lمشكلة في التصفح مرفق تقرير الهاي جاك:(

  • بادئ الموضوع بادئ الموضوع Mr.Rayan
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,557
M

Mr.Rayan

زيزوومى مبدع
إنضم
13 يوليو 2009
المشاركات
1,350
مستوى التفاعل
7
النقاط
620
غير متصل
السلام عليكم ورحمة الله وبركاتة​

عندي مشكلة في فتح بعض المواقع لافتحتها​

يتقفل ويقولي كما في الصورة​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

موافق​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجزاكم خير ابي حل تعبتني هالمشكلة :mad:

ماقدر اتصفح غير مواقع محددة :f:​
 

توقيع : Mr.Rayan
ترتيب حسب التاريخ ترتيب حسب الأصوات
تقرير الهاي جاك


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35:52 ص, on 13/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - F:\ho\ProRatv1.8\ProRat.exe (file missing)
O9 - Extra 'Tools' menuitem: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - F:\ho\ProRatv1.8\ProRat.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9259 bytes
 
توقيع : Mr.Rayan
تأييد 0
تقرير الاداة الثاني الي بعد الهاي جاك ComboFix


ComboFix 09-07-12.03 - Administrator 07/13/2009 2:09.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1013.547 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1cebed9.msi
c:\windows\Installer\1cebee1.msi
c:\windows\Installer\1e61607.msi
c:\windows\Installer\5b3dc3.msp
c:\windows\Installer\5b3dc4.msp
c:\windows\Installer\5b3dc5.msp
c:\windows\Installer\5b3dc6.msp
c:\windows\Installer\5b3dc7.msp
c:\windows\Installer\5b3dc8.msp
c:\windows\Installer\5b3dc9.msp
c:\windows\Installer\5b3dca.msp
c:\windows\Installer\5b3dcb.msp
c:\windows\Installer\615d35.msp
c:\windows\Installer\615d36.msp
c:\windows\Installer\615d37.msp
c:\windows\Installer\615d38.msp
c:\windows\Installer\615d39.msp
c:\windows\Installer\615d3a.msp
c:\windows\Installer\615d3b.msp
c:\windows\Installer\615d3c.msp
c:\windows\Installer\615d3d.msp
c:\windows\Installer\615d3e.msp
c:\windows\Installer\63888f.msp
c:\windows\Installer\63889c.msp
c:\windows\Installer\6388aa.msp
c:\windows\system32\kakle.dll
c:\windows\system32\url(3).dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.
2009-07-12 21:47 . 2009-07-12 21:47 -------- d-----w- c:\program files\Trend Micro
2009-07-12 16:06 . 2009-07-12 16:06 -------- d-----w- c:\program files\Skype
2009-07-12 16:06 . 2009-07-12 16:06 -------- d-----w- c:\program files\Common Files\Skype
2009-07-12 16:04 . 2009-07-12 16:04 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-12 16:04 . 2009-07-12 16:04 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 16:04 . 2009-07-12 16:04 -------- d-----w- c:\program files\MSECACHE
2009-07-12 03:37 . 2009-07-12 03:41 -------- d-----w- c:\program files\RegCleaner
2009-07-11 11:05 . 2009-07-11 11:05 47104 ------w- c:\windows\AKDeInstall.exe
2009-07-08 17:30 . 2009-07-08 17:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-08 17:25 . 2009-07-08 17:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-08 17:25 . 2009-07-08 17:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-07 20:16 . 2009-07-07 20:16 -------- d-----w- c:\program files\CCleaner
2009-07-05 23:34 . 2009-07-05 23:34 -------- d--h--w- c:\windows\PIF
2009-07-04 03:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-04 03:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-04 03:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-03 19:43 . 2009-07-03 19:43 -------- d-----w- c:\program files\MSXML 4.0
2009-07-03 19:11 . 2009-07-03 19:11 -------- d-----w- c:\program files\Cracklock
2009-07-03 19:09 . 2009-07-03 19:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blueberry
2009-07-03 19:09 . 2009-07-03 19:22 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-07-03 19:09 . 2009-07-03 19:22 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-07-03 19:09 . 2009-07-03 19:22 27776 ----a-w- c:\windows\system32\bbcap.dll
2009-07-03 19:09 . 2009-07-03 19:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\LogSys
2009-07-03 19:09 . 2009-07-03 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogSys
2009-07-03 19:09 . 2009-07-03 19:09 -------- d-----w- c:\program files\Blueberry Software
2009-07-03 14:03 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-03 13:54 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-03 12:50 . 2009-07-03 12:50 0 ----a-w- c:\windows\system32\cd.dat
2009-07-03 10:02 . 2009-07-03 10:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2009-07-01 13:40 . 2009-07-01 13:40 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0003.dat.com
2009-06-29 23:15 . 2009-06-29 23:15 -------- d-----w- c:\windows\system32\scripting
2009-06-29 23:15 . 2009-06-29 23:15 -------- d-----w- c:\windows\l2schemas
2009-06-29 23:15 . 2009-06-29 23:15 -------- d-----w- c:\windows\system32\en
2009-06-29 23:15 . 2009-06-29 23:15 -------- d-----w- c:\windows\system32\bits
2009-06-29 23:13 . 2009-06-29 23:16 -------- d-----w- c:\windows\ServicePackFiles
2009-06-29 21:49 . 2009-06-29 21:49 -------- d-----w- c:\program files\LtUcx
2009-06-29 11:32 . 2009-06-29 11:32 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-29 11:23 . 2009-06-29 11:23 390664 ----a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\setup\AU_setup.exe
2009-06-29 10:18 . 2009-06-29 10:18 431488 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\A917D7C9B8D0422E8AF070EED126876E\setup.exe
2009-06-29 10:18 . 2009-06-29 10:18 270336 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\A917D7C9B8D0422E8AF070EED126876E\log4net.dll
2009-06-29 10:18 . 2009-06-29 10:18 20480 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\A917D7C9B8D0422E8AF070EED126876E\Uninstall.exe
2009-06-29 10:18 . 2009-06-29 10:18 20480 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\A917D7C9B8D0422E8AF070EED126876E\Runner.exe
2009-06-29 09:51 . 2009-07-12 03:04 -------- d-----w- c:\program files\Unlocker
2009-06-29 08:18 . 2009-06-29 08:18 -------- d-----w- c:\program files\Recuva
2009-06-28 10:34 . 2009-06-28 10:34 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-06-28 10:29 . 2009-07-12 03:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-06-28 10:29 . 2009-07-02 05:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-06-28 10:29 . 2009-07-12 03:00 -------- d-----w- c:\program files\Internet Download Manager
2009-06-25 13:30 . 2009-06-25 13:30 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-24 16:55 . 2009-06-24 16:54 45399 ----a-w- C:\irunin.dat
2009-06-24 16:55 . 2009-06-24 16:54 286720 ----a-w- c:\windows\iun506.exe
2009-06-24 16:54 . 2009-06-29 09:44 -------- d-----w- C:\Balot.org
2009-06-23 06:07 . 2009-06-23 06:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-23 06:07 . 2009-07-12 21:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-06-21 08:09 . 2009-06-21 08:10 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-06-21 07:38 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-06-21 07:38 . 2008-04-14 00:12 53248 ------w- c:\windows\system32\tsgqec.dll
2009-06-21 07:38 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-06-21 07:38 . 2008-04-14 00:12 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-06-21 07:36 . 2004-08-03 19:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-21 07:35 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-06-21 07:34 . 2008-04-14 00:11 1888992 ------w- c:\windows\system32\ati3duag.dll
2009-06-20 21:45 . 2009-06-21 08:22 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-18 23:16 . 2009-06-18 23:54 4020 ----a-w- c:\windows\OF.sys
2009-06-18 06:12 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-18 00:06 . 2008-03-21 10:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-18 00:00 . 2009-06-18 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-06-17 23:58 . 2009-03-19 10:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-06-17 23:58 . 2009-03-19 10:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-06-17 23:58 . 2009-02-09 04:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-17 23:58 . 2009-02-09 04:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-17 23:58 . 2009-02-09 04:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-17 23:58 . 2009-02-09 04:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-17 23:58 . 2009-02-09 04:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-17 23:57 . 2009-06-17 23:35 24433136 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_ar.exe
2009-06-17 23:56 . 2009-06-17 23:56 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-17 23:56 . 2009-06-17 23:56 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-17 23:56 . 2009-06-17 23:56 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-17 23:52 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-17 23:49 . 2009-06-17 23:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-17 23:49 . 2009-06-18 00:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-17 23:49 . 2009-06-17 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-17 23:47 . 2009-06-17 23:47 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-17 23:47 . 2009-06-17 23:57 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-17 23:47 . 2007-09-17 12:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-17 23:47 . 2009-06-17 23:47 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-17 23:47 . 2009-02-09 04:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-17 23:47 . 2009-06-17 23:36 36903984 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_ara_web.exe
2009-06-17 23:46 . 2009-06-17 23:46 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-17 23:46 . 2009-06-17 23:46 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-17 23:46 . 2009-06-17 23:46 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-17 23:46 . 2009-06-17 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-17 22:45 . 2009-06-17 22:45 -------- d-----w- c:\program files\Common Files\Java
2009-06-17 22:08 . 2009-07-04 03:04 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-17 22:08 . 2009-06-17 22:08 -------- d-----w- c:\program files\Reference Assemblies
2009-06-17 22:01 . 2009-06-17 22:01 -------- d-----w- c:\program files\MSXML 6.0
2009-06-17 20:03 . 2009-06-17 20:14 -------- d-----w- c:\documents and settings\Administrator\.java
2009-06-17 20:03 . 2009-06-17 20:08 -------- d-----w- c:\documents and settings\Administrator\.jpi_cache
2009-06-17 19:17 . 2009-06-17 19:17 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-15 12:55 . 2009-06-15 12:55 -------- d--h--w- c:\windows\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 23:16 . 2009-05-26 16:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-07-12 23:14 . 2009-05-31 09:46 729120 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-12 23:14 . 2009-05-31 09:46 6716 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-12 23:14 . 2009-05-31 09:46 3128864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-12 23:14 . 2009-05-31 09:46 28668 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-12 03:09 . 2009-05-31 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-11 11:06 . 2008-04-28 07:08 -------- d-----w- c:\program files\mpegable
2009-07-09 22:09 . 2009-06-03 20:04 -------- d-----w- c:\program files\Hotspot_Shield
2009-07-08 17:37 . 2009-05-26 16:55 -------- d-----w- c:\program files\Google
2009-07-04 11:25 . 2008-04-28 06:13 369080 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 02:58 . 2008-04-28 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-04 02:36 . 2008-04-28 07:26 -------- d-----w- c:\program files\Microsoft Works
2009-07-03 12:14 . 2009-05-26 16:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-07-03 12:10 . 2009-05-26 16:53 -------- d-----w- c:\program files\Paltalk Messenger
2009-06-30 21:41 . 2009-05-26 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-29 23:19 . 2008-04-27 19:48 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-29 11:32 . 2007-04-28 06:51 -------- d-----w- c:\program files\Common Files\Real
2009-06-29 10:45 . 2009-05-26 16:44 -------- d-----w- c:\program files\الموسوعة الطبية
2009-06-28 15:35 . 2009-05-31 12:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Free Download Manager
2009-06-25 17:40 . 2009-06-03 20:34 -------- d-----w- c:\program files\MessengerDiscovery
2009-06-25 13:41 . 2009-05-31 09:47 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-25 13:41 . 2009-05-31 09:47 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-25 13:37 . 2009-05-31 09:46 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-18 00:06 . 2009-06-18 00:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-18 00:06 . 2009-06-18 00:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-17 23:58 . 2008-04-28 06:56 -------- d-----w- c:\program files\Nokia
2009-06-17 23:52 . 2009-06-17 23:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-06-17 23:52 . 2009-06-17 23:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-17 22:08 . 2008-04-28 07:25 -------- d-----w- c:\program files\MSBuild
2009-06-17 21:40 . 2009-06-17 21:40 2678 ----a-w- c:\windows\java\Packages\Data\IBBTB13L.DAT
2009-06-17 21:40 . 2009-06-17 21:40 2678 ----a-w- c:\windows\java\Packages\Data\HNN31F7R.DAT
2009-06-17 21:40 . 2009-06-17 21:40 2678 ----a-w- c:\windows\java\Packages\Data\825BFNFV.DAT
2009-06-17 21:40 . 2009-06-17 21:40 2678 ----a-w- c:\windows\java\Packages\Data\537TNRN3.DAT
2009-06-17 21:40 . 2009-06-17 21:40 2678 ----a-w- c:\windows\java\Packages\Data\2S7VXR9J.DAT
2009-06-17 20:01 . 2008-04-28 06:56 -------- d-----w- c:\program files\Java
2009-06-04 03:54 . 2009-06-04 03:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\AlMAdinahMushaf
2009-06-03 20:34 . 2009-06-03 20:34 -------- d-----w- c:\program files\MSN Messenger
2009-06-03 20:08 . 2009-06-03 20:04 -------- d-----w- c:\program files\Hotspot Shield
2009-06-03 20:04 . 2009-05-31 12:08 -------- d-----w- c:\program files\Conduit
2009-06-03 19:36 . 2009-06-03 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Motive
2009-06-03 19:36 . 2009-06-03 19:35 -------- d-----w- c:\program files\FAHESS
2009-06-03 19:35 . 2009-06-03 19:33 -------- d-----w- c:\program files\Common Files\Motive
2009-06-03 19:33 . 2009-06-03 19:33 -------- d-----w- c:\program files\Fahess_Activation
2009-06-03 19:32 . 2009-06-03 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-01 19:05 . 2009-06-01 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-01 18:13 . 2009-06-01 18:13 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-06-01 11:29 . 2009-06-01 11:29 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-06-01 11:27 . 2009-06-01 11:27 -------- d-----w- c:\program files\SplitCam
2009-06-01 11:27 . 2008-04-28 06:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 09:38 . 2009-05-26 16:52 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-01 08:54 . 2009-06-01 08:54 16608 ----a-w- c:\windows\gdrv.sys
2009-06-01 08:45 . 2009-06-01 08:45 -------- d-----w- c:\program files\Realtek
2009-06-01 08:45 . 2009-06-01 08:45 315392 ----a-w- c:\windows\HideWin.exe
2009-06-01 08:44 . 2009-06-01 08:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-01 08:41 . 2009-06-01 08:41 37888 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Express English\400000600002i\ctfmon.exe
2009-06-01 08:41 . 2009-06-01 08:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-05-31 13:12 . 2009-05-31 13:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-05-31 12:44 . 2009-05-31 12:44 4096 ----a-w- c:\windows\d3dx.dat
2009-05-31 11:11 . 2009-05-26 16:48 -------- d-----w- c:\program files\The KMPlayer
2009-05-31 10:48 . 2009-05-31 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-31 10:46 . 2009-05-31 09:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Heck vc barb
2009-05-31 10:46 . 2009-05-26 16:53 -------- d-----w- c:\program files\Circle Developement
2009-05-31 10:27 . 2009-05-31 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lies shim upload curb
2009-05-31 10:02 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-31 10:02 . 2009-05-31 10:02 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-31 10:02 . 2009-05-31 10:02 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-31 10:02 . 2009-05-31 10:02 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-31 09:54 . 2009-05-31 09:54 37888 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Express English\4000001000002i\AcroRd32.exe
2009-05-31 09:46 . 2008-04-28 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-31 09:38 . 2009-05-31 09:38 -------- d-----w- c:\program files\Heck vc barb
2009-05-26 17:07 . 2008-04-28 07:14 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-26 17:06 . 2009-05-26 17:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-05-26 17:05 . 2009-05-26 17:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\COWON
2009-05-26 17:05 . 2008-04-28 06:46 -------- d-----w- c:\program files\JetAudio
2009-05-26 17:02 . 2009-05-26 17:02 -------- d-----w- c:\program files\Microsoft.NET
2009-05-26 16:57 . 2009-05-26 16:53 -------- d-----w- c:\program files\100 Al-Kharashi
2009-05-26 16:56 . 2009-05-26 16:56 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-26 16:56 . 2009-05-26 16:56 -------- d-----w- c:\program files\3Planesoft Screensaver Manager
2009-05-26 16:56 . 2009-05-26 16:56 -------- d-----w- c:\program files\The Lost Watch 3D Screensaver
2009-05-26 16:52 . 2008-04-28 06:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 16:51 . 2009-05-26 16:51 -------- d-----w- c:\program files\BitComet
2009-05-26 16:51 . 2009-05-26 16:50 -------- d-----w- c:\program files\Free Download Manager
2009-05-26 16:49 . 2009-05-26 16:49 -------- d-----w- c:\program files\Ozone
2009-05-26 16:47 . 2009-05-26 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-26 16:47 . 2009-05-26 16:46 -------- d-----w- c:\program files\مصحف المدينة النبوية
2009-05-26 16:47 . 2008-04-28 06:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-26 16:46 . 2009-05-26 16:46 -------- d-----w- c:\program files\Windows Live
2009-05-26 16:45 . 2009-05-26 16:44 -------- d-----w- c:\program files\Ela-Salaty
2009-05-26 16:44 . 2009-05-26 16:44 737280 ----a-w- c:\windows\iun6002.exe
2009-05-26 16:44 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-26 16:42 . 2009-05-26 16:42 -------- d-----w- c:\program files\ClocX
2009-05-26 16:40 . 2009-05-26 16:40 -------- d-----w- c:\program files\CONEXANT
2009-05-26 16:39 . 2009-05-26 16:39 -------- d-----w- c:\program files\DIFX
2009-05-07 15:32 . 2004-08-03 21:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-03 21:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-03 21:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-03 20:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 21:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-07-09 2215960]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-07-09 22:10 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHot1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-07-09 2215960]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-07-09 2215960]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-29 198160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-31 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Ela-Salaty.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Ela-Salaty.lnk
backup=c:\windows\pss\Ela-Salaty.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9057:TCP"= 9057:TCP:BitComet 9057 TCP
"9057:UDP"= 9057:UDP:BitComet 9057 UDP
"24903:TCP"= 24903:TCP:BitComet 24903 TCP
"24903:UDP"= 24903:UDP:BitComet 24903 UDP
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [03/07/2009 10:09 م 2944]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [01/06/2009 09:13 م 331312]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/07/2009 08:25 م 133104]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [01/06/2009 09:58 م 34352]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [18/06/2009 02:58 ص 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [18/06/2009 02:58 ص 8320]
.
Contents of the 'Scheduled Tasks' folder
2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 17:24]
2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 17:24]
2009-07-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-07-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-IDMan - c:\program files\Internet Download Manager\IDMan.exe
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Download all with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dllink.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{89999700-cba3-4071-b251-47cb894244cd} - f:\ho\ProRatv1.8\ProRat.exe
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://174.36.238.30/saudi1999/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-13 02:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3500)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-07-12 2:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-12 23:19
Pre-Run: 25,919,811,584 bytes free
Post-Run: 25,857,818,624 bytes free
383 --- E O F --- 2009-07-03 14:02
 
توقيع : Mr.Rayan
تأييد 0
تكفون ابي الحل بأسرع مايمكن يجزاكم الجنة .... مع العلم انو سويت للجهاز كلة تحديث من موقع ميكروسوفت ماعدا اكسبلور 8 ماحدثتة مابية
 
توقيع : Mr.Rayan
تأييد 0
مانبي نتعبكم :$ نزلنا كل شي.. ذا التقرير الجديد


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:59:06 ص, on 13/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - F:\ho\ProRatv1.8\ProRat.exe (file missing)
O9 - Extra 'Tools' menuitem: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - F:\ho\ProRatv1.8\ProRat.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8990 bytes
 
توقيع : Mr.Rayan
تأييد 0
اخوي انت فيه غريب استخدمته (( يعني برنامج خطير )) وشكله هو اللي سبب المشاكل
 
توقيع : البارون
تأييد 0
لا اخوي مافي شي ثبتة غريب المشكلة قديمة وطلعت لي بعد ماسويت لجدار الحماية فحص من موقع ميكروسوفت بعدها طلعت

ذا الموقع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : Mr.Rayan
تأييد 0
السسسلام عليكم

بعد اذن اخوي البارون

اخوي جرب هالاداة يمكن تنفعك


حملها من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

applay.gif

cancel.gif

wait.gif

comp.gif


وقفل المتصفح .. وافتحه من جديد .. وان شاء الله تنحل المشكلة يارب
 
توقيع : shaded
تأييد 0
يعطيكم العافية تعبتكم ياخوان

برضو اخوي شادي سويت الي قلتلي علية مانحلت وسويت اعادة تشغيل نفس الشي
 
توقيع : Mr.Rayan
تأييد 0
:f: وينكم ياجماعة

هاه اش السبب فية حل تراودني الفرمتة ومابيها كل شي يروح :i:

اش الحل :f:
 
توقيع : Mr.Rayan
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:51:00 م, on 13/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - F:\ho\ProRatv1.8\ProRat.exe (file missing)
O9 - Extra 'Tools' menuitem: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - F:\ho\ProRatv1.8\ProRat.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9048 bytes
 
توقيع : Mr.Rayan
تأييد 0
اخوي البراون يعطيك العافية وجزاك الله الف خير ع تفاعلك بجميع المواضيع

حليت المشكلة تقريباً من رد لك في موضوع اخر الي هوا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


حذفت الجافا الي عندي لقت اكثر من شي مكتوب علية جافا حذفتها كلها

وحملت الجافا الي انت منزل على ذا الرابط
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وزبط بس فية مشكلة صغيرة تعتمد ع نوع الجافا

الجافا ذي تضهر لي الكتبات صغيرة

ممكن الجافا القديمة الي تبين الكتبات بوضوح او اي جافا زي كذا ؟؟
 
توقيع : Mr.Rayan
تأييد 0
احذف هالقيم​

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)​

O9 - Extra button: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - F:\ho\ProRatv1.8\ProRat.exe (file missing)​

O9 - Extra 'Tools' menuitem: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - F:\ho\ProRatv1.8\ProRat.exe (file missing)​

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




طريقة الحذف للاكس بي




mg%20%283%29.png




mg%20%284%29.png



 
التعديل الأخير بواسطة المشرف:
توقيع : البارون
تأييد 0
كيف احذفها مو عارف الطريقة ؟
 
توقيع : Mr.Rayan
تأييد 0
اخوي حذفتها وهاذا تقرير بعد الحذف

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:19:59 م, on 13/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8688 bytes
 
توقيع : Mr.Rayan
تأييد 0
أخوي هل حل المشكلة أم بعد
 
تأييد 0
توقيع : Mr.Rayan
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى