مشكله بسيطه كل مافتح الجهاز

  • بادئ الموضوع بادئ الموضوع alaboud_1
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,336
A

alaboud_1

زيزوومى مميز
إنضم
15 أبريل 2009
المشاركات
424
مستوى التفاعل
10
النقاط
480
غير متصل
السلام عليكم ورحمة الله وبركاته



اخواني انا عندي مشكله بسيطه كل مافتح الجهاز تطلع لي وبعطيكم صورة منها

عشان تشوفون المشكله


i25113_.jpg


ابيكم تعلموني ايش اسم البرنامج عشاان احذفه مره وحده:hh:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
مرحباً

من ابدأ تشغيل اكتب msconfig >> بدء التشغيل >> قم بإزالة علامات الصح عن الكل ماعدا برنامج الحمايه ويعد تشغيل الجهاز .

وحمل التالي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

إذا أنتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
توقيع : FireFox
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:31 م, on 27/07/09
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\ACFXAU32.exe
--
End of file - 7565 bytes
هذه الي جاني اخووي
 
تأييد 0
عطل برنامج الحمايه وقوم بتحميل الاداه التاليه
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد تحميل الاداه راح تظهر لك نافذين فيهم خيارات اختار yes لكلا النافذتين بعدها ستبدأ عملية الفحص ربما يعاد الجهاز بشكل تلقائي وبعد الاعادة سيكمل الفحص مرة آخرى , أنتظر الى ان يظهر تقرير انسخه والصقه بردك القادم .

ملاحظه : ستجد ملف المفكره في القرص السي ايضاً في هذا المسار C:combofix.txt
 
توقيع : FireFox
تأييد 0
ComboFix 09-07-28.01 - تطوير 07/29/2009 3:27:23.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1256.966.1025.18.1014.333 [GMT 3:00]
Running from: C:\Users\تطوير\Desktop\مجلد جديد\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.
2009-07-29 00:35:21 . 2009-07-29 00:35:31 0 d-----w- C:\Users\تطوير\AppData\Local\temp
2009-07-27 09:37:39 . 2009-07-27 09:37:39 0 d-----w- C:\Program Files\Trend Micro
2009-07-21 10:01:22 . 2009-07-21 10:01:22 35160 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\x64\wmi64.exe
2009-07-21 10:01:22 . 2009-07-21 10:01:22 35160 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\x64\wmi64.exe
2009-07-21 10:01:22 . 2009-07-21 10:01:22 12888 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\wmifw.exe
2009-07-21 10:01:22 . 2009-07-21 10:01:22 12888 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\wmiav.exe
2009-07-21 10:01:22 . 2009-07-21 10:01:22 12888 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\wmias.exe
2009-07-21 10:01:22 . 2009-07-21 10:01:22 12816 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\wmifw.exe
2009-07-21 10:01:22 . 2009-07-21 10:01:22 12816 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\wmiav.exe
2009-07-21 10:01:22 . 2009-07-21 10:01:22 12816 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\wmias.exe
2009-07-21 10:00:37 . 2009-07-21 10:01:21 35160 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\wmi64.exe
2009-07-21 10:00:35 . 2009-07-21 10:00:36 12888 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmifw.exe
2009-07-21 10:00:20 . 2009-07-21 10:00:34 35160 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\wmi64.exe
2009-07-21 09:59:50 . 2009-07-21 09:59:53 12816 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmifw.exe
2009-07-21 09:59:39 . 2009-07-21 09:59:49 12816 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmiav.exe
2009-07-21 09:59:33 . 2009-07-21 09:59:38 12816 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmias.exe
2009-07-21 09:56:06 . 2009-07-21 09:56:07 12888 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmiav.exe
2009-07-21 09:56:05 . 2009-07-21 09:56:05 12888 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmias.exe
2009-07-19 13:26:43 . 2009-07-19 13:26:43 390664 ----a-w- C:\Users\تطوير\AppData\Roaming\Real\RealPlayer\Update\realplayer11gold.exe
2009-07-19 13:26:42 . 2009-07-19 13:26:42 390664 ------w- C:\Users\تطوير\AppData\Roaming\Real\Update\temp\~Upg3\realplayer11gold.exe
2009-07-19 05:07:30 . 2009-07-19 05:09:04 0 d-----w- C:\Users\تطوير\AppData\Roaming\MiniDm
2009-07-18 08:12:52 . 2009-07-27 09:32:29 720896 ----a-w- C:\ProgramData\Shim pile start hide\log phone.exe
2009-07-18 08:12:52 . 2009-07-18 08:12:53 0 d-----w- C:\ProgramData\Shim pile start hide
2009-07-18 08:12:42 . 2009-07-18 08:12:42 720896 ----a-w- C:\ProgramData\title one iso\dmkiiddo.exe
2009-07-18 08:11:05 . 2009-07-20 15:38:07 0 d-----w- C:\ProgramData\title one iso
2009-07-15 02:33:38 . 2009-06-15 14:53:52 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-07-15 02:33:37 . 2009-06-15 14:52:42 23552 ----a-w- C:\Windows\system32\lpk.dll
2009-07-15 02:33:37 . 2009-06-15 14:52:19 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-07-15 02:33:37 . 2009-06-15 12:42:30 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-07-15 02:33:36 . 2009-06-15 14:51:38 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-07-09 13:26:20 . 2009-07-09 13:26:20 390664 ------w- C:\Users\تطوير\AppData\Roaming\Real\Update\temp\~Upg2\realplayer11gold.exe
2009-07-02 04:45:51 . 2009-07-02 04:46:44 0 d-----w- C:\Windows\system32\ca-ES
2009-07-02 04:45:51 . 2009-07-02 04:46:40 0 d-----w- C:\Windows\system32\eu-ES
2009-07-02 04:45:50 . 2009-07-02 04:46:36 0 d-----w- C:\Windows\system32\vi-VN
2009-07-02 04:12:53 . 2009-07-02 04:12:59 0 d-----w- C:\Windows\system32\EventProviders
2009-07-02 03:59:22 . 2009-04-11 05:03:42 12240896 ----a-w- C:\Windows\system32\NlsLexicons0007.dll
2009-07-02 03:59:00 . 2009-04-11 06:28:24 1081344 ----a-w- C:\Windows\system32\SLCExt.dll
2009-07-02 03:59:00 . 2009-04-11 06:27:49 3408896 ----a-w- C:\Windows\system32\SLsvc.exe
2009-07-02 03:57:57 . 2009-04-11 06:28:24 190464 ----a-w- C:\Windows\system32\sperror.dll
2009-07-02 03:56:58 . 2009-04-11 06:28:25 627712 ----a-w- C:\Windows\system32\user32.dll
2009-07-02 03:55:59 . 2009-04-11 06:28:24 60928 ----a-w- C:\Windows\system32\SLUINotify.dll
2009-07-02 03:54:59 . 2009-04-11 06:28:22 445952 ----a-w- C:\Windows\system32\ncryptui.dll
2009-07-02 03:53:59 . 2009-04-11 05:42:55 93696 ----a-w- C:\Windows\system32\drivers\bridge.sys
2009-07-02 03:53:58 . 2009-04-11 06:28:24 4096 ----a-w- C:\Windows\system32\dxmasf.dll
2009-07-02 03:53:58 . 2009-04-11 06:28:23 7680 ----a-w- C:\Windows\system32\spwmp.dll
2009-07-02 03:53:58 . 2009-04-11 04:46:08 15872 ----a-w- C:\Windows\system32\drivers\usb8023.sys
2009-07-02 03:53:57 . 2009-04-11 04:57:26 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2009-07-02 03:53:57 . 2009-04-11 04:46:30 41472 ----a-w- C:\Windows\system32\drivers\raspppoe.sys
2009-07-02 03:53:55 . 2009-04-11 06:22:22 7168 ----a-w- C:\Windows\system32\f3ahvoas.dll
2009-07-02 03:53:54 . 2009-04-11 04:27:17 2560 ----a-w- C:\Windows\system32\msimsg.dll
2009-07-02 03:53:53 . 2009-04-11 04:54:59 2048 ----a-w- C:\Windows\system32\mferror.dll
2009-07-02 03:52:01 . 2009-04-11 06:28:25 83968 ----a-w- C:\Windows\system32\wbem\wmiutils.dll
2009-07-02 03:52:01 . 2009-04-11 06:28:25 30208 ----a-w- C:\Windows\system32\wbem\wbemprox.dll
2009-07-02 03:52:01 . 2009-04-11 06:28:20 189440 ----a-w- C:\Windows\system32\wbem\mofd.dll
2009-07-02 03:52:01 . 2009-04-11 06:28:19 265728 ----a-w- C:\Windows\system32\wbem\esscli.dll
2009-07-02 03:52:00 . 2009-04-11 06:28:25 744448 ----a-w- C:\Windows\system32\wbem\wbemcore.dll
2009-07-02 03:52:00 . 2009-04-11 06:28:24 265728 ----a-w- C:\Windows\system32\wbem\repdrvfs.dll
2009-07-02 03:52:00 . 2009-04-11 06:28:19 614912 ----a-w- C:\Windows\system32\wbem\fastprox.dll
2009-07-02 03:51:23 . 2009-04-11 06:28:24 705536 ----a-w- C:\Windows\system32\SmiEngine.dll
2009-07-02 03:50:15 . 2009-04-11 06:28:25 218624 ----a-w- C:\Windows\system32\wdscore.dll
2009-07-02 03:50:15 . 2009-04-11 06:27:48 130560 ----a-w- C:\Windows\system32\PkgMgr.exe
2009-07-02 03:47:50 . 2009-04-11 06:28:18 247808 ----a-w- C:\Windows\system32\drvstore.dll
2009-06-30 08:34:43 . 2007-03-22 10:46:40 126976 ----a-w- C:\Users\تطوير\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 00:35:47 . 2009-05-15 06:45:24 0 d-----w- C:\Users\تطوير\AppData\Roaming\DMCache
2009-07-28 20:07:56 . 2009-03-04 22:29:56 0 d-----w- C:\ProgramData\Kaspersky Lab
2009-07-28 19:11:55 . 2009-03-04 22:29:58 671776 --sha-w- C:\Windows\system32\drivers\fidbox2.dat
2009-07-28 19:11:55 . 2009-03-04 22:29:58 3763232 --sha-w- C:\Windows\system32\drivers\fidbox.dat
2009-07-28 19:11:55 . 2009-03-04 22:29:58 3376 --sha-w- C:\Windows\system32\drivers\fidbox2.idx
2009-07-28 19:11:55 . 2009-03-04 22:29:58 30480 --sha-w- C:\Windows\system32\drivers\fidbox.idx
2009-07-28 19:11:36 . 2009-01-19 15:01:19 12 ----a-w- C:\Windows\bthservsdp.dat
2009-07-27 17:21:31 . 2008-11-19 21:01:43 78446 ----a-w- C:\Windows\system32\perfc001.dat
2009-07-27 17:21:31 . 2008-11-19 21:01:43 439186 ----a-w- C:\Windows\system32\perfh001.dat
2009-07-26 13:18:48 . 2009-05-15 06:45:24 0 d-----w- C:\Users\تطوير\AppData\Roaming\IDM
2009-07-21 10:01:22 . 2009-05-19 01:43:48 208616 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-21 10:01:22 . 2009-05-19 01:43:48 208616 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-07-21 09:57:17 . 2009-05-19 01:38:20 208616 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-07-21 09:55:47 . 2009-03-05 01:08:53 208616 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-20 15:38:07 . 2009-02-17 22:10:56 0 d-----w- C:\Program Files\Circle Developemnt
2009-07-18 08:16:29 . 2009-06-21 06:35:15 0 d-----w- C:\Program Files\Muslim Bag
2009-07-18 08:08:32 . 2008-12-24 16:38:02 0 d-----w- C:\Program Files\Messenger Plus! Live
2009-07-17 07:42:20 . 2009-05-26 22:54:03 0 d-----w- C:\Program Files\Safari
2009-07-15 03:32:38 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-07-15 03:31:28 . 2008-11-19 11:07:50 0 d-----w- C:\ProgramData\Microsoft Help
2009-07-02 21:00:37 . 2009-07-02 21:00:37 0 ---ha-w- C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-07-02 04:46:59 . 2006-11-02 12:35:51 0 d-----w- C:\Program Files\Windows Calendar
2009-07-02 04:46:58 . 2006-11-02 12:35:51 0 d-----w- C:\Program Files\Windows Sidebar
2009-07-02 04:46:57 . 2006-11-02 12:35:51 0 d-----w- C:\Program Files\Windows Collaboration
2009-07-02 04:46:55 . 2006-11-02 12:35:51 0 d-----w- C:\Program Files\Windows Photo Gallery
2009-07-02 04:46:52 . 2006-11-02 12:35:51 0 d-----w- C:\Program Files\Windows Defender
2009-07-02 04:45:39 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-07-02 04:30:30 . 2006-11-02 12:35:51 37665 ----a-w- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-26 06:21:44 . 2009-06-26 06:21:44 390664 ------w- C:\Users\تطوير\AppData\Roaming\Real\Update\temp\~Upg1\realplayer11gold.exe
2009-06-21 18:32:44 . 2009-01-01 13:54:55 0 d-----w- C:\ProgramData\Apple Computer
2009-06-21 18:32:44 . 2009-01-01 13:51:36 0 d-----w- C:\Program Files\Common Files\Apple
2009-06-17 05:01:31 . 2009-06-17 05:01:31 390664 ------w- C:\Users\تطوير\AppData\Roaming\Real\Update\temp\~Upg0\realplayer11gold.exe
2009-06-15 20:08:10 . 2009-06-15 20:08:10 0 d-----w- C:\ProgramData\MSScanAppDataDir
2009-06-12 14:17:15 . 2009-06-12 14:16:20 0 d-----w- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-11 02:53:08 . 2008-11-19 11:20:53 0 d-----w- C:\Program Files\Common Files\PX Storage Engine
2009-06-11 02:50:39 . 2008-11-19 11:20:51 0 d-----w- C:\Program Files\Common Files\Sonic Shared
2009-06-11 02:36:54 . 2009-06-11 02:36:54 0 ---ha-w- C:\Windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-06-11 02:33:52 . 2008-11-22 13:29:22 71088 ----a-w- C:\Users\تطوير\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-11 02:18:29 . 2008-11-19 11:10:22 0 d-----w- C:\Program Files\Microsoft Works
2009-06-10 10:53:33 . 2009-06-10 10:53:35 456304 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtbDCF8.tmp.exe
2009-05-26 22:40:14 . 2009-05-26 22:27:38 38208 ----a-w- C:\Users\تطوير\AppData\Roaming\Macromedia\Flash Player\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-26 22:26:35 . 2009-05-26 22:26:35 499712 ----a-w- C:\Windows\system32\msvcp71.dll
2009-05-26 22:26:35 . 2009-05-26 22:26:35 348160 ----a-w- C:\Windows\system32\msvcr71.dll
2009-05-20 12:23:24 . 2009-03-04 22:33:03 105395 ----a-w- C:\Windows\system32\drivers\klin.dat
2009-05-20 12:23:23 . 2009-03-04 22:33:02 94643 ----a-w- C:\Windows\system32\drivers\klick.dat
2009-05-19 01:42:19 . 2009-05-19 01:42:17 38416 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\klbg.sys
2009-05-19 01:42:17 . 2009-03-05 01:08:52 33808 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-19 01:42:15 . 2009-05-19 01:42:06 247312 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista64\klif.sys
2009-05-19 01:42:05 . 2009-03-05 01:08:51 239120 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista\klif.sys
2009-05-19 01:41:55 . 2009-05-19 01:41:47 218640 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP64\klif.sys
2009-05-19 01:41:46 . 2009-05-19 01:41:37 226832 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-19 01:41:37 . 2009-05-19 01:41:28 230032 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\w2000\klif.sys
2009-05-19 01:40:04 . 2009-05-19 01:39:57 176656 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\scrchpg.dll
2009-05-19 01:39:15 . 2009-05-19 01:39:14 44808 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-05-19 01:38:20 . 2009-05-19 01:38:18 38416 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\klbg.sys
2009-05-19 01:38:18 . 2009-05-19 01:38:17 33808 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-05-19 01:38:16 . 2009-05-19 01:38:08 227856 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista64\klif.sys
2009-05-19 01:38:07 . 2009-05-19 01:37:59 224272 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys
2009-05-19 01:37:59 . 2009-05-19 01:37:51 202768 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP64\klif.sys
2009-05-19 01:37:51 . 2009-05-19 01:37:43 213520 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys
2009-05-19 01:37:42 . 2009-05-19 01:37:34 215824 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\w2000\klif.sys
2009-05-19 01:37:33 . 2009-05-19 01:37:32 38416 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\klbg.sys
2009-05-19 01:37:32 . 2009-05-19 01:37:30 33808 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-05-19 01:37:30 . 2009-05-19 01:37:22 227856 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\Vista64\klif.sys
2009-05-19 01:37:21 . 2009-05-19 01:37:13 224272 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\Vista\klif.sys
2009-05-19 01:37:13 . 2009-05-19 01:37:05 202768 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP64\klif.sys
2009-05-19 01:37:05 . 2009-05-19 01:36:57 213520 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-05-19 01:36:57 . 2009-05-19 01:36:48 215824 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\w2000\klif.sys
2009-05-19 01:35:21 . 2009-05-19 01:35:20 22792 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\vkbd64.dll
2009-05-19 01:35:20 . 2009-05-19 01:35:13 176656 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\scrchpg.dll
2009-05-19 01:35:13 . 2009-05-19 01:35:10 60168 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\ievkbd.dll
2009-05-19 01:35:10 . 2009-05-19 01:35:09 21256 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-05-19 01:34:54 . 2009-05-19 01:34:18 861448 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2009-05-19 01:33:20 . 2009-05-19 01:33:16 83208 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-05-19 01:33:05 . 2009-05-19 01:33:02 62728 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-05-19 01:32:46 . 2009-05-19 01:32:43 43784 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-05-19 01:32:42 . 2009-05-19 01:32:16 365832 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-05-19 01:30:05 . 2009-05-19 01:29:57 201992 ----a-w- C:\ProgramData\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-05-15 08:08:22 . 2009-05-15 08:08:22 198064 ----a-w- C:\Users\تطوير\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-09 05:50:28 . 2009-06-10 00:49:15 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-05-09 05:34:34 . 2009-06-10 00:49:14 71680 ----a-w- C:\Windows\system32\iesetup.dll


ان شااء الله يكون هذه هو الملف ويعطيك الف الف عاافيه
 
تأييد 0
وينك اخويfire
 
تأييد 0
تقرير هايجك جديد ,,
 
توقيع : Future Tank X-1
تأييد 0
سويته مره ثاانيه وهذه التقرير الجديد


ComboFix 09-07-28.01 - تطوير 07/30/2009 22:19.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1256.966.1025.18.1014.406 [GMT 3:00]
Running from: c:\users\تطوير\Desktop\مجلد جديد\تنظيف\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-30 19:26 . 2009-07-30 19:26 -------- d-----w- c:\users\تطوير\AppData\Local\temp
2009-07-27 09:37 . 2009-07-27 09:37 -------- d-----w- c:\program files\Trend Micro
2009-07-21 10:01 . 2009-07-21 10:01 35160 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\x64\wmi64.exe
2009-07-21 10:01 . 2009-07-21 10:01 35160 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\x64\wmi64.exe
2009-07-21 10:01 . 2009-07-21 10:01 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\wmifw.exe
2009-07-21 10:01 . 2009-07-21 10:01 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\wmiav.exe
2009-07-21 10:01 . 2009-07-21 10:01 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\wmias.exe
2009-07-21 10:01 . 2009-07-21 10:01 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\wmifw.exe
2009-07-21 10:01 . 2009-07-21 10:01 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\wmiav.exe
2009-07-21 10:01 . 2009-07-21 10:01 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\wmias.exe
2009-07-21 10:00 . 2009-07-21 10:01 35160 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\wmi64.exe
2009-07-21 10:00 . 2009-07-21 10:00 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmifw.exe
2009-07-21 10:00 . 2009-07-21 10:00 35160 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\wmi64.exe
2009-07-21 09:59 . 2009-07-21 09:59 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmifw.exe
2009-07-21 09:59 . 2009-07-21 09:59 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmiav.exe
2009-07-21 09:59 . 2009-07-21 09:59 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmias.exe
2009-07-21 09:56 . 2009-07-21 09:56 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmiav.exe
2009-07-21 09:56 . 2009-07-21 09:56 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmias.exe
2009-07-19 13:26 . 2009-07-19 13:26 390664 ----a-w- c:\users\تطوير\AppData\Roaming\Real\RealPlayer\Update\realplayer11gold.exe
2009-07-19 13:26 . 2009-07-19 13:26 390664 ------w- c:\users\تطوير\AppData\Roaming\Real\Update\temp\~Upg3\realplayer11gold.exe
2009-07-19 05:07 . 2009-07-19 05:09 -------- d-----w- c:\users\تطوير\AppData\Roaming\MiniDm
2009-07-18 08:12 . 2009-07-27 09:32 720896 ----a-w- c:\programdata\Shim pile start hide\log phone.exe
2009-07-18 08:12 . 2009-07-18 08:12 -------- d-----w- c:\programdata\Shim pile start hide
2009-07-18 08:12 . 2009-07-18 08:12 720896 ----a-w- c:\programdata\title one iso\dmkiiddo.exe
2009-07-18 08:11 . 2009-07-20 15:38 -------- d-----w- c:\programdata\title one iso
2009-07-15 02:33 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 02:33 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 02:33 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 02:33 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 02:33 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-09 13:26 . 2009-07-09 13:26 390664 ------w- c:\users\تطوير\AppData\Roaming\Real\Update\temp\~Upg2\realplayer11gold.exe
2009-07-02 04:45 . 2009-07-02 04:46 -------- d-----w- c:\windows\system32\ca-ES
2009-07-02 04:45 . 2009-07-02 04:46 -------- d-----w- c:\windows\system32\eu-ES
2009-07-02 04:45 . 2009-07-02 04:46 -------- d-----w- c:\windows\system32\vi-VN
2009-07-02 04:12 . 2009-07-02 04:12 -------- d-----w- c:\windows\system32\EventProviders
2009-07-02 03:59 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-02 03:59 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-07-02 03:59 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-07-02 03:57 . 2009-04-11 06:28 190464 ----a-w- c:\windows\system32\sperror.dll
2009-07-02 03:56 . 2009-04-11 06:28 627712 ----a-w- c:\windows\system32\user32.dll
2009-07-02 03:55 . 2009-04-11 06:28 60928 ----a-w- c:\windows\system32\SLUINotify.dll
2009-07-02 03:54 . 2009-04-11 06:28 445952 ----a-w- c:\windows\system32\ncryptui.dll
2009-07-02 03:53 . 2009-04-11 05:42 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-07-02 03:53 . 2009-04-11 06:28 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-02 03:53 . 2009-04-11 06:28 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-02 03:53 . 2009-04-11 04:46 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-07-02 03:53 . 2009-04-11 04:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-02 03:53 . 2009-04-11 04:46 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-07-02 03:53 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-07-02 03:53 . 2009-04-11 04:27 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-07-02 03:53 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-07-02 03:52 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-02 03:52 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-02 03:52 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-02 03:52 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-02 03:52 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-02 03:52 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-02 03:52 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-02 03:51 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-02 03:50 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-02 03:50 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-02 03:47 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 19:26 . 2009-05-15 06:45 -------- d-----w- c:\users\تطوير\AppData\Roaming\DMCache
2009-07-30 10:41 . 2009-03-04 22:29 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-30 09:24 . 2009-03-04 22:29 671776 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-30 09:24 . 2009-03-04 22:29 3763232 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-30 09:24 . 2009-03-04 22:29 3376 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-30 09:24 . 2009-03-04 22:29 30480 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-30 09:24 . 2009-01-19 15:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-30 02:12 . 2009-07-30 02:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-29 14:54 . 2009-05-15 06:45 -------- d-----w- c:\users\تطوير\AppData\Roaming\IDM
2009-07-27 17:21 . 2008-11-19 21:01 78446 ----a-w- c:\windows\system32\perfc001.dat
2009-07-27 17:21 . 2008-11-19 21:01 439186 ----a-w- c:\windows\system32\perfh001.dat
2009-07-21 21:52 . 2009-07-29 07:11 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 10:01 . 2009-05-19 01:43 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-21 10:01 . 2009-05-19 01:43 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-07-21 09:57 . 2009-05-19 01:38 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-07-21 09:55 . 2009-03-05 01:08 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-20 15:38 . 2009-02-17 22:10 -------- d-----w- c:\program files\Circle Developemnt
2009-07-18 08:16 . 2009-06-21 06:35 -------- d-----w- c:\program files\Muslim Bag
2009-07-18 08:08 . 2008-12-24 16:38 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-17 07:42 . 2009-05-26 22:54 -------- d-----w- c:\program files\Safari
2009-07-15 03:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 03:31 . 2008-11-19 11:07 -------- d-----w- c:\programdata\Microsoft Help
2009-07-02 21:00 . 2009-07-02 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-07-02 04:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-02 04:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-02 04:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-02 04:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-02 04:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-02 04:45 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-02 04:30 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-26 06:21 . 2009-06-26 06:21 390664 ------w- c:\users\تطوير\AppData\Roaming\Real\Update\temp\~Upg1\realplayer11gold.exe
2009-06-21 18:32 . 2009-01-01 13:54 -------- d-----w- c:\programdata\Apple Computer
2009-06-21 18:32 . 2009-01-01 13:51 -------- d-----w- c:\program files\Common Files\Apple
2009-06-17 05:01 . 2009-06-17 05:01 390664 ------w- c:\users\تطوير\AppData\Roaming\Real\Update\temp\~Upg0\realplayer11gold.exe
2009-06-15 20:08 . 2009-06-15 20:08 -------- d-----w- c:\programdata\MSScanAppDataDir
2009-06-12 14:17 . 2009-06-12 14:16 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-11 02:53 . 2008-11-19 11:20 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-11 02:50 . 2008-11-19 11:20 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-11 02:36 . 2009-06-11 02:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-06-11 02:33 . 2008-11-22 13:29 71088 ----a-w- c:\users\تطوير\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-11 02:18 . 2008-11-19 11:10 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 10:53 . 2009-06-10 10:53 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDCF8.tmp.exe
2009-05-26 22:40 . 2009-05-26 22:27 38208 ----a-w- c:\users\تطوير\AppData\Roaming\Macromedia\Flash Player\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-26 22:26 . 2009-05-26 22:26 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-26 22:26 . 2009-05-26 22:26 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-20 12:23 . 2009-03-04 22:33 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-20 12:23 . 2009-03-04 22:33 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-19 01:42 . 2009-05-19 01:42 38416 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\klbg.sys
2009-05-19 01:42 . 2009-03-05 01:08 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-19 01:42 . 2009-05-19 01:42 247312 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista64\klif.sys
2009-05-19 01:42 . 2009-03-05 01:08 239120 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista\klif.sys
2009-05-19 01:41 . 2009-05-19 01:41 218640 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP64\klif.sys
2009-05-19 01:41 . 2009-05-19 01:41 226832 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-19 01:41 . 2009-05-19 01:41 230032 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\w2000\klif.sys
2009-05-19 01:40 . 2009-05-19 01:39 176656 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\scrchpg.dll
2009-05-19 01:39 . 2009-05-19 01:39 44808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-05-19 01:38 . 2009-05-19 01:38 38416 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\klbg.sys
2009-05-19 01:38 . 2009-05-19 01:38 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-05-19 01:38 . 2009-05-19 01:38 227856 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista64\klif.sys
2009-05-19 01:38 . 2009-05-19 01:37 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys
2009-05-19 01:37 . 2009-05-19 01:37 202768 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP64\klif.sys
2009-05-19 01:37 . 2009-05-19 01:37 213520 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys
2009-05-19 01:37 . 2009-05-19 01:37 215824 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\w2000\klif.sys
2009-05-19 01:37 . 2009-05-19 01:37 38416 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\klbg.sys
2009-05-19 01:37 . 2009-05-19 01:37 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-05-19 01:37 . 2009-05-19 01:37 227856 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\Vista64\klif.sys
2009-05-19 01:37 . 2009-05-19 01:37 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\Vista\klif.sys
2009-05-19 01:37 . 2009-05-19 01:37 202768 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP64\klif.sys
2009-05-19 01:37 . 2009-05-19 01:36 213520 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-05-19 01:36 . 2009-05-19 01:36 215824 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\w2000\klif.sys
2009-05-19 01:35 . 2009-05-19 01:35 22792 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\vkbd64.dll
2009-05-19 01:35 . 2009-05-19 01:35 176656 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\scrchpg.dll
2009-05-19 01:35 . 2009-05-19 01:35 60168 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\ievkbd.dll
2009-05-19 01:35 . 2009-05-19 01:35 21256 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-05-19 01:34 . 2009-05-19 01:34 861448 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2009-05-19 01:33 . 2009-05-19 01:33 83208 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-05-19 01:33 . 2009-05-19 01:33 62728 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-05-19 01:32 . 2009-05-19 01:32 43784 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-05-19 01:32 . 2009-05-19 01:32 365832 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-05-19 01:30 . 2009-05-19 01:29 201992 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-05-15 08:08 . 2009-05-15 08:08 198064 ----a-w- c:\users\تطوير\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-15 2807216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-21 208616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):74,af,50,58,d1,fa,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A28AFAC-48F1-4A52-B083-FBC08661C160}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D92371C4-AC6B-4728-A1D5-A5008D0936E0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6AA7932C-323F-41BE-A111-A8343C816D3A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{4136F351-7923-42F3-B930-A6D52C9E5D3A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{169AA33C-7FC5-43C3-AA35-0FD5541865A2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{578D2B35-8839-4414-97B1-38F98948D283}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B83DFF82-3118-4744-BB2A-96FAA66BA252}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{2C160126-929B-4B86-9283-270ADB29D4AC}c:\\program files\\internet download manager\\idman.exe"= UDP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"UDP Query User{E7A26A80-4B03-4209-97F5-283ECAAC6810}c:\\program files\\internet download manager\\idman.exe"= TCP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [14/11/05 01:28 م 34176]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/08 05:28 م 20496]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [19/11/08 01:24 م 77824]
S3 acfva;acfva;c:\windows\System32\drivers\ACFVA32.sys [19/11/08 01:37 م 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\System32\drivers\ACFDCP32.sys [19/11/08 01:37 م 28928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.201.170/ReadUid.CAB
.
**************************************************************************
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-30 22:26
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\users\2342~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-667273797-884931759-50113389-1002_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0d,f8,2c,c2,6a,ba,20,85,da,e0,54,dc,d2,21,6a,d7,5b,4e,74,c2,1c,
fc,d5,67,6f,40,19,57,b3,a9,37,a6,43,10,41,25,ee,ee,81,ae,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-667273797-884931759-50113389-1002_Classes\CLSID\{c8bb9b27-1e2c-4c9d-8d76-3aee28add876}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000c5
"Therad"=dword:00000008
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,84,64,fb,29,0f,10,70,eb,85,a7,36,d6,f4,f6,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-30 22:29
ComboFix-quarantined-files.txt 2009-07-30 19:29
Pre-Run: 42,572,423,168 bytes free
Post-Run: 42,415,960,064 bytes free
252 --- E O F --- 2009-07-29 07:38
 
تأييد 0
انا قصدي ,,
حمل التالي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

إذا أنتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

^^
 
توقيع : Future Tank X-1
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:31 م, on 27/07/09
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\ACFXAU32.exe
--
End of file - 7565 bytes
 
تأييد 0
من ابدأ تشغيل اكتب msconfig >> بدء التشغيل >> قم بإزالة علامات الصح عن الكل ماعدا برنامج الحمايه ,,
بعدها اعد تشغيل الجهاز ,,
وهل تظهر الرساله ام لا ,,

 
توقيع : Future Tank X-1
تأييد 0
لا لم تظهر الرسااله
 
تأييد 0
المعذرة عزيزي في عدم المتابعه وذلك بسبب إنشغالي ..

ياليت تقوم بإصلاح القيم التاليه

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)
---
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
--
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
--
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
--
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
--
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
--
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
--
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

--

طريقة الاصلاح

mg%20%283%29.png


mg%20%284%29.png


وبعد ذلك ياليت تقرير هايجك جديد ..
 
توقيع : FireFox
تأييد 0
اخوي عادي بس سويته وحذفته ولا سويت من جديد يطلع لي نفسه موجود مانحذف هذه التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:31 م, on 27/07/09
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\ACFXAU32.exe
--
End of file - 7565 bytes
 
تأييد 0
عند تشغيل برنامج الهايجك اضغط عليه على جنب بالماوس يمين واختار تشغيل بواسطة الادمن وقم بإصلاح القيم وتقرير هايجك جديد إذ شفت نفس الشيئ ماتغير الوضع حاول من السيف مود إصلاح القيم .
 
توقيع : FireFox
تأييد 0
مافهمت عليك اخوي اسف
 
تأييد 0
شوف الصوره .. تشغيل البرنامج كده

run_as_admin1.png
 
توقيع : FireFox
تأييد 0
يارب يكون المطلوووب القيمه انحذفت وهذه التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:33:23 م, on 31/07/09
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\ACFXAU32.exe
--
End of file - 6303 bytes
 
تأييد 0
قم بتشغيل الهايجك عن طريق ,,​

run_as_admin1.png

واصلح​

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)
---
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
--
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - (no file)
--
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
--
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - (no file)
--
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
--
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
--
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

--

طريقة الاصلاح


mg%20%283%29.png


mg%20%284%29.png

وبعد ذلك تقرير هايجك جديد ,,
 
توقيع : Future Tank X-1
تأييد 0
سويته وهذه الي طلع معي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:17 م, on 31/07/09
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\ACFXAU32.exe
--
End of file - 6043 bytes
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى