مشكله عند انشاء مجلد جديد على سطح المكتب

[الدحمي111]

يا اخوان لمن ابغى اعمل مجلد جديد يعطيني رساله انه لايمكن انشاء مجلد جديد تم رفض الوصول زي مافي الصوره
ارجو اني الاقي الحل عندكم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[AbOdy]

الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

 

[الدحمي111]

الله يبارك فيك اخوي ومشكور على سرعة تجاوبك معي وهذا التقرير

Trend Micro End User License Agreement
Software: HijackThis
Version: English/Multi-country
Date: April 2007

IMPORTANT: YOU MUST CAREFULLY READ AND AGREE TO ALL TERMS AND
CONDITIONS OF THE FOLLOWING END USER LICENSE AGREEMENT BEFORE
INSTALLING OR USING THE SOFTWARE.
THIS AGREEMENT SETS FORTH THE TERMS AND CONDITIONS UNDER WHICH
TREND MICRO IS WILLING TO LICENSE THE "SOFTWARE" TO "YOU" AS AN
INDIVIDUAL USER OR AN AUTHORIZED REPRESENTATIVE OF AN ENTITY.
BY CLICKING THE "I ACCEPT" BUTTON BELOW, YOU ARE EXPRESSING YOUR
INTENT TO ENTER INTO, AND ARE ENTERING INTO, A BINDING LEGAL
CONTRACT ("AGREEMENT") BETWEEN YOU AND TREND MICRO
INCORPORATED OR ONE OF ITS AFFILIATES ("TREND MICRO"). THE TERMS
AND CONDITIONS OF THE AGREEMENT THEN APPLY TO YOUR USE OF THE
SOFTWARE. WE ENCOURAGE YOU TO PRINT A COPY OF THE AGREEMENT FOR
YOUR RECORDS
YOU MUST ACCEPT THIS AGREEMENT BEFORE YOU INSTALL OR USE THE
SOFTWARE. IF YOU ARE ACQUIRING THE SOFTWARE ON BEHALF OF AN ENTITY, THEN YOU
MUST BE PROPERLY AUTHORIZED TO REPRESENT THAT ENTITY AND TO
ACCEPT THIS AGREEMENT ON ITS BEHALF.
YOU ACCEPT THIS END USER LICENSE BY CLICKING THE "I ACCEPT" BUTTON
BELOW. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, SELECT
"I DO NOT ACCEPT". YOU WILL THEN NOT BE PERMITTED TO INSTALL OR USE
THE SOFTWARE.
1. LICENSE. Upon Your acceptance of the terms and conditions of this Agreement,
Trend Micro hereby grants You a nonexclusive, nontransferable, non-sublicensable,
royalty-free, worldwide license, to download, install the Software, for Your own use only.
Trend Micro reserves the right to enhance, modify, or discontinue the Software or to
impose new or different conditions on its use at any time without notice.
2. USE RESTRICTIONS AND OWNERSHIP. The Software is licensed not sold. Trend
Micro owns the title and intellectual property rights to the Software, and reserves all rights
not expressly granted to You in this Agreement. You agree that you will not rent, loan,
lease or sublicense the Software. You agree not to attempt to reverse engineer,
decompile, modify, translate, disassemble, discover the source code of, or create
derivative works from, any part of the Software or authorize others to undertake any of
these acts.
3. BACKUP. For as long as You use the Software, You agree to regularly back-up Your
computer programs and files ("Data") on a separate media. You acknowledge that the
failure to do so may cause You to lose Data in the event that any error in the Software
causes computer problems, and that Trend Micro is not responsible for any such Data
loss.
4. TERMINATION. Trend Micro may terminate the license at any time for any reason.
Upon such termination, You agree to delete or destroy all copies of the Software. You
may terminate this Agreement at any point by destroying or deleting all copies of the
Software.
5. REPORTS AND PRIVACY. At any time during the term of this Agreement, You may
choose to send to Trend Micro a report of log files that may include personal information
that the Software scanned on Your computer. By accepting this Agreement, You hereby
give Your consent to Trend Micro to process log file data provided by You ("Information")
in connection with this Agreement; processing may include collection, registration,
storage, modification or disclosure of such Information to third parties. As a condition to
using the Software and by accepting this Agreement, You ensure, represent and warrant
that You are legally permitted to provide Trend Micro with access to the Information and
You also give Your consent to Trend Micro to transfer or store the Information in one or
more of its group companies, located in and/or outside the country where You are
located, and/or in jurisdictions which may have a lower level of protection of Information
than is applicable in the country where You are located or where pr
ivacy laws may not be as stringent as those in Your own country.
6. CAUTION AND ACKNOWLEDGEMENT. The Software is designed to identify different
types of files, operating system changes, registry or browser settings, which, in Trend
Micro's judgment, may compromise computer security or productivity. You agree that
Trend Micro shall not be responsible for any removal or disabling of files or settings or the
results of such removal or disabling. You are solely responsible for selecting which files or
settings to remove from Your computer.
7. NO WARRANTY. THE SOFTWARE IS PROVIDED "AS IS," WITHOUT
WARRANTIES OF ANY KIND. TREND MICRO DOES NOT WARRANT THAT YOUR
USE OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR FREE. TO THE
FULLEST EXTENT PERMITTED BY APPLICABLE LAW, TREND MICRO DISCLAIMS
AND EXCLUDES ALL REPRESENTATIONS AND WARRANTIES WITH RESPECT TO
THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO IMPLIED WARRANTIES OF NONINFRINGEMENT OF THIRD PARTY RIGHTS,
SATISFACTORY QUALITY, MERCHANTABILITY, AND FITNESS FOR A
PARTICULAR PURPOSE.
8. NO LIABILITY FOR CONSEQUENTIAL DAMAGES.
(A) TREND MICRO DOES NOT SEEK TO LIMIT OR EXCLUDE ITS LIABILITY IN THE
EVENT OF DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE OR FOR
FRAUD OR FOR ANY OTHER LIABILITY FOR WHICH IT IS NOT PERMITTED BY
LAW TO EXCLUDE.
(B) TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, TREND MICRO
DISCLAIMS ALL LIABILITY FOR CONSEQUENTIAL, SPECIAL, INCIDENTAL OR
INDIRECT DAMAGES OF ANY KIND OR FOR LOST OR CORRUPTED DATA OR
MEMORY, SYSTEM CRASH, DISK/SYSTEM DAMAGE, LOST PROFITS OR
SAVINGS, OR LOSS OF BUSINESS, ARISING OUT OF OR RELATED TO THIS
AGREEMENT. YOU ALSO UNDERSTAND AND AGREE THAT YOU DOWNLOAD,
INSTALL AND/OR USE THE SOFTWARE AT YOUR OWN DISCRETION AND RISK
AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR
COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE USE OF THE
SOFTWARE.
9. CONSUMER PROTECTION AND PRIVACY. SOME COUNTRIES, STATES AND
PROVINCES, INCLUDING MEMBER STATES OF THE EUROPEAN ECONOMIC
AREA, DO NOT ALLOW CERTAIN EXCLUSIONS OR LIMITATIONS OF LIABILITY, SO
THE ABOVE DISCLAIMER OF WARRANTY AND EXCLUSION OR LIMITATION OF
LIABILITIES (SECTIONS 7 AND 8) MAY NOT FULLY APPLY TO YOU. YOU MAY
HAVE ADDITIONAL RIGHTS AND REMEDIES. SUCH POSSIBLE RIGHTS OR
REMEDIES, IF ANY, SHALL NOT BE AFFECTED BY THIS AGREEMENT. THERE
MAY BE MANDATORY REGULATIONS OR LEGAL PROVISIONS THAT ARE
APPLICABLE TO YOU AS A CONSUMER.
10. COMPLIANCE WITH ALL LAWS, EXPORT CONTROL. The Software is subject to
export controls under the U.S. Export Administration Regulations. The Software may not
be exported or re-exported to entities within, or residents or citizens of, embargoed
countries or countries subject to applicable trade sanctions, nor to prohibited or denied
persons or entities without proper government licenses. Information about such
restrictions can be found at the following websites:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

and

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

. You are responsible
for any violation of the US export control laws related to Your copy of the Software. By
accepting this Agreement, You confirm that You are not a resident or citizen of any
country currently embargoed by the U.S. and that You are not otherwise prohibited from
receiving the Software.
11. U.S. GOVERNMENT RESTRICTED RIGHTS. If the entity on whose behalf You are
acquiring the Software is any unit or agency of the United States Government, then that
Government entity acknowledges that the Software, (i) was developed at private
expense, (ii) is commercial in nature, (iii) is not in the public domain, and (iv) is "Restricted
Computer Software" as that term is defined in Clause 52.227 19 of the Federal
Acquisition Regulations (FAR) and is "Commercial Computer Software" as that term is
defined in Subpart 227.471 of the Department of Defense Federal Acquisition Regulation
Supplement (DFARS). The Government agrees that (i) if the Software is supplied to the
Department of Defense (DoD), the Software is classified as "Commercial Computer
Software" and the Government is acquiring only "restricted rights" in the Software and its
documentation as that term is defined in Clause 252.227 7013(c)(1) of the DFARS, and
(ii) if the Software is supplied to any unit or agency of the United States Government ot
her than DoD, the Government's rights in the Software and its documentation will be as
defined in Clause 52.227 19(c)(2) of the FAR.
12. GOVERNING LAW. Unless otherwise required by the specific jurisdiction’s laws,
this Agreement will be governed by the laws of the State of California, USA, without
regard to the provisions of the United Nations Convention on Contracts for the
International Sale of Goods and the conflict of laws provisions of Your state or country of
residence.
13. GENERAL PROVISIONS. This is the entire agreement between You and Trend
Micro with respect to the subject matter hereof and supersedes and replaces all prior or
contemporaneous understandings or agreements regarding such subject matter. Any
waiver of any provision of this Agreement will be effective only if in writing and signed by
Trend Micro. In the event that any provision or portion of this Agreement is found to be
invalid, that finding will not affect the validity of the remaining parts of this Agreement.
Trend Micro may assign or subcontract some or all of its obligations under this Agreement
to qualified third parties or its affiliates and/or subsidiaries, provided that no such
assignment or subcontract shall relieve Trend Micro of its obligations under this
Agreement.
14. QUESTIONS. Address all questions about this Agreement to:
legalnotice@trendmicro.com.

The Software is protected by copyright, trade secret and U.S. PATENT laws, and
international treaty provisions. UNAUTHORIZED REPRODUCTION OR DISTRIBUTION
IS SUBJECT TO CIVIL AND CRIMINAL PENALTIES.

 

[AbOdy]

التقرير غلط

اعمل تقرير جديد بيطلع لك مستند فيه التقرير

اعمل تحديد الكل >> نسخ >> لصق هنا في الموضوع

 

[الدحمي111]

اعذرني اخوي هذا هو التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:29:21 م, on 14/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18da4fdb-cda8-4361-9b0f-e7fe0c96c59e} - C:\WINDOWS\system32\kowewohe.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [CPM3b4a2ba4] Rundll32.exe "c:\windows\system32\fopihofu.dll",a
O4 - HKLM\..\Run: [hatelutufa] Rundll32.exe "C:\WINDOWS\system32\fatenuva.dll",s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\bisoloku.dll c:\windows\system32\zudijovu.dll c:\windows\system32\fopihofu.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zudijovu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zudijovu.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 9333 bytes

 

[AbOdy]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

 

[الدحمي111]

اخي الغالي هذا التقرير بس هل افعل برنامج الحمايه الان ولا لا

ComboFix 09-06-13.09 - pc.world 06/14/2009 21:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2039.1375 [GMT 3:00]
Running from: c:\documents and settings\pc.world\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\asapagov.ini
c:\windows\system32\dlgkbd(2).dll
c:\windows\system32\gsdll32(2).dll
c:\windows\system32\hSharDLL(2).DLL
c:\windows\system32\izowapaf.ini
c:\windows\system32\K2kArt(2).Dll
c:\windows\system32\K2kDialogs(2).Dll
c:\windows\system32\K2kMath(2).dll
c:\windows\system32\k2kUtil(2).dll
c:\windows\system32\K7kMath(2).dll
c:\windows\system32\KbdHook(2).dll
c:\windows\system32\KBHDLL(2).dll
c:\windows\system32\KlkHDll(2).Dll
c:\windows\system32\opunisin.ini
c:\windows\system32\osituzov.ini
c:\windows\system32\udeduges.ini
c:\windows\system32\zxdrwtxt(2).dll
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-14 18:23 . 2009-06-14 18:23 -------- d-----w- c:\program files\Trend Micro
2009-06-14 17:56 . 2004-08-03 19:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2009-06-14 17:55 . 2001-09-18 11:05 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-06-14 17:54 . 2001-08-17 10:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2009-06-14 17:53 . 2001-08-17 11:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-06-14 17:52 . 2001-09-18 11:04 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2009-06-14 17:51 . 2001-09-18 10:44 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2009-06-14 17:50 . 2001-09-18 10:31 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-06-14 17:49 . 2008-12-23 14:55 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-06-14 17:49 . 2008-12-23 14:55 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-06-14 17:49 . 2008-12-23 14:55 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-06-14 17:49 . 2008-12-23 14:55 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-06-14 17:49 . 2008-12-23 14:55 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-06-14 17:49 . 2008-12-23 14:55 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-06-13 22:39 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-13 22:33 . 2009-06-13 22:39 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-13 22:33 . 2009-06-13 22:33 -------- d-----w- c:\program files\MSBuild
2009-06-13 22:33 . 2009-06-13 22:33 -------- d-----w- c:\program files\Reference Assemblies
2009-06-13 22:33 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-13 22:33 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-13 22:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-13 22:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-13 22:33 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-13 22:33 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-13 22:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-13 22:29 . 2009-06-13 22:29 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-13 22:27 . 2009-06-13 22:28 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-13 22:27 . 2009-06-13 22:27 -------- d-----w- c:\windows\system32\LogFiles
2009-06-11 12:38 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 12:38 . 2009-04-30 21:13 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 12:38 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 12:38 . 2009-04-30 21:13 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-05 21:37 . 2009-06-05 21:42 -------- d-----w- c:\documents and settings\pc.world\amsn
2009-06-03 16:57 . 2009-06-03 16:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-03 16:37 . 2009-06-03 16:37 -------- d-----w- c:\windows\l2schemas
2009-06-03 16:37 . 2009-06-03 16:37 -------- d-----w- c:\windows\system32\bits
2009-06-03 16:37 . 2009-06-03 16:37 -------- d-----w- c:\windows\system32\ar
2009-06-03 16:34 . 2009-06-03 16:37 -------- d-----w- c:\windows\ServicePackFiles
2009-06-03 16:11 . 2009-06-03 16:11 -------- d-----w- c:\program files\MSXML 4.0
2009-06-03 15:02 . 2004-08-03 21:38 700928 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys
2009-06-03 12:52 . 2009-06-03 12:52 -------- d-sh--w- c:\documents and settings\pc.world\IECompatCache
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-sh--w- c:\documents and settings\pc.world\PrivacIE
2009-06-03 12:48 . 2009-06-03 12:48 -------- d-sh--w- c:\documents and settings\pc.world\IETldCache
2009-06-03 12:46 . 2009-02-09 11:22 2190592 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-03 12:42 . 2009-06-03 12:42 -------- d-----w- c:\windows\ie8updates
2009-06-03 12:40 . 2009-06-13 22:39 -------- d-----w- c:\windows\system32\ar-SA
2009-06-03 12:40 . 2009-06-03 12:41 -------- dc-h--w- c:\windows\ie8
2009-06-03 12:19 . 2009-01-07 15:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-02 17:22 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-31 03:41 . 2009-05-31 03:41 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-31 03:41 . 2009-05-31 03:41 -------- d-----w- c:\documents and settings\pc.world\Application Data\InstallShield
2009-05-27 19:21 . 2009-05-27 19:21 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-27 19:21 . 2009-05-27 19:21 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-27 19:21 . 2009-05-27 19:21 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-27 10:59 . 2009-05-27 19:22 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-27 10:59 . 2009-05-27 19:22 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-27 10:58 . 2009-06-14 18:40 688160 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-27 10:58 . 2009-06-14 18:40 5225504 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-27 10:58 . 2009-05-27 10:58 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-26 22:31 . 2009-05-26 22:31 390664 ----a-w- c:\documents and settings\pc.world\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 18:42 . 2008-06-20 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-14 18:40 . 2009-05-27 10:58 6576 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-14 18:40 . 2009-05-27 10:58 45048 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-14 18:06 . 2001-09-19 12:00 69908 ----a-w- c:\windows\system32\perfc001.dat
2009-06-14 18:06 . 2001-09-19 12:00 372512 ----a-w- c:\windows\system32\perfh001.dat
2009-06-14 18:04 . 2009-04-22 13:28 -------- d-----w- c:\program files\PowerPoint DVD Converter
2009-06-13 22:47 . 2008-03-20 21:24 340288 -c--a-w- c:\documents and settings\pc.world\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 21:21 . 2009-04-15 11:44 -------- d-----w- c:\program files\MSECACHE
2009-06-03 16:19 . 2009-06-03 16:19 2678 ----a-w- c:\windows\java\Packages\Data\0WNZ3B3B.DAT
2009-06-03 16:19 . 2009-06-03 16:19 2678 ----a-w- c:\windows\java\Packages\Data\N37P37TN.DAT
2009-06-03 16:19 . 2009-06-03 16:19 2678 ----a-w- c:\windows\java\Packages\Data\V93F1FNL.DAT
2009-06-03 16:19 . 2009-06-03 16:19 2678 ----a-w- c:\windows\java\Packages\Data\IO0TV13Z.DAT
2009-06-03 16:19 . 2009-06-03 16:19 2678 ----a-w- c:\windows\java\Packages\Data\7FFX7PBZ.DAT
2009-06-03 16:13 . 2008-03-20 21:32 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 03:41 . 2008-03-20 21:17 -------- d-----w- c:\program files\Realtek
2009-05-27 19:22 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-27 10:57 . 2008-06-05 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-13 05:02 . 2004-08-03 21:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 21:55 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 13:39 . 2009-04-22 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\pdc
2009-04-22 13:22 . 2009-04-22 13:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-22 13:08 . 2009-04-22 12:59 -------- d-----w- c:\program files\Mobiola Web Camera for S60
2009-04-21 20:36 . 2009-04-21 20:36 1009 --sh--w- c:\windows\system32\vetahadu.dll
2009-04-21 12:52 . 2009-04-21 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-19 19:47 . 2004-08-03 21:46 1847040 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 18:36 . 2009-04-18 18:36 -------- d-----w- c:\program files\TechSmith
2009-04-18 18:35 . 2009-04-18 18:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-16 18:02 . 2009-04-16 17:59 -------- d-----w- c:\program files\ma-config.com
2009-04-16 18:02 . 2009-04-16 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-04-16 10:05 . 2009-04-16 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-15 14:52 . 2004-08-03 21:55 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 11:44 . 2009-04-15 11:44 3584 ----a-r- c:\documents and settings\pc.world\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2008-12-26 13:12 . 2008-06-25 12:51 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-26 13:12 . 2008-06-25 12:51 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-26 13:12 . 2008-06-25 12:51 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-26 13:12 . 2008-06-25 12:51 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-26 13:12 . 2008-06-25 12:51 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2008-02-13 430080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-27 2658304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-07 185896]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2003-11-10 385024]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-27 206088]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-06-06 544768]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\pc.world\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2006-7-22 4739584]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2515:UDP"= 2515:UDP:Windows Media Format SDK (iexplore.exe)
"2514:UDP"= 2514:UDP:Windows Media Format SDK (iexplore.exe)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [19/11/2004 05:07 م 101488]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
R3 MBLAUDRV;Mobiola Audio Service;c:\windows\system32\drivers\BTCamAudioDrv.sys [27/06/2008 04:16 م 13312]
R3 MBLAUDRVOUT;Mobiola Audio Out Service;c:\windows\system32\drivers\BTCamAudioDrvOut.sys [27/06/2008 04:16 م 18304]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [02/06/2008 12:47 ص 194304]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 ص 216232]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-06-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
- - - - ORPHANS REMOVED - - - -
BHO-{18da4fdb-cda8-4361-9b0f-e7fe0c96c59e} - c:\windows\system32\kowewohe.dll
HKLM-Run-CPM3b4a2ba4 - c:\windows\system32\fopihofu.dll
HKLM-Run-hatelutufa - c:\windows\system32\fatenuva.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = <local>
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save Flash - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-14 21:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\.Default\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Ding.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\AppGPFault\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\CCSelect\E3A10*خw]
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\Close\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Critical.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Insert.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Remove.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Fail.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Low.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\MailBeep\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Notify.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\Maximize\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\MenuCommand\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\MenuPopup\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\Minimize\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\Open\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\RestoreDown\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\RestoreUp\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\ShowBand\E3A10*خw]
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Error.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Exclamation.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemExit\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Shutdown.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemHand\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Critical Stop.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Balloon.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemQuestion\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemStart\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Startup.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logoff Sound.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logon Sound.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\E3A10*خw]
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\E3A10*خw]
@="Windows XP Pop-up Blocked.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Recycle.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\E3A10*خw]
@=""
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\Explorer\Navigating\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows XP Start.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\E3A10*خw]
@="Windows XP Information Bar.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\E3A10*خw]
@="c:\\Program Files\\Messenger\\online.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\E3A10*خw]
@="c:\\Program Files\\Messenger\\newalert.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\E3A10*خw]
@="c:\\Program Files\\Messenger\\newemail.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\E3A10*خw]
@="c:\\Program Files\\Messenger\\type.wav"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\AppEvents\Schemes\Names\E3A10*خw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="مسفر"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\  B1'!) *.7 *'DEH/E *#*0*\Attributes]
"Vendor"="Microsoft"
"Technology"="MMSys"
[HKEY_USERS\S-1-5-21-1801674531-920026266-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\  B1'!) *.7 *'DEH/E *#*0*\UI\AudioVolume]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):01,d1,10,0f,ad,b6,ee,c3,16,c8,99,c4,4e,61,0d,a7,b2,cd,48,60,77,
39,c1,c9,84,e0,69,89,75,fb,49,49,8c,6a,c7,e3,36,de,47,ec,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61A3D62A-E669-8B2B-95B7C505631D6590}\{1D71893B-0DD3-8FF9-31AA9E7B284EB027}\{CF9E2073-5E5A-1B13-96346A906352FBBE}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{62E758C6-EE56-67AB-7A3E2F088A108BC4}\{3E530B8E-E7D7-91CB-07329483978E2FFC}\{65FEF1D9-850D-2011-E21A2EE487AC8842}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):53,76,6c,33,05,a9,57,fb,33,53,72,9e,65,f3,c0,e9,54,b9,53,af,12,
79,41,c4,ab,fd,cd,d8,e6,f2,0b,e7,23,e9,01,6d,0a,57,5e,9f,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{af0018cb-2fb2-416a-926d-822dc100ce64}]
@Denied: (Full) (Everyone)
"Model"=dword:00000145
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bc707035-fa0e-4b0b-adfe-e5920c57c64b}]
@Denied: (Full) (Everyone)
"Model"=dword:0000010a
"Therad"=dword:0000000f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,26,1c,cf,9b,bc,24,55,eb,2d,da,a2,04,bb,78,06,b1,75,c0,90,48,62,87,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\  EH/E *BJ'3J *9(1 *'1*('7 *B*l*u*e*t*o*o*t*h*:*:*  'DGH'*A *'D.DHJ) *'DBJ'3J):*:*M*i*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3036)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Desktop Icon Toy\HookManager.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\Crypserv.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\CF4250.exe
c:\windows\system32\rundll32.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-06-14 21:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 18:46
ComboFix2.txt 2008-10-16 03:03
Pre-Run: 16,138,588,160 bytes free
Post-Run: 16,421,109,760 bytes free
741 --- E O F --- 2009-06-14 17:49

 

[AbOdy]

تمام

عطني تقرير مثل اول تقرير طلبته منك ولكن بعد اعادة تشغيل الجهاز​

 

[الدحمي111]

الله يوفقك اخوي تعبتك معاي وهذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:20 م, on 14/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18da4fdb-cda8-4361-9b0f-e7fe0c96c59e} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 7970 bytes

 

[الدحمي111]

اخي العزيز هل التقرير صحيل ولا انزله ثاني

 

[صمت السكوت]

بخصوص التقرير بارك الله فيك فقط قم بحذف القيم التاليه

O2 - BHO: (no name) - {18da4fdb-cda8-4361-9b0f-e7fe0c96c59e} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

طريقة الحذف للاكس بي​

​

استخدم هذه الاداة للتنظيف

​

​

​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

​

​

بعد الانتهاء اعمل تقرير جديد بارك الله فيك​

​

​

​

​

​

 

[الدحمي111]

سويت زي ماقلتلي وهذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:56 م, on 14/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 7876 bytes

 

[AbOdy]

تمام اخوي

اعمل التالي الأن

نزل هذه الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

فك الضغط عنها وشغلها بدبل كلك

وبعد ماتخلص اعمل التالي

نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))


وبعد ماتخلص اعمل التالي

بعدين على تبويب عرض >> استعادة الافتراضيات >> تطبيق >> موافق

واخبرنا بخصوص المشكلة؟؟؟​

 

[الدحمي111]

ان شاء الله تنفع الطريقه والله يوفقك ويصبرك علي

 

[الدحمي111]

اخي الغالي المشكله زي ماهي ما انحلت وهذا تقرير مع العلم اني سويت الخطوات كامله مثل ماطلبت

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:03 ص, on 15/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\pc.world\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\pc.world\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 8059 bytes

 

[الدحمي111]

اخي الغالي مشكلتي ما انحلت فيه حل ثاني

 

[AbOdy]

الحل الأخير لدي

عندك سي دي الوندوز ؟؟

 

[kemo_2009]

ابي اسالك سؤال
انت المسوؤل عن الكمبيوتر
ولا عندك حساب فيه

 

[الدحمي111]

السي دي موجود وجربت الامر sfc /scannow ومانفع الا اذا فيه طريقه ثانيه

وبالنسبه للمستخدم مسئول

 

[kemo_2009]

السي دي موجود وجربت الامر sfc /scannow ومانفع الا اذا فيه طريقه ثانيه

وبالنسبه للمستخدم مسئول

يمكن كان قصده
عندك سيدي ويندوز >> عشان تفرمط جهازك :hh: