جهازي يسوي ريستارت لحاله والسبب الهارد الخارجي

النحرير · 28 يونيو 2009

السلام عليكم ياخوان

وديت جهازي المصلح وقالي مافيه شي

عدل

بس اكتشفت ان الهارد الخارجي اذا ركبته

وشغلت منه ملفات فجأة يسوي ريستارت ومايشتغل الا بعد دقيقتين يعني يعلق على التشغيل

والهارد فيه كل ملفاتي تقريبا

ابي حل

وهذا

التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:00:56:م, on 28/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Mass Downloader\massdown.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
I:\برامج عامة\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &إنزال الكل باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: &إنزال باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_Url.htm
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=www.alahsa.net
O16 - DPF: {1212565B-AA7C-4E80-83AF-708DC6E2BD7A} (SysInfo Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
--
End of file - 6333 bytes

super leader · 28 يونيو 2009

اخوي احذف القيم التالية
I:\برام&#1580 عامة\Zyzoom_HijackThis.exe

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O16 - DPF: {1212565B-AA7C-4E80-83AF-708DC6E2BD7A} (SysInfo Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اخوي اذ نفع قولي
اوك

ناصر الاسلام · 28 يونيو 2009

اخي في الله احذف التالي

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O16 - DPF: {1212565B-AA7C-4E80-83AF-708DC6E2BD7A} (SysInfo Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

طريقة الحذف

النحرير · 28 يونيو 2009

ComboFix 09-06-26.02 - Administrator 06/28/2009 14:23.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.958.627 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.
2009-06-20 15:35 . 2003-11-06 00:53 24576 ----a-w- c:\windows\CmiUSB2Uninstall.exe
2009-06-20 15:35 . 2004-02-25 16:53 45056 ----a-w- c:\windows\system\cmsnxeye.exe
2009-06-20 15:35 . 2004-02-13 22:44 824320 ----a-w- c:\windows\system32\drivers\cmudau.sys
2009-06-20 15:35 . 2004-02-13 22:39 98304 ----a-w- c:\windows\system32\cmudau.dll
2009-06-20 15:35 . 2003-10-23 23:01 14848 ----a-w- c:\windows\system32\cmpropu.dll
2009-06-20 15:35 . 2002-04-29 22:04 917504 ----a-w- c:\windows\system\cmds3du.dll
2009-06-20 15:35 . 2004-01-09 23:19 233472 ----a-w- c:\windows\system32\cmdrvrmu.exe
2009-06-20 15:35 . 2003-05-30 22:27 32768 ----a-w- c:\windows\system32\cmdrvrmu.dll
2009-06-20 15:34 . 2009-06-27 18:01 -------- d-----w- c:\program files\Ovann USB Audio
2009-06-20 15:34 . 2001-11-23 19:08 712704 ----a-w- c:\windows\system32\a3dpropu.dll
2009-06-20 15:34 . 2001-11-23 19:08 712704 ----a-w- c:\windows\system32\a3d.dll
2009-06-20 15:34 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-06-19 10:06 . 2009-06-19 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-18 09:34 . 2009-06-18 09:34 390664 ----a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-14 18:28 . 2009-06-14 18:29 -------- d-----w- C:\tmp
2009-06-14 18:28 . 2001-05-22 06:00 4142592 ----a-w- c:\windows\system32\qtintf.dll
2009-06-14 18:28 . 2001-05-22 06:00 4142592 ----a-w- c:\windows\system\qtintf.dll
2009-06-14 12:58 . 2006-03-22 13:20 491520 ----a-w- c:\windows\system32\mgxoschk.dll
2009-06-14 12:57 . 2009-06-14 12:57 -------- d-----w- C:\Magix
2009-06-11 20:58 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 20:58 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-07 19:01 . 2009-06-07 19:02 -------- d-----w- c:\program files\Mass Downloader
2009-06-07 19:01 . 2009-06-07 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\MetaProducts
2009-06-07 17:52 . 2009-06-07 18:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-06-07 15:54 . 2009-06-07 15:55 -------- d-----w- c:\program files\DietMP3
2009-05-31 18:27 . 2004-08-03 20:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-05-31 18:27 . 2004-08-03 20:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 23:35 . 2009-02-05 14:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-26 12:50 . 2009-03-07 13:15 -------- d-----w- c:\program files\GVR
2009-06-25 11:10 . 2009-02-05 14:39 -------- d-----w- c:\program files\AlbaniV2
2009-06-24 23:58 . 2009-02-12 12:39 -------- d-----w- c:\program files\ScanSpyware v3.8.0.4
2009-06-20 20:40 . 2009-02-26 01:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\cleaner
2009-06-19 11:06 . 2009-02-05 14:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-07 17:58 . 2009-02-04 22:44 -------- d-----w- c:\program files\BitComet
2009-05-27 07:22 . 2009-04-26 12:24 -------- d-----w- c:\program files\Waves
2009-05-27 07:22 . 2009-02-04 22:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 05:39 . 2009-02-05 18:00 -------- d-----w- c:\program files\LtUcx
2009-05-24 15:17 . 2009-02-04 22:38 517344 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 11:18 . 2009-05-23 11:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-05-22 22:58 . 2009-05-22 22:58 -------- d-----w- c:\program files\Jurisprudence Encyclopedia
2009-05-22 22:58 . 2009-05-22 22:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-22 12:14 . 2009-05-22 12:14 249856 ------w- c:\windows\Setup1.exe
2009-05-22 12:14 . 2009-05-22 12:14 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-21 23:56 . 2009-02-04 22:37 -------- d-----w- c:\program files\The KMPlayer
2009-05-20 14:28 . 2009-05-20 14:28 -------- d-----w- c:\program files\HighCriteria
2009-05-19 14:35 . 2009-05-12 23:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\COWON
2009-05-19 14:34 . 2009-04-17 11:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hide IP NG
2009-05-17 19:05 . 2009-05-17 09:56 -------- d-----w- c:\program files\Hide IP NG(2)
2009-05-16 15:27 . 2009-05-16 15:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-05-16 11:52 . 2009-05-16 11:52 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-16 11:52 . 2009-05-16 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-16 11:52 . 2009-05-16 11:52 -------- d-----w- c:\program files\ACD Systems
2009-05-15 19:13 . 2009-05-15 19:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-05-15 02:40 . 2009-05-15 02:40 -------- d-----w- c:\program files\CCleaner
2009-05-14 20:50 . 2009-04-26 11:31 -------- d-----w- c:\program files\coolpro2
2009-05-13 05:02 . 2004-08-03 21:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 23:04 . 2009-05-12 23:04 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-05-12 23:01 . 2009-05-12 23:01 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-12 23:00 . 2009-02-04 22:28 -------- d-----w- c:\program files\Common Files\Real
2009-05-12 23:00 . 2009-05-12 23:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-12 23:00 . 2009-05-12 22:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-12 23:00 . 2009-05-12 23:00 -------- d-----w- c:\program files\Real
2009-05-12 22:54 . 2009-04-23 23:06 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-12 22:35 . 2009-05-05 11:48 -------- d-----w- c:\program files\USB Disk Security
2009-05-08 14:12 . 2009-05-08 14:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\HideIP
2009-05-07 15:42 . 2004-08-03 21:55 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 01:01 . 2009-02-04 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-04-29 13:15 . 2009-04-29 13:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2009-04-29 13:15 . 2009-04-29 13:15 -------- d-----w- c:\program files\IObit
2009-04-27 16:26 . 2009-04-27 11:45 10571808 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-04-26 02:49 . 2009-04-26 02:49 515384 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-23 11:01 . 2009-04-23 11:01 19456 ----a-w- C:\qreusiun.exe
2009-04-23 11:01 . 2004-08-03 21:56 14336 ----a-w- c:\windows\system32\svchost.exe
2009-04-23 09:46 . 2001-09-19 12:00 68260 ----a-w- c:\windows\system32\perfc001.dat
2009-04-23 09:46 . 2001-09-19 12:00 369330 ----a-w- c:\windows\system32\perfh001.dat
2009-04-23 00:00 . 2009-03-01 13:52 0 ----a-w- c:\windows\system32\WinWare.sys
2009-04-19 20:08 . 2004-08-03 21:46 1846528 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:12 . 2004-08-03 21:55 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 13:21 . 2009-05-12 22:54 84480 ----a-w- c:\windows\system32\ff_vfw.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-05-24_22.20.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 18:01 . 2004-08-03 22:08 23552 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\wdmaud.drv
+ 2009-06-27 18:01 . 2004-08-03 20:07 59264 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\USBAUDIO.sys
+ 2009-06-27 18:01 . 2004-08-03 20:08 48640 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\stream.sys
+ 2009-06-27 18:01 . 2004-08-03 20:08 60288 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\drmk.sys
+ 2009-06-20 15:35 . 2004-08-03 22:08 23552 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\wdmaud.drv
+ 2009-06-20 15:35 . 2004-08-03 20:07 59264 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\USBAUDIO.sys
+ 2009-06-20 15:35 . 2004-08-03 20:08 48640 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\stream.sys
+ 2009-06-20 15:35 . 2004-08-03 20:08 60288 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\drmk.sys
+ 2009-06-09 19:58 . 2009-06-09 19:58 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2004-08-03 21:55 . 2009-03-08 01:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-03 21:55 . 2009-04-30 21:13 25600 c:\windows\system32\jsproxy.dll
- 2009-03-30 16:15 . 1999-04-19 06:47 26896 c:\windows\system32\hh.exe
+ 1999-04-19 10:47 . 1999-04-19 10:47 26896 c:\windows\system32\hh.exe
- 2004-08-03 21:55 . 2009-03-08 01:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-03 21:55 . 2009-04-30 21:13 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-02-05 17:55 . 2009-02-10 10:30 69632 c:\windows\system32\BASSMOD.dll
+ 2009-02-05 17:55 . 2009-06-07 19:02 69632 c:\windows\system32\BASSMOD.dll
- 2009-02-04 22:24 . 2009-04-28 22:05 23040 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 23040 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 61440 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 61440 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 27136 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 27136 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 11264 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 11264 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 86016 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 86016 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 12288 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 12288 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-04-23 14:03 . 2009-04-23 14:03 10134 c:\windows\Installer\{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}\callmsi.exe
+ 2009-04-23 14:03 . 2009-06-27 23:38 10134 c:\windows\Installer\{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}\callmsi.exe
+ 2009-06-11 21:43 . 2009-03-08 01:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-11 21:43 . 2009-03-08 01:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2009-06-27 18:01 . 2004-08-04 00:55 4096 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\ksuser.dll
+ 2009-06-20 15:35 . 2004-08-04 00:55 4096 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\ksuser.dll
+ 2009-02-05 00:40 . 2004-08-03 21:55 4096 c:\windows\system32\ksuser.dll
- 2009-02-05 00:40 . 2004-08-04 00:55 4096 c:\windows\system32\ksuser.dll
- 2009-02-05 00:40 . 2004-08-04 00:55 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-02-05 00:40 . 2004-08-03 21:55 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-02-04 22:24 . 2009-06-27 23:23 4096 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 4096 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-03-09 10:23 . 2009-02-19 23:49 690176 c:\windows\system32\xpsp3res.dll
+ 2007-03-09 10:23 . 2009-04-15 09:56 690176 c:\windows\system32\xpsp3res.dll
+ 2009-06-27 18:01 . 2004-08-03 20:15 145792 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\portcls.sys
+ 2009-06-27 18:01 . 2004-08-03 20:15 140928 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\ks.sys
+ 2009-06-20 15:35 . 2004-08-03 20:15 145792 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\portcls.sys
+ 2009-06-20 15:35 . 2004-08-03 20:15 140928 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\ks.sys
+ 2002-12-08 07:48 . 2002-12-08 07:48 212992 c:\windows\system32\lame_enc.dll
- 2009-03-30 16:15 . 2002-12-08 03:48 212992 c:\windows\system32\lame_enc.dll
+ 2004-08-03 21:55 . 2009-04-30 21:13 385536 c:\windows\system32\iedkcs32.dll
- 2004-08-03 21:56 . 2009-03-08 01:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-03 21:56 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-03 21:55 . 2009-05-13 05:02 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-03 21:55 . 2009-04-15 15:12 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-08-03 21:55 . 2007-07-09 13:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-03 21:55 . 2009-05-07 15:42 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-03 21:55 . 2009-04-30 21:13 385536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-03 21:56 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-03 21:56 . 2009-03-08 01:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-02-04 21:44 . 2001-09-19 12:00 114688 c:\windows\system32\dllcache\calc.exe
+ 1997-07-18 00:29 . 2001-09-19 12:00 114688 c:\windows\system32\dllcache\calc.exe
+ 1997-07-18 00:29 . 2001-09-19 12:00 114688 c:\windows\system32\calc.exe
- 2009-02-04 21:44 . 2001-09-19 12:00 114688 c:\windows\system32\calc.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 409600 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 409600 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 286720 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 286720 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 249856 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 249856 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 794624 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 794624 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 135168 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 135168 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-02-04 22:24 . 2009-04-28 22:05 593920 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-02-04 22:24 . 2009-06-27 23:23 593920 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-04-23 14:03 . 2009-04-23 14:03 140544 c:\windows\Installer\{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}\egui.exe
+ 2009-04-23 14:03 . 2009-06-27 23:38 140544 c:\windows\Installer\{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}\egui.exe
+ 2009-06-11 21:43 . 2009-03-08 01:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-11 21:43 . 2008-07-09 07:34 380792 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-11 21:43 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-11 21:43 . 2009-03-08 01:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-11 21:43 . 2009-03-08 11:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-11 21:43 . 2009-03-08 01:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2008-01-28 19:19 . 2008-01-28 19:19 755696 c:\windows\Downloaded Program Files\IMCSec.dll
+ 2004-08-03 21:55 . 2009-04-30 21:13 1207808 c:\windows\system32\urlmon.dll
+ 2004-08-03 21:55 . 2009-05-13 05:02 5936128 c:\windows\system32\mshtml.dll
- 2009-03-08 01:32 . 2009-03-08 01:32 1985024 c:\windows\system32\iertutil.dll
+ 2009-03-08 01:32 . 2009-04-30 21:13 1985024 c:\windows\system32\iertutil.dll
+ 2009-02-05 00:36 . 2009-06-11 21:47 1248472 c:\windows\system32\FNTCACHE.DAT
- 2009-02-05 00:36 . 2009-05-24 15:17 1248472 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-03 21:46 . 2009-04-19 20:08 1846528 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-03 21:55 . 2009-04-30 21:13 1207808 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-03 21:55 . 2009-05-13 05:02 5936128 c:\windows\system32\dllcache\mshtml.dll
- 2009-03-07 10:05 . 2009-03-08 01:32 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2009-03-07 10:05 . 2009-04-30 21:13 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-11 21:43 . 2009-03-08 01:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-11 21:43 . 2009-03-08 01:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-11 21:43 . 2009-03-08 01:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-02-05 00:03 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
+ 2009-03-08 01:39 . 2009-04-30 21:13 11064832 c:\windows\system32\ieframe.dll
+ 2009-03-07 10:05 . 2009-04-30 21:13 11064832 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-11 21:43 . 2009-03-08 01:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-12 198160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^BlueSoleil.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\IVT BlueSoleil\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SLService"=2 (0x2)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"<NO NAME>"= c:\\cdpxqcb.exe
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14559:TCP"= 14559:TCP:BitComet 14559 TCP
"14559:UDP"= 14559:UDP:BitComet 14559 UDP
"62626:TCP"= 62626:TCP:BitComet 62626 TCP
"62626:UDP"= 62626:UDP:BitComet 62626 UDP
"27003:TCP"= 27003:TCP:BitComet 27003 TCP
"27003:UDP"= 27003:UDP:BitComet 27003 UDP
"23769:TCP"= 23769:TCP:BitComet 23769 TCP
"23769:UDP"= 23769:UDP:BitComet 23769 UDP
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [05/02/2009 01:08 ص 11264]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24/10/2008 08:51 م 468224]
S1 navigator;navigator;\systemroot\fd.dll --> \systemroot\fd.dll [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-06-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-06-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-29 15:15]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-CmUsbSound - cmcnfgu.cpl

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: &إنزال الكل باستعمال ماس دونلوودر - c:\program files\Mass Downloader\Add_All.htm
IE: &إنزال باستعمال ماس دونلوودر - c:\program files\Mass Downloader\Add_Url.htm
DPF: Microsoft XML Parser for Java
DPF: {1212565B-AA7C-4E80-83AF-708DC6E2BD7A} - hxxp://arabsgate.emkanat.com:1998/cp/files/talk55.cab
DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://174.36.191.81:1999/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://174.36.224.244/imscp/talks3n.cab
.
.
------- File Associations -------
.
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-28 14:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-299502267-1060284298-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,4e,57,a1,99,55,8f,4f,8b,7c,90,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,4e,57,a1,99,55,8f,4f,8b,7c,90,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,ef,c7,dd,67,ee,fa,43,88,77,ee,\
[HKEY_USERS\S-1-5-21-299502267-1060284298-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="cba"
"b"="NOTEPAD.EXE"
"c"="WORDPAD.EXE"
[HKEY_USERS\S-1-5-21-299502267-1060284298-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithProgids]
"ctt‎_auto_file"=hex(0):
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ط•€|ےےےے•€|ù•حw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(384)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-28 14:29
ComboFix-quarantined-files.txt 2009-06-28 11:29
ComboFix2.txt 2009-05-24 22:25
ComboFix3.txt 2009-05-12 18:20
ComboFix4.txt 2009-04-27 11:24
ComboFix5.txt 2009-06-28 11:22
Pre-Run: 13,679,382,528 bytes free
Post-Run: 13,666,975,744 bytes free
339 --- E O F --- 2009-06-27 23:23

النحرير · 28 يونيو 2009

يسلموا وهذا الهايجك الجديد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:22:11:م, on 28/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
I:\برامج عامة\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &إنزال الكل باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: &إنزال باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_Url.htm
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=www.alahsa.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
--
End of file - 5514 bytes

ناصر الاسلام · 28 يونيو 2009

اخي في الله تقريرك سليم ان شاء الله
ولكن مااخبار الريستارت

النحرير · 28 يونيو 2009

بجرب لانه احيان واحيان

اذا زالت برد ارد عليكم

ماننحرم

جهازي يسوي ريستارت لحاله والسبب الهارد الخارجي

النحرير

زيزوومي جديد

super leader

زيزوومى مميز

توقيع : super leader

ناصر الاسلام

زيزوومى محترف

توقيع : ناصر الاسلام

النحرير

زيزوومي جديد

النحرير

زيزوومي جديد

ناصر الاسلام

زيزوومى محترف

توقيع : ناصر الاسلام

النحرير

زيزوومي جديد

NTLite Business 2025.8.10552 X64