 67438 ----a-w c:\windows\system32\perfc001.dat
2009-05-22 08:54 . 2008-04-15 12:00 366874 ----a-w c:\windows\system32\perfh001.dat
2009-05-21 15:44 . 2009-05-09 04:35 372592 ----a-w c:\documents and settings\administrator\local settings\application data\gdipfontcachev1.dat
2009-05-20 14:45 . 2009-05-09 04:23 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-20 14:45 . 2009-05-09 04:23 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-10 03:51 . 2009-05-09 02:47 86327 ----a-w c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-09 14:13 . 2009-05-09 03:35 -------- d-----w c:\program files\common files\installshield
2009-05-09 05:05 . 2009-05-09 05:04 -------- d-----w c:\program files\windows live
2009-05-09 05:04 . 2009-05-09 05:04 -------- d-----w c:\program files\microsoft
2009-05-09 05:04 . 2009-05-09 05:04 -------- d-----w c:\program files\windows live skydrive
2009-05-09 05:03 . 2009-05-09 05:03 -------- d-----w c:\program files\common files\windows live
2009-05-09 04:55 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-09 04:54 . 2009-05-09 04:54 206088 ----a-w c:\documents and settings\all users\application data\kaspersky lab\avp8\data\updater\temporary files\temporaryfolder\autopatches\kav8exec\8.0.0.506\avp.exe
2009-05-09 04:54 . 2009-05-09 04:54 33808 ----a-w c:\documents and settings\all users\application data\kaspersky lab\avp8\data\updater\temporary files\temporaryfolder\autopatches\kav8exec\8.0.0.506\klbg.sys
2009-05-09 04:54 . 2009-05-09 04:54 226832 ----a-w c:\documents and settings\all users\application data\kaspersky lab\avp8\data\updater\temporary files\temporaryfolder\autopatches\kav8exec\8.0.0.506\xp\klif.sys
2009-05-09 04:45 . 2009-05-09 04:45 -------- d-----w c:\program files\globfx
2009-05-09 04:34 . 2009-05-09 04:34 -------- d-----w c:\program files\tuneup utilities 2008
2009-05-09 04:34 . 2009-05-09 04:34 -------- d-----w c:\documents and settings\administrator\application data\tuneup software
2009-05-09 04:34 . 2009-05-09 04:34 306432 ----a-w c:\windows\system32\tuneupdefragservice.exe
2009-05-09 04:34 . 2009-05-09 04:34 -------- d-----w c:\documents and settings\all users\application data\tuneup software
2009-05-09 04:31 . 2009-05-09 04:31 -------- d-----w c:\program files\مشغل الفلاش العربي
2009-05-09 04:31 . 2009-05-09 04:31 -------- d-----w c:\program files\common files\adobe
2009-05-09 04:30 . 2009-05-09 04:30 -------- d-----w c:\program files\folderico
2009-05-09 04:29 . 2009-05-09 04:29 -------- d-----w c:\documents and settings\all users\application data\apple computer
2009-05-09 04:29 . 2009-05-09 04:29 -------- d-----w c:\program files\quicktime alternative
2009-05-09 04:25 . 2009-05-09 04:25 -------- d-----w c:\program files\slysoft
2009-05-09 04:23 . 2009-05-09 04:23 -------- d-----w c:\program files\kaspersky lab
2009-05-09 04:22 . 2009-05-09 04:15 -------- d-----w c:\documents and settings\all users\application data\kaspersky lab setup files
2009-05-09 04:20 . 2009-05-09 04:20 -------- d-----w c:\program files\opera
2009-05-09 04:19 . 2009-05-09 04:19 -------- d-----w c:\program files\windows media connect 2
2009-05-09 04:18 . 2009-05-09 04:18 -------- d-----w c:\program files\vs revo group
2009-05-09 04:13 . 2009-05-09 04:13 -------- d-----w c:\program files\common files\xing shared
2009-05-09 04:13 . 2009-05-09 04:13 -------- d-----w c:\program files\common files\real
2009-05-09 04:13 . 2009-05-09 04:13 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-09 04:13 . 2009-05-09 04:13 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-09 04:13 . 2009-05-09 04:13 -------- d-----w c:\program files\real
2009-05-09 03:35 . 2009-05-09 03:35 21035 ----a-w c:\windows\system32\drivers\aegisp.sys
2009-05-09 03:35 . 2009-05-09 03:35 -------- d-----w c:\program files\realtek rtl8187 wireless lan driver and utility
2009-05-09 03:35 . 2009-05-09 03:35 -------- d--h--w c:\program files\installshield installation information
2009-05-09 02:48 . 2009-05-09 02:48 -------- d-----w c:\program files\microsoft frontpage
2009-05-09 02:45 . 2009-05-09 02:45 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-30 14:13 . 2008-09-22 00:24 5063168 ----a-w c:\windows\system32\drivers\rtkhdaud.sys
2009-03-17 11:07 . 2009-05-09 03:26 122880 ----a-w c:\windows\rtkaudioservice.exe
2009-03-17 09:44 . 2009-05-09 03:26 36352 ----a-w c:\windows\system32\rtkcoinstxp.dll
2009-03-08 01:34 . 2008-04-15 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2008-04-15 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2008-04-15 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2008-04-15 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2008-04-15 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2008-04-15 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2008-04-15 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2008-04-15 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2008-04-15 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2008-04-15 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2008-04-15 12:00 283136 ----a-w c:\windows\system32\pdh.dll
2005-12-05 15:28 . 2005-12-05 15:28 3673932 ------w c:\program files\dec2005_mdx1_x86_archive.cab
2005-12-05 15:28 . 2005-12-05 15:28 1358864 ------w c:\program files\dec2005_d3dx9_28_x64.cab
2005-12-05 15:28 . 2005-12-05 15:28 86925 ------w c:\program files\oct2005_xinput_x64.cab
2005-12-05 15:28 . 2005-12-05 15:28 46247 ------w c:\program files\oct2005_xinput_x86.cab
2005-12-05 15:28 . 2005-12-05 15:28 41888 ------w c:\program files\dxdllreg_x86.cab
2005-12-05 15:28 . 2005-12-05 15:28 916806 ------w c:\program files\dec2005_mdx1_x86.cab
2005-12-05 15:27 . 2005-12-05 15:27 1080344 ------w c:\program files\dec2005_d3dx9_28_x86.cab
.

((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4

[hkey_current_user\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"msmsgs"="c:\program files\messenger\msmsgs.exe" [2008-04-14 1695232]

[hkey_local_machine\software\microsoft\windows\currentversion\run]
"persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"avp"="c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" [2009-05-09 206088]
"tkbellexe"="c:\program files\common files\real\update_ob\realsched.exe" [2009-05-09 198160]
"goldenfilterpro"="c:\program files\golden filter pro\gfpro.exe" [2008-04-12 1392640]
"groovemonitor"="c:\program files\microsoft office\office12\groovemonitor.exe" [2006-10-26 31016]

[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\run-]
"alcmtr"=alcmtr.exe
"rthdcpl"=rthdcpl.exe
"tkbellexe"="c:\program files\common files\real\update_ob\realsched.exe" -osboot

[hkey_local_machine\software\microsoft\security center]
"antivirusdisablenotify"=dword:00000001

[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantivirus]
"disablemonitoring"=dword:00000001

[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)

[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\program files\\windows live\\messenger\\msnmsgr.exe"=
"c:\\program files\\microsoft office\\office12\\outlook.exe"=
"c:\\program files\\microsoft office\\office12\\groove.exe"=
"c:\\program files\\microsoft office\\office12\\onenote.exe"=

r0 klbg;kaspersky lab boot guard driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
r3 klfltdev;kaspersky lab klfltdev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
r3 rtlwusb;realtek rtl8187 wireless 802.11g 54mbps usb 2.0 network adapter;c:\windows\system32\drivers\rtl8187.sys [09/05/2009 06:35 ص 194304]
s3 ambfilt;ambfilt;c:\windows\system32\drivers\ambfilt.sys [09/05/2009 06:26 ص 1684736]

hkey_local_machine\software\microsoft\windows nt\currentversion\svchost - netsvcs
uxtuneup

[hkey_local_machine\software\microsoft\active setup\installed components\>{60b49e34-c7cc-11d0-8953-00a0c90347ff}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",brandieactivesetup signup
.
Contents of the 'scheduled tasks' folder

2009-05-09 c:\windows\tasks\1-click maintenance.job
- c:\program files\tuneup utilities 2008\oneclick.exe [2007-12-21 12:17]
.
- - - - orphans removed - - - -

safeboot-procexp90.sys

.
------- supplementary scan -------
.
Ustart page = hxxp://www.google.com/
uinternet connection wizard,shellnext = hxxp://www.driverspile.com/realtekdriversdownloadqwed/wdm_r222.zip
ie: إضافة إلى حاجب إعلان الشعار - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
ie: ت&صدير إلى microsoft excel - c:\progra~1\micros~3\office12\excel.exe/3000
.

**************************************************************************

catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2009-05-22 15:41
windows 5.1.2600 service pack 3 ntfs

scanning hidden processes ...

Scanning hidden autostart entries ...

Scanning hidden files ...

Scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- locked registry keys ---------------------

[hkey_users\s-1-5-21-583907252-2052111302-1417001333-500\software\microsoft\internet explorer\user preferences]
@denied: (2) (administrator)
"88d7d0879dab32e14de5b3a805a34f98aff34f5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,d7,d4,23,05,dd,c1,49,95,37,c4,\
"2d53cffc5c1a3dd2e97b7979ac2a92bd59bc839e81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,d7,d4,23,05,dd,c1,49,95,37,c4,\
.
--------------------- dlls loaded under running processes ---------------------

- - - - - - - > 'explorer.exe'(2912)
c:\progra~1\window~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ other running processes ------------------------
.
C:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-22 15:42 - machine was rebooted
combofix-quarantined-files.txt 2009-05-22 12:42

pre-run: 128,260,096,000 bytes free
post-run: 128,332,713,984 bytes free

275 --- e o f --- 2009-05-12 04:43

format · 23 مايو 2009

قم بالحدف التالي

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O4 - HKLM\..\Run: [GoldenFilterPro] C:\Program Files\Golden Filter Pro\GFPro.exe

format · 23 مايو 2009

طريقة الحذف

format · 23 مايو 2009

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير
حقه

............................

ثم هايجك جديد

sasm99 · 23 مايو 2009

format قال:
قم بالحدف التالي

o2 - bho: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
o4 - hklm\..\run: [goldenfilterpro] c:\program files\golden filter pro\gfpro.exe

بس يا أخي القيمة الثانية لبرنامج فلتر الأمان

ممكن يعمل مشكلة بالبرنامج وما يستفاد منه

format · 23 مايو 2009

احدفه ياخوي عشان نقدر نحل مشكلتك ياخوي واي مشاكل في البرنامج ايضا انا عارف انه راح يسبب مشاكل في البرنامج احدف البرنامج كله وخلينا نكمل

بعدين طبق التالي

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير
حقه

............................

ثم هايجك جديد

sasm99 · 23 مايو 2009

أرد عليك في الليل إنشاء الله لأني خارج الآن

شاكر لك تعاونك

format · 23 مايو 2009

مممممممممم مش عارف انا راح اكون خارج ايضا في اليل

ان شاء الله يساعدك واحد غير من الاخوان

sasm99 · 23 مايو 2009

هذا تقرير الفحص

combofix 09-05-22.07 - administrator 05/22/2009 18:41.2 - ntfsx86
microsoft windows xp professional 5.1.2600.3.1256.966.1025.18.2046.1630 [gmt 3:00]
running from: C:\documents and settings\administrator\سطح المكتب\combofix.exe
av: Kaspersky internet security *on-access scanning disabled* (updated) {2c4d4bc6-0793-4956-a9f9-e252435469c0}
fw: Kaspersky internet security *disabled* {2c4d4bc6-0793-4956-a9f9-e252435469c0}

warning -this machine does not have the recovery console installed !!
.

((((((((((((((((((((((((( files created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-22 02:00 . 2009-05-22 02:00 -------- d-----w c:\program files\trend micro
2009-05-21 15:49 . 2009-05-21 15:50 10 ----a-w c:\windows\popcinfo.dat
2009-05-19 17:19 . 2009-05-19 17:19 1486171 ----a-w c:\triviamachine.dat
2009-05-19 17:15 . 2009-05-19 17:15 1024 ----a-w c:\windows\jericho_game_ra.dat
2009-05-19 16:48 . 2009-05-19 16:48 1024 ----a-w c:\windows\chamber_game_ra.dat
2009-05-19 16:38 . 2009-05-19 16:38 1300939 ----a-w c:\puzzleexpress.dat
2009-05-17 17:17 . 2009-05-17 17:17 -------- d-----w c:\program files\ariss
2009-05-17 15:39 . 2009-05-17 15:39 4096 ----a-w c:\windows\d3dx.dat
2009-05-16 19:42 . 2009-05-16 19:42 999563 ----a-w c:\holidayexpress.dat
2009-05-16 19:29 . 2009-05-16 19:29 -------- d-----w c:\gamerival
2009-05-15 19:50 . 2009-05-15 19:51 -------- d-----w c:\documents and settings\all users\application data\go go gourmet
2009-05-15 15:23 . 2009-05-15 15:23 -------- d-----w c:\documents and settings\administrator\application data\ashampoo
2009-05-15 15:23 . 2009-05-15 15:23 -------- d-----w c:\documents and settings\administrator\local settings\application data\ashampoo
2009-05-15 15:23 . 2009-05-15 15:23 -------- d-----w c:\documents and settings\all users\application data\ashampoo
2009-05-15 15:23 . 2009-05-15 15:23 -------- d-----w c:\program files\ashampoo
2009-05-14 17:40 . 2009-05-14 17:40 -------- d-----w c:\program files\reflexivearcade
2009-05-13 20:07 . 2006-06-29 10:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-13 20:03 . 2009-05-13 20:07 -------- d-----w c:\windows\system32\xpsviewer
2009-05-13 20:03 . 2009-05-13 20:03 -------- d-----w c:\program files\reference assemblies
2009-05-13 20:03 . 2009-05-13 20:03 -------- d-----w c:\7f454970272f91a209e48e4d51189928
2009-05-13 20:03 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-13 20:03 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-13 20:03 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-13 20:03 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-13 20:03 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-13 20:03 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-13 20:03 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-11 16:50 . 2009-05-11 16:52 223 ----a-w c:\windows\bbbconfig.dat
2009-05-11 09:50 . 2009-05-11 09:50 -------- d-----w c:\documents and settings\administrator\application data\viquasoft
2009-05-11 09:49 . 2009-05-11 09:49 -------- d-----w c:\documents and settings\administrator\application data\my games
2009-05-11 09:44 . 2009-05-11 09:44 -------- d-----w c:\documents and settings\all users\application data\escape from paradise
2009-05-11 08:38 . 2009-05-11 08:38 -------- d-----w c:\documents and settings\administrator\application data\yahoo!
2009-05-11 08:13 . 2009-05-11 08:13 -------- d-----w c:\documents and settings\all users\application data\barbie fashion show
2009-05-11 01:15 . 2009-05-11 01:15 -------- d-----w c:\documents and settings\administrator\local settings\application data\adobe
2009-05-10 13:28 . 2009-05-11 09:41 -------- d-----w c:\documents and settings\all users\application data\playfirst
2009-05-10 13:28 . 2009-05-10 13:28 -------- d-----w c:\documents and settings\administrator\application data\playfirst
2009-05-10 11:32 . 2009-05-10 11:32 -------- d-sh--w c:\windows\ftpcache
2009-05-10 05:45 . 2009-05-10 05:45 -------- d-----w c:\documents and settings\all users\application data\temp
2009-05-10 03:28 . 2009-05-10 03:29 -------- d-----w c:\documents and settings\all users\application data\ubisoft
2009-05-10 03:27 . 2009-05-10 03:27 -------- d-----w c:\documents and settings\administrator\local settings\application data\eidos
2009-05-10 03:25 . 2008-06-14 17:31 271616 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-10 03:25 . 2008-06-14 17:31 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-05-10 03:20 . 2009-02-09 11:22 2190592 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-10 03:20 . 2009-02-09 11:22 2146816 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-10 03:20 . 2009-02-09 11:22 2025472 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-10 03:16 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-10 03:04 . 2009-05-10 09:36 -------- d--h--w c:\windows\$hf_mig$
2009-05-10 03:03 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-05-10 03:02 . 2009-05-10 03:02 -------- d-----w c:\program files\microsoft works
2009-05-10 03:02 . 2009-05-10 03:02 -------- d-----w c:\program files\msbuild
2009-05-10 03:01 . 2009-05-10 03:01 -------- d-----w c:\program files\microsoft.net
2009-05-10 03:00 . 2009-05-10 03:00 -------- d-----w c:\program files\microsoft visual studio 8
2009-05-10 02:59 . 2009-05-10 03:01 -------- d-----w c:\windows\shellnew
2009-05-10 02:57 . 2009-05-10 02:57 -------- d--h--r c:\msocache
2009-05-09 18:21 . 2009-05-17 17:17 724992 ----a-w c:\windows\iun6002.exe
2009-05-09 18:21 . 2009-05-09 18:21 -------- d-----w c:\documents and settings\administrator\local settings\application data\identities
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\documents and settings\administrator\local settings\application data\microsoft help
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\program files\microsoft visual studio .net
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\program files\common files\aliaswavefront shared
2009-05-09 14:58 . 2009-05-10 03:03 -------- d-----w c:\documents and settings\all users\application data\microsoft help
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\program files\microsoft directx 9.0 sdk (february 2005)
2009-05-09 14:41 . 2009-05-09 14:42 -------- d-----w c:\documents and settings\administrator\application data\media player classic
2009-05-09 14:27 . 2009-05-13 20:14 -------- d-----w c:\program files\yahoo!
2009-05-09 14:26 . 2009-05-09 14:27 -------- d-----w c:\program files\flv player
2009-05-09 14:14 . 2009-05-09 14:14 -------- d-----w c:\program files\nokia
2009-05-09 14:09 . 2009-05-09 14:09 7680 ----a-r c:\documents and settings\administrator\application data\microsoft\installer\{9b459e23-720a-11d8-86f7-00c0df0b28b1}\icon9b459e231.exe
2009-05-09 14:09 . 2009-05-09 14:09 -------- d-----w c:\windows\crystal
2009-05-09 14:09 . 2009-05-09 14:09 -------- d-----w c:\program files\albaniv2
2009-05-09 14:09 . 2009-05-09 14:09 -------- d-----w c:\program files\common files\wise installation wizard
2009-05-09 14:03 . 2009-05-09 14:03 -------- d-----w c:\windows\system32\systemfiles
2009-05-09 14:03 . 2009-05-20 15:00 1046 ----a-w c:\windows\system32\data(2).dll
2009-05-09 14:03 . 2008-04-07 13:30 3 ------w c:\windows\system32\data(4).dll
2009-05-09 14:03 . 2008-04-06 22:22 61 ------w c:\windows\system32\data(1).dll
2009-05-09 14:03 . 2008-04-04 13:17 4 ------w c:\windows\system32\data(9).dll
2009-05-09 14:03 . 2008-03-19 15:34 65536 ------w c:\windows\system32\data(8).dll
2009-05-09 14:03 . 2006-10-25 19:02 1583 ------w c:\windows\system32\data(6).dll
2009-05-09 14:03 . 2006-10-25 19:02 1582 ------w c:\windows\system32\data(5).dll
2009-05-09 14:03 . 2004-08-03 22:56 561179 ------w c:\windows\system32\dao360.dll
2009-05-09 13:58 . 2009-05-09 13:58 203776 ----a-w c:\windows\system32\clrviddc.dll
2009-05-09 13:53 . 2009-05-14 15:26 -------- d-----w c:\program files\muslim bag
2009-05-09 13:53 . 2009-05-09 13:53 -------- d-----w c:\windows\muslim bag
2009-05-09 13:53 . 2009-05-09 13:53 -------- d-----w c:\documents and settings\administrator\application data\desktopicon
2009-05-09 13:53 . 2009-05-09 13:53 -------- d-----w c:\program files\formatfactory
2009-05-09 13:25 . 2009-05-09 13:25 -------- d-----w c:\documents and settings\administrator\application data\urse games
2009-05-09 13:19 . 2009-05-09 13:19 -------- d-----w c:\program files\boom voyage

.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 15:41 . 2009-05-09 04:23 -------- d-----w c:\documents and settings\all users\application data\kaspersky lab
2009-05-22 15:40 . 2009-05-09 04:23 622624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-22 15:40 . 2009-05-09 04:23 5304 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-22 15:40 . 2009-05-09 04:23 3526688 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-22 15:40 . 2009-05-09 04:23 32824 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-22 15:38 . 2008-04-15 12:00 67438 ----a-w c:\windows\system32\perfc001.dat
2009-05-22 15:38 . 2008-04-15 12:00 366874 ----a-w c:\windows\system32\perfh001.dat
2009-05-21 15:44 . 2009-05-09 04:35 372592 ----a-w c:\documents and settings\administrator\local settings\application data\gdipfontcachev1.dat
2009-05-20 14:45 . 2009-05-09 04:23 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-20 14:45 . 2009-05-09 04:23 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-10 03:51 . 2009-05-09 02:47 86327 ----a-w c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-09 14:13 . 2009-05-09 03:35 -------- d-----w c:\program files\common files\installshield
2009-05-09 05:05 . 2009-05-09 05:04 -------- d-----w c:\program files\windows live
2009-05-09 05:04 . 2009-05-09 05:04 -------- d-----w c:\program files\microsoft
2009-05-09 05:04 . 2009-05-09 05:04 -------- d-----w c:\program files\windows live skydrive
2009-05-09 05:03 . 2009-05-09 05:03 -------- d-----w c:\program files\common files\windows live
2009-05-09 04:55 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-09 04:54 . 2009-05-09 04:54 206088 ----a-w c:\documents and settings\all users\application data\kaspersky lab\avp8\data\updater\temporary files\temporaryfolder\autopatches\kav8exec\8.0.0.506\avp.exe
2009-05-09 04:54 . 2009-05-09 04:54 33808 ----a-w c:\documents and settings\all users\application data\kaspersky lab\avp8\data\updater\temporary files\temporaryfolder\autopatches\kav8exec\8.0.0.506\klbg.sys
2009-05-09 04:54 . 2009-05-09 04:54 226832 ----a-w c:\documents and settings\all users\application data\kaspersky lab\avp8\data\updater\temporary files\temporaryfolder\autopatches\kav8exec\8.0.0.506\xp\klif.sys
2009-05-09 04:45 . 2009-05-09 04:45 -------- d-----w c:\program files\globfx
2009-05-09 04:34 . 2009-05-09 04:34 -------- d-----w c:\program files\tuneup utilities 2008
2009-05-09 04:34 . 2009-05-09 04:34 -------- d-----w c:\documents and settings\administrator\application data\tuneup software
2009-05-09 04:34 . 2009-05-09 04:34 306432 ----a-w c:\windows\system32\tuneupdefragservice.exe
2009-05-09 04:34 . 2009-05-09 04:34 -------- d-----w c:\documents and settings\all users\application data\tuneup software
2009-05-09 04:31 . 2009-05-09 04:31 -------- d-----w c:\program files\مشغل الفلاش العربي
2009-05-09 04:31 . 2009-05-09 04:31 -------- d-----w c:\program files\common files\adobe
2009-05-09 04:30 . 2009-05-09 04:30 -------- d-----w c:\program files\folderico
2009-05-09 04:29 . 2009-05-09 04:29 -------- d-----w c:\documents and settings\all users\application data\apple computer
2009-05-09 04:29 . 2009-05-09 04:29 -------- d-----w c:\program files\quicktime alternative
2009-05-09 04:25 . 2009-05-09 04:25 -------- d-----w c:\program files\slysoft
2009-05-09 04:23 . 2009-05-09 04:23 -------- d-----w c:\program files\kaspersky lab
2009-05-09 04:22 . 2009-05-09 04:15 -------- d-----w c:\documents and settings\all users\application data\kaspersky lab setup files
2009-05-09 04:20 . 2009-05-09 04:20 -------- d-----w c:\program files\opera
2009-05-09 04:19 . 2009-05-09 04:19 -------- d-----w c:\program files\windows media connect 2
2009-05-09 04:18 . 2009-05-09 04:18 -------- d-----w c:\program files\vs revo group
2009-05-09 04:13 . 2009-05-09 04:13 -------- d-----w c:\program files\common files\xing shared
2009-05-09 04:13 . 2009-05-09 04:13 -------- d-----w c:\program files\common files\real
2009-05-09 04:13 . 2009-05-09 04:13 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-09 04:13 . 2009-05-09 04:13 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-09 04:13 . 2009-05-09 04:13 -------- d-----w c:\program files\real
2009-05-09 03:35 . 2009-05-09 03:35 21035 ----a-w c:\windows\system32\drivers\aegisp.sys
2009-05-09 03:35 . 2009-05-09 03:35 -------- d-----w c:\program files\realtek rtl8187 wireless lan driver and utility
2009-05-09 03:35 . 2009-05-09 03:35 -------- d--h--w c:\program files\installshield installation information
2009-05-09 02:48 . 2009-05-09 02:48 -------- d-----w c:\program files\microsoft frontpage
2009-05-09 02:45 . 2009-05-09 02:45 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-30 14:13 . 2008-09-22 00:24 5063168 ----a-w c:\windows\system32\drivers\rtkhdaud.sys
2009-03-17 11:07 . 2009-05-09 03:26 122880 ----a-w c:\windows\rtkaudioservice.exe
2009-03-17 09:44 . 2009-05-09 03:26 36352 ----a-w c:\windows\system32\rtkcoinstxp.dll
2009-03-08 01:34 . 2008-04-15 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2008-04-15 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2008-04-15 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2008-04-15 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2008-04-15 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2008-04-15 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2008-04-15 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2008-04-15 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2008-04-15 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2008-04-15 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2008-04-15 12:00 283136 ----a-w c:\windows\system32\pdh.dll
2005-12-05 15:28 . 2005-12-05 15:28 3673932 ------w c:\program files\dec2005_mdx1_x86_archive.cab
2005-12-05 15:28 . 2005-12-05 15:28 1358864 ------w c:\program files\dec2005_d3dx9_28_x64.cab
2005-12-05 15:28 . 2005-12-05 15:28 86925 ------w c:\program files\oct2005_xinput_x64.cab
2005-12-05 15:28 . 2005-12-05 15:28 46247 ------w c:\program files\oct2005_xinput_x86.cab
2005-12-05 15:28 . 2005-12-05 15:28 41888 ------w c:\program files\dxdllreg_x86.cab
2005-12-05 15:28 . 2005-12-05 15:28 916806 ------w c:\program files\dec2005_mdx1_x86.cab
2005-12-05 15:27 . 2005-12-05 15:27 1080344 ------w c:\program files\dec2005_d3dx9_28_x86.cab
.

((((((((((((((((((((((((((((( snapshot@2009-05-22_12.41.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 12:00 . 2009-05-22 08:54 67448 c:\windows\system32\perfc009.dat
+ 2008-04-15 12:00 . 2009-05-22 15:38 67448 c:\windows\system32\perfc009.dat
+ 2008-04-15 12:00 . 2009-05-22 15:38 432492 c:\windows\system32\perfh009.dat
- 2008-04-15 12:00 . 2009-05-22 08:54 432492 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4

[hkey_current_user\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"msmsgs"="c:\program files\messenger\msmsgs.exe" [2008-04-14 1695232]

[hkey_local_machine\software\microsoft\windows\currentversion\run]
"persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"avp"="c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" [2009-05-09 206088]
"tkbellexe"="c:\program files\common files\real\update_ob\realsched.exe" [2009-05-09 198160]
"groovemonitor"="c:\program files\microsoft office\office12\groovemonitor.exe" [2006-10-26 31016]

[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\run-]
"alcmtr"=alcmtr.exe
"rthdcpl"=rthdcpl.exe
"tkbellexe"="c:\program files\common files\real\update_ob\realsched.exe" -osboot

[hkey_local_machine\software\microsoft\security center]
"antivirusdisablenotify"=dword:00000001

[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantivirus]
"disablemonitoring"=dword:00000001

[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)

[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\program files\\windows live\\messenger\\msnmsgr.exe"=
"c:\\program files\\microsoft office\\office12\\outlook.exe"=
"c:\\program files\\microsoft office\\office12\\groove.exe"=
"c:\\program files\\microsoft office\\office12\\onenote.exe"=

r0 klbg;kaspersky lab boot guard driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
r3 klfltdev;kaspersky lab klfltdev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
r3 rtlwusb;realtek rtl8187 wireless 802.11g 54mbps usb 2.0 network adapter;c:\windows\system32\drivers\rtl8187.sys [09/05/2009 06:35 ص 194304]
s3 ambfilt;ambfilt;c:\windows\system32\drivers\ambfilt.sys [09/05/2009 06:26 ص 1684736]

hkey_local_machine\software\microsoft\windows nt\currentversion\svchost - netsvcs
uxtuneup

[hkey_local_machine\software\microsoft\active setup\installed components\>{60b49e34-c7cc-11d0-8953-00a0c90347ff}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",brandieactivesetup signup
.
Contents of the 'scheduled tasks' folder

2009-05-09 c:\windows\tasks\1-click maintenance.job
- c:\program files\tuneup utilities 2008\oneclick.exe [2007-12-21 12:17]
.
.
------- supplementary scan -------
.
Ustart page = hxxp://www.google.com/
uinternet connection wizard,shellnext = hxxp://www.driverspile.com/realtekdriversdownloadqwed/wdm_r222.zip
ie: إضافة إلى حاجب إعلان الشعار - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
ie: ت&صدير إلى microsoft excel - c:\progra~1\micros~3\office12\excel.exe/3000
.

**************************************************************************

catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2009-05-22 18:43
windows 5.1.2600 service pack 3 ntfs

scanning hidden processes ...

Scanning hidden autostart entries ...

Scanning hidden files ...

Scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- locked registry keys ---------------------

[hkey_users\s-1-5-21-583907252-2052111302-1417001333-500\software\microsoft\internet explorer\user preferences]
@denied: (2) (administrator)
"88d7d0879dab32e14de5b3a805a34f98aff34f5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,d7,d4,23,05,dd,c1,49,95,37,c4,\
"2d53cffc5c1a3dd2e97b7979ac2a92bd59bc839e81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,d7,d4,23,05,dd,c1,49,95,37,c4,\
.
--------------------- dlls loaded under running processes ---------------------

- - - - - - - > 'explorer.exe'(2680)
c:\progra~1\window~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-05-22 18:44
combofix-quarantined-files.txt 2009-05-22 15:44
combofix2.txt 2009-05-22 12:42

pre-run: 128,311,300,096 bytes free
post-run: 128,298,344,448 bytes free

258 --- e o f --- 2009-05-12 04:43

وهذا تقرير الهايجاك

logfile of trend micro hijackthis v2.0.2
scan saved at 06:45:26 م, on 22/05/2009
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v8.00 (8.00.6001.18702)
boot mode: Normal

running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\igfxpers.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\svchost.exe
c:\windows\system32\wuauclt.exe
c:\windows\system32\wscntfy.exe
c:\windows\explorer.exe
c:\windows\system32\notepad.exe
c:\program files\opera\opera.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r1 - hklm\software\microsoft\internet explorer\main,default_page_url =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,default_search_url =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,search page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r0 - hklm\software\microsoft\internet explorer\main,start page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hkcu\software\microsoft\internet connection wizard,shellnext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o2 - bho: Acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: Ievkbdbho - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\gra8e1~1.dll
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o4 - hklm\..\run: [persistence] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [groovemonitor] "c:\program files\microsoft office\office12\groovemonitor.exe"
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o8 - extra context menu item: إضافة إلى حاجب إعلان الشعار - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
o8 - extra context menu item: ت&صدير إلى microsoft excel - res://c:\progra~1\micros~3\office12\excel.exe/3000
o9 - extra button: إحصائيات حماية حركة زيارة الويب - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - c:\program files\kaspersky lab\kaspersky internet security 2009\scieplgn.dll
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~3\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~3\office12\onbttnie.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~3\office12\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\progra~1\micros~3\office12\gr99d3~1.dll
o23 - service: Kaspersky internet security (avp) - kaspersky lab - c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe
o23 - service: Tuneup drive defrag service (tuneup.defrag) - tuneup software gmbh - c:\windows\system32\tuneupdefragservice.exe

--
end of file - 4664 bytes

KoNaMi · 23 مايو 2009

لاهنت يالغلااا انسخ تقرير الهاجيك بدون اقتباس ولا اكواد

sasm99 · 23 مايو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:56:31 م, on 22/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4565 bytes

KoNaMi · 23 مايو 2009

اخوي متى حدثت المشكله ؟؟؟ يعني بعد تركيب ثيم معين او برنامج ؟؟

sasm99 · 23 مايو 2009

والله ما أدري يا أيها الفاضل

من ناحية الثيمات .. ما في إلا ثيم رويال المعروف والبسيط جدا

تبينا نحذفه إذا ما فيه خير حذفناه

لكن ماني شايف منه ضرر لا علي ولا على عيالي :hh: :hh:

وهذي صورة للبرامج على جهازي

ما في شيء كثير

sasm99 · 23 مايو 2009

up

معقولة ما في أحد يعرف المشكلة أو مرت عليه المشكلة :?: :?: :?:

sasm99 · 24 مايو 2009

up

زيزوومي نشيط

زيزوومي جديد

توقيع : MMA_LORD_735

زيزوومي نشيط

زيزوومي ماسى

توقيع : format

زيزوومي ماسى

توقيع : format

زيزوومي ماسى

توقيع : format

زيزوومي نشيط

زيزوومي ماسى

توقيع : format

زيزوومي نشيط

زيزوومي ماسى

توقيع : format

زيزوومي نشيط

زيزوومى فضى

توقيع : KoNaMi

زيزوومي نشيط

زيزوومى فضى

توقيع : KoNaMi

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط