مشكله في الماسنجر بعد تثبت واستخدام الأفيرا انتي فايروس

[momo.x.man]

سلام عليكم

جمعه مباركه لخواني الكرام واخواتي

انا فيه مشكه عويصه

انا حملت برنامج الحمايه

antivir_workstation_winu_en_hp

يوم خلصت من تثبيته << انا مثبته عشان عندي فيروسات بس

المهم ثبته يوم ثبته بدا بحذف الفيروسات

يوم خلت عدة تشغبل الجهاز ولقيت بعض البرامج محذوفه

كل شي رحت اثبت الماسنجر الجديد ماتثبت

وثم قلت ابورح اثبت القديم وانا توني ابتثبته طلعتلي رساله

-------------------------------------

حدث مشكلة في هذا التثبيت . لم يتم تثبيت windows live suite
تفاصيل خطأ النظام
المرمز : 0x8000ffff
الوصف : فشل ذريع

------------------------------------

وانا مال دون ماسنجر

تكوفون ابي الحل من القهر حذفت البرنامج الحمايه

نخيتكم ولكم دعوات يوم الجمعه

وصلى الله وبارك

..

:f:
:?:​

 

[shaded]

وعليكم السلام ورحمة الله وبركاته ..

يبدو اخوي ان جهازك مصاب بدودة الساليتي .. واصابت ملفات ذات الامتداد exe والافيرا ضعيف في تنظيفها فقام بحذفها ..

ينقل للقسم المناسب (( قسم المشاكل والحلول ))

+

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

 

[momo.x.man]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:28 ص, on 31/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=1045-1806-0605-0955-3112-9294
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpSvc.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
--
End of file - 7795 bytes

 

[shaded]

وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[Al jNtEeL]

وعليكم السلاام ورحمة الله وبركاته

تم نقل موضوعك لقسمه الأنسب .. وتعديل العنوان لينم عن محتواه

بالتوفيق ان شاء الله

ودي وتقديري

 

[momo.x.man]

ComboFix 09-07-29.04 - ASH 07/31/2009 11:22.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.446.208 [GMT 3:00]
Running from: c:\documents and settings\ASH\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\ASH\Application Data\tazebama
c:\documents and settings\ASH\Application Data\tazebama\tazebama.log
c:\documents and settings\ASH\Application Data\tazebama\zPharaoh.dat
c:\windows\Installer\1a495ec.msp
c:\windows\Installer\c18a91.msp
c:\windows\system32\kakle.dll
C:\zPharaoh.exe
D:\Autorun.inf
D:\zPharaoh.exe
E:\Autorun.inf
E:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 08:10 . 2009-07-31 08:10 -------- dc----w- c:\program files\Trend Micro
2009-07-31 07:33 . 2009-07-31 07:33 -------- dc----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-31 06:27 . 2009-07-31 06:27 -------- dc----w- c:\windows\LastGood
2009-07-31 06:14 . 2009-07-31 06:14 198064 -c--a-w- c:\documents and settings\ASH\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-31 06:14 . 2009-07-31 06:36 -------- dc----w- c:\program files\Internet Download Manager
2009-07-31 05:51 . 2009-07-31 05:51 -------- dc----w- c:\program files\Windows Live
2009-07-31 05:51 . 2009-07-31 05:51 -------- dc----w- c:\program files\Microsoft Sync Framework
2009-07-31 05:51 . 2009-07-31 05:51 -------- dc----w- c:\program files\Windows Live SkyDrive
2009-07-31 05:51 . 2009-07-31 05:51 -------- dc----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-31 03:20 . 2009-07-31 03:20 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\e9930ef5999e99c7051676i\AcroRd32Info.exe
2009-07-31 03:20 . 2009-07-31 03:20 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\1000000b00002i\verclsid.exe
2009-07-31 02:13 . 2009-07-31 02:13 -------- dc----w- c:\windows\system32\ar
2009-07-31 02:13 . 2009-07-31 02:13 -------- dc----w- c:\windows\l2schemas
2009-07-31 02:13 . 2009-07-31 02:13 -------- dc----w- c:\windows\system32\bits
2009-07-31 02:10 . 2009-07-31 02:10 -------- dc----w- c:\windows\ServicePackFiles
2009-07-31 01:57 . 2009-07-31 01:57 -------- dc----w- c:\program files\Microsoft Silverlight
2009-07-30 11:10 . 2008-04-14 15:59 221184 -c--a-w- c:\windows\system32\wmpns.dll
2009-07-30 11:02 . 2009-07-30 11:02 47104 -c----w- c:\windows\AKDeInstall.exe
2009-07-30 11:01 . 2009-07-30 11:02 -------- dc----w- c:\program files\Java
2009-07-30 11:01 . 2009-07-30 11:01 -------- dc----w- c:\program files\Common Files\Java
2009-07-30 11:00 . 2009-07-30 11:00 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Sun
2009-07-30 08:56 . 2009-07-31 01:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-30 08:02 . 2009-07-30 08:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-07-30 08:02 . 2009-07-30 08:02 -------- dc----w- c:\program files\Common Files\Adobe Systems Shared
2009-07-30 06:42 . 2009-07-30 06:42 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\10000001600002i\msiexec.exe
2009-07-29 20:23 . 2009-07-31 06:26 -------- dc----w- c:\program files\Hotspot Shield
2009-07-29 12:38 . 2009-07-03 16:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 12:38 . 2009-07-03 16:55 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 11:52 . 2009-07-29 11:52 -------- dc----w- c:\program files\MSXML 4.0
2009-07-29 04:40 . 2009-07-29 04:40 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\30000000be00002i\DW20.EXE
2009-07-29 03:39 . 2009-07-29 03:40 -------- dc----w- c:\program files\WMV9_VCM
2009-07-29 03:39 . 2009-07-29 03:40 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Xara
2009-07-29 03:39 . 2009-07-29 03:39 -------- dc----w- c:\program files\Common Files\Xara
2009-07-26 10:58 . 2009-07-30 10:23 -------- dc----w- c:\program files\USB Disk Security
2009-07-25 09:09 . 2009-07-25 09:09 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Identities
2009-07-24 23:56 . 2009-07-27 00:59 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Netlog
2009-07-24 21:21 . 2009-07-24 21:49 -------- dc----w- c:\windows\SxsCaPendDel
2009-07-24 21:02 . 2009-07-30 10:21 -------- dc----w- c:\program files\DynDNS Updater
2009-07-24 21:02 . 2009-07-24 21:02 -------- dc----w- c:\documents and settings\All Users\Application Data\DynDNS
2009-07-24 08:28 . 2009-07-30 09:30 -------- dc----w- c:\program files\No-IP
2009-07-22 20:14 . 2009-07-31 06:30 -------- dc----w- c:\documents and settings\ASH\Application Data\IDM
2009-07-22 19:24 . 2009-07-22 19:24 -------- dc----w- c:\program files\dvdup
2009-07-22 08:55 . 2009-07-31 08:21 -------- dc----w- c:\documents and settings\ASH\Application Data\DMCache
2009-07-21 05:11 . 2009-07-30 10:20 -------- dc----w- c:\program files\Any Audio Converter
2009-07-20 21:11 . 2004-08-03 21:38 700928 -c----w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-20 18:46 . 2009-07-20 18:46 -------- dc----w- c:\documents and settings\ASH\Application Data\Windows Live Writer
2009-07-20 18:46 . 2009-07-20 18:47 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Windows Live Writer
2009-07-20 16:20 . 2009-07-20 16:20 592 -c--a-w- c:\windows\chgkey.vbs
2009-07-20 16:18 . 2009-07-20 16:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-20 06:32 . 2009-07-20 06:32 -------- dc----w- c:\program files\Common Files\xing shared
2009-07-20 06:32 . 2009-07-30 10:51 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2009-07-20 06:32 . 2009-07-30 10:51 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2009-07-20 05:44 . 2009-07-20 05:44 -------- dc----w- c:\documents and settings\ASH\Application Data\Media Player Classic
2009-07-20 05:34 . 2009-07-20 05:34 10240 -c--a-w- c:\documents and settings\ASH\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-07-20 05:34 . 2007-03-22 10:46 126976 -c--a-w- c:\documents and settings\ASH\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-07-19 09:26 . 2009-07-19 09:26 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\4000004d00002i\MDM.EXE
2009-07-19 09:26 . 2009-07-26 06:59 -------- dc----w- c:\documents and settings\ASH\Application Data\Thinstall
2009-07-19 09:23 . 2009-07-19 09:23 -------- dc-h--w- c:\windows\PIF
2009-07-18 06:08 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-18 06:08 . 2009-03-06 14:20 283136 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-18 06:08 . 2009-02-09 11:22 2190592 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-18 06:08 . 2009-02-09 11:21 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-18 06:08 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-18 06:08 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-18 06:08 . 2009-02-09 10:51 723456 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-18 06:08 . 2009-02-09 10:51 681472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-18 06:08 . 2009-02-09 10:51 693760 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-18 06:08 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-18 06:08 . 2009-02-09 11:22 2146816 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-18 06:08 . 2009-02-09 11:22 2025472 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-18 05:53 . 2008-06-14 17:31 271616 -c----w- c:\windows\system32\drivers\bthport.sys
2009-07-18 05:53 . 2008-06-14 17:31 271616 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-18 05:25 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-18 05:24 . 2008-04-21 21:14 215040 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-18 05:22 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-18 05:21 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-18 05:19 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-18 05:10 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-18 04:57 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-18 04:57 . 2008-10-16 11:06 208744 -c--a-w- c:\windows\system32\muweb.dll
2009-07-18 04:08 . 2008-04-14 15:59 21504 -c--a-w- c:\windows\system32\hidserv.dll
2009-07-18 04:08 . 2008-04-14 15:40 14592 -c--a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-18 04:08 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-17 11:33 . 2009-07-30 10:21 -------- dc----w- c:\program files\FileZilla FTP Client
2009-07-17 11:31 . 2009-07-30 10:48 -------- dc----w- c:\documents and settings\ASH\Application Data\FileZilla
2009-07-17 10:39 . 2009-07-17 10:39 -------- dcsh--w- c:\documents and settings\ASH\IECompatCache
2009-07-17 10:39 . 2009-07-17 10:39 -------- dcsh--w- c:\documents and settings\ASH\PrivacIE
2009-07-17 10:39 . 2009-07-17 10:39 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2009-07-17 10:39 . 2009-07-17 10:39 -------- dcsh--w- c:\documents and settings\ASH\IETldCache
2009-07-17 10:37 . 2009-07-17 10:37 -------- dc----w- c:\windows\ie8updates
2009-07-17 10:35 . 2009-07-31 02:13 -------- dc----w- c:\windows\system32\ar-SA
2009-07-17 10:35 . 2009-07-17 10:35 -------- dc-h--w- c:\windows\ie8
2009-07-17 10:01 . 2009-07-19 10:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-17 09:55 . 2009-07-30 09:14 -------- dc----w- c:\documents and settings\All Users\Application Data\Cast ping base frag
2009-07-17 09:54 . 2009-07-30 10:09 -------- dc----w- c:\documents and settings\ASH\Application Data\dvdup
2009-07-17 09:54 . 2009-07-30 10:20 -------- dc----w- c:\program files\Circle Developemet
2009-07-17 09:54 . 2009-07-30 10:22 -------- dc----w- c:\program files\Messenger Plus! Live
2009-07-17 05:00 . 2009-07-30 06:36 -------- dc----w- c:\documents and settings\ASH\Tracing
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 02:55 . 2009-07-17 01:48 78192 -c--a-w- c:\documents and settings\ASH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 02:21 . 2004-08-04 12:00 58586 ----a-w- c:\windows\system32\perfc001.dat
2009-07-31 02:21 . 2004-08-04 12:00 328222 ----a-w- c:\windows\system32\perfh001.dat
2009-07-30 11:04 . 2009-07-17 02:29 -------- dc----w- c:\program files\K-Lite Codec Pack
2009-07-30 11:02 . 2009-07-17 02:36 -------- dc----w- c:\program files\mpegable
2009-07-30 10:52 . 2009-07-17 02:35 -------- dc----w- c:\program files\Common Files\Real
2009-07-30 10:23 . 2009-07-17 02:31 -------- dc----w- c:\program files\Real_SC
2009-07-30 10:23 . 2009-07-17 02:33 -------- dc----w- c:\program files\QuickTime
2009-07-30 10:21 . 2009-07-17 02:32 -------- dc----w- c:\program files\Google
2009-07-30 10:21 . 2009-07-17 02:37 -------- dc----w- c:\program files\FLV Player
2009-07-30 08:06 . 2009-07-17 02:30 -------- dc----w- c:\program files\Common Files\Adobe
2009-07-29 03:39 . 2009-07-17 02:33 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-07-24 23:56 . 2009-07-17 02:33 -------- dc----w- c:\program files\iTunes
2009-07-24 20:16 . 2009-07-17 02:34 -------- dc----w- c:\documents and settings\ASH\Application Data\Apple Computer
2009-07-19 05:38 . 2009-07-17 01:30 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-17 04:55 . 2009-07-17 04:55 -------- dc----w- c:\program files\Microsoft
2009-07-17 04:53 . 2009-07-17 04:53 -------- dc----w- c:\program files\Common Files\Windows Live
2009-07-17 03:25 . 2009-07-17 03:25 -------- dc----w- c:\documents and settings\ASH\Application Data\Yahoo!
2009-07-17 02:47 . 2009-07-17 02:33 -------- dc----w- c:\program files\Common Files\InstallShield
2009-07-17 02:44 . 2009-07-17 02:44 -------- dc----w- c:\program files\Microsoft.NET
2009-07-17 02:38 . 2009-07-17 02:38 -------- dc----w- c:\documents and settings\ASH\Application Data\vlc
2009-07-17 02:37 . 2009-07-17 02:37 -------- dc----w- c:\program files\VideoLAN
2009-07-17 02:35 . 2009-07-17 02:35 -------- dc----w- c:\program files\Real
2009-07-17 02:33 . 2009-07-17 02:33 -------- dc----w- c:\program files\iPod
2009-07-17 02:33 . 2009-07-17 02:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-17 02:32 . 2009-07-17 02:32 -------- dc----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-07-17 02:32 . 2009-07-17 02:32 -------- dc----w- c:\documents and settings\ASH\Application Data\GRETECH
2009-07-17 02:32 . 2009-07-17 02:32 -------- dc----w- c:\program files\GRETECH
2009-07-17 02:31 . 2009-07-17 02:31 90112 -c--a-w- c:\windows\system32\agsaami.dll
2009-07-17 02:31 . 2009-07-17 02:31 610304 -c--a-w- c:\windows\system32\agsaamg.dll
2009-07-17 02:31 . 2009-07-17 02:31 372736 -c--a-w- c:\windows\system32\agsaamc.dll
2009-07-17 02:31 . 2009-07-17 02:31 2535424 -c--a-w- c:\windows\system32\agsaamj.dll
2009-07-17 02:31 . 2009-07-17 02:31 1986560 -c--a-w- c:\windows\system32\akll.dll
2009-07-17 02:31 . 2009-07-17 02:31 1245184 -c--a-w- c:\windows\system32\bkll.dll
2009-07-17 02:31 . 2009-07-17 02:31 1212416 -c--a-w- c:\windows\system32\ckll.dll
2009-07-17 01:31 . 2009-07-17 01:31 -------- dc----w- c:\program files\microsoft frontpage
2009-07-17 01:28 . 2009-07-17 01:28 22144 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-07-15 00:01 . 2009-07-15 00:01 25472 -c--a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-03 16:55 . 2004-08-04 12:00 915456 -c--a-w- c:\windows\system32\wininet.dll
2009-07-02 02:34 . 2009-07-02 02:34 33840 -c--a-w- c:\windows\system32\drivers\HssDrv.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2004-08-04 12:00 1289216 -c--a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 -c--a-w- c:\windows\system32\localspl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-07-17 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-20 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_14\bin\jusched.exe" [2007-10-05 75256]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-10-31 163840]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-11-11 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [15/07/2009 03:01 ص 25472]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - RSVP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-07-31 c:\windows\Tasks\User_Feed_Synchronization-{BD434E71-7D58-4FDF-933E-E4DBA6A8E803}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Netlog Music Tool - c:\program files\Netlog Music Tool\NetlogMusicTool.exe
HKLM-Run-USB Antivirus - c:\program files\USB Disk Security\USBGuard.exe

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = https=1045-1806-0605-0955-3112-9294
uInternet Settings,ProxyOverride = <local>
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-31 11:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{478bfc34-5ef4-491f-8c67-d0f1d1dcb88d}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d3
"Therad"=dword:0000000a
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,f3,67,83,b3,ee,26,44,68,f7,72,3a,79,77,a4,07,08,4d,dd,7e,cb,
9a,15,6d,6b,a5,1b,53,7b,79,e7,76,86,a5,ee,c6,0b,3e,7f,2d,00,00,00,00,00,00,\
.
Completion time: 2009-07-31 11:27
ComboFix-quarantined-files.txt 2009-07-31 08:27
Pre-Run: 1,186,045,952 bytes free
Post-Run: 2,213,023,744 bytes free
249 --- E O F --- 2009-07-31 02:18

 

[momo.x.man]

up​

 

[momo.x.man]

up​

 

[shaded]

هلا يالغالي ... من قوانين القسم .. ماترفع الموضوع قبل لا يمر عليه 6 ساعات :q:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الان هات لنا تقرير هايجاك جديد يالغالي لاهنت ..

 

[momo.x.man]

ComboFix 09-07-29.04 - ASH 07/31/2009 11:22.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.446.208 [GMT 3:00]
Running from: c:\documents and settings\ASH\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\ASH\Application Data\tazebama
c:\documents and settings\ASH\Application Data\tazebama\tazebama.log
c:\documents and settings\ASH\Application Data\tazebama\zPharaoh.dat
c:\windows\Installer\1a495ec.msp
c:\windows\Installer\c18a91.msp
c:\windows\system32\kakle.dll
C:\zPharaoh.exe
D:\Autorun.inf
D:\zPharaoh.exe
E:\Autorun.inf
E:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 08:10 . 2009-07-31 08:10 -------- dc----w- c:\program files\Trend Micro
2009-07-31 07:33 . 2009-07-31 07:33 -------- dc----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-31 06:27 . 2009-07-31 06:27 -------- dc----w- c:\windows\LastGood
2009-07-31 06:14 . 2009-07-31 06:14 198064 -c--a-w- c:\documents and settings\ASH\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-31 06:14 . 2009-07-31 06:36 -------- dc----w- c:\program files\Internet Download Manager
2009-07-31 05:51 . 2009-07-31 05:51 -------- dc----w- c:\program files\Windows Live
2009-07-31 05:51 . 2009-07-31 05:51 -------- dc----w- c:\program files\Microsoft Sync Framework
2009-07-31 05:51 . 2009-07-31 05:51 -------- dc----w- c:\program files\Windows Live SkyDrive
2009-07-31 05:51 . 2009-07-31 05:51 -------- dc----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-31 03:20 . 2009-07-31 03:20 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\e9930ef5999e99c7051676i\AcroRd32Info.exe
2009-07-31 03:20 . 2009-07-31 03:20 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\1000000b00002i\verclsid.exe
2009-07-31 02:13 . 2009-07-31 02:13 -------- dc----w- c:\windows\system32\ar
2009-07-31 02:13 . 2009-07-31 02:13 -------- dc----w- c:\windows\l2schemas
2009-07-31 02:13 . 2009-07-31 02:13 -------- dc----w- c:\windows\system32\bits
2009-07-31 02:10 . 2009-07-31 02:10 -------- dc----w- c:\windows\ServicePackFiles
2009-07-31 01:57 . 2009-07-31 01:57 -------- dc----w- c:\program files\Microsoft Silverlight
2009-07-30 11:10 . 2008-04-14 15:59 221184 -c--a-w- c:\windows\system32\wmpns.dll
2009-07-30 11:02 . 2009-07-30 11:02 47104 -c----w- c:\windows\AKDeInstall.exe
2009-07-30 11:01 . 2009-07-30 11:02 -------- dc----w- c:\program files\Java
2009-07-30 11:01 . 2009-07-30 11:01 -------- dc----w- c:\program files\Common Files\Java
2009-07-30 11:00 . 2009-07-30 11:00 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Sun
2009-07-30 08:56 . 2009-07-31 01:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-30 08:02 . 2009-07-30 08:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-07-30 08:02 . 2009-07-30 08:02 -------- dc----w- c:\program files\Common Files\Adobe Systems Shared
2009-07-30 06:42 . 2009-07-30 06:42 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\10000001600002i\msiexec.exe
2009-07-29 20:23 . 2009-07-31 06:26 -------- dc----w- c:\program files\Hotspot Shield
2009-07-29 12:38 . 2009-07-03 16:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 12:38 . 2009-07-03 16:55 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 11:52 . 2009-07-29 11:52 -------- dc----w- c:\program files\MSXML 4.0
2009-07-29 04:40 . 2009-07-29 04:40 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\30000000be00002i\DW20.EXE
2009-07-29 03:39 . 2009-07-29 03:40 -------- dc----w- c:\program files\WMV9_VCM
2009-07-29 03:39 . 2009-07-29 03:40 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Xara
2009-07-29 03:39 . 2009-07-29 03:39 -------- dc----w- c:\program files\Common Files\Xara
2009-07-26 10:58 . 2009-07-30 10:23 -------- dc----w- c:\program files\USB Disk Security
2009-07-25 09:09 . 2009-07-25 09:09 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Identities
2009-07-24 23:56 . 2009-07-27 00:59 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Netlog
2009-07-24 21:21 . 2009-07-24 21:49 -------- dc----w- c:\windows\SxsCaPendDel
2009-07-24 21:02 . 2009-07-30 10:21 -------- dc----w- c:\program files\DynDNS Updater
2009-07-24 21:02 . 2009-07-24 21:02 -------- dc----w- c:\documents and settings\All Users\Application Data\DynDNS
2009-07-24 08:28 . 2009-07-30 09:30 -------- dc----w- c:\program files\No-IP
2009-07-22 20:14 . 2009-07-31 06:30 -------- dc----w- c:\documents and settings\ASH\Application Data\IDM
2009-07-22 19:24 . 2009-07-22 19:24 -------- dc----w- c:\program files\dvdup
2009-07-22 08:55 . 2009-07-31 08:21 -------- dc----w- c:\documents and settings\ASH\Application Data\DMCache
2009-07-21 05:11 . 2009-07-30 10:20 -------- dc----w- c:\program files\Any Audio Converter
2009-07-20 21:11 . 2004-08-03 21:38 700928 -c----w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-20 18:46 . 2009-07-20 18:46 -------- dc----w- c:\documents and settings\ASH\Application Data\Windows Live Writer
2009-07-20 18:46 . 2009-07-20 18:47 -------- dc----w- c:\documents and settings\ASH\Local Settings\Application Data\Windows Live Writer
2009-07-20 16:20 . 2009-07-20 16:20 592 -c--a-w- c:\windows\chgkey.vbs
2009-07-20 16:18 . 2009-07-20 16:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-20 06:32 . 2009-07-20 06:32 -------- dc----w- c:\program files\Common Files\xing shared
2009-07-20 06:32 . 2009-07-30 10:51 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2009-07-20 06:32 . 2009-07-30 10:51 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2009-07-20 05:44 . 2009-07-20 05:44 -------- dc----w- c:\documents and settings\ASH\Application Data\Media Player Classic
2009-07-20 05:34 . 2009-07-20 05:34 10240 -c--a-w- c:\documents and settings\ASH\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-07-20 05:34 . 2007-03-22 10:46 126976 -c--a-w- c:\documents and settings\ASH\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-07-19 09:26 . 2009-07-19 09:26 34304 -c--a-w- c:\documents and settings\ASH\Application Data\Thinstall\Microsoft Office FrontPage 2003\4000004d00002i\MDM.EXE
2009-07-19 09:26 . 2009-07-26 06:59 -------- dc----w- c:\documents and settings\ASH\Application Data\Thinstall
2009-07-19 09:23 . 2009-07-19 09:23 -------- dc-h--w- c:\windows\PIF
2009-07-18 06:08 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-18 06:08 . 2009-03-06 14:20 283136 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-18 06:08 . 2009-02-09 11:22 2190592 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-18 06:08 . 2009-02-09 11:21 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-18 06:08 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-18 06:08 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-18 06:08 . 2009-02-09 10:51 723456 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-18 06:08 . 2009-02-09 10:51 681472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-18 06:08 . 2009-02-09 10:51 693760 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-18 06:08 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-18 06:08 . 2009-02-09 11:22 2146816 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-18 06:08 . 2009-02-09 11:22 2025472 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-18 05:53 . 2008-06-14 17:31 271616 -c----w- c:\windows\system32\drivers\bthport.sys
2009-07-18 05:53 . 2008-06-14 17:31 271616 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-18 05:25 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-18 05:24 . 2008-04-21 21:14 215040 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-18 05:22 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-18 05:21 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-18 05:19 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-18 05:10 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-18 04:57 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-18 04:57 . 2008-10-16 11:06 208744 -c--a-w- c:\windows\system32\muweb.dll
2009-07-18 04:08 . 2008-04-14 15:59 21504 -c--a-w- c:\windows\system32\hidserv.dll
2009-07-18 04:08 . 2008-04-14 15:40 14592 -c--a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-18 04:08 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-17 11:33 . 2009-07-30 10:21 -------- dc----w- c:\program files\FileZilla FTP Client
2009-07-17 11:31 . 2009-07-30 10:48 -------- dc----w- c:\documents and settings\ASH\Application Data\FileZilla
2009-07-17 10:39 . 2009-07-17 10:39 -------- dcsh--w- c:\documents and settings\ASH\IECompatCache
2009-07-17 10:39 . 2009-07-17 10:39 -------- dcsh--w- c:\documents and settings\ASH\PrivacIE
2009-07-17 10:39 . 2009-07-17 10:39 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2009-07-17 10:39 . 2009-07-17 10:39 -------- dcsh--w- c:\documents and settings\ASH\IETldCache
2009-07-17 10:37 . 2009-07-17 10:37 -------- dc----w- c:\windows\ie8updates
2009-07-17 10:35 . 2009-07-31 02:13 -------- dc----w- c:\windows\system32\ar-SA
2009-07-17 10:35 . 2009-07-17 10:35 -------- dc-h--w- c:\windows\ie8
2009-07-17 10:01 . 2009-07-19 10:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-17 09:55 . 2009-07-30 09:14 -------- dc----w- c:\documents and settings\All Users\Application Data\Cast ping base frag
2009-07-17 09:54 . 2009-07-30 10:09 -------- dc----w- c:\documents and settings\ASH\Application Data\dvdup
2009-07-17 09:54 . 2009-07-30 10:20 -------- dc----w- c:\program files\Circle Developemet
2009-07-17 09:54 . 2009-07-30 10:22 -------- dc----w- c:\program files\Messenger Plus! Live
2009-07-17 05:00 . 2009-07-30 06:36 -------- dc----w- c:\documents and settings\ASH\Tracing
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 02:55 . 2009-07-17 01:48 78192 -c--a-w- c:\documents and settings\ASH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 02:21 . 2004-08-04 12:00 58586 ----a-w- c:\windows\system32\perfc001.dat
2009-07-31 02:21 . 2004-08-04 12:00 328222 ----a-w- c:\windows\system32\perfh001.dat
2009-07-30 11:04 . 2009-07-17 02:29 -------- dc----w- c:\program files\K-Lite Codec Pack
2009-07-30 11:02 . 2009-07-17 02:36 -------- dc----w- c:\program files\mpegable
2009-07-30 10:52 . 2009-07-17 02:35 -------- dc----w- c:\program files\Common Files\Real
2009-07-30 10:23 . 2009-07-17 02:31 -------- dc----w- c:\program files\Real_SC
2009-07-30 10:23 . 2009-07-17 02:33 -------- dc----w- c:\program files\QuickTime
2009-07-30 10:21 . 2009-07-17 02:32 -------- dc----w- c:\program files\Google
2009-07-30 10:21 . 2009-07-17 02:37 -------- dc----w- c:\program files\FLV Player
2009-07-30 08:06 . 2009-07-17 02:30 -------- dc----w- c:\program files\Common Files\Adobe
2009-07-29 03:39 . 2009-07-17 02:33 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-07-24 23:56 . 2009-07-17 02:33 -------- dc----w- c:\program files\iTunes
2009-07-24 20:16 . 2009-07-17 02:34 -------- dc----w- c:\documents and settings\ASH\Application Data\Apple Computer
2009-07-19 05:38 . 2009-07-17 01:30 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-17 04:55 . 2009-07-17 04:55 -------- dc----w- c:\program files\Microsoft
2009-07-17 04:53 . 2009-07-17 04:53 -------- dc----w- c:\program files\Common Files\Windows Live
2009-07-17 03:25 . 2009-07-17 03:25 -------- dc----w- c:\documents and settings\ASH\Application Data\Yahoo!
2009-07-17 02:47 . 2009-07-17 02:33 -------- dc----w- c:\program files\Common Files\InstallShield
2009-07-17 02:44 . 2009-07-17 02:44 -------- dc----w- c:\program files\Microsoft.NET
2009-07-17 02:38 . 2009-07-17 02:38 -------- dc----w- c:\documents and settings\ASH\Application Data\vlc
2009-07-17 02:37 . 2009-07-17 02:37 -------- dc----w- c:\program files\VideoLAN
2009-07-17 02:35 . 2009-07-17 02:35 -------- dc----w- c:\program files\Real
2009-07-17 02:33 . 2009-07-17 02:33 -------- dc----w- c:\program files\iPod
2009-07-17 02:33 . 2009-07-17 02:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-17 02:32 . 2009-07-17 02:32 -------- dc----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-07-17 02:32 . 2009-07-17 02:32 -------- dc----w- c:\documents and settings\ASH\Application Data\GRETECH
2009-07-17 02:32 . 2009-07-17 02:32 -------- dc----w- c:\program files\GRETECH
2009-07-17 02:31 . 2009-07-17 02:31 90112 -c--a-w- c:\windows\system32\agsaami.dll
2009-07-17 02:31 . 2009-07-17 02:31 610304 -c--a-w- c:\windows\system32\agsaamg.dll
2009-07-17 02:31 . 2009-07-17 02:31 372736 -c--a-w- c:\windows\system32\agsaamc.dll
2009-07-17 02:31 . 2009-07-17 02:31 2535424 -c--a-w- c:\windows\system32\agsaamj.dll
2009-07-17 02:31 . 2009-07-17 02:31 1986560 -c--a-w- c:\windows\system32\akll.dll
2009-07-17 02:31 . 2009-07-17 02:31 1245184 -c--a-w- c:\windows\system32\bkll.dll
2009-07-17 02:31 . 2009-07-17 02:31 1212416 -c--a-w- c:\windows\system32\ckll.dll
2009-07-17 01:31 . 2009-07-17 01:31 -------- dc----w- c:\program files\microsoft frontpage
2009-07-17 01:28 . 2009-07-17 01:28 22144 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-07-15 00:01 . 2009-07-15 00:01 25472 -c--a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-03 16:55 . 2004-08-04 12:00 915456 -c--a-w- c:\windows\system32\wininet.dll
2009-07-02 02:34 . 2009-07-02 02:34 33840 -c--a-w- c:\windows\system32\drivers\HssDrv.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2004-08-04 12:00 1289216 -c--a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 -c--a-w- c:\windows\system32\localspl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-07-17 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-20 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_14\bin\jusched.exe" [2007-10-05 75256]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-10-31 163840]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-11-11 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [15/07/2009 03:01 ص 25472]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - RSVP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-07-31 c:\windows\Tasks\User_Feed_Synchronization-{BD434E71-7D58-4FDF-933E-E4DBA6A8E803}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Netlog Music Tool - c:\program files\Netlog Music Tool\NetlogMusicTool.exe
HKLM-Run-USB Antivirus - c:\program files\USB Disk Security\USBGuard.exe

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = https=1045-1806-0605-0955-3112-9294
uInternet Settings,ProxyOverride = <local>
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-31 11:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{478bfc34-5ef4-491f-8c67-d0f1d1dcb88d}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d3
"Therad"=dword:0000000a
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,f3,67,83,b3,ee,26,44,68,f7,72,3a,79,77,a4,07,08,4d,dd,7e,cb,
9a,15,6d,6b,a5,1b,53,7b,79,e7,76,86,a5,ee,c6,0b,3e,7f,2d,00,00,00,00,00,00,\
.
Completion time: 2009-07-31 11:27
ComboFix-quarantined-files.txt 2009-07-31 08:27
Pre-Run: 1,186,045,952 bytes free
Post-Run: 2,213,023,744 bytes free
249 --- E O F --- 2009-07-31 02:18

 

[shaded]

يالغالي .. نبي تقرير هايجاك جديد ...

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 

[momo.x.man]

هذا تقرير هايجاك

تفوون ابي حل

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:36:24 ص, on 01/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=1045-1806-0605-0955-3112-9294
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpSvc.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
--
End of file - 7549 bytes

 

[shaded]

هلا يالغالي ...


اولا حمل اداة الدكتور ويب وضعها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم


عطل استعادة النظام حسب الشرح التالي

بعد كذا خش من جهازك بالسيف مود والطريقة



اعد التشغيل وقبل ظهور شاشة الويندوز

اضغط باستمرار على زر f8

ستاتيك شاشة فيهاا عدة خيارات اختر منهاا

safemode

ثم اختر التالي

من الشاشة التالية اختر حساب الادمن او اي حساب تريد

اخيرا اضغط موافق للدخول لسطح المكتب

وبعدها اعمل فحص كامل بأداه الدكتور ويب


وذها شرح بسيط لها من اخوي الغالي عزام ..


صورة لأيقونة الأداة
بعد الإنتهاء من التحميل

بعد تشغيلها يكون لها أمرين
بدء الفحص وهو بالرقم ( 1 )
وتحديثها إذا كانت قديمة لديك بالرقم ( 2 )

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أما هذه النافذة
فهي تظهر عند اكتشاف الفايروس وتعطيك حرية الاختيار بالتنظيف او الحذف
على حسب ما وضع في الإعدادات
وهل تريد تطبيق ذلك على الملف الحالي ام على الكل
( Yes to All ) التطبيق على جميع الملفات
( Yes ) على الملف الحالي فقط
( No ) لا شي
( No to All ) لا شي للكل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد الإنتهاء من الفحص يبقى لديك أمر واحد
وهو العمل بالملفات التي لم يجرى عليها أي تعديل
تحدد على الجميع كما هو موضح بالرقم ( 1 )
ثم تضغط على تنظيف بالرقم ( 2 ) واعطاء الأمر التالي عند عدم المقدرة على التنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعدها شغل البرامج مرة اخرى . وشوف تضبط ولا لا .

​

 

[momo.x.man]

راح اعمل هذاي الطريقه اذا نجحت راح اقيمك اسبوووع كامل *_^​

 

[momo.x.man]

اخوي مانجحت الطريقه

..​

 

[shaded]

اخوي مانجحت الطريقه​

..​

يالغالي .. برنامج المسنجر .. والبرامج اللي ما تفتح .. خلاص راحت .. لان الافيرا ضعيف في التنظيف وحذفها .. لذلك الله يعينك تحمل من جديد البرامج اللي انحذفت بسبب الافيرا . :q:

هل يوم سويت فحص بالدكتور ويب .. وجدت اصابات ؟؟

 

[momo.x.man]

^^^^^

اخوي البرناج مدري وش سوى في البرامج ملف البرنامج موجود ولاكن مايشتغل يقول الملف مفقوود الماسنجر عقب حذف الملفات من جذورها وتثبيته من جديد الماسنجر صار فيه مشكله يوم جيد ازيله ماوجته في ازالة البرامج وهذاي مشكلة الماسنجر

ابي حل هذا الماسنجر

ترى هذاي الرساله على كل الاميلات

..​

 

[shaded]

^^^^^​

اخوي البرناج مدري وش سوى في البرامج ملف البرنامج موجود ولاكن مايشتغل يقول الملف مفقوود الماسنجر عقب حذف الملفات من جذورها وتثبيته من جديد الماسنجر صار فيه مشكله يوم جيد ازيله ماوجته في ازالة البرامج وهذاي مشكلة الماسنجر​

​

ابي حل هذا الماسنجر​

ترى هذاي الرساله على كل الاميلات​

..​

انت حملت المسنجر من جديد ..؟؟

بالنسبة للمشكلة .. جرب شوف عطل جدار الحماية ... وشوف يدخل ولا لا ..

 

[momo.x.man]

^^^^^^
ايه

كيف اعطله

..​

 

[shaded]

ابدا ----لوحة التحكم ----- جدار الحماية --- تعطيل ---- تطبيق --- موافق


​