والله حتجنني هالرسالتين....؟

[king-algerie]

السلام عليكم اخوتي في الله
:cr:مشكلتي هي انو عندي رسالتين موجعالي راسي و الرسالتين هما::cr:

و الثانية:

والله يا اخوة كهرت الجلوس امام الجهاز بسببها
اغيثونا و الشكر مقدم
​

 

[king_man]

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​

​

​

​

 

[king-algerie]

تفضل اخي التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:33, on 09/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe
C:\DOCUME~1\جوادي\LOCALS~1\Temp\kpgh.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\جوادي\My Documents\Downloads\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla1.dll
R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla1.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\??CI?\My Documents\Downloads\Compressed\RRT\RRT.exe auto
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{79D701AA-E95A-4CA4-9D16-E8F5E9DED5C9}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8820 bytes
​

 

[JOLT_K!NG]

​

إذا كانت عملية الكشف عن اسمه wscript.exe يعمل على جهاز الكمبيوتر الخاص بك ،فأن الجهاز قد يكون مصابا من سلالة Vbswg.Aq دودة.

اعطني تقرير هايجاك

 

[سامى عبد الفتاح]

بالنسبة للصورة الاولى ربما انت تستخدم برنامج لتسريع النسخ داخل الجهاز وصار خطأ اثناء النسخ والصورة الثانية :ربما يوجد ملف ناقص او تالف. ادخل اسطوانة الويندوز وشغل الاداة المساعدةchkdsk وسؤال أخر : هل عملت استعادة نظام؟؟؟ قبل حدوث المشكلة

 

[travolta19]

معلهش انا شفت الموضوع فحبيت اطمن على جهازى انا كمان
ياريت ترد عليا فيه حاجه فى جهازى ولا ايه لانى حاسس انه بطيء اوى
وده تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:22 م, on 09/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOW\System32\smss.exe
C:\WINDOW\system32\winlogon.exe
C:\WINDOW\system32\services.exe
C:\WINDOW\system32\lsass.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\system32\spoolsv.exe
C:\WINDOW\Explorer.EXE
C:\WINDOW\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOW\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOW\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hotspot Shield\bin\openvpn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.JET9\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: RocketDock.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 10064 bytes

 

[king-algerie]

لا اخي ما سويت استعادة نظام لكن سويت فحص بـ ComboFix
​

 

[king_man]

اخى عندك اصابات جاااامده فى الجهاز :

احذف هذه القيم :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

O8 - Extra context menu item: &Search -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)

طريقة الحذف
​

​

​

بعدها

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

عطل برنامج الحمايه واستخدم اداة SmitfraudFix​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

​

​

ثم قم بعمل تقرير هايجاك جديد
​

 

[Run]

لا اخي ما سويت استعادة نظام لكن سويت فحص بـ combofix
​

جرب مره اخرى تسوي فحص بنفس الاداه با الوضع الامن

 

[king_man]

معلهش انا شفت الموضوع فحبيت اطمن على جهازى انا كمان
ياريت ترد عليا فيه حاجه فى جهازى ولا ايه لانى حاسس انه بطيء اوى
وده تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:22 م, on 09/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOW\System32\smss.exe
C:\WINDOW\system32\winlogon.exe
C:\WINDOW\system32\services.exe
C:\WINDOW\system32\lsass.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\system32\spoolsv.exe
C:\WINDOW\Explorer.EXE
C:\WINDOW\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOW\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOW\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hotspot Shield\bin\openvpn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.JET9\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: RocketDock.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 10064 bytes

بالنسبه لك اخى الكريم افتح موضوع مش حاينفع هنا :q:

 

[king-algerie]

بالنسبةللوضع الامن ما يشتغل ابدا وانا الان اقوم بعمل التقارير لحظات ويكون عندكم

 

[king-algerie]

تقرير كامبو فيكس
ComboFix 09-06-08.03 - جوادي 09/06/2009 12:19.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.33.1025.18.1015.581 [GMT 2:00]
Running from: i:\çنêي ‎يٌوَ\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\جوادي\LOCALS~1\Temp\الدليل المؤقت 3 لـ final.zip\final\ar-final\FinalDatal.exe
c:\documents and settings\جوادي\Local Settings\temp\الدليل المؤقت 3 لـ final.zip\final\ar-final\FinalDatal.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 08:55 . 2009-06-09 08:55 -------- d-----w- c:\documents and settings\جوادي\Application Data\.clamwin
2009-06-09 08:54 . 2009-06-09 08:54 -------- d-----w- c:\program files\ClamWin
2009-06-09 08:54 . 2009-06-09 08:54 -------- d-----w- c:\documents and settings\All Users\.clamwin
2009-06-09 06:04 . 2005-05-24 17:23 288320 ----a-w- c:\windows\system32\mcgdmgr.dll
2009-06-09 06:04 . 2009-06-09 06:04 -------- d-----w- c:\program files\McAfee.com
2009-06-09 06:04 . 2005-07-18 10:03 349760 ----a-w- c:\windows\system32\mcinsctl.dll
2009-06-08 20:56 . 2009-06-08 20:56 -------- d-----w- c:\documents and settings\جوادي\Application Data\NwDocx
2009-06-08 20:56 . 2009-06-08 20:56 -------- d-----w- c:\documents and settings\جوادي\Application Data\Docx2Rtf
2009-06-08 20:16 . 2009-06-09 10:01 102400 ----a-w- c:\windows\system32\winxp.exe
2009-06-08 14:13 . 2009-06-08 14:13 -------- d-----w- c:\documents and settings\جوادي\Local Settings\Application Data\************
2009-06-08 14:13 . 2009-06-08 14:13 -------- d-----w- c:\program files\************
2009-06-08 13:32 . 2009-06-08 13:32 -------- d-----w- c:\program files\CCleaner
2009-06-08 13:22 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-08 13:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-08 13:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-08 13:21 . 2009-06-08 13:21 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-08 13:21 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-08 13:21 . 2009-06-08 13:21 -------- d-----w- c:\program files\Spyware Doctor
2009-06-08 13:21 . 2009-06-08 13:21 -------- d-----w- c:\documents and settings\جوادي\Application Data\PC Tools
2009-06-07 21:34 . 2009-06-07 21:34 -------- d-sh--w- C:\FOUND.005
2009-06-07 11:54 . 2009-06-07 11:54 -------- d-sh--w- C:\FOUND.004
2009-06-07 09:35 . 2009-06-07 09:35 -------- d-----w- c:\program files\Common Files\Skype
2009-06-06 20:52 . 2005-03-14 05:01 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2009-06-06 20:52 . 2005-04-08 02:29 20622 ----a-r- c:\windows\system32\SUGS2LMK.DLL
2009-06-06 20:52 . 2005-03-03 10:09 57344 ----a-r- c:\windows\system32\SSCoInst.dll
2009-06-06 20:52 . 2005-03-03 04:32 151552 ----a-r- c:\windows\system32\SSCoInst.exe
2009-06-06 20:50 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-06 20:50 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-05 21:39 . 2009-06-05 21:39 -------- d-sh--w- C:\FOUND.003
2009-06-05 13:27 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\جوادي\Application Data\Macromedia\Flash Player\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-06-05 11:41 . 2009-04-22 15:06 51200 ----a-w- c:\documents and settings\جوادي\Application Data\Mozilla\Firefox\Profiles\entgi1wi.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll
2009-06-05 11:41 . 2009-04-22 15:06 114688 ----a-w- c:\documents and settings\جوادي\Application Data\Mozilla\Firefox\Profiles\entgi1wi.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\npmozax.dll
2009-06-04 21:04 . 2009-06-04 21:04 -------- d-----w- c:\windows\Naruto Shippuden Mugen
2009-06-04 21:04 . 2009-06-04 21:04 -------- d-----w- c:\program files\Naruto Shippuden Mugen
2009-06-04 19:55 . 2009-06-04 19:55 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-04 15:07 . 2009-06-04 15:07 -------- d-----w- c:\documents and settings\جوادي\Application Data\WinPatrol
2009-06-04 15:07 . 2009-05-21 18:51 0 ----a-w- c:\documents and settings\جوادي\Application Data\WinPatrol\Config.sys
2009-06-04 15:07 . 2009-05-21 18:51 0 ----a-w- c:\documents and settings\جوادي\Application Data\WinPatrol\Autoexec.bat
2009-06-02 22:18 . 2009-06-02 22:19 -------- d-----w- c:\windows\system32\athan
2009-06-02 22:18 . 2009-06-02 22:18 -------- d-----w- c:\program files\Athan
2009-06-02 17:18 . 2009-06-02 17:18 -------- d-sh--w- C:\FOUND.002
2009-06-02 06:17 . 2009-06-02 06:17 -------- d-----w- C:\My Squeak
2009-06-02 05:22 . 2009-06-02 05:22 -------- d-----w- C:\vcs5BGEffects
2009-06-02 05:22 . 2009-06-02 05:22 -------- d-----w- C:\vcs5core
2009-06-02 05:22 . 2009-06-02 05:22 -------- d-----w- C:\AV_LOGS
2009-06-02 05:17 . 2009-06-02 05:17 -------- d-----w- c:\program files\Common Files\Scanner
2009-06-02 05:14 . 2009-06-02 05:14 -------- d-----w- c:\documents and settings\جوادي\Application Data\Desktopicon
2009-06-02 05:14 . 2009-06-02 05:14 -------- d-----w- c:\program files\Unlocker
2009-06-02 04:35 . 2009-06-02 04:35 -------- d-----w- c:\program files\VoiceMaskPro
2009-06-02 04:04 . 2009-06-02 04:04 28 ----a-w- c:\windows\system32\srss.dat
2009-06-01 22:41 . 2009-06-01 22:41 -------- d--h--w- c:\windows\Icons
2009-06-01 12:18 . 2009-06-01 12:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Alawar.com
2009-06-01 12:18 . 2009-06-01 12:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMNTOOLBAR
2009-06-01 12:18 . 2009-06-01 12:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\EmailNotifier
2009-06-01 09:34 . 2009-06-01 09:34 -------- d-----w- c:\program files\Squeak
2009-06-01 09:02 . 2009-06-01 09:02 -------- d-sh--w- C:\FOUND.001
2009-05-31 08:00 . 2009-05-31 08:00 -------- d-----w- c:\documents and settings\جوادي\Application Data\DAEMON Tools Pro
2009-05-30 11:18 . 2009-05-30 11:18 -------- d-----w- c:\program files\MSXML 6.0
2009-05-29 21:28 . 2009-05-29 21:28 -------- d-----w- c:\program files\PhotoZoom Pro 2
2009-05-29 20:04 . 2009-05-29 20:05 -------- d-----w- c:\documents and settings\جوادي\Application Data\Hamachi
2009-05-29 20:04 . 2009-05-29 20:04 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-29 07:40 . 2009-05-29 07:40 -------- d-----w- c:\program files\Secret Maryo Chronicles
2009-05-28 19:03 . 2009-06-02 22:18 811008 ----a-w- c:\windows\iun6002.exe
2009-05-28 15:04 . 2009-05-28 15:04 2398720 ----a-w- c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
2009-05-28 15:03 . 2009-05-28 15:03 -------- d-----w- c:\documents and settings\_µ__و\LOCALS~1
2009-05-28 15:03 . 2009-05-28 15:03 -------- d-----w- c:\documents and settings\_µ__و
2009-05-27 14:51 . 2009-05-27 14:51 -------- d-----w- c:\documents and settings\جوادي\Application Data\Super-Cow
2009-05-27 12:32 . 2009-05-27 12:33 -------- d-----w- c:\documents and settings\جوادي\Application Data\URSE Games
2009-05-26 14:23 . 2009-05-26 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-26 14:23 . 2009-05-26 14:23 -------- d-----w- c:\documents and settings\جوادي\Application Data\PlayFirst
2009-05-26 10:12 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-05-26 10:12 . 2009-05-26 10:12 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-05-26 06:53 . 2009-05-26 06:53 4096 ----a-w- c:\windows\d3dx.dat
2009-05-26 06:50 . 2007-03-29 02:42 29704 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-26 06:50 . 2009-05-26 06:50 2289664 ----a-w- c:\windows\system32\TUKernel.exe
2009-05-26 06:20 . 2009-05-26 06:20 -------- d-----w- c:\program files\Khayal IE
2009-05-26 06:07 . 2009-05-26 06:07 -------- d-----w- c:\documents and settings\جوادي\Application Data\Media Player Classic
2009-05-25 20:00 . 2009-05-25 20:00 53248 ----a-w- c:\windows\system32\suppdll.dll
2009-05-25 20:00 . 2009-05-25 20:00 35363 ----a-w- c:\windows\system32\windrvNT.sys
2009-05-25 20:00 . 2009-05-25 20:00 -------- d-----w- c:\program files\Folder Lock
2009-05-25 20:00 . 2005-04-11 14:40 73728 ----a-w- c:\windows\system32\FLKill.exe
2009-05-25 14:32 . 2009-05-25 14:32 468488 ----a-w- c:\documents and settings\جوادي\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-25 10:19 . 2009-05-25 10:19 -------- d-----w- c:\program files\Selteco
2009-05-25 07:42 . 2009-05-25 07:42 -------- d-sh--w- C:\FOUND.000
2009-05-25 05:14 . 2009-05-25 05:14 -------- d-----w- c:\program files\CA VMN Anti-Spyware
2009-05-25 05:14 . 2009-05-25 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-05-25 05:14 . 2009-05-25 05:14 -------- d-----w- c:\documents and settings\جوادي\Application Data\EmailNotifier
2009-05-25 05:14 . 2009-05-25 05:14 -------- d-----w- c:\program files\vmntoolbar
2009-05-25 05:14 . 2009-05-25 05:14 -------- d-----w- c:\documents and settings\جوادي\Application Data\vmntoolbar
2009-05-25 05:14 . 2009-05-25 05:14 -------- d-----w- c:\program files\Visicom Media
2009-05-24 18:38 . 2009-05-24 18:38 -------- d-----w- c:\windows\C8BB491212D942AEB571E580D8CD1B5B.TMP
2009-05-24 13:07 . 2009-05-24 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2009-05-24 13:07 . 2009-05-24 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-05-24 13:07 . 2009-05-24 13:07 -------- d-----w- c:\program files\Conduit
2009-05-24 13:07 . 2009-05-24 13:07 -------- d-----w- c:\program files\Alawar.com
2009-05-24 13:07 . 2009-05-24 13:07 -------- d-----w- c:\documents and settings\جوادي\Local Settings\Application Data\Conduit
2009-05-24 13:07 . 2009-05-24 13:07 -------- d-----w- c:\documents and settings\جوادي\Local Settings\Application Data\Alawar.com
2009-05-24 13:03 . 2009-05-24 13:03 -------- d-----w- c:\program files\Alawar
2009-05-24 11:06 . 2009-05-24 11:06 -------- d-----w- c:\windows\Sun
2009-05-24 11:06 . 2009-05-24 11:06 -------- d-----w- c:\documents and settings\?????
2009-05-24 09:40 . 2009-05-24 09:40 -------- d-----w- c:\documents and settings\جوادي\Application Data\HTML Executable
2009-05-23 19:33 . 2009-05-23 19:40 4506256 ----a-w- c:\documents and settings\جوادي\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
2009-05-23 19:26 . 2009-05-23 19:26 -------- d-----w- C:\Incomplete
2009-05-23 19:26 . 2009-05-23 19:26 -------- d-----w- C:\Nouveau dossier
2009-05-23 19:25 . 2009-05-23 19:25 -------- d-----w- c:\documents and settings\جوادي\Incomplete
2009-05-23 19:25 . 2009-05-23 19:25 -------- d-----w- c:\documents and settings\جوادي\Application Data\LimeWire
2009-05-23 19:24 . 2009-05-23 19:24 -------- d-----w- c:\program files\Java
2009-05-23 19:24 . 2009-05-23 19:24 -------- d-----w- c:\program files\Common Files\Java
2009-05-23 19:14 . 2009-05-23 19:14 -------- d-----w- c:\program files\TuneUp Utilities 2007
2009-05-23 19:14 . 2009-05-23 19:14 -------- d-----w- c:\documents and settings\جوادي\Application Data\TuneUp Software
2009-05-23 19:13 . 2009-05-23 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-23 19:13 . 2009-05-23 19:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-23 19:12 . 2009-05-23 19:12 -------- d-----w- c:\documents and settings\جوادي\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2009-05-23 19:12 . 2009-05-23 19:12 -------- d-----w- c:\windows\system32\URTTemp
2009-05-23 19:09 . 2009-05-23 19:09 -------- d-----w- c:\program files\Abadisoft
2009-05-23 13:09 . 2009-05-23 13:09 -------- d-----w- c:\windows\system32\Adobe
2009-05-23 10:40 . 2009-05-23 10:40 -------- d-----w- c:\program files\PhotoBrush
2009-05-23 10:38 . 2009-05-23 10:38 -------- d-----w- c:\documents and settings\جوادي\Local Settings\Application Data\Stardock
2009-05-23 10:21 . 2009-05-23 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-05-23 10:21 . 2009-05-23 10:21 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-23 10:20 . 2009-05-23 10:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-23 10:16 . 2009-05-23 10:16 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-23 10:16 . 2009-05-23 10:16 -------- d-----w- c:\documents and settings\جوادي\Application Data\DAEMON Tools Lite
2009-05-23 09:55 . 2009-05-23 09:55 -------- d-----w- c:\program files\holy quran online
2009-05-23 09:36 . 2001-08-17 12:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 08:58 . 2001-09-19 10:00 52890 ----a-w- c:\windows\system32\perfc001.dat
2009-06-09 08:58 . 2001-09-19 10:00 318566 ----a-w- c:\windows\system32\perfh001.dat
2009-06-07 09:35 . 2009-06-07 09:35 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-06-01 09:10 . 2009-05-21 18:30 98304 ----a-w- c:\windows\DUMP0c6e.tmp
2009-05-25 20:52 . 2009-05-25 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-25 20:52 . 2009-05-25 20:52 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-21 23:04 . 2009-05-21 18:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-21 19:02 . 2009-05-21 19:02 -------- d-----w- c:\program files\Realtek
2009-05-21 19:02 . 2009-05-21 19:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 19:02 . 2009-05-21 19:02 -------- d-----w- c:\documents and settings\جوادي\Application Data\InstallShield
2009-05-21 19:02 . 2009-05-21 19:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-21 18:57 . 2009-05-21 18:57 -------- d-----w- c:\program files\Intel
2009-05-21 18:57 . 2009-05-21 18:57 -------- d-----w- c:\program files\Yahoo!
2009-05-21 18:51 . 2009-05-21 18:51 -------- d-----w- c:\program files\microsoft frontpage
2009-05-21 18:48 . 2009-05-21 18:48 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-26 15:35 . 2009-05-19 10:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-08_12.06.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-19 10:00 . 2009-06-08 11:15 52900 c:\windows\system32\perfc009.dat
+ 2001-09-19 10:00 . 2009-06-09 08:58 52900 c:\windows\system32\perfc009.dat
+ 2009-05-22 10:48 . 2009-06-09 07:10 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-09-19 10:00 . 2009-06-09 08:58 380486 c:\windows\system32\perfh009.dat
- 2001-09-19 10:00 . 2009-06-08 11:15 380486 c:\windows\system32\perfh009.dat
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-04-22 14:52 2086936 ----a-w- c:\program files\************\tb4sha.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]
2009-05-24 13:12 2094616 ----a-w- c:\program files\Alawar.com\tbAla1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-19 2885040]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-05-27 1650928]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-04-28 2591544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 176128]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 147456]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 104304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 114799]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-04 259624]
"RRT-Auto"="c:\documents and settings\جوادي\My Documents\Downloads\Compressed\RRT\RRT.exe" [2009-03-17 222208]
"regdiit"="c:\windows\system32\winxp.exe" [2009-06-09 102400]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-04-14 86016]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"DisallowCpl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^جوادي^قائمة ابدأ^البرامج^بدء التشغيل^Mobiola Web Camera.lnk]
path=c:\documents and settings\جوادي\قائمة ابدأ\البرامج\بدء التشغيل\Mobiola Web Camera.lnk
backup=c:\windows\pss\Mobiola Web Camera.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Documents and Settings\\جوادي\\My Documents\\Downloads\\Compressed\\Twisted.Metal.2-By.TiRoS\\Twisted Metal 2 - By TiRoS\\Twisted Metal 2 - By TiRoS\\TM2.EXE"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\dumneg.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\bwpugo.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winbwlhwy.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\qsywf.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winiljnsx.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winybad.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\tgfyh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\vfqw.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\wintqlp.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winjsbddk.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winlpnaja.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winnwmble.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\qnva.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\vmbv.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\tujh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\fksc.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\bumt.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winuiwhlc.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winhmtlo.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winxgltu.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winpryu.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\gvih.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winvcuj.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\hamq.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winfylkc.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\qnkh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\dblb.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\wintnjvr.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winomiiyx.exe"=
"c:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\bvur.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\dmoi.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winlcsh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winomofaq.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winykhpk.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winaiqpdd.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winsimfsy.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\wintvpavv.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\cxhh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\eiqwk.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\nlvkyy.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\osqwdg.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winpklm.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winjaax.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\jkrh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winjrnlsi.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\dqnaa.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winecpx.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\oamh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\ktpruo.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\hryb.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winljqa.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\windhkyj.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winelqceq.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winfrdwlc.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winihyngf.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\bmey.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winihisp.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\pxao.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\wintwacoy.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winbgticx.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\xnho.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winuppe.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\fvnshl.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winosdf.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\bcslpm.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winrvegc.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\windebu.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\qlhnj.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\ehlm.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\ised.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winfwvlgo.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\smsrjs.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\kkubrt.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\wincjtldi.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winwnwjyj.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\vsvh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\wincmatsu.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winpdjvwi.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winaswhw.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\rutwcq.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\hcsbi.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\tivv.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\qfepnp.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\idsp.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\csaduh.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winbhxhvi.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\windofkyp.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winsmmpin.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\mvssg.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\qkjip.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\gwapg.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winwqluwe.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winrvywl.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\vvss.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\bxyrd.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winvevmrc.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\sjepu.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winxjjrh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winwckemt.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\eespgx.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winoxkoe.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winjkgl.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\cvrgq.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\ovxns.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\hlruhr.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winmnpsr.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\yxxo.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winuhpv.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\xlgnh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\vpxa.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\hvhsh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\xsqcwu.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\lqpc.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\rmbomu.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winyqtyl.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\rivy.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\uyhcl.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\srqpdp.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\wincxvcfe.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\ugopk.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\uxkrou.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\jvtca.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\yjjft.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winfmuox.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winsubn.exe"=
"c:\\ComboFix\\NirCmd.cfexe"=
"c:\\Documents and Settings\\??CI?\\My Documents\\Downloads\\Compressed\\Twisted.Metal.2-By.TiRoS\\Twisted Metal 2 - By TiRoS\\Twisted Metal 2 - By TiRoS\\TM2.EXE"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winhimw.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\dfeakd.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winufum.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\qkaqa.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\uqwaqi.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winjyqorp.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\dqtayr.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winfrrn.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winkyrsoa.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winjiqt.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\wintsbpm.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\igwm.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\exjbd.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winurby.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winguus.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winserorw.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winyowql.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winpogxe.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\kxxo.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\wintshfd.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\kpgh.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\winsykrj.exe"=
"c:\\DOCUME~1\\جوادي\\LOCALS~1\\Temp\\nwqfkt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14890:TCP"= 14890:TCP:BitComet 14890 TCP
"14890:UDP"= 14890:UDP:BitComet 14890 UDP

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [08/06/2009 15:21 130936]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\gmkkoj.sys --> c:\windows\system32\drivers\gmkkoj.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [22/05/2009 01:55 228352]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [08/06/2009 15:21 426576]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 04:51]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
Trusted Zone: webkinz.com\www
TCP: {79D701AA-E95A-4CA4-9D16-E8F5E9DED5C9} = 208.67.222.222 193.55.10.102
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-09 12:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFE784ED-5AC1-59AA-20BC-6067B1599355}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahniiedjknmloniig"=hex:6a,61,6c,61,6f,69,63,64,6d,68,69,66,63,6b,6a,61,6d,69,
6c,62,00,f0
"habnkbkoakclddpj"=hex:6a,61,63,61,68,6a,61,69,68,69,64,66,6a,65,68,65,67,6e,
6d,6f,00,f0

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{111e7e48-0459-4dea-8a58-0dd68b63771d}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009f
"Therad"=dword:00000013

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e5,f2,6d,59,4e,65,92,ab,c5,fd,e4,8b,85,ec,15,07,e0,04,aa,a5,af,
ad,4d,14,5c,76,12,64,53,e1,34,7c,91,c3,21,3b,6a,f4,ac,38,00,00,00,00,00,00,\
.
Completion time: 2009-06-09 12:24
ComboFix-quarantined-files.txt 2009-06-09 10:24
ComboFix2.txt 2009-06-08 12:08

Pre-Run: 3 122 364 416 bytes free
Post-Run: 3 035 070 464 bytes free

468 --- E O F --- 2009-05-23 04:57
**تقرير اداةSmitfraudFix
SmitFraudFix v2.419

Scan done at 12:33:51,75, 09/06/2009
Run from C:\Documents and Settings\جوادي\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 208.67.222.222
DNS Server Search Order: 193.55.10.102

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{466AC3E7-4A0B-4DB3-8563-C9D1683BB91D}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{79D701AA-E95A-4CA4-9D16-E8F5E9DED5C9}: NameServer=208.67.222.222 193.55.10.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{466AC3E7-4A0B-4DB3-8563-C9D1683BB91D}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{79D701AA-E95A-4CA4-9D16-E8F5E9DED5C9}: NameServer=208.67.222.222 193.55.10.102
HKLM\SYSTEM\CS2\Services\Tcpip\..\{466AC3E7-4A0B-4DB3-8563-C9D1683BB91D}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:32, on 09/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\جوادي\Application Data\IDM\SmitfraudFix\Policies.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\جوادي\My Documents\Downloads\Programs\HiJackThis.exe

R3 - URLSearchHook: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla1.dll
R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla1.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sha.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\??CI?\My Documents\Downloads\Compressed\RRT\RRT.exe auto
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{79D701AA-E95A-4CA4-9D16-E8F5E9DED5C9}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7788 bytes


​

 

[kemo_2009]

معلهش انا شفت الموضوع فحبيت اطمن على جهازى انا كمان
ياريت ترد عليا فيه حاجه فى جهازى ولا ايه لانى حاسس انه بطيء اوى
وده تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:22 م, on 09/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOW\System32\smss.exe
C:\WINDOW\system32\winlogon.exe
C:\WINDOW\system32\services.exe
C:\WINDOW\system32\lsass.exe
C:\WINDOW\system32\svchost.exe
C:\WINDOW\System32\svchost.exe
C:\WINDOW\system32\spoolsv.exe
C:\WINDOW\Explorer.EXE
C:\WINDOW\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOW\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOW\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOW\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hotspot Shield\bin\openvpn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.JET9\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: RocketDock.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOW\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 10064 bytes

قم بالدخول على هذه المواضيع وان شاء الله تستفيد

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[king_man]

اخى قم بحذف هذه القيمة :

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

بعدها هات تقرير هايجاك جديد مرة اخرى

ويا ريت تنصب احد برامج الحمايه مثل : الكاسبر انترنت سيكيورتي 2009
​

 

[king-algerie]

اريد
حل

 

[زيزوووم]

الله المستعان ...

يا اخي ليش تفتح اكثر من موضوع

تم تقفيل موضوعك الاخر ,, وارساله للأرشيف


وارجو المتابعه هنااا

 

[زيزوووم]

جهازك فيه اكثر من اصابه

حمل الاداة التالية واتبع الشرح لعمل تقرير ورفعه

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اعمل كما الصورة لبدء الفحص

ثم اعمل التالي لحفظ ملف التقرير

بعد حفظه قم بضغط الملف >>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفع الملف هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[king-algerie]

هذاهو التقرير و اااااااااسف لكن خفت انو ما يرد احد و انا في ورطة ما اريد فرمطة الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[زيزوووم]

ولا يهمك ياغالي

حمل اداة الكاسبر التلقائيه ( اول رابط بالقائمه ) لتنظيف الجهاز وعمل تقرير للجهاز ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد الانتهاء من التحميل ... قم بتشغيل الاداة
لحظات وسوف يظهر لك واجهة البرنامج ... وتظهر شاشة الفحص والتنظيف السوداء
انتظر حتى تختفي ( تقريبا ساعه ) ... عندها يظهر لك تقرير بالعمليه
انسخه وارفقه بردك القادم