متعب الروقي

زيزوومي نشيط
إنضم
19 مايو 2009
المشاركات
181
مستوى التفاعل
1
النقاط
230
الإقامة
مملكتي
غير متصل
السلام عليكم ورحمة الله وبركاته


أخواني عندي مشكلة إذا دخلت قرس السي طلعلي بالصورة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



أرجو تجدون لي حل
 

توقيع : متعب الروقي
الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : متعب الروقي
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

واعمل التقرير السابق بدون اكواد
 
طلع كذا




ComboFix 09-05-28.07 - Administrator 05/29/2009 18:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1015.570 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\kakle.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.
2009-05-29 15:22 . 2009-05-29 15:22 -------- d-----w c:\program files\Trend Micro
2009-05-28 16:53 . 2009-05-06 18:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{39D55292-BA9B-420F-BBF2-1AD27F9EB7C6}\mpengine.dll
2009-05-24 19:00 . 2009-05-24 19:00 -------- d-----w c:\program files\Common Files\Vbox
2009-05-24 18:59 . 2009-05-24 18:59 -------- d-----w c:\windows\system32\Adobe
2009-05-24 18:59 . 2001-10-26 21:16 16384 ----a-w c:\windows\system32\FileOps.exe
2009-05-24 18:57 . 2009-05-24 18:57 -------- d-----w C:\Adobe Illustrator Installer
2009-05-21 22:22 . 2009-05-21 22:24 -------- d-----w c:\program files\USB Disk Security
2009-05-19 20:32 . 2009-05-19 20:32 -------- d-----w c:\documents and settings\Administrator\Application Data\DemoCreator
2009-05-19 20:32 . 2009-05-19 20:32 -------- d-----w c:\program files\Wondershare
2009-05-16 17:04 . 2009-05-16 17:04 160150 ----a-w c:\windows\Sqirlz Water Reflections Uninstaller.exe
2009-05-15 20:18 . 2009-05-23 20:32 -------- d-----w c:\windows\system32\NtmsData
2009-05-15 17:01 . 2003-08-15 11:55 348160 ----a-w c:\windows\system32\eSellerateEngine.dll
2009-05-15 17:01 . 2009-05-15 17:01 -------- d-----w c:\program files\Acoustica MP3 Audio Mixer
2009-05-15 11:15 . 2002-08-16 12:15 65536 ----a-w c:\windows\unleap.exe
2009-05-15 11:15 . 2009-05-15 11:18 -------- d-----w c:\program files\LeapFTP
2009-05-14 21:57 . 2009-05-14 22:04 -------- d-----w c:\program files\Magic Swf2Gif
2009-05-11 20:46 . 2009-05-11 20:46 -------- d-----w c:\program files\Streambox
2009-05-09 18:17 . 2009-05-09 18:17 0 ----a-w c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\klmcodec480_901\klmcodec480.exe
2009-05-08 19:49 . 2009-05-08 19:49 -------- d-----w c:\program files\Topaz Labs
2009-05-08 11:37 . 2009-05-08 11:37 -------- d-----w C:\AppServ
2009-05-01 18:25 . 2009-05-03 21:16 -------- d-----w c:\program files\WinAce
2009-04-29 22:22 . 2009-04-29 22:22 -------- d-----w c:\documents and settings\Administrator\Application Data\FlashFXP
2009-04-29 22:22 . 2009-04-29 22:26 -------- d-----w c:\program files\FlashFXP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 15:45 . 2009-03-07 18:11 -------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-05-29 15:45 . 2009-03-15 21:08 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-29 15:43 . 2009-03-15 21:08 745504 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-29 15:43 . 2009-03-15 21:08 4676 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-29 15:43 . 2009-03-15 21:08 3877920 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-29 15:43 . 2009-03-15 21:08 32424 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-27 23:30 . 2009-03-07 14:19 310264 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 15:26 . 2009-03-07 14:52 10697 ----a-w c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-05-27 10:12 . 2009-04-18 16:19 -------- d-----w c:\program files\Kelk 2000
2009-05-24 18:59 . 2009-03-07 14:46 -------- d-----w c:\program files\Common Files\Adobe
2009-05-24 18:58 . 2009-03-07 14:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-24 18:58 . 2009-03-07 14:58 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-20 15:42 . 2009-03-07 18:11 -------- d-----w c:\program files\Internet Download Manager
2009-05-20 14:18 . 2009-03-15 21:09 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-20 14:18 . 2009-03-15 21:09 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-14 22:16 . 2009-03-08 19:30 -------- d-----w c:\program files\مشغل الفلاش العربي
2009-05-08 20:18 . 2009-03-07 18:11 -------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2009-05-06 18:06 . 2009-04-22 23:21 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-04-27 19:36 . 2009-04-27 19:36 344064 ----a-w c:\windows\system32\dkll.dll
2009-04-27 19:36 . 2009-04-27 19:36 196608 ----a-w c:\windows\system32\maag.dll
2009-04-27 19:36 . 2009-04-27 19:36 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-27 19:36 . 2009-04-27 19:36 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-27 19:36 . 2009-04-27 19:36 -------- d-----w c:\program files\Ozone
2009-04-25 22:24 . 2009-04-25 22:24 -------- d-----w c:\documents and settings\All Users\Application Data\AnyCapture
2009-04-25 22:24 . 2009-04-25 22:24 -------- d-----w c:\program files\Any Capture Screen
2009-04-22 22:55 . 2009-04-22 22:55 -------- d-----w c:\program files\Windows Defender
2009-04-18 16:59 . 2009-03-07 15:42 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-18 15:22 . 2009-04-18 15:22 1159168 ----a-w c:\windows\system32\KG81.dll
2009-04-18 15:22 . 2009-04-18 15:22 1059840 ----a-w c:\windows\system32\KG32.dll
2009-04-07 21:16 . 2009-03-07 15:50 -------- d-----w c:\program files\Microsoft Works
2009-04-06 21:07 . 2009-04-06 20:14 -------- d-----w c:\program files\Google
2009-04-06 20:15 . 2009-03-07 15:33 -------- d-----w c:\program files\Real
2009-04-06 20:14 . 2009-03-07 15:33 -------- d-----w c:\program files\Common Files\Real
2009-04-06 19:33 . 2009-04-06 19:33 -------- d-----w c:\program files\Common Files\xing shared
2009-04-06 19:33 . 2009-03-07 14:54 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-06 19:33 . 2009-03-07 14:54 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-06 18:11 . 2009-04-06 18:11 390664 ----a-w c:\documents and settings\Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-05 20:31 . 2009-04-05 20:32 222720 ----a-w c:\program files\MSN_Polygamy.exe
2009-04-03 16:40 . 2009-03-07 14:14 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-30 20:04 . 2009-03-30 20:04 -------- d-----w c:\program files\LtUcx
2009-03-26 22:08 . 2009-03-26 22:08 57344 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-141f4925-n\Decora-SSE.dll
2009-03-26 22:07 . 2009-03-26 22:07 24064 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7ccf0fe0-n\Decora-D3D.dll
2009-03-26 22:07 . 2009-03-26 22:07 499712 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7f44784c-n\msvcp71.dll
2009-03-26 22:07 . 2009-03-26 22:07 499712 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7f44784c-n\jmc.dll
2009-03-26 22:07 . 2009-03-26 22:07 348160 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7f44784c-n\msvcr71.dll
2009-03-26 22:04 . 2009-03-26 22:04 57344 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-329cf7c3-n\Decora-SSE.dll
2009-03-26 22:04 . 2009-03-26 22:04 24064 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-68625f7c-n\Decora-D3D.dll
2009-03-26 22:04 . 2009-03-26 22:04 315392 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-23fbc24e-n\jogl.dll
2009-03-26 22:04 . 2009-03-26 22:04 20480 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-23fbc24e-n\jogl_awt.dll
2009-03-26 22:04 . 2009-03-26 22:04 114688 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-23fbc24e-n\jogl_cg.dll
2009-03-26 22:03 . 2009-03-26 22:03 20480 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-149c2456-n\gluegen-rt.dll
2009-03-26 22:03 . 2009-03-26 22:03 503808 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7da84509-n\msvcp71.dll
2009-03-26 22:03 . 2009-03-26 22:03 499712 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7da84509-n\jmc.dll
2009-03-26 22:03 . 2009-03-26 22:03 348160 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7da84509-n\msvcr71.dll
2009-03-26 22:01 . 2009-03-26 22:01 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-26 22:00 . 2009-03-26 22:00 152576 ----a-w c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-25 21:21 . 2009-03-25 21:21 165296 ----a-w c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-03-24 15:55 . 2009-03-07 19:09 172032 ------w c:\windows\Setup1.exe
2009-03-24 15:55 . 2009-03-07 19:09 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-21 18:48 . 2009-03-21 18:44 2762272 ----a-w c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe
2009-03-16 18:09 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-16 18:09 . 2009-03-16 18:09 206088 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-03-16 18:09 . 2009-03-16 18:09 33808 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-03-16 18:09 . 2009-03-16 18:09 226832 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-03-07 15:44 . 2009-03-07 15:44 47104 ------w c:\windows\AKDeInstall.exe
2009-03-07 14:52 . 2009-03-07 14:52 14 ----a-w c:\windows\system32\SystemInfo32.sys
2009-03-07 14:49 . 2009-03-07 14:49 159847 ----a-w c:\windows\Marsu-Fix Uninstaller.exe
2009-03-07 14:45 . 2009-03-07 14:45 10368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-03-07 14:11 . 2009-03-07 14:11 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:22 . 2004-08-03 21:56 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-04-11 14:34 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-28 2606512]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-14 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-14 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-14 131072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-26 148888]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2003-11-10 385024]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-16 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-06 198160]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-02-14 16062464]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2008-02-14 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-7 110592]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [09/01/2007 07:17 م 20539]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 07:19 م 13592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [07/03/2009 05:40 م 264576]
.
Contents of the 'Scheduled Tasks' folder
2009-05-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.18/ReadUid.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-05-29 18:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-573735546-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*/]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1547161642-573735546-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*/\OpenWithList]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1547161642-573735546-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1547161642-573735546-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A\OpenWithList]
@Class="Shell"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5985620c-3e31-4cb9-880f-1be7ed25e7bd}]
@Denied: (Full) (Everyone)
"Model"=dword:00000053
"Therad"=dword:00000005
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d7,25,35,2a,f7,b8,9c,e5,28,5e,4a,a8,d6,2d,e7,d2,7d,b9,ca,0f,81,
a1,7e,2c,ca,7a,be,88,b0,be,c2,d6,9a,e2,20,81,91,09,6c,99,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):88,c6,b8,64,f5,f9,b6,52,ee,49,cf,2d,7e,65,eb,53,1c,35,73,5b,6d,
63,27,12,ca,e4,4f,08,b8,ce,9d,39,c6,71,08,91,91,5a,18,df,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e85e598d-199d-423c-9ca9-fdb0a57dbf22}]
@Denied: (Full) (Everyone)
"Model"=dword:00000082
"Therad"=dword:0000000a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,9c,24,d3,00,a9,cf,c2,89,c7,cc,9f,4d,bc,3b,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2009-05-29 18:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-29 15:50
Pre-Run: 79,024,353,280 bytes free
Post-Run: 80,040,587,264 bytes free
239 --- E O F --- 2009-05-28 16:53
 
توقيع : متعب الروقي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:18:54 م, on 29/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe

--
End of file - 9239 bytes
 
توقيع : متعب الروقي
حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
 
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 3
29/05/2009 10:41:58 م
mbam-log-2009-05-29 (22-41-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 134769
Time elapsed: 1 hour(s), 1 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
توقيع : متعب الروقي
كيف الاوضاع عندك ؟
واعمل تقرير هايجاك جديد
 
مافهمتك
 
توقيع : متعب الروقي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:54 ص, on 30/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
--
End of file - 9167 bytes
 
توقيع : متعب الروقي
احذف التالي

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



طريقة الحذف

mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
 
نفس المشكلة
 
توقيع : متعب الروقي
عودة
أعلى