لقد صادف DotNetFxInstallBlock.exe مشكلة ويجب إغلاقه. إننا نأسف للإزعاج

حالى الذوق · 16 يونيو 2009

السلام عليكم ورحمة الله وبركاتة

اخوانى عندي مشكلة

كل ماجيت اثبت التحديث هذا
لقد صادف DotNetFxInstallBlock.exe مشكلة ويجب إغلاقه. إننا نأسف للإزعاج

وش الحل

وعندي مشكلة ثانية

ثبت الاكسبلور 8 وكل المواقع شغال فيها حلو ماعدا كذا موقع على طول يعطينى احباط العملية

وهذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:00 ص, on 16/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Godlike Developers\XtraTools 2009\rsvr\xttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ScannerU\KYESCAN.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Download Manager\Uninstall.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ExtraDrivePro] C:\Program Files\Godlike Developers\XtraTools 2009\xdrv\ExtraDrivePro.exe -x
O4 - HKCU\..\Run: [XtraToolsTray] C:\Program Files\Godlike Developers\XtraTools 2009\rsvr\xttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: KYESCAN.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6221 bytes

والوندوز عندي اصلي

وبرنامج الحماية عندي النود اصلي

AbOdy · 16 يونيو 2009

وعليكم السلام ورحمة الله
اعمل التالي وانا اخوك

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

التقرير الي بيطلع لك احتفظ فيه

ثم اعد تشغيل الجهاز

وعطني تقرير هايجاك جديد مع تقرير الكمبوفيكس

بالأنتظار للتقريرين

الكااااااااسر · 16 يونيو 2009

كل المشاكل تنحل في زيزووم لاتقلق اخي

حالى الذوق · 16 يونيو 2009

تسلم اخوي

تقرير الكمبوفيكس

ComboFix 09-06-15.06 - Administrator 06/16/2009 11:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2036.1526 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\artools.dll
c:\windows\system32\autoscanx.dll
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.
2009-06-16 07:51 . 2009-06-16 07:51 -------- d-----w- c:\program files\Trend Micro
2009-06-16 07:47 . 2009-06-16 07:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2009-06-16 07:38 . 2009-06-16 07:38 -------- d-----w- c:\windows\LastGood
2009-06-16 07:35 . 2009-06-16 07:35 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-06-16 07:34 . 2009-06-16 07:34 -------- d-----w- c:\program files\MatriX
2009-06-16 07:34 . 2009-06-16 07:34 -------- d-----w- c:\windows\system32\athan
2009-06-16 07:34 . 2009-06-16 07:34 -------- d-----w- c:\windows\Ela-Salaty
2009-06-16 07:34 . 2009-06-16 07:34 -------- d-----w- c:\program files\Common Files\Thunder Network
2009-06-16 07:34 . 2009-06-16 07:34 -------- d-----w- c:\program files\Amadis Software
2009-06-11 05:44 . 2009-06-16 07:30 -------- d-----w- c:\program files\Windows Sidebar
2009-06-11 05:42 . 2009-06-16 07:30 -------- d-----w- c:\program files\Alky for Applications
2009-06-03 05:30 . 2009-04-29 04:42 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2009-06-03 05:30 . 2009-04-29 04:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-05-31 06:09 . 2009-06-16 08:03 -------- d-----w- c:\program files\Internet Download Manager
2009-05-31 05:38 . 2009-05-31 05:39 2926768 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe
2009-05-27 10:22 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-05-26 10:20 . 2009-06-16 07:32 -------- d-----w- c:\program files\Ela-Salaty
2009-05-26 10:02 . 2009-05-26 10:01 737280 ----a-w- c:\windows\iun6002.exe
2009-05-26 10:01 . 2009-06-16 07:34 -------- d-----w- c:\program files\Athan
2009-05-23 05:18 . 2009-05-23 05:22 321 ----a-w- c:\windows\system32\cid_store.dat
2009-05-23 05:18 . 2009-05-23 05:18 20 ----a-w- c:\windows\system32\pub_store.dat
2009-05-23 05:18 . 2009-05-23 05:18 -------- d-----w- c:\program files\Thunder Network
2009-05-18 11:38 . 2009-06-16 07:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 07:59 . 2009-03-19 05:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-06-16 07:40 . 2008-04-15 12:00 68366 ----a-w- c:\windows\system32\perfc001.dat
2009-06-16 07:40 . 2008-04-15 12:00 370928 ----a-w- c:\windows\system32\perfh001.dat
2009-06-16 07:34 . 2009-03-19 05:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ashampoo
2009-06-16 07:33 . 2009-05-04 08:01 -------- d-----w- c:\program files\MessengerDiscovery
2009-06-16 07:32 . 2009-03-19 05:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-06-16 07:31 . 2009-03-17 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-16 07:30 . 2009-03-19 06:44 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-11 08:18 . 2009-03-19 05:36 70360 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 07:48 . 2009-03-19 05:28 -------- d-----w- c:\program files\Ashampoo
2009-05-31 10:29 . 2009-03-19 07:32 -------- d-----w- c:\program files\ScannerU
2009-05-31 06:09 . 2009-04-22 05:15 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-11 04:43 . 2009-05-11 04:43 286720 ------w- c:\windows\Setup1.exe
2009-05-11 04:43 . 2009-05-11 04:43 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-09 08:48 . 2009-03-25 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-09 08:47 . 2009-05-09 08:47 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\Sleep.exe
2009-05-09 08:47 . 2009-05-09 08:47 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\msxml6Exec.exe
2009-05-09 08:47 . 2009-05-09 08:47 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\vcredistExec.exe
2009-05-09 08:47 . 2009-05-09 08:47 24368104 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\NokiaSoftwareUpdaterSetup_ar.exe
2009-05-07 15:32 . 2008-04-15 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 09:00 . 2009-04-08 05:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-03 08:40 . 2009-05-03 08:40 0 ----a-w- c:\windows\nsreg.dat
2009-05-02 06:49 . 2009-03-17 13:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-02 05:48 . 2009-04-04 06:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-04-30 05:44 . 2009-03-17 13:34 -------- d-----w- c:\program files\Microsoft Works
2009-04-29 04:43 . 2008-04-15 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-28 04:23 . 2009-04-27 08:08 -------- d-----w- c:\program files\Windows Desktop Search
2009-04-27 08:08 . 2009-04-27 08:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-04-22 04:56 . 2009-04-06 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-04-19 19:47 . 2008-04-15 12:00 1847040 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 08:54 . 2009-04-18 08:54 2678 -c--a-w- c:\windows\java\Packages\Data\3NVND75R.DAT
2009-04-18 08:54 . 2009-04-18 08:54 2678 -c--a-w- c:\windows\java\Packages\Data\DVBHF9BB.DAT
2009-04-18 08:54 . 2009-04-18 08:54 2678 -c--a-w- c:\windows\java\Packages\Data\XNZZZ9VZ.DAT
2009-04-18 08:54 . 2009-04-18 08:54 2678 -c--a-w- c:\windows\java\Packages\Data\UCDFBBVR.DAT
2009-04-18 08:54 . 2009-04-18 08:54 2678 -c--a-w- c:\windows\java\Packages\Data\LBH3T3H3.DAT
2009-04-18 04:22 . 2009-03-22 05:03 -------- d-s---w- c:\program files\FolderIcon
2009-04-15 14:52 . 2008-04-15 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 08:03 . 2009-04-09 08:01 7271 -c--a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-04-09 08:03 . 2009-04-09 08:03 53167 -c--a-w- c:\windows\BricoPackUninst.cmd
2009-04-09 08:03 . 2008-04-15 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-04-06 04:56 . 2009-04-06 04:56 8192 -c--a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-06 04:56 . 2009-04-06 04:56 61440 -c--a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-06 04:56 . 2009-04-06 04:56 10240 -c--a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-06 04:56 . 2009-04-06 04:56 33973608 -c--a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ara_web.exe
2009-04-02 05:09 . 2009-04-02 05:09 3584 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-03-30 08:25 . 2009-03-19 06:48 90112 -c--a-w- c:\windows\system32\agsaami.dll
2009-03-30 08:25 . 2009-03-19 06:48 610304 -c--a-w- c:\windows\system32\agsaamg.dll
2009-03-30 08:25 . 2009-03-19 06:48 2535424 -c--a-w- c:\windows\system32\agsaamj.dll
2009-03-30 08:25 . 2009-03-19 06:48 1986560 -c--a-w- c:\windows\system32\akll.dll
2009-03-30 08:25 . 2009-03-19 06:48 196608 -c--a-w- c:\windows\system32\maag.dll
2009-03-30 08:25 . 2009-03-19 06:48 1245184 -c--a-w- c:\windows\system32\bkll.dll
2009-03-30 08:25 . 2009-03-19 06:48 1212416 -c--a-w- c:\windows\system32\ckll.dll
2009-03-30 08:25 . 2009-03-19 06:48 372736 -c--a-w- c:\windows\system32\agsaamc.dll
2009-03-29 09:58 . 2009-03-19 06:48 823296 -c--a-w- c:\windows\system32\agsaamh.dll
2009-03-29 09:58 . 2009-03-19 06:48 671869 -c--a-w- c:\windows\system32\agsaame.dll
2009-03-29 09:58 . 2009-03-19 06:48 643072 -c--a-w- c:\windows\system32\agsaamd.dll
2009-03-29 09:58 . 2009-03-19 06:48 638976 -c--a-w- c:\windows\system32\agsaamb.dll
2009-03-29 09:58 . 2009-03-19 06:48 315392 -c--a-w- c:\windows\system32\agsaama.dll
2009-03-29 08:06 . 2009-03-29 08:00 215552 -c--a-w- c:\windows\system32\ALOWMVFile.dll
2009-03-29 08:06 . 2009-03-29 08:00 403968 -c--a-w- c:\windows\system32\ALOWMAFile2.dll
2009-03-29 08:06 . 2009-03-29 08:00 188416 -c--a-w- c:\windows\system32\ALOVideoFile.dll
2009-03-29 08:06 . 2009-03-29 07:59 495104 -c--a-w- c:\windows\system32\ALOVideoCoreM.dll
2009-03-29 08:06 . 2009-03-29 07:59 780288 -c--a-w- c:\windows\system32\ALOVideoCompress.dll
2009-03-29 08:06 . 2009-03-29 07:59 249856 -c--a-w- c:\windows\system32\ALOQuickTimeFile.dll
2009-03-29 08:06 . 2009-03-29 07:59 382464 -c--a-w- c:\windows\system32\ALOAVIFile.dll
2009-03-29 08:06 . 2009-03-29 07:59 90112 -c--a-w- c:\windows\system32\ALOAudioFormatSettings3.dll
2009-03-29 08:06 . 2009-03-29 07:59 877568 -c--a-w- c:\windows\system32\ALOAudioFile2.dll
2009-03-29 08:06 . 2009-03-29 07:59 2846720 -c--a-w- c:\windows\system32\ALOAudioCompress3.dll
2009-03-29 08:06 . 2009-03-29 07:59 778240 -c--a-w- c:\windows\system32\ALOAudioCompress2.dll
2009-03-29 08:00 . 2009-03-29 08:00 344064 -c--a-w- c:\windows\system32\dkll.dll
2009-03-22 05:56 . 2009-03-17 13:09 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-21 06:52 . 2009-03-21 06:45 24575 -c--a-w- c:\windows\system32\Mpwinapppiobas69.dat
2009-03-21 05:17 . 2009-03-21 05:13 38208 -c--a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-03-20 02:21 . 2009-03-20 02:21 1060864 -c--a-w- c:\windows\system32\mfc71.dll
2009-03-20 02:21 . 2009-03-20 02:21 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-03-19 07:08 . 2009-03-19 07:08 45056 -c--a-w- c:\windows\NCUNINST.EXE
2009-03-19 07:03 . 2009-03-19 07:03 203776 -c--a-w- c:\windows\system32\clrviddc.dll
2009-03-19 06:57 . 2009-03-19 06:49 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2009-03-19 06:57 . 2009-03-19 06:49 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2009-03-19 06:50 . 2009-03-19 06:50 390664 -c--a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\setup\AU_setup6.exe
2009-03-19 05:31 . 2009-03-19 05:31 2232 -c--a-w- c:\windows\java\Packages\Data\FH3PVVFL.DAT
2009-03-19 05:31 . 2009-03-19 05:31 155995 -c--a-w- c:\windows\java\Packages\2DRFBH75.ZIP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-06-11 3885408]
"XtraToolsTray"="c:\program files\Godlike Developers\XtraTools 2009\rsvr\xttray.exe" [2008-12-06 137760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-07-28 1230848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-19 198160]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-26 18081280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-15 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
KYESCAN.lnk - c:\progra~1\ScannerU\KYESCAN.exe [2009-3-19 172032]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe]
"Debugger"=c:\windows\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"XtraToolsTray"=c:\program files\Godlike Developers\XtraTools 2009\rsvr\xttray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19500:TCP"= 19500:TCP:BitComet 19500 TCP
"19500:UDP"= 19500:UDP:BitComet 19500 UDP
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 02:23 م 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 02:23 م 727720]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"c:\program files\Windows Sidebar\sidebar.exe" /RegServer
.
Contents of the 'Scheduled Tasks' folder
2009-06-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-06-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-06-16 c:\windows\Tasks\User_Feed_Synchronization-{384BADB5-C3E4-4A4C-9551-C5451BDE40D4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 15:36]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ExtraDrivePro - c:\program files\Godlike Developers\XtraTools 2009\xdrv\ExtraDrivePro.exe
HKCU-Run-IDMan - c:\program files\Internet Download Manager\IDMan.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-16 11:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ExtraDrivePro = c:\program files\Godlike Developers\XtraTools 2009\xdrv\ExtraDrivePro.exe -x?
XtraToolsTray = c:\program files\Godlike Developers\XtraTools 2009\rsvr\xttray.exe?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-115176313-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,b4,7f,89,73,ee,fa,47,8a,9e,a1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,b4,7f,89,73,ee,fa,47,8a,9e,a1,\
[HKEY_USERS\S-1-5-21-343818398-115176313-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\1¸*ء×*(J¼* ]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,84,63,a2,1b,dc,39,e6,53,a9,0a,fd,95,84,ee,bb,4e,a3,b0,9b,aa,
24,a6,e5,eb,08,95,f0,b7,9b,dd,35,6a,de,33,6b,8f,ca,1f,68,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a95790bb-faf5-421b-a8b1-6d3c35c6981e}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008f
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,7b,b4,15,44,e9,0e,dc,fc,c5,da,9d,be,8f,12,\
.
Completion time: 2009-06-16 11:08
ComboFix-quarantined-files.txt 2009-06-16 08:08
Pre-Run: 76,583,124,992 bytes free
Post-Run: 76,640,813,056 bytes free
365 --- E O F --- 2009-06-13 04:31

تقرير هايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:59 ص, on 16/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Godlike Developers\XtraTools 2009\rsvr\xttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ScannerU\KYESCAN.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\Uninstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XtraToolsTray] C:\Program Files\Godlike Developers\XtraTools 2009\rsvr\xttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: KYESCAN.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5855 bytes

AbOdy · 16 يونيو 2009

تمام
الأن من تقرير الهايجاك احذف التالي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)

O4 - Global Startup: KYESCAN.lnk = ?

طريقه الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

ثم اعمل التالي

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق >>> XP

بتطلع لك رساله وافق عليها ,, وكرر العمليه اكثر من مرة

وبعد عمل المطلوب شوف لنا الوضع

وإذا كان عندك مشاكل

ياليت تقوم بكتابتها بشكل ادق حتى اقدر اساعدك

عشعوش · 16 يونيو 2009

نفس المشكله قبل الفورمات

الكااااااااسر · 16 يونيو 2009

كان عندك 4 فيروسات على مااعتقد

بس انحذفت

حالى الذوق · 16 يونيو 2009

تسلمون وماقصرت

بس الين الحين نفس المشكلة

حالى الذوق · 16 يونيو 2009

وهذى مشكلة الاكسبلور 8

صورت المشكلة

وحتى اذا غيرت الاعدادت مايصير شي

يالت تشوفون لى حل

MAAX · 16 يونيو 2009

اعمل التالي اخي

افتح الاكسبلورر
ادوات >>>> خيارات الانترنت >>>> ثم اعمل كما الصورة

او
tools >>>>internet options

لقد صادف DotNetFxInstallBlock.exe مشكلة ويجب إغلاقه. إننا نأسف للإزعاج

حالى الذوق

زيزوومي جديد

AbOdy

عضو شرف

توقيع : AbOdy

الكااااااااسر

زيزوومى مميز

حالى الذوق

زيزوومي جديد

AbOdy

عضو شرف

توقيع : AbOdy

عشعوش

زيزوومى متألق

توقيع : عشعوش

الكااااااااسر

زيزوومى مميز

حالى الذوق

زيزوومي جديد

حالى الذوق

زيزوومي جديد

MAAX

عضوشرف

NTLite Business 2025.8.10552 X64