[تم حل المشكله ] مشاكل كثيره بالجهاز:- مثل الكاسبر يصير لونه رمادي والمسنجر يطفي بكيفه

  • بادئ الموضوع بادئ الموضوع bin_malo0om
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,849
الحالة
مغلق و غير مفتوح للمزيد من الردود.
B

bin_malo0om

زيزوومى متألق
إنضم
12 نوفمبر 2007
المشاركات
362
مستوى التفاعل
1
النقاط
470
الإقامة
الإمارات العربية المتحدة
غير متصل
السلام عليكم ورحمه الله وبركاته


اخباركم


شو الصحه


اخواني الجهاز في مشاكل كثيره مثل الكاسبر يصير لونه رمادي والمسنجر يطفي بكيفه وتطلعلي رساله خطا في النظام وخطا في microsoft visual c++ و المساحه منخفضه مع اني ما مستعمل غير ربع الهاردسك والكثير الكثير....

طبعا كل هذا صار بعد تحميل نسخه Kaspersky Anti Virus 8.0.506 << النسخه محملها من موقع الشركه kaspersky

كانت النسخه Kaspersky Anti Virus 8.0.454

افضل بكثير ومافيه هذي الاخطاء
وهذا تقرير الهايجاك
PHP: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:59:20 ص, on 06/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\JetAudio\jetAudio.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ae/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) - http://qtr7.talkok.com/imscp/talkc38.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240198985375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://66.186.33.82:1995/talk.cab
O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) - http://qtr7.talkok.com/imscp/talka.cab
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://209.11.244.10/ReadUid.CAB
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) - http://174.37.212.116/imscp/talks3n.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7843 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وهذا بدون المربع (كود php)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:59:20 ص, on 06/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\JetAudio\jetAudio.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7843 bytes
 
تأييد 0
والكاسبر شغال وتنبيهات windows يقول مو شغال
ونسيت اصور المشكلات لانها بين فتره وفتره تطلع
 
تأييد 0
جيد قرات تحليلك الان احذف هذه القيم الضارة من جهازك عن طريق برنامج الهايجاك اضغط على fix



تم التحرير
زيزوم
 
توقيع : volvo2008
تأييد 0
هلا وغلا
تم الحذف
وهذا تقرير جديد
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:45:52 م, on 06/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7313 bytes

انزل اداة الكومبو فكس او لا
 
تأييد 0
PHP: 
ComboFix 09-06-05.07 - t-s-comd 06/06/2009 16:01.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1256.971.1033.18.239.48 [GMT 4:00]
Running from: c:\documents and settings\t-s-comd\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
c:\windows\system32\drivers\oigpket.sys
c:\windows\system32\tmp.reg
.
(((((((((((((((((((((((((   Files Created from 2009-05-06 to 2009-06-06  )))))))))))))))))))))))))))))))
.
2009-06-05 17:41 . 2009-06-05 17:41 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-05 17:41 . 2009-06-05 17:41 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-05 17:41 . 2009-06-05 17:41 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-05 17:08 . 2009-06-05 17:41 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-05 17:08 . 2009-06-05 17:41 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-05 17:07 . 2009-06-05 17:07 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-05 10:29 . 2009-06-05 10:29 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Malwarebytes
2009-06-05 10:29 . 2009-06-05 10:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 19:41 . 2009-06-02 19:41 -------- d-sh--w- c:\documents and settings\t-s-comd\UserData
2009-05-31 17:59 . 2004-01-10 21:17 45568 ----a-w- c:\windows\system32\YM11AUTH.DLL
2009-05-31 17:58 . 2009-05-31 17:58 153600 ----a-w- c:\windows\system32\TLBINF32.DLL
2009-05-31 15:45 . 2009-05-31 15:45 390664 ----a-w- c:\documents and settings\t-s-comd\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-29 00:18 . 2009-05-29 05:41 -------- d-----w- c:\program files\Power Mp3 Cutter(Mp3 Sound Cutter)
2009-05-27 12:56 . 2009-05-27 12:56 -------- d-----w- c:\documents and settings\t-s-comd\Local Settings\Application Data\G DATA
2009-05-27 12:53 . 2009-05-27 12:53 -------- d-----w- C:\Temp
2009-05-27 02:50 . 2009-05-27 02:50 -------- d-----w- c:\program files\CCleaner
2009-05-26 11:20 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 12:32 . 2009-05-28 09:34 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-05-25 11:57 . 2009-05-25 11:57 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Xilisoft Corporation
2009-05-25 11:55 . 2009-05-25 11:55 -------- d-----w- c:\program files\Xilisoft
2009-05-25 09:06 . 2009-05-25 09:06 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2009-05-22 08:05 . 2009-05-22 08:05 720896 ----a-w- c:\windows\iun6002.exe
2009-05-21 13:26 . 2009-05-21 13:26 -------- d-----w- c:\program files\Real_SC
2009-05-21 09:02 . 2009-05-21 09:02 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\URSoft
2009-05-21 09:02 . 2009-06-05 14:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-21 09:02 . 2009-05-21 09:07 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-21 07:25 . 2009-05-21 07:25 -------- d-----w- c:\program files\Enigma Software Group
2009-05-21 07:02 . 2009-05-21 09:09 -------- d-----w- c:\program files\Exterminate It!
2009-05-20 23:08 . 2009-05-20 23:08 -------- d-----w- c:\program files\ESET
2009-05-20 22:29 . 2009-05-22 08:30 -------- d-----w- c:\windows\BDOSCAN8
2009-05-18 12:48 . 2009-05-18 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-05-15 16:47 . 2009-05-15 16:47 -------- d-----w- c:\program files\Ashampoo
2009-05-14 15:15 . 2009-05-14 15:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-09 12:18 . 2009-06-06 12:09 516128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-09 12:18 . 2009-06-06 12:07 2118176 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-09 12:18 . 2009-06-06 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 12:09 . 2009-05-09 12:18 4940 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-06 12:07 . 2009-05-09 12:18 19724 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-06 12:06 . 2009-04-15 16:48 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Free Download Manager
2009-06-05 17:41 . 2008-01-29 13:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-30 09:36 . 2009-04-15 16:16 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-27 05:11 . 2009-04-23 17:43 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\cleaner
2009-05-23 01:28 . 2009-05-23 01:28 172 ----a-w- C:\curr_ver.tmp
2009-05-21 13:27 . 2009-04-14 15:51 196608 ----a-w- c:\windows\system32\maag.dll
2009-05-21 13:27 . 2009-04-14 15:51 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-05-21 13:27 . 2009-04-14 15:51 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-05-21 13:27 . 2009-04-14 15:51 1986560 ----a-w- c:\windows\system32\akll.dll
2009-05-21 13:27 . 2009-04-14 15:51 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-05-21 13:27 . 2009-04-14 15:51 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-05-21 13:27 . 2009-04-14 15:51 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-05-21 13:27 . 2009-04-14 15:51 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-05-21 13:23 . 2009-04-14 15:51 -------- d-----w- c:\program files\GoldWave
2009-05-18 12:49 . 2009-04-15 16:48 -------- d-----w- c:\program files\Free Download Manager
2009-05-11 17:31 . 2009-04-15 16:45 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\PC Suite
2009-05-10 15:53 . 2009-04-15 16:00 -------- d-----w- c:\program files\MSN Messenger
2009-05-04 12:03 . 2009-04-15 16:03 -------- d-----w- c:\program files\Circle Develoement
2009-05-04 11:56 . 2009-04-15 16:04 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\RegsRemoteLite
2009-05-04 11:56 . 2009-05-04 11:55 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-05-04 11:53 . 2009-04-15 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Long slow road itch
2009-04-30 16:34 . 2009-04-15 16:10 -------- d-----w- c:\program files\JetAudio
2009-04-29 19:05 . 2009-04-15 12:29 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Image Zone Express
2009-04-28 17:47 . 2009-04-28 17:47 -------- d-----w- c:\program files\UAE Yellow Pages CD
2009-04-28 11:03 . 2009-04-14 16:36 105872 ----a-w- c:\documents and settings\t-s-comd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 10:29 . 2009-04-15 15:45 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\HP
2009-04-28 08:50 . 2009-04-28 08:50 -------- d-----w- c:\program files\Symantec
2009-04-28 08:49 . 2009-04-14 15:50 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-27 12:00 . 2009-04-27 12:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-27 11:57 . 2009-04-27 11:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-24 14:37 . 2009-04-24 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-04-24 14:37 . 2009-04-24 14:37 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\NCH Swift Sound
2009-04-24 14:37 . 2009-04-24 14:37 -------- d-----w- c:\program files\NCH Swift Sound
2009-04-23 19:22 . 2009-04-23 19:22 -------- d-----w- c:\program files\WinAVI Video Converter
2009-04-23 17:52 . 2009-04-22 17:00 -------- d-----w- c:\program files\Windows Desktop Search
2009-04-23 17:44 . 2009-04-23 17:44 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\CyberScrub
2009-04-23 10:07 . 2009-04-15 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-04-23 10:05 . 2009-04-23 10:05 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Thinstall
2009-04-23 09:20 . 2009-04-23 09:20 -------- d-----w- c:\program files\MSBuild
2009-04-23 09:20 . 2009-04-23 09:20 -------- d-----w- c:\program files\Reference Assemblies
2009-04-23 09:00 . 2009-04-23 09:00 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Windows Search
2009-04-22 19:14 . 2009-04-22 19:14 -------- d-----w- c:\program files\UPHClean
2009-04-22 16:58 . 2009-04-22 16:58 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 12:12 . 2009-04-14 15:11 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-20 15:36 . 2009-04-20 15:36 -------- d-----w- c:\program files\Trend Micro
2009-04-20 08:54 . 2009-04-20 08:54 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-04-20 08:52 . 2009-04-20 08:52 -------- d-----w- c:\program files\SplitCam
2009-04-20 08:52 . 2009-04-14 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-20 08:06 . 2009-04-20 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-20 07:21 . 2009-04-20 07:21 131 ----a-w- c:\documents and settings\t-s-comd\Local Settings\Application Data\fusioncache.dat
2009-04-20 05:16 . 2009-04-20 05:16 -------- d-----w- c:\program files\MSXML 4.0
2009-04-18 19:33 . 2009-04-15 16:45 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Nokia
2009-04-15 18:36 . 2009-04-15 18:36 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\CyberLink
2009-04-15 18:36 . 2009-04-14 17:01 -------- d-----w- c:\program files\Ahead
2009-04-15 17:56 . 2009-04-15 17:56 0 ----a-w- c:\windows\nsreg.dat
2009-04-15 17:42 . 2009-04-14 16:41 -------- d-----w- c:\program files\HP
2009-04-15 16:39 . 2009-04-15 16:38 -------- d-----w- c:\program files\Common Files\PCSuite
2009-04-15 16:38 . 2009-04-15 16:37 -------- d-----w- c:\program files\Common Files\Nokia
2009-04-15 16:38 . 2009-04-15 16:30 -------- d-----w- c:\program files\Nokia
2009-04-15 16:34 . 2009-04-15 16:34 -------- d-----w- c:\program files\DIFX
2009-04-15 16:32 . 2009-04-15 16:32 -------- d-----w- c:\program files\PC Connectivity Solution
2009-04-15 16:23 . 2009-04-15 16:23 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-15 16:23 . 2009-04-15 16:23 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-15 16:23 . 2009-04-15 16:23 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-15 16:23 . 2009-04-15 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-04-15 16:22 . 2009-04-15 16:22 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\COWON
2009-04-15 16:16 . 2009-04-14 16:04 172032 ------w- c:\windows\Setup1.exe
2009-04-15 16:16 . 2009-04-14 16:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-04-15 16:13 . 2009-04-15 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-15 16:11 . 2009-04-15 16:10 -------- d-----w- c:\program files\Common Files\COWON
2009-04-15 16:09 . 2009-04-15 16:09 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\InstallShield
2009-04-15 16:06 . 2009-04-15 16:06 -------- d-----w- c:\program files\MSECache
2009-04-15 16:04 . 2009-04-15 16:04 -------- d-----w- c:\program files\RegsRemoteLite
2009-04-15 16:03 . 2009-04-15 16:03 -------- d-----w- c:\program files\LtUcx
2009-04-15 16:03 . 2009-04-15 16:02 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-15 16:03 . 2009-04-15 16:03 -------- d-----w- c:\program files\Windows Live
2009-04-15 15:46 . 2009-04-15 15:46 78144 ----a-w- c:\windows\hpfins05.dat
2009-04-15 15:44 . 2009-04-14 16:36 128376 ----a-w- c:\windows\hpoins11.dat
2009-04-15 12:30 . 2009-04-15 12:30 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Media Player Classic
2009-04-15 12:29 . 2009-04-15 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-04-14 16:53 . 2009-04-14 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-14 16:47 . 2009-04-14 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-14 16:46 . 2009-04-14 16:46 -------- d-----w- c:\program files\Common Files\HP
2009-04-14 16:45 . 2009-04-14 16:44 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-14 16:44 . 2009-04-14 16:44 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-04-14 16:06 . 2009-04-14 16:06 2232 ----a-w- c:\windows\java\Packages\Data\ZH7V3NDB.DAT
2009-04-14 16:06 . 2009-04-14 16:06 155995 ----a-w- c:\windows\java\Packages\JXV5V3VJ.ZIP
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\PZLVJHNJ.DAT
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\P33N1ZFN.DAT
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\X39ZN3DF.DAT
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\IOPR5Z5R.DAT
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\8AB3FFR1.DAT
2009-04-14 15:57 . 2009-04-14 15:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-04-14 15:57 . 2009-04-14 15:56 -------- d-----w- c:\program files\Real
2009-04-14 15:57 . 2009-04-14 15:56 -------- d-----w- c:\program files\Common Files\Real
2009-04-14 15:56 . 2009-04-14 15:51 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-14 15:56 . 2009-04-14 15:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-14 15:52 . 2009-04-14 15:51 -------- d-----w- c:\program files\CyberLink
.
(((((((((((((((((((((((((((((   SnapShot@2009-05-20_06.44.35   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-12 10:33 . 2007-12-08 04:39 28672              c:\windows\system32\vb6lib.dll
+ 2009-05-21 13:26 . 2003-05-21 21:50 73793              c:\windows\system32\RMBin\codecs\atrc.dll
+ 2008-11-11 15:58 . 2008-11-11 15:58 25601              c:\windows\system32\drivers\klopp.dat
+ 2008-04-30 13:06 . 2008-04-30 13:06 24592              c:\windows\system32\drivers\klim5.sys
- 2008-04-30 14:06 . 2008-04-30 14:06 24592              c:\windows\system32\drivers\klim5.sys
- 2009-04-14 15:16 . 2009-05-09 12:43 32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-14 15:16 . 2009-06-05 18:42 32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-14 15:16 . 2009-06-05 18:42 32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-14 15:16 . 2009-05-09 12:43 32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-14 15:16 . 2009-05-09 12:43 16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-14 15:16 . 2009-06-05 18:42 16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-05 11:44 . 2009-01-05 11:44 53248              c:\windows\bdoscandel.exe
+ 2009-05-20 22:30 . 2009-05-20 22:30 86016              c:\windows\BDOSCAN8\librtvr.dll
+ 2009-05-20 22:30 . 2009-05-20 22:30 27136              c:\windows\BDOSCAN8\avxt.dll
+ 2009-05-20 22:30 . 2009-05-20 22:30 10240              c:\windows\BDOSCAN8\avxs.dll
+ 2009-05-20 22:30 . 2009-05-20 22:30 45056              c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-05-21 13:26 . 2005-01-19 12:45 376899              c:\windows\system32\RMBin\codecs\erv2.dll
- 2008-07-29 16:21 . 2008-07-29 16:21 218376              c:\windows\system32\klogon.dll
+ 2008-11-11 16:00 . 2008-11-11 16:00 218376              c:\windows\system32\klogon.dll
+ 2009-06-05 17:05 . 2009-06-05 17:41 226832              c:\windows\system32\drivers\klif.sys
- 2008-07-21 14:34 . 2008-07-21 14:34 121872              c:\windows\system32\drivers\kl1.sys
+ 2008-07-21 13:34 . 2008-07-21 13:34 121872              c:\windows\system32\drivers\kl1.sys
+ 2009-02-03 11:24 . 2009-02-03 11:24 296336              c:\windows\Downloaded Program Files\rufsi.dll
+ 2009-01-05 11:44 . 2009-01-05 11:44 741376              c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 11:44 . 2009-05-20 22:30 142848              c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 11:44 . 2009-01-05 11:44 741376              c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 11:44 . 2009-05-20 22:30 102400              c:\windows\BDOSCAN8\bdcore.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-14 185896]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-06-05 206088]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-12-29 544768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-06-05 33808]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

--- Other Services/Drivers In Memory ---
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - AVP
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - kl1
*Deregistered* - klbg
*Deregistered* - KLIF
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - LanmanServer
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RichVideo
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - ServiceLayer
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SPLITCAM
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - UPHClean
*Deregistered* - uphcleanhlp
*Deregistered* - usnjsvc
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ae/
uInternet Settings,ProxyOverride = local
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الفيديو بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: تحميل الكل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: تحميل المحددة بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: تحميل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://69.65.39.44:1999/ReadUid.CAB
FF - ProfilePath - c:\documents and settings\t-s-comd\Application Data\Mozilla\Firefox\Profiles\h63wdhyv.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\component.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 16:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...  
scanning hidden autostart entries ... 
scanning hidden files ...  
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1123561945-448539723-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="ba"
"b"="NOTEPAD.EXE"
[HKEY_USERS\S-1-5-21-1123561945-448539723-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithProgids]
"ctt‎_auto_file"=hex(0):
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1988)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-06-06 16:25 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-06 12:25
ComboFix2.txt  2009-05-20 06:46
Pre-Run: 15,641,518,080 bytes free
Post-Run: 15,665,655,808 bytes free
397
 
تأييد 0
volvo2008 قال:
جيد قرات تحليلك الان احذف هذه القيم الضارة من جهازك عن طريق برنامج الهايجاك اضغط على fix head

واحذف هذه القيم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
o16 - dpf: {3c8e8dd8-d86a-4e6d-af37-ab3ca7fdf8cd} (ims_conference control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


القيمة الثانية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
o16 - dpf: {9e45be3c-de06-4492-ab7d-e51447cf2ed0} (clsums class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


القيمة الثالثة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
o16 - dpf: {b7fdb0c3-4724-46d2-b8db-6fa1dc63f7ca} (readuid.usercontrolmacentry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


القيمة الرابعة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
o16 - dpf: {c171ff59-8c55-4796-a398-4f5d02b4c763} (imc_sec control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...

يا اخوي الله يهديك هذه مو قيم مصابة
لا تخليه يحذف في اي قيم
ترى هذه الحركة تخرب الكمبيوتر
 
تأييد 0
bin_malo0om قال:
هلا وغلا
تم الحذف
وهذا تقرير جديد
logfile of trend micro hijackthis v2.0.2
scan saved at 02:45:52 م, on 06/06/2009
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v7.00 (7.00.6000.16827)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\program files\cyberlink\powerdvd\pdvdserv.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\windows\soundman.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\windows\system32\svchost.exe
c:\program files\uphclean\uphclean.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\program files\hp\hp software update\hpwuschd2.exe
c:\windows\sm56hlpr.exe
c:\windows\system32\ctfmon.exe
c:\program files\msn messenger\msnmsgr.exe
c:\program files\nokia\nokia pc suite 7\pcsuite.exe
c:\program files\free download manager\fdm.exe
c:\program files\messenger\msmsgs.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
c:\program files\hp\digital imaging\bin\hpqste08.exe
c:\program files\pc connectivity solution\servicelayer.exe
c:\program files\pc connectivity solution\transports\nclusbsrv.exe
c:\program files\pc connectivity solution\transports\nclrssrv.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\msn messenger\usnsvc.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = local
f2 - reg:system.ini: Shell=explorer.exe
o2 - bho: Acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: Ievkbdbho - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
o2 - bho: Fdmiecookiesbho class - {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
o4 - hklm\..\run: [remotecontrol] "c:\program files\cyberlink\powerdvd\pdvdserv.exe"
o4 - hklm\..\run: [languageshortcut] "c:\program files\cyberlink\powerdvd\language\language.exe"
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [soundman] soundman.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [igfxhkcmd] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [igfxpers] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [hp software update] c:\program files\hp\hp software update\hpwuschd2.exe
o4 - hklm\..\run: [userfaultcheck] %systemroot%\system32\dumprep 0 -u
o4 - hklm\..\run: [smserial] sm56hlpr.exe
o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
o4 - hklm\..\run: [avp] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
o4 - hkcu\..\run: [pc suite tray] "c:\program files\nokia\nokia pc suite 7\pcsuite.exe" -onlytray
o4 - hkcu\..\run: [free download manager] c:\program files\free download manager\fdm.exe -autorun
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: Hp digital imaging monitor.lnk = c:\program files\hp\digital imaging\bin\hpqtra08.exe
o8 - extra context menu item: Download with xilisoft download youtube video - c:\program files\xilisoft\download youtube video\upod_link.htm
o8 - extra context menu item: E&xport to microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
o8 - extra context menu item: تحميل الفيديو بواسطة free download manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\free download manager\dlfvideo.htm
o8 - extra context menu item: تحميل الكل بواسطة free download manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\free download manager\dlall.htm
o8 - extra context menu item: تحميل المحددة بواسطة free download manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\free download manager\dlselected.htm
o8 - extra context menu item: تحميل بواسطة free download manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\free download manager\dllink.htm
o9 - extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\scieplgn.dll
o9 - extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - c:\windows\bdoscandel.exe
o9 - extra 'tools' menuitem: Uninstall bitdefender online scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - c:\windows\bdoscandel.exe
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (bdscanonline control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {644e432f-49d3-41a1-8dd5-e099162eeec5} (symantec rufsi utility class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {6924091f-cd97-41e1-b1d4-d9079409d413} (imcv1 control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {bb21f850-63f4-4ec9-bf9d-565bd30c9ae9} (a-squared scanner) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o20 - appinit_dlls: C:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
o23 - service: Kaspersky anti-virus (avp) - kaspersky lab - c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe
o23 - service: Pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
o23 - service: Cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
o23 - service: Servicelayer - nokia. - c:\program files\pc connectivity solution\servicelayer.exe
--
end of file - 7313 bytes

انزل اداة الكومبو فكس او لا
أنقر للتوسيع...

الله يكون في عونك انت حذفت قيم صحيحة
 
تأييد 0
اخر تقرير لك سليم


mg%20%284%29.png
[/B][/SIZE][/COLOR][/FONT]


بعدها

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم



عطل برنامج الحمايه واستخدم اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png


005.png

ثم قم بعمل تقرير هايجاك جديد
 
التعديل الأخير بواسطة المشرف:
تأييد 0
تأييد 0
تسلم اخوي kemo
والله يعطيك العافيه
وجزاك الله الخير


1-combo fix
PHP: 
ComboFix 09-06-05.07 - t-s-comd 06/06/2009 16:01.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1256.971.1033.18.239.48 [GMT 4:00]
Running from: c:\documents and settings\t-s-comd\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
c:\windows\system32\drivers\oigpket.sys
c:\windows\system32\tmp.reg
.
(((((((((((((((((((((((((   Files Created from 2009-05-06 to 2009-06-06  )))))))))))))))))))))))))))))))
.
2009-06-05 17:41 . 2009-06-05 17:41 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-05 17:41 . 2009-06-05 17:41 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-05 17:41 . 2009-06-05 17:41 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-05 17:08 . 2009-06-05 17:41 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-05 17:08 . 2009-06-05 17:41 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-05 17:07 . 2009-06-05 17:07 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-05 10:29 . 2009-06-05 10:29 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Malwarebytes
2009-06-05 10:29 . 2009-06-05 10:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 19:41 . 2009-06-02 19:41 -------- d-sh--w- c:\documents and settings\t-s-comd\UserData
2009-05-31 17:59 . 2004-01-10 21:17 45568 ----a-w- c:\windows\system32\YM11AUTH.DLL
2009-05-31 17:58 . 2009-05-31 17:58 153600 ----a-w- c:\windows\system32\TLBINF32.DLL
2009-05-31 15:45 . 2009-05-31 15:45 390664 ----a-w- c:\documents and settings\t-s-comd\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-29 00:18 . 2009-05-29 05:41 -------- d-----w- c:\program files\Power Mp3 Cutter(Mp3 Sound Cutter)
2009-05-27 12:56 . 2009-05-27 12:56 -------- d-----w- c:\documents and settings\t-s-comd\Local Settings\Application Data\G DATA
2009-05-27 12:53 . 2009-05-27 12:53 -------- d-----w- C:\Temp
2009-05-27 02:50 . 2009-05-27 02:50 -------- d-----w- c:\program files\CCleaner
2009-05-26 11:20 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 12:32 . 2009-05-28 09:34 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-05-25 11:57 . 2009-05-25 11:57 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Xilisoft Corporation
2009-05-25 11:55 . 2009-05-25 11:55 -------- d-----w- c:\program files\Xilisoft
2009-05-25 09:06 . 2009-05-25 09:06 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2009-05-22 08:05 . 2009-05-22 08:05 720896 ----a-w- c:\windows\iun6002.exe
2009-05-21 13:26 . 2009-05-21 13:26 -------- d-----w- c:\program files\Real_SC
2009-05-21 09:02 . 2009-05-21 09:02 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\URSoft
2009-05-21 09:02 . 2009-06-05 14:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-21 09:02 . 2009-05-21 09:07 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-21 07:25 . 2009-05-21 07:25 -------- d-----w- c:\program files\Enigma Software Group
2009-05-21 07:02 . 2009-05-21 09:09 -------- d-----w- c:\program files\Exterminate It!
2009-05-20 23:08 . 2009-05-20 23:08 -------- d-----w- c:\program files\ESET
2009-05-20 22:29 . 2009-05-22 08:30 -------- d-----w- c:\windows\BDOSCAN8
2009-05-18 12:48 . 2009-05-18 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-05-15 16:47 . 2009-05-15 16:47 -------- d-----w- c:\program files\Ashampoo
2009-05-14 15:15 . 2009-05-14 15:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-09 12:18 . 2009-06-06 12:09 516128 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-09 12:18 . 2009-06-06 12:07 2118176 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-09 12:18 . 2009-06-06 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 12:09 . 2009-05-09 12:18 4940 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-06 12:07 . 2009-05-09 12:18 19724 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-06 12:06 . 2009-04-15 16:48 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Free Download Manager
2009-06-05 17:41 . 2008-01-29 13:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-30 09:36 . 2009-04-15 16:16 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-27 05:11 . 2009-04-23 17:43 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\cleaner
2009-05-23 01:28 . 2009-05-23 01:28 172 ----a-w- C:\curr_ver.tmp
2009-05-21 13:27 . 2009-04-14 15:51 196608 ----a-w- c:\windows\system32\maag.dll
2009-05-21 13:27 . 2009-04-14 15:51 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-05-21 13:27 . 2009-04-14 15:51 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-05-21 13:27 . 2009-04-14 15:51 1986560 ----a-w- c:\windows\system32\akll.dll
2009-05-21 13:27 . 2009-04-14 15:51 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-05-21 13:27 . 2009-04-14 15:51 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-05-21 13:27 . 2009-04-14 15:51 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-05-21 13:27 . 2009-04-14 15:51 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-05-21 13:23 . 2009-04-14 15:51 -------- d-----w- c:\program files\GoldWave
2009-05-18 12:49 . 2009-04-15 16:48 -------- d-----w- c:\program files\Free Download Manager
2009-05-11 17:31 . 2009-04-15 16:45 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\PC Suite
2009-05-10 15:53 . 2009-04-15 16:00 -------- d-----w- c:\program files\MSN Messenger
2009-05-04 12:03 . 2009-04-15 16:03 -------- d-----w- c:\program files\Circle Develoement
2009-05-04 11:56 . 2009-04-15 16:04 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\RegsRemoteLite
2009-05-04 11:56 . 2009-05-04 11:55 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-05-04 11:53 . 2009-04-15 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Long slow road itch
2009-04-30 16:34 . 2009-04-15 16:10 -------- d-----w- c:\program files\JetAudio
2009-04-29 19:05 . 2009-04-15 12:29 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Image Zone Express
2009-04-28 17:47 . 2009-04-28 17:47 -------- d-----w- c:\program files\UAE Yellow Pages CD
2009-04-28 11:03 . 2009-04-14 16:36 105872 ----a-w- c:\documents and settings\t-s-comd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 10:29 . 2009-04-15 15:45 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\HP
2009-04-28 08:50 . 2009-04-28 08:50 -------- d-----w- c:\program files\Symantec
2009-04-28 08:49 . 2009-04-14 15:50 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-27 12:00 . 2009-04-27 12:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-27 11:57 . 2009-04-27 11:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-24 14:37 . 2009-04-24 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-04-24 14:37 . 2009-04-24 14:37 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\NCH Swift Sound
2009-04-24 14:37 . 2009-04-24 14:37 -------- d-----w- c:\program files\NCH Swift Sound
2009-04-23 19:22 . 2009-04-23 19:22 -------- d-----w- c:\program files\WinAVI Video Converter
2009-04-23 17:52 . 2009-04-22 17:00 -------- d-----w- c:\program files\Windows Desktop Search
2009-04-23 17:44 . 2009-04-23 17:44 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\CyberScrub
2009-04-23 10:07 . 2009-04-15 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-04-23 10:05 . 2009-04-23 10:05 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Thinstall
2009-04-23 09:20 . 2009-04-23 09:20 -------- d-----w- c:\program files\MSBuild
2009-04-23 09:20 . 2009-04-23 09:20 -------- d-----w- c:\program files\Reference Assemblies
2009-04-23 09:00 . 2009-04-23 09:00 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Windows Search
2009-04-22 19:14 . 2009-04-22 19:14 -------- d-----w- c:\program files\UPHClean
2009-04-22 16:58 . 2009-04-22 16:58 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-21 12:12 . 2009-04-14 15:11 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-20 15:36 . 2009-04-20 15:36 -------- d-----w- c:\program files\Trend Micro
2009-04-20 08:54 . 2009-04-20 08:54 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-04-20 08:52 . 2009-04-20 08:52 -------- d-----w- c:\program files\SplitCam
2009-04-20 08:52 . 2009-04-14 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-20 08:06 . 2009-04-20 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-20 07:21 . 2009-04-20 07:21 131 ----a-w- c:\documents and settings\t-s-comd\Local Settings\Application Data\fusioncache.dat
2009-04-20 05:16 . 2009-04-20 05:16 -------- d-----w- c:\program files\MSXML 4.0
2009-04-18 19:33 . 2009-04-15 16:45 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Nokia
2009-04-15 18:36 . 2009-04-15 18:36 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\CyberLink
2009-04-15 18:36 . 2009-04-14 17:01 -------- d-----w- c:\program files\Ahead
2009-04-15 17:56 . 2009-04-15 17:56 0 ----a-w- c:\windows\nsreg.dat
2009-04-15 17:42 . 2009-04-14 16:41 -------- d-----w- c:\program files\HP
2009-04-15 16:39 . 2009-04-15 16:38 -------- d-----w- c:\program files\Common Files\PCSuite
2009-04-15 16:38 . 2009-04-15 16:37 -------- d-----w- c:\program files\Common Files\Nokia
2009-04-15 16:38 . 2009-04-15 16:30 -------- d-----w- c:\program files\Nokia
2009-04-15 16:34 . 2009-04-15 16:34 -------- d-----w- c:\program files\DIFX
2009-04-15 16:32 . 2009-04-15 16:32 -------- d-----w- c:\program files\PC Connectivity Solution
2009-04-15 16:23 . 2009-04-15 16:23 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-15 16:23 . 2009-04-15 16:23 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-15 16:23 . 2009-04-15 16:23 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-15 16:23 . 2009-04-15 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-04-15 16:22 . 2009-04-15 16:22 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\COWON
2009-04-15 16:16 . 2009-04-14 16:04 172032 ------w- c:\windows\Setup1.exe
2009-04-15 16:16 . 2009-04-14 16:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-04-15 16:13 . 2009-04-15 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-15 16:11 . 2009-04-15 16:10 -------- d-----w- c:\program files\Common Files\COWON
2009-04-15 16:09 . 2009-04-15 16:09 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\InstallShield
2009-04-15 16:06 . 2009-04-15 16:06 -------- d-----w- c:\program files\MSECache
2009-04-15 16:04 . 2009-04-15 16:04 -------- d-----w- c:\program files\RegsRemoteLite
2009-04-15 16:03 . 2009-04-15 16:03 -------- d-----w- c:\program files\LtUcx
2009-04-15 16:03 . 2009-04-15 16:02 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-15 16:03 . 2009-04-15 16:03 -------- d-----w- c:\program files\Windows Live
2009-04-15 15:46 . 2009-04-15 15:46 78144 ----a-w- c:\windows\hpfins05.dat
2009-04-15 15:44 . 2009-04-14 16:36 128376 ----a-w- c:\windows\hpoins11.dat
2009-04-15 12:30 . 2009-04-15 12:30 -------- d-----w- c:\documents and settings\t-s-comd\Application Data\Media Player Classic
2009-04-15 12:29 . 2009-04-15 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-04-14 16:53 . 2009-04-14 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-14 16:47 . 2009-04-14 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-14 16:46 . 2009-04-14 16:46 -------- d-----w- c:\program files\Common Files\HP
2009-04-14 16:45 . 2009-04-14 16:44 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-14 16:44 . 2009-04-14 16:44 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-04-14 16:06 . 2009-04-14 16:06 2232 ----a-w- c:\windows\java\Packages\Data\ZH7V3NDB.DAT
2009-04-14 16:06 . 2009-04-14 16:06 155995 ----a-w- c:\windows\java\Packages\JXV5V3VJ.ZIP
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\PZLVJHNJ.DAT
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\P33N1ZFN.DAT
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\X39ZN3DF.DAT
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\IOPR5Z5R.DAT
2009-04-14 16:06 . 2009-04-14 16:06 2678 ----a-w- c:\windows\java\Packages\Data\8AB3FFR1.DAT
2009-04-14 15:57 . 2009-04-14 15:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-04-14 15:57 . 2009-04-14 15:56 -------- d-----w- c:\program files\Real
2009-04-14 15:57 . 2009-04-14 15:56 -------- d-----w- c:\program files\Common Files\Real
2009-04-14 15:56 . 2009-04-14 15:51 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-14 15:56 . 2009-04-14 15:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-14 15:52 . 2009-04-14 15:51 -------- d-----w- c:\program files\CyberLink
.
(((((((((((((((((((((((((((((   SnapShot@2009-05-20_06.44.35   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-12 10:33 . 2007-12-08 04:39 28672              c:\windows\system32\vb6lib.dll
+ 2009-05-21 13:26 . 2003-05-21 21:50 73793              c:\windows\system32\RMBin\codecs\atrc.dll
+ 2008-11-11 15:58 . 2008-11-11 15:58 25601              c:\windows\system32\drivers\klopp.dat
+ 2008-04-30 13:06 . 2008-04-30 13:06 24592              c:\windows\system32\drivers\klim5.sys
- 2008-04-30 14:06 . 2008-04-30 14:06 24592              c:\windows\system32\drivers\klim5.sys
- 2009-04-14 15:16 . 2009-05-09 12:43 32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-14 15:16 . 2009-06-05 18:42 32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-14 15:16 . 2009-06-05 18:42 32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-14 15:16 . 2009-05-09 12:43 32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-14 15:16 . 2009-05-09 12:43 16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-14 15:16 . 2009-06-05 18:42 16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-05 11:44 . 2009-01-05 11:44 53248              c:\windows\bdoscandel.exe
+ 2009-05-20 22:30 . 2009-05-20 22:30 86016              c:\windows\BDOSCAN8\librtvr.dll
+ 2009-05-20 22:30 . 2009-05-20 22:30 27136              c:\windows\BDOSCAN8\avxt.dll
+ 2009-05-20 22:30 . 2009-05-20 22:30 10240              c:\windows\BDOSCAN8\avxs.dll
+ 2009-05-20 22:30 . 2009-05-20 22:30 45056              c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-05-21 13:26 . 2005-01-19 12:45 376899              c:\windows\system32\RMBin\codecs\erv2.dll
- 2008-07-29 16:21 . 2008-07-29 16:21 218376              c:\windows\system32\klogon.dll
+ 2008-11-11 16:00 . 2008-11-11 16:00 218376              c:\windows\system32\klogon.dll
+ 2009-06-05 17:05 . 2009-06-05 17:41 226832              c:\windows\system32\drivers\klif.sys
- 2008-07-21 14:34 . 2008-07-21 14:34 121872              c:\windows\system32\drivers\kl1.sys
+ 2008-07-21 13:34 . 2008-07-21 13:34 121872              c:\windows\system32\drivers\kl1.sys
+ 2009-02-03 11:24 . 2009-02-03 11:24 296336              c:\windows\Downloaded Program Files\rufsi.dll
+ 2009-01-05 11:44 . 2009-01-05 11:44 741376              c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 11:44 . 2009-05-20 22:30 142848              c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 11:44 . 2009-01-05 11:44 741376              c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 11:44 . 2009-05-20 22:30 102400              c:\windows\BDOSCAN8\bdcore.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-14 185896]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-06-05 206088]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-12-29 544768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-06-05 33808]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

--- Other Services/Drivers In Memory ---
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - AVP
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - kl1
*Deregistered* - klbg
*Deregistered* - KLIF
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - LanmanServer
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RichVideo
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - ServiceLayer
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SPLITCAM
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - UPHClean
*Deregistered* - uphcleanhlp
*Deregistered* - usnjsvc
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ae/
uInternet Settings,ProxyOverride = local
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الفيديو بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: تحميل الكل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: تحميل المحددة بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: تحميل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://69.65.39.44:1999/ReadUid.CAB
FF - ProfilePath - c:\documents and settings\t-s-comd\Application Data\Mozilla\Firefox\Profiles\h63wdhyv.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\component.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 16:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...  
scanning hidden autostart entries ... 
scanning hidden files ...  
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1123561945-448539723-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="ba"
"b"="NOTEPAD.EXE"
[HKEY_USERS\S-1-5-21-1123561945-448539723-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithProgids]
"ctt‎_auto_file"=hex(0):
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1988)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-06-06 16:25 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-06 12:25
ComboFix2.txt  2009-05-20 06:46
Pre-Run: 15,641,518,080 bytes free
Post-Run: 15,665,655,808 bytes free
397

2- SmitfraudFix
PHP: 
SmitFraudFix v2.419
Scan done at 17:42:53.98, Sat 06/06/2009
Run from C:\Documents and Settings\t-s-comd\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1       localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
 
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D3F40DA7-C5F9-4D0C-AF0C-92FF75170D00}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D3F40DA7-C5F9-4D0C-AF0C-92FF75170D00}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D3F40DA7-C5F9-4D0C-AF0C-92FF75170D00}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D3F40DA7-C5F9-4D0C-AF0C-92FF75170D00}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2
 
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

3-Trend Micro HijackThis
PHP: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:46, on 06/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240198985375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://66.186.33.82:1995/talk.cab
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://69.65.39.44:1999/ReadUid.CAB
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7227 bytes
بس يالغلا لاتقول لي حمل اداة الكاسبر kaspersky removal tool
لاني اول ما اضبط الاعدادات واضغط سكان يعلق البرنامج
وجربت اكثر من مره
 
تأييد 0
حاول تدخل على هذه المواضيع
قم بالدخول على هذه المواضيع وان شاء الله تستفيد
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


موضوع كامل عن حذف الفيروسات وحل اضرارها
 
تأييد 0
kemo_2009 قال:
حاول تدخل على هذه المواضيع
قم بالدخول على هذه المواضيع وان شاء الله تستفيد
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...

تسلم يالغلا
جاري التجربه
والله يعطيك العافيه
 
تأييد 0
volvo2008 قال:
جيد قرات تحليلك الان احذف هذه القيم الضارة من جهازك عن طريق برنامج الهايجاك اضغط على fix​




تم التحرير

زيزوم
أنقر للتوسيع...

اخي العزيز .. حياك الله معناا
والمنتدى انشئ لمساعدة الاعضاء !!

ورجاءً لا تقم بالتحليل مره أخرى ,,
 
تأييد 0
زيزوم قال:
اخي العزيز .. حياك الله معناا
والمنتدى انشئ لمساعدة الاعضاء !!

ورجاءً لا تقم بالتحليل مره أخرى ,,
أنقر للتوسيع...
هلا والله بالحب زيزوم
منور الموضوع

ياليت تغلق الموضوع للانتهاء
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى