مشكلة الماسنجر يرسل روابط تلقائيا ؟؟

[ذاكر احمد]

السلام عليكم ورحمه الله وبركاته

انا عندي مشكله في المانسجر حقي كل مافتح المانسجر يرسل روابط إلي جميع اصحابي والروابط الي يرسله روابط مو حلوه يعني روابط مواقع غير اباحيه ارجو انا تعطوني الحل وشكرنا

جربت برنامج Trojan Remover مانفع يعني ايش الحل


فرمت الجهاز برظو مانفع
ارجو المساعده

 

[السّاجد لله]

عذرا بتعديل العنوان الى الانسب
بارك الله فيك
​

 

[السّاجد لله]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

​

​

​

 

[ذاكر احمد]

طلع التقرير هداء
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:00 م, on 31/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BR040286.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DeskSpace\deskspace.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\thaker\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Jawal Modem\Jawal Modem Utility\BRService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonInst0402] C:\WINDOWS\BR040286.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCOP Tray] C:\Program Files\PC Optimizer Pro\Pcoptimizerpro.exe TRAY=1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\Jawal Modem\Jawal Modem Utility\BRService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
--
End of file - 8559 bytes

 

[السّاجد لله]

طيب اخوي عندك فايروسات بجهازك اعمل التالي

عطل برامج الحماية لديك

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

اثناء الفحص ممكن يعاد تشغيل الجهاز​

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك القادم​

​

 

[ذاكر احمد]

ComboFix 09-05-31.02 - thaker 06/01/2009 0:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1014.491 [GMT 3:00]
Running from: d:\programs\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.
2009-05-31 20:53 . 2009-05-31 20:53 -------- d-----w- c:\program files\Trend Micro
2009-05-31 20:35 . 2009-05-18 11:47 3007352 ----a-w- c:\documents and settings\thaker\Application Data\Simply Super Software\Trojan Remover\aeiC.exe
2009-05-31 20:32 . 2006-06-19 10:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-05-31 20:32 . 2006-05-25 12:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-05-31 20:32 . 2005-08-25 22:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-05-31 20:32 . 2003-02-02 17:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-05-31 20:32 . 2002-03-05 22:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-05-31 20:32 . 2009-05-31 20:32 -------- d-----w- c:\program files\Trojan Remover
2009-05-31 20:32 . 2009-05-31 20:32 -------- d-----w- c:\documents and settings\thaker\Application Data\Simply Super Software
2009-05-31 20:32 . 2009-05-31 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-05-31 04:46 . 2006-08-29 14:56 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2009-05-31 04:45 . 2009-05-31 04:46 -------- d-----w- c:\program files\NSS
2009-05-31 00:55 . 2009-05-31 00:55 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-31 00:53 . 2009-05-31 00:53 -------- d-----w- c:\documents and settings\thaker\Application Data\Malwarebytes
2009-05-31 00:53 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 00:53 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-31 00:53 . 2009-05-31 00:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-31 00:53 . 2009-05-31 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 19:15 . 2009-05-30 19:15 -------- d-----w- c:\program files\DFX
2009-05-30 17:35 . 2009-05-30 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2009-05-29 19:17 . 2009-05-29 19:25 -------- d-----w- c:\documents and settings\thaker\Local Settings\Application Data\myBabylon_English
2009-05-29 19:17 . 2009-05-29 19:17 -------- d-----w- c:\program files\Conduit
2009-05-29 19:17 . 2009-05-29 19:17 -------- d-----w- c:\documents and settings\thaker\Local Settings\Application Data\Conduit
2009-05-29 19:17 . 2009-05-29 19:17 -------- d-----w- c:\program files\myBabylon_English
2009-05-29 19:17 . 2009-05-29 19:17 -------- d-----w- c:\program files\Babylon
2009-05-25 22:10 . 2009-05-25 22:10 -------- d-----w- c:\program files\XviD
2009-05-25 22:09 . 2009-05-25 22:09 -------- d-----w- c:\program files\PPTexpert
2009-05-25 22:07 . 2009-05-25 22:07 -------- d-----w- c:\windows\Muslim Bag
2009-05-25 22:07 . 2009-05-25 22:07 -------- d-----w- c:\program files\Muslim Bag
2009-05-23 20:23 . 2009-05-23 20:23 -------- d-----w- c:\windows\system32\LogFiles
2009-05-22 20:14 . 2009-05-22 20:14 -------- d-----w- c:\documents and settings\thaker\Local Settings\Application Data\Symantec
2009-05-22 20:13 . 2008-05-09 14:09 91520 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2009-05-22 20:13 . 2009-05-22 20:13 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-05-22 20:13 . 2009-05-22 20:13 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-22 20:12 . 2007-03-21 17:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-05-22 20:12 . 2008-05-21 11:18 2584848 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2E2966EA-2169-4E42-8A8A-CC1749D80088}\WindowsInstaller-KB893803-x86.exe
2009-05-22 20:12 . 2008-05-21 11:17 648576 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2E2966EA-2169-4E42-8A8A-CC1749D80088}\smcinst.exe
2009-05-22 20:12 . 2008-05-21 11:17 300432 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2E2966EA-2169-4E42-8A8A-CC1749D80088}\Setup.exe
2009-05-22 20:12 . 2009-05-22 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-22 20:12 . 2009-05-22 20:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-22 20:12 . 2009-05-22 20:13 -------- d-----w- c:\program files\Symantec
2009-05-22 20:12 . 2008-05-21 11:17 927088 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2E2966EA-2169-4E42-8A8A-CC1749D80088}\LuCheck.exe
2009-05-22 20:12 . 2008-05-21 11:17 3554080 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2E2966EA-2169-4E42-8A8A-CC1749D80088}\LUSETUP.EXE
2009-05-22 19:52 . 2008-06-14 17:31 271616 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-05-22 19:52 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\drivers\bthport.sys
2009-05-22 19:50 . 2009-02-09 11:22 2190592 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-22 19:50 . 2009-02-09 11:22 2146816 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-22 19:50 . 2009-02-09 11:22 2025472 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-22 19:46 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-22 19:45 . 2009-05-22 22:23 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-22 19:10 . 2008-07-09 07:34 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-22 19:10 . 2009-05-23 18:54 -------- d--h--w- c:\windows\$hf_mig$
2009-05-22 18:59 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-22 18:59 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-20 23:45 . 2009-05-20 23:45 -------- d-----w- c:\documents and settings\thaker\Application Data\OtakuSoftware
2009-05-20 23:42 . 2009-05-21 00:18 -------- d-----w- c:\program files\DeskSpace
2009-05-20 21:31 . 2009-05-22 19:29 -------- d-----w- c:\documents and settings\thaker\Tracing
2009-05-20 21:17 . 2009-05-20 21:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-20 20:53 . 2009-05-20 20:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-20 19:45 . 2009-05-20 19:45 -------- d-----w- c:\program files\MSN Messenger
2009-05-20 19:39 . 2009-05-20 19:39 -------- d-----w- c:\program files\MoMe MsN
2009-05-17 00:01 . 2009-05-17 00:01 -------- d-----w- c:\program files\GetData
2009-05-17 00:01 . 2009-05-17 00:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-15 18:42 . 2009-05-15 18:42 -------- d-----w- c:\documents and settings\thaker\Local Settings\Application Data\Identities
2009-05-15 03:01 . 2009-05-15 03:01 -------- d-----w- c:\program files\Hotspot Shield
2009-05-15 03:00 . 2009-05-15 03:00 -------- d--h--w- c:\windows\PIF
2009-05-15 02:15 . 2009-05-15 02:15 -------- d-----w- C:\My Media Files
2009-05-15 02:11 . 2002-05-06 08:01 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-05-15 02:11 . 2002-05-06 08:01 17005 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-05-15 02:11 . 2001-04-19 14:34 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2009-05-15 02:11 . 2001-04-19 14:34 5600 ----a-w- c:\windows\system\WINASPI.DLL
2009-05-15 02:10 . 2005-11-08 03:32 3088384 ----a-w- c:\windows\system32\erdmpg-4.dll
2009-05-15 02:10 . 2004-10-29 18:46 61440 ----a-w- c:\windows\system32\smd.dll
2009-05-15 02:10 . 2001-08-23 13:00 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-05-15 02:10 . 2009-05-15 02:11 -------- d-----w- c:\program files\Aurora Media Workshop
2009-05-15 02:10 . 1999-06-03 09:47 142608 ----a-w- c:\windows\system32\atl.exe
2009-05-14 19:57 . 2003-06-18 14:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-14 19:55 . 2009-05-14 19:55 -------- d-----w- c:\program files\Microsoft.NET
2009-05-14 19:54 . 2009-05-14 19:54 -------- d-----w- c:\program files\Microsoft Works
2009-05-14 19:53 . 2009-05-14 19:55 -------- d-----w- c:\windows\SHELLNEW
2009-05-13 14:02 . 2009-05-13 14:02 -------- d-----w- c:\program files\PC Optimizer Pro
2009-05-13 03:35 . 2009-05-13 03:35 -------- d-----w- c:\documents and settings\thaker\Local Settings\Application Data\DFX
2009-05-13 03:33 . 2009-05-13 03:33 -------- d-----w- c:\program files\AskSearch
2009-05-13 03:33 . 2009-05-13 03:33 -------- d-----w- c:\program files\AskBarDis
2009-05-13 03:33 . 2009-05-13 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2009-05-13 03:33 . 2009-05-13 03:33 -------- d-----w- c:\program files\Common Files\DFX
2009-05-13 03:19 . 2009-05-13 03:19 12800 ----a-r- c:\documents and settings\thaker\Application Data\Microsoft\Installer\{2EE90F26-20B3-4423-81DE-E57E5D2E4FEF}\Icon2EE90F261.exe
2009-05-13 03:19 . 2009-05-13 03:19 -------- d-----w- c:\program files\Zoner
2009-05-13 03:18 . 2009-05-13 03:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-13 02:54 . 2009-05-13 02:54 -------- d-----w- c:\program files\CCleaner
2009-05-13 01:21 . 2009-05-13 01:21 -------- d-----w- c:\documents and settings\thaker\Application Data\Media Player Classic
2009-05-12 23:08 . 2009-05-12 23:08 -------- d-----w- C:\Al-Moheet
2009-05-12 22:29 . 2009-05-15 01:26 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-12 22:24 . 2009-05-15 19:07 172032 ------w- c:\windows\Setup1.exe
2009-05-12 22:24 . 2009-05-15 19:07 73216 ------w- c:\windows\ST6UNST.EXE
2009-05-12 22:24 . 2009-05-15 19:06 -------- d-----w- c:\windows\speech
2009-05-12 22:21 . 2009-05-12 22:21 -------- d-s---w- c:\documents and settings\thaker\UserData
2009-05-12 22:19 . 2009-05-12 22:19 -------- d-----w- c:\program files\UltraUXThemePatcher
2009-05-12 22:15 . 2009-05-12 22:19 -------- d-----w- c:\windows\VistaMizer
2009-05-12 21:54 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-05-12 21:53 . 2009-05-12 21:53 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-12 21:48 . 2009-05-13 13:26 -------- d-----w- c:\documents and settings\thaker\Contacts
2009-05-12 21:33 . 2009-05-12 21:41 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-12 21:32 . 2009-05-22 19:48 -------- d-----w- c:\program files\Windows Live
2009-05-12 21:32 . 2009-05-22 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-12 21:06 . 2009-05-12 21:06 0 ----a-w- c:\windows\nsreg.dat
2009-05-12 21:06 . 2009-05-12 21:06 -------- d-----w- c:\documents and settings\thaker\Local Settings\Application Data\Mozilla
2009-05-12 20:50 . 2009-05-12 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-12 20:49 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-05-12 20:49 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-05-12 20:49 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-05-12 20:49 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-05-12 20:49 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-05-12 20:49 . 2004-12-20 08:08 155648 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-12 20:49 . 2004-12-20 08:03 679936 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-12 20:49 . 2009-03-02 18:10 67584 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-12 20:49 . 2009-05-12 20:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-12 20:49 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-05-12 20:45 . 2009-05-12 20:45 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-12 20:45 . 2007-03-21 17:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-05-12 20:45 . 2007-03-21 17:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-05-12 20:45 . 2009-05-12 20:45 -------- d-----w- c:\program files\Common Files\Real
2009-05-12 20:45 . 2009-05-12 20:45 -------- d-----w- c:\program files\Real
2009-05-12 20:40 . 2009-05-12 20:42 -------- d-----w- c:\program files\The KMPlayer
2009-05-12 20:07 . 2009-05-12 20:07 198064 ----a-w- c:\documents and settings\thaker\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 20:10 . 2008-04-15 12:00 58920 ----a-w- c:\windows\system32\perfc001.dat
2009-05-31 20:10 . 2008-04-15 12:00 328690 ----a-w- c:\windows\system32\perfh001.dat
2009-05-22 20:13 . 2009-05-22 20:13 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-22 20:13 . 2009-05-22 20:13 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-14 21:53 . 2009-05-12 00:16 97360 ----a-w- c:\documents and settings\thaker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 03:42 . 2009-05-11 23:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-12 22:19 . 2008-04-15 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-05-12 19:34 . 2009-05-11 23:47 -------- d-----w- c:\program files\Intel
2009-05-12 00:09 . 2009-05-11 23:55 -------- d-----w- c:\program files\Broadcom
2009-05-12 00:09 . 2009-05-11 23:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 00:07 . 2009-05-12 00:07 -------- d-----w- c:\documents and settings\thaker\Application Data\Intel
2009-05-12 00:07 . 2009-05-12 00:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-05-12 00:07 . 2009-05-12 00:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-05-12 00:07 . 2009-05-12 00:07 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-05-12 00:07 . 2009-05-12 00:07 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-05-12 00:07 . 2009-05-12 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-05-12 00:02 . 2009-05-12 00:02 57344 ----a-r- c:\documents and settings\thaker\Application Data\Microsoft\Installer\{EEBFB406-5846-4F33-96B5-C7BA8FC50F69}\ARPPRODUCTICON.exe
2009-05-12 00:02 . 2009-05-12 00:02 -------- d-----w- c:\program files\Fingerprint Sensor
2009-05-11 23:59 . 2009-05-11 23:59 -------- d-----w- c:\program files\WIDCOMM
2009-05-11 23:58 . 2009-05-11 23:58 -------- d-----w- c:\program files\Common Files\snp2uvc
2009-05-11 23:52 . 2009-05-11 23:52 -------- d-----w- c:\program files\Synaptics
2009-05-11 23:52 . 2009-05-11 23:50 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-11 23:50 . 2009-05-11 23:50 -------- d-----w- c:\program files\Realtek
2009-05-11 23:50 . 2009-05-11 23:50 315392 ----a-w- c:\windows\HideWin.exe
2009-05-11 23:49 . 2009-05-11 23:49 -------- d-----w- c:\documents and settings\thaker\Application Data\InstallShield
2009-05-11 23:38 . 2009-05-11 23:38 -------- d-----w- c:\program files\microsoft frontpage
2009-05-11 23:34 . 2009-05-11 23:34 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-26 15:35 . 2009-05-07 07:42 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-03-13 15:01 . 2007-06-19 14:08 149768 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2009-03-06 14:20 . 2008-04-15 12:00 283136 ----a-w- c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 15:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-05-18 08:54 2094616 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-08 2807216]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DeskSpace"="c:\program files\DeskSpace\deskspace.exe" [2008-07-02 1336320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-12 198160]
"PCOP Tray"="c:\program files\PC Optimizer Pro\Pcoptimizerpro.exe" [2009-04-22 3526656]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 115560]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-18 1059720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-28 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
R2 BandLuxe_Service;BandLuxe Service;c:\program files\Jawal Modem\Jawal Modem Utility\BRService.exe [06/04/2009 10:12 ص 87264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/05/2009 11:44 م 101936]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [13/05/2009 06:34 ص 234888]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [12/05/2009 10:35 م 104448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 01:55 م 23888]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
SafeBoot-Symantec Antvirus

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13812&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\thaker\Application Data\Mozilla\Firefox\Profiles\izqe85ru.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\thaker\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-01 00:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-117609710-448539723-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E33A3D3-61D1-C0DE-06C5-CB80A4CC8976}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abkemdioijakmfkhneolfppkjmhmklhdha"=hex:6a,61,67,6a,61,6d,67,64,6c,6a,68,6e,
6a,6b,65,61,63,6f,61,62,00,d3
"paedcehnhmnllkhmghiphjhaaohcglig"=hex:6a,61,64,6a,62,66,6e,6f,62,65,69,6c,6f,
70,6a,6c,6f,6c,6a,6d,00,d3
.
Completion time: 2009-05-31 0:25
ComboFix-quarantined-files.txt 2009-05-31 21:25
Pre-Run: 33,729,339,392 bytes free
Post-Run: 34,132,684,800 bytes free
272 --- E O F --- 2009-05-23 18:54

 

[ذاكر احمد]

هدا هو التقرير الثاني
بعد تعطيل بربنامج الحمايه لديه

 

[خيآل إنسآن]

اخوي ذاكر احمد

قد يفيدك هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

و ايضا كثير من المواضيع قد تفيدك
احداها

 

[shaded]

حمل هالاداه وهي تقوم باللازم طال عمرك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[ذاكر احمد]

وينك

 

[ياحبذى الجنة]

ليش توقفتم؟

 

[boob77]

جاري تحليل التقرير ،،

 

[ذاكر احمد]

شكرنا اخوي hesham77 علي المساعده وبصراحه ماقصرت يعطيك الف عافيه
بس الحمد لله المشكله اتحلت ومعليش علي القصور

k:k:

 

[ياحبذى الجنة]

شف هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ان شاء الله ينفعك لانه يتكلم عن نفس هذا الفاير الي اتعبنا كلنا

 

[boob77]

حدد هالقيم واحذفهاا

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

طريقة الحذف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم من اضافة وازلة البرامج احذف التالي

Toolbar: Ask Toolbar

Toolbar: myBabylon English Toolbar

ثم نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم من تشغيل اكتب msconfig ثم بدا التشغيل

شيل كل علامات الصح ماعدا هذي

[ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

[MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

اعد التشغيل وان شاء الله خير
​