احد يشوف لي هالتقرير..

~DaRk~ · 3 يوليو 2009

السلام عليكم...وبعد
اخواني اذا ممكن احد يشوف لي تقرير الهايجاك هاذى هل الجهاز سليم من كل شي لني اول ما اشغله يطول الأيقونات حتى تظهر والأول كان اسرع تظهر بسرعه بس الحين تبطأ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:06 ص, on 04/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVI ReComp\AVIReComp.exe
C:\Program Files\AVI ReComp\VirtualDubMod\VirtualDubMod.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\XP\My Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: أعرض كل الصور في نوعية أصلية. - C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: صورة المعرض في نوعية أصلية. - C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10918 bytes

mezouari · 3 يوليو 2009

عذرا بنقله الى القسم المناسب

AbOdy · 3 يوليو 2009

اهلا بك

حدد القيم واحذفها

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

بعد عمل المطلوب اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

عطني التقرير الي يطلع لك مع تقرير هايجاك جديد

~DaRk~ · 3 يوليو 2009

هاذى كومبا فكس
ComboFix 09-07-02.02 - XP 07/04/2009 17:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2037.1506 [GMT 3:00]
Running from: c:\documents and settings\XP\My Documents\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\e0919.msp
c:\windows\Installer\e0934.msp
c:\windows\Installer\e095a.msp
c:\windows\Installer\e0971.msp
c:\windows\Installer\e0988.msp
c:\windows\Installer\e09a4.msp
c:\windows\Installer\e09bb.msp
c:\windows\Installer\e09d4.msp
c:\windows\Installer\e09ec.msp
c:\windows\Installer\e0a04.msp
c:\windows\Installer\e0a1b.msp
c:\windows\system32\kakle.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 09:48 . 2009-07-04 09:48 -------- d-----w- c:\documents and settings\XP\Application Data\CyberScrub
2009-07-02 13:18 . 2009-07-02 13:34 -------- d-----w- c:\windows\vbSkinner
2009-07-02 13:18 . 2009-07-04 08:34 -------- d-----w- c:\program files\PFConfig
2009-07-02 12:15 . 2009-07-02 12:15 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\Google
2009-07-02 07:14 . 2009-07-02 07:14 -------- d-----w- c:\program files\MSXML 4.0
2009-07-01 15:09 . 2009-07-01 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-01 15:09 . 2009-07-01 15:09 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-01 15:09 . 2009-07-01 15:09 -------- d-----w- c:\program files\Common Files\HP
2009-07-01 15:05 . 2009-07-01 15:05 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-01 15:05 . 2009-07-01 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-07-01 15:04 . 2009-07-01 15:04 -------- d-----w- c:\program files\Google
2009-07-01 14:30 . 2007-10-30 09:25 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-07-01 14:30 . 2007-10-30 09:25 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-07-01 14:30 . 2007-10-30 09:25 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-07-01 14:01 . 2007-11-08 14:52 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-07-01 14:01 . 2007-10-20 15:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
2009-07-01 13:58 . 2007-10-30 09:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-07-01 13:58 . 2007-10-30 09:11 303104 ----a-r- c:\windows\system32\hpovst15.dll
2009-07-01 13:58 . 2007-10-30 09:11 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2009-07-01 13:58 . 2007-10-30 09:11 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2009-07-01 13:58 . 2008-04-13 21:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-01 13:58 . 2008-04-13 21:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-01 13:49 . 2008-04-13 21:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-07-01 13:49 . 2008-04-13 21:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-12 10:48 . 2009-06-12 10:48 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-11 18:39 . 2009-06-11 18:39 -------- d-----w- c:\documents and settings\XP\Application Data\Avira
2009-06-11 10:42 . 2009-06-11 10:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-11 10:30 . 2009-05-08 11:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-06-11 10:30 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-11 10:30 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-11 10:30 . 2009-02-24 10:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-06-11 10:30 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-11 10:30 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-11 10:30 . 2009-06-11 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-11 10:30 . 2009-06-11 10:30 -------- d-----w- c:\program files\Avira
2009-06-11 09:52 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 09:52 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 09:52 . 2009-04-30 21:13 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 09:52 . 2009-04-30 21:13 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 20:31 . 2009-06-10 20:31 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-10 20:21 . 2009-06-10 20:21 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-09 18:40 . 2009-06-10 20:17 -------- d-----w- c:\program files\M Autorun Killer 1.5
2009-06-09 17:09 . 2009-06-10 20:17 -------- d-sh--w- C:\RECYCLER(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 10:12 . 2009-05-02 21:11 -------- d-----w- c:\documents and settings\XP\Application Data\DMCache
2009-07-04 09:56 . 2008-04-15 12:00 41076 ----a-w- c:\windows\system32\perfc001.dat
2009-07-04 09:56 . 2008-04-15 12:00 254322 ----a-w- c:\windows\system32\perfh001.dat
2009-07-04 09:52 . 2009-05-02 19:20 16608 ----a-w- c:\windows\gdrv.sys
2009-07-04 09:50 . 2009-05-13 08:55 -------- d-----w- c:\documents and settings\XP\Application Data\uTorrent
2009-07-04 09:47 . 2009-07-04 09:47 -------- d-----w- c:\documents and settings\XP\Application Data\cleaner
2009-07-04 08:32 . 2009-05-23 16:07 -------- d-----w- c:\documents and settings\XP\Application Data\AVI ReComp
2009-07-01 16:37 . 2009-05-29 18:31 173523 ----a-w- c:\windows\hpoins27.dat
2009-07-01 15:09 . 2009-05-29 18:35 -------- d-----w- c:\program files\HP
2009-07-01 15:05 . 2009-05-03 09:11 -------- d-----w- c:\program files\Common Files\Real
2009-07-01 15:05 . 2009-05-03 09:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-11 11:08 . 2009-05-14 19:20 -------- d-----w- c:\program files\Target Web ADS
2009-06-11 10:47 . 2009-05-03 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-11 10:40 . 2009-05-02 20:36 99496 ----a-w- c:\documents and settings\XP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 10:35 . 2009-05-03 08:58 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 20:20 . 2009-05-29 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-10 20:19 . 2009-05-03 09:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-10 20:18 . 2009-05-15 19:00 -------- d-----w- c:\program files\ALJAWAL 3.5G HSDPA DATA CARD
2009-06-09 17:15 . 2009-05-02 21:11 -------- d-----w- c:\documents and settings\XP\Application Data\IDM
2009-06-03 21:39 . 2009-06-03 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-29 18:48 . 2009-05-29 18:48 -------- d-----w- c:\documents and settings\XP\Application Data\HP
2009-05-29 18:48 . 2009-05-29 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-05-29 18:37 . 2009-05-29 18:37 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-23 16:06 . 2009-05-23 16:06 -------- d-----w- c:\program files\AVI ReComp
2009-05-23 16:06 . 2009-05-23 16:06 -------- d-----w- c:\program files\Gabest
2009-05-23 16:06 . 2009-05-23 16:06 -------- d-----w- c:\program files\Xvid
2009-05-23 16:06 . 2009-05-23 16:06 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-13 09:00 . 2009-05-13 08:55 -------- d-----w- c:\program files\uTorrent
2009-05-13 05:02 . 2008-04-15 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 11:50 . 2009-05-02 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-09 10:04 . 2009-05-09 10:04 152576 ----a-w- c:\documents and settings\XP\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-05-09 09:32 . 2009-05-09 09:32 2678 ----a-w- c:\windows\java\Packages\Data\CBJ579BB.DAT
2009-05-09 09:32 . 2009-05-09 09:32 2678 ----a-w- c:\windows\java\Packages\Data\HJHRXBPJ.DAT
2009-05-09 09:32 . 2009-05-09 09:32 2678 ----a-w- c:\windows\java\Packages\Data\UFZH3FFN.DAT
2009-05-09 09:32 . 2009-05-09 09:32 2678 ----a-w- c:\windows\java\Packages\Data\TZ5B397B.DAT
2009-05-09 09:32 . 2009-05-09 09:32 2678 ----a-w- c:\windows\java\Packages\Data\JFXFDB9N.DAT
2009-05-09 09:00 . 2009-05-09 09:00 2232 ----a-w- c:\windows\java\Packages\Data\L3JDNTNZ.DAT
2009-05-09 09:00 . 2009-05-09 09:00 155995 ----a-w- c:\windows\java\Packages\J9RBF7R3.ZIP
2009-05-09 05:35 . 2009-05-09 05:35 -------- d-----w- c:\documents and settings\XP\Application Data\ACD Systems
2009-05-07 18:13 . 2009-05-07 18:13 -------- d-----w- c:\program files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-07 16:50 . 2009-05-03 09:15 -------- d-----w- c:\documents and settings\XP\Application Data\Nokia
2009-05-07 16:49 . 2009-05-03 09:15 -------- d-----w- c:\documents and settings\XP\Application Data\PC Suite
2009-05-07 16:49 . 2009-05-03 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-07 15:32 . 2008-04-15 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 12:11 . 2009-05-02 19:13 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 11:39 . 2009-05-03 19:22 -------- d-----w- c:\documents and settings\XP\Application Data\Avant Profiles
2009-05-06 11:09 . 2009-05-06 11:09 -------- d-----w- c:\documents and settings\XP\Application Data\Red Alert 3 Uprising
2009-05-06 11:01 . 2009-05-06 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-05-03 10:09 . 2009-05-03 10:09 344064 ----a-w- c:\windows\system32\dkll.dll
2009-05-03 10:09 . 2009-05-03 10:09 196608 ----a-w- c:\windows\system32\maag.dll
2009-05-03 10:09 . 2009-05-03 10:09 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-05-03 10:09 . 2009-05-03 10:09 1986560 ----a-w- c:\windows\system32\akll.dll
2009-05-03 10:02 . 2007-06-24 18:56 34312 ----a-w- c:\windows\system32\drivers\blueletaudio.sys
2009-05-03 09:14 . 2009-05-03 09:14 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-03 09:14 . 2009-05-03 09:14 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-03 09:14 . 2009-05-03 09:14 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-03 09:11 . 2009-05-03 09:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-02 21:16 . 2009-05-02 21:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-02 21:16 . 2009-05-02 21:16 152576 ----a-w- c:\documents and settings\XP\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-02 21:11 . 2009-05-02 21:11 198064 ----a-w- c:\documents and settings\XP\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-02 19:24 . 2009-05-02 19:24 315392 ----a-w- c:\windows\HideWin.exe
2009-05-02 19:11 . 2009-05-02 19:11 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-26 23:23 . 2009-05-03 09:14 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara_web.exe
2009-04-19 19:47 . 2008-04-15 12:00 1847040 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2008-04-15 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-02 2799024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-02 148888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-05-03 258134]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\XP\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-3 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ALJAWAL 3.5G HSDPA DATA CARD\\ALJAWAL 3.5G HSDPA DATA CARD.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49644:TCP"= 49644:TCP:*

isabled:µTorrent
"49644:UDP"= 49644:UDP:*

isabled:µTorrent

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [11/06/2009 01:30 م 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [11/06/2009 01:30 م 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/06/2009 01:30 م 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/06/2009 01:30 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/06/2009 01:30 م 434945]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [02/05/2009 10:20 م 80392]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 07:19 م 13592]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [11/06/2009 01:30 م 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2009-07-04 c:\windows\Tasks\User_Feed_Synchronization-{5B2020BB-98AA-4B58-9A55-386248B11BD9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: أعرض كل الصور في نوعية أصلية. - c:\program files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: صورة المعرض في نوعية أصلية. - c:\program files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-04 17:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP000000B040810F3385F3783E 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BEC62821-EE4B-4EF1-634D-580CCE460267}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abmgocaoleomnafcngcnpkipdpojieicgn"=hex:61,62,70,67,68,64,67,66,68,69,6b,6b,
66,62,63,69,64,6b,6a,68,64,64,6d,61,69,6e,70,64,61,68,6d,70,6d,70,00,00
"bbmgocaoleomnafcnghncjeefgglnnbajefl"=hex:61,62,67,68,70,63,70,68,68,6c,69,61,
64,64,6a,63,65,68,6c,6a,6a,65,61,61,61,70,6d,65,68,70,63,69,61,6b,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4fe84bd1-42cc-4913-a721-e307e8e2c613}]
@Denied: (Full) (Everyone)
"Model"=dword:000000b5
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,0b,40,68,f0,7e,ea,4f,96,5e,cb,82,5c,f0,89,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):31,20,0e,f2,6b,2c,c4,9c,8c,59,91,91,67,a2,60,0f,42,fe,ad,f4,7e,
39,6a,88,f5,18,9f,3f,0c,c8,a9,85,ab,36,1b,ec,87,48,9c,84,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1064)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-07-04 17:26
ComboFix-quarantined-files.txt 2009-07-04 14:25
ComboFix2.txt 2009-06-09 17:08

Pre-Run: 144,531,365,888 bytes free
Post-Run: 144,581,820,416 bytes free

264 --- E O F --- 2009-07-02 07:14

وهاذى الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:31:21 م, on 04/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\XP\My Documents\Downloads\Programs\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: أعرض كل الصور في نوعية أصلية. - C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: صورة المعرض في نوعية أصلية. - C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9519 bytes

~DaRk~ · 4 يوليو 2009

وينكم اخواني ماحد رد علي

AbOdy · 4 يوليو 2009

هلا بك

التقرير سليم فقط من اضافة وازاله البرامج احذف Google Toolbar

وشوف الوضع عندك

~DaRk~ · 4 يوليو 2009

تم حذفه قوقل تولبار وراح اجرب الأن اعيد الجهاز...

AbOdy · 4 يوليو 2009

تمام

باقي عندك شي ؟

~DaRk~ · 4 يوليو 2009

والله اخوي اذا فتح الكمبيوتر المفروض يكون ظهور الأيقونات في شريط المهام سريع ولاكن الحين تتأخر دقيقتين المفروض ع طول يظهرو مادري لها حل ذي وعندي مشكله لاهنت في التورنت اذا احمل ملفات يظهر عندي دائرة تصير حمره ومره مثلث اصفر كأنه فيه شي في الأتصال معنه الأتصال شغال معاي زي الحلاوه و4ميجا والسرعه في التورنت حدها30ول40 اتمنى اذا تقدر تحلي هالمشاكل واكون شاكر لك جدا جدا

~DaRk~ · 4 يوليو 2009

وينكم اخواني؟؟؟

احد يشوف لي هالتقرير..

~DaRk~

زيزوومي جديد

mezouari

عضو شرف

توقيع : mezouari

AbOdy

عضو شرف

توقيع : AbOdy

~DaRk~

زيزوومي جديد

~DaRk~

زيزوومي جديد

AbOdy

عضو شرف

توقيع : AbOdy

~DaRk~

زيزوومي جديد

AbOdy

عضو شرف

توقيع : AbOdy

~DaRk~

زيزوومي جديد

~DaRk~

زيزوومي جديد

NTLite Business 2025.8.10552 X64