مفكره تظهر لي على سطح المكتب

فتون · 2 أغسطس 2009

السلام عليكم
لاحظت انه فيه مفكره موجوده على سطح المكتب لم انشئها مع بقية الايقونات الموجوده على سطح المكتب ولما افتحها تكون فارغه ومسحتها لكن الاحظ انها ترجع ماادري هل هذا دليل انه جهازي فيه احد مخترقه ويلعب فيه

فارس الملاك · 2 أغسطس 2009

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم

وارفعي لي المفكرة

فتون · 2 أغسطس 2009

تفضل التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:00 م, on 01/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7219 bytes

فارس الملاك · 2 أغسطس 2009

جاري التحليل

وياليت تصورين لي المفكرة

فارس الملاك · 2 أغسطس 2009

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

فتون · 4 أغسطس 2009

هذا تقرير الاداة

ComboFix 09-08-02.04 - user 08/02/2009 23:50.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2046.1516 [GMT -12:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.
2009-07-22 14:13 . 2009-07-22 14:13 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
2009-07-21 01:11 . 2009-02-24 04:21 105344 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2009-07-21 01:11 . 2009-02-24 04:21 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-07-21 01:11 . 2009-02-24 04:21 105344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-07-21 01:11 . 2009-02-24 04:21 110592 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2009-07-21 01:11 . 2009-02-24 04:21 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-07-16 14:59 . 2009-07-16 14:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-16 14:35 . 2009-08-01 00:27 -------- d-----w- c:\documents and settings\user\Tracing
2009-07-16 14:32 . 2009-07-16 14:32 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-16 14:32 . 2006-11-30 01:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-07-16 14:19 . 2009-07-16 14:19 1182056 ----a-w- c:\program files\wlsetup-web.exe
2009-07-16 13:55 . 2009-07-16 14:41 -------- d-----w- c:\program files\Windows Live
2009-07-16 13:40 . 2009-07-16 13:40 5096784 ----a-w- c:\program files\MsgPlusLive-480.exe
2009-07-15 14:09 . 2009-07-17 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-15 12:46 . 2009-07-15 12:46 -------- d-----w- c:\program files\Microsoft
2009-07-15 12:36 . 2009-07-15 12:36 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-11 20:36 . 2009-07-21 01:12 -------- d-----w- c:\windows\system32\SupportAppXL
2009-07-10 11:09 . 2009-07-10 11:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 11:46 . 2009-06-22 18:32 376864 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-03 11:46 . 2009-06-22 18:32 3416 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-03 10:50 . 2001-09-19 14:00 59878 ----a-w- c:\windows\system32\perfc001.dat
2009-08-03 10:50 . 2001-09-19 14:00 331342 ----a-w- c:\windows\system32\perfh001.dat
2009-08-03 10:46 . 2009-06-25 10:45 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-03 10:46 . 2009-06-22 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-03 09:45 . 2009-06-22 18:32 1906720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-03 09:45 . 2009-06-22 18:32 18072 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-21 02:20 . 2009-06-22 19:08 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-21 01:11 . 2009-06-21 20:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 09:25 . 2009-06-26 16:41 -------- d-----w- c:\program files\MSECACHE
2009-07-15 13:42 . 2009-06-27 12:15 -------- d-----w- c:\program files\MSN Messenger
2009-07-15 12:58 . 2009-06-21 10:43 95216 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-11 18:03 . 2009-07-02 11:11 -------- d-----w- c:\documents and settings\user\Application Data\Desktopicon
2009-07-10 11:09 . 2009-06-25 02:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-30 19:29 . 2009-06-30 19:29 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-30 19:29 . 2009-06-21 06:49 -------- d-----w- c:\program files\Common Files\Real
2009-06-30 19:29 . 2009-06-30 19:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-30 19:29 . 2009-06-30 19:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-30 14:28 . 2009-06-30 14:28 10240 ----a-w- c:\documents and settings\user\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-06-29 10:05 . 2009-06-29 10:05 -------- d-----w- c:\program files\CCleaner
2009-06-29 10:04 . 2009-06-29 10:02 2714784 ----a-w- c:\program files\ccsetup139.exe
2009-06-26 14:16 . 2009-06-21 20:08 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2009-06-25 02:40 . 2009-06-25 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-25 02:40 . 2009-06-25 02:40 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-06-22 19:08 . 2008-01-30 05:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-22 19:08 . 2009-06-22 18:33 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-22 19:08 . 2009-06-22 18:33 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-22 19:08 . 2009-06-22 19:08 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-22 19:08 . 2009-06-22 19:07 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-22 18:44 . 2009-06-21 06:15 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-06-22 18:41 . 2009-06-21 06:14 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-06-22 18:32 . 2009-06-22 18:32 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-22 18:31 . 2009-06-22 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-22 13:32 . 2009-06-22 13:32 -------- d-----w- c:\program files\Trend Micro
2009-06-21 20:15 . 2009-06-21 20:15 -------- d-----w- c:\program files\Synaptics
2009-06-21 20:12 . 2009-06-21 20:12 -------- d-----w- c:\program files\Intel
2009-06-21 20:10 . 2009-06-21 20:10 -------- d-----w- c:\program files\ltmoh
2009-06-21 20:09 . 2009-06-21 20:09 -------- d-----w- c:\program files\Realtek
2009-06-21 20:09 . 2009-06-21 20:09 315392 ----a-w- c:\windows\HideWin.exe
2009-06-21 20:07 . 2009-06-21 20:07 -------- d-----w- c:\program files\DIFX
2009-06-21 17:48 . 2009-06-21 06:48 -------- d-----w- c:\program files\mpegable
2009-06-21 17:39 . 2009-06-21 10:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-21 17:01 . 2009-06-21 07:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-21 13:12 . 2009-06-21 13:12 -------- d-----w- c:\documents and settings\user\Application Data\ATI
2009-06-21 13:12 . 2009-06-21 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-21 13:12 . 2009-06-21 13:12 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-21 13:02 . 2009-06-21 12:58 -------- d-----w- c:\program files\ATI Technologies
2009-06-21 10:39 . 2009-06-21 10:39 -------- d-----w- c:\program files\microsoft frontpage
2009-06-21 10:32 . 2009-06-21 10:32 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-21 07:30 . 2009-06-21 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-06-21 07:26 . 2009-06-21 07:26 -------- d-----w- c:\program files\ESET
2009-06-21 07:26 . 2009-06-21 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-21 07:23 . 2009-06-21 07:23 172032 ------w- c:\windows\Setup1.exe
2009-06-21 07:23 . 2009-06-21 07:23 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-21 07:14 . 2009-06-21 07:14 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-21 07:14 . 2009-06-21 07:14 -------- d-----w- c:\program files\Ahead
2009-06-21 07:11 . 2009-06-21 07:11 -------- d-----w- c:\program files\GRETECH
2009-06-21 07:11 . 2009-06-21 07:11 -------- d-----w- c:\program files\VideoLAN
2009-06-21 07:06 . 2009-06-21 07:05 -------- d-----w- c:\program files\CyberLink
2009-06-21 06:50 . 2009-06-21 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-21 06:49 . 2009-06-21 06:49 -------- d-----w- c:\program files\Real
2009-06-21 06:48 . 2009-06-21 06:48 47104 ------w- c:\windows\AKDeInstall.exe
2009-06-21 06:47 . 2009-06-21 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-21 06:47 . 2009-06-21 06:46 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-21 06:33 . 2009-06-21 06:33 -------- d-----w- c:\program files\Nokia
2009-06-21 06:33 . 2009-06-21 06:33 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-21 06:33 . 2009-06-21 20:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-21 06:32 . 2009-06-21 06:32 2232 ----a-w- c:\windows\java\Packages\Data\JPV537Z5.DAT
2009-06-21 06:32 . 2009-06-21 06:32 155995 ----a-w- c:\windows\java\Packages\ZP7RRPRT.ZIP
2009-06-21 06:32 . 2009-06-21 06:32 2678 ----a-w- c:\windows\java\Packages\Data\0MOMEYHB.DAT
2009-06-21 06:32 . 2009-06-21 06:32 2678 ----a-w- c:\windows\java\Packages\Data\BTR53FFD.DAT
2009-06-21 06:32 . 2009-06-21 06:32 2678 ----a-w- c:\windows\java\Packages\Data\5FLVXZNZ.DAT
2009-06-21 06:32 . 2009-06-21 06:32 2678 ----a-w- c:\windows\java\Packages\Data\060EJXJF.DAT
2009-06-21 06:32 . 2009-06-21 06:32 2678 ----a-w- c:\windows\java\Packages\Data\CJZNV1V1.DAT
2009-06-21 06:24 . 2009-06-21 06:24 -------- d-----w- c:\program files\Microsoft.NET
2009-06-21 06:23 . 2009-06-21 06:23 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 06:16 . 2009-06-21 20:14 -------- d-----w- c:\program files\TOSHIBA
.
((((((((((((((((((((((((((((( SnapShot@2009-07-03_11.31.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 01:11 . 2009-02-04 02:54 55296 c:\windows\system32\SupportAppXL\KillProcess.exe
+ 2009-07-21 01:11 . 2008-07-22 02:09 70656 c:\windows\system32\SupportAppXL\file_aut.exe
+ 2009-07-16 11:34 . 2007-11-30 17:39 17784 c:\windows\system32\spmsg.dll
+ 2009-02-07 06:52 . 2009-02-07 06:52 49504 c:\windows\system32\sirenacm.dll
- 2001-09-19 14:00 . 2009-07-03 11:15 59774 c:\windows\system32\perfc009.dat
+ 2001-09-19 14:00 . 2009-08-03 10:50 59774 c:\windows\system32\perfc009.dat
+ 2008-04-14 10:29 . 2008-05-19 18:33 18944 c:\windows\system32\msisip.dll
+ 2008-04-14 10:29 . 2008-05-19 13:57 95744 c:\windows\system32\msiexec.exe
+ 2008-04-14 10:29 . 2008-05-19 18:33 18944 c:\windows\system32\dllcache\msisip.dll
+ 2008-04-14 10:29 . 2008-05-19 13:57 95744 c:\windows\system32\dllcache\msiexec.exe
- 2009-07-02 13:45 . 2009-07-03 11:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-02 13:45 . 2009-07-10 07:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-21 10:41 . 2009-07-03 11:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-21 10:41 . 2009-07-10 07:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-21 10:41 . 2009-07-10 07:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-21 10:41 . 2009-07-03 11:10 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-16 14:32 . 2009-07-16 14:32 98816 c:\windows\Installer\f71d1.msi
+ 2009-07-16 14:32 . 2009-07-16 14:32 28160 c:\windows\Installer\f71c3.msi
+ 2009-07-15 12:46 . 2009-07-15 12:46 25088 c:\windows\Installer\37cce6.msi
+ 2009-07-15 12:45 . 2009-07-15 12:45 83456 c:\windows\Installer\37ccca.msi
+ 2009-07-16 13:55 . 2009-07-16 13:55 59904 c:\windows\Installer\21f4f4.msi
+ 2009-07-10 11:09 . 2009-07-10 11:09 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-07-10 11:09 . 2009-07-10 11:09 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-07-16 13:55 . 2009-07-16 13:55 80395 c:\windows\Installer\{83502B7E-BE3F-436D-8F5D-268560AA3681}\MsblIco.Exe
+ 2008-04-13 10:09 . 2008-04-17 13:43 2560 c:\windows\system32\msimsg.dll
+ 2008-04-13 10:09 . 2008-04-17 13:43 2560 c:\windows\system32\dllcache\msimsg.dll
+ 2007-11-07 13:19 . 2007-11-07 13:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 13:19 . 2007-11-07 13:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 08:23 . 2007-11-07 08:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-12-04 14:56 . 2007-12-04 14:56 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll
+ 2007-12-04 14:56 . 2007-12-04 14:56 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll
+ 2007-12-04 06:58 . 2007-12-04 06:58 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcm80.dll
+ 2009-06-21 10:33 . 2008-10-17 02:12 202776 c:\windows\system32\wuweb.dll
+ 2009-07-21 01:12 . 2009-04-02 19:41 372736 c:\windows\system32\SupportAppXL\Setup\setup.exe
+ 2009-07-21 01:12 . 2007-04-18 19:06 535552 c:\windows\system32\SupportAppXL\Setup\ISSetup.dll
+ 2009-07-21 01:12 . 2007-04-27 11:06 156616 c:\windows\system32\SupportAppXL\Setup\_Setup.dll
+ 2009-07-21 01:11 . 2009-04-03 04:21 257536 c:\windows\system32\SupportAppXL\LangENG\lan_ENG.dll
+ 2009-07-21 01:11 . 2009-04-03 04:36 257024 c:\windows\system32\SupportAppXL\LangARA\lan_ARA.dll
+ 2009-07-21 01:11 . 2007-09-01 06:41 204800 c:\windows\system32\SupportAppXL\EXETimer.exe
+ 2001-09-19 14:00 . 2009-08-03 10:50 395534 c:\windows\system32\perfh009.dat
- 2001-09-19 14:00 . 2009-07-03 11:15 395534 c:\windows\system32\perfh009.dat
+ 2008-04-14 10:29 . 2008-05-19 18:33 332800 c:\windows\system32\msihnd.dll
+ 2009-06-20 22:25 . 2009-07-15 13:06 337848 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-21 10:33 . 2008-10-17 02:12 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2008-04-14 10:29 . 2008-05-19 18:33 332800 c:\windows\system32\dllcache\msihnd.dll
+ 2009-07-16 14:33 . 2009-07-16 14:33 727040 c:\windows\Installer\f71df.msi
+ 2009-07-16 14:32 . 2009-07-16 14:32 483328 c:\windows\Installer\f71d8.msi
+ 2009-07-16 14:32 . 2009-07-16 14:32 140288 c:\windows\Installer\f71bc.msi
+ 2009-07-15 12:45 . 2009-07-15 12:45 301056 c:\windows\Installer\37ccc3.msi
+ 2009-07-16 13:55 . 2009-07-16 13:55 431104 c:\windows\Installer\21f4fd.msi
+ 2009-07-21 01:11 . 2009-04-03 05:42 1439744 c:\windows\system32\SupportAppXL\ENG\WaitingForm.dll
+ 2009-07-21 01:11 . 2007-09-01 06:41 1412608 c:\windows\system32\SupportAppXL\cc3260.dll
+ 2009-07-21 01:11 . 2009-04-03 02:03 1439744 c:\windows\system32\SupportAppXL\ARA\WaitingForm.dll
+ 2008-04-14 10:29 . 2008-05-19 18:33 4445184 c:\windows\system32\msi.dll
+ 2008-04-14 10:29 . 2008-05-19 18:33 4445184 c:\windows\system32\dllcache\msi.dll
+ 2009-07-10 11:09 . 2009-07-10 11:09 1516544 c:\windows\Installer\3a1277.msi
+ 2009-07-21 01:11 . 2009-04-03 06:41 11145216 c:\windows\system32\SupportAppXL\ENG\Modem.exe
+ 2009-07-21 01:11 . 2009-04-03 06:47 11214848 c:\windows\system32\SupportAppXL\ARA\Modem.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-03-05 360448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-02 1024000]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-08 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-08 54832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-22 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-30 198160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-02 16859648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-21 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-23 00:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 ص 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 ص 72944]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [21/06/2009 08:14 ص 5888]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 ص 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-02 23:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1940)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(15296)
c:\windows\system32\msi.dll
.
Completion time: 2009-08-03 23:54
ComboFix-quarantined-files.txt 2009-08-03 11:54
ComboFix2.txt 2009-07-03 11:32
Pre-Run: 93,820,510,208 bytes free
Post-Run: 93,791,145,984 bytes free
253

فتون · 4 أغسطس 2009

وهذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:38 ص, on 03/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7091 bytes

فتون · 4 أغسطس 2009

اما طريقة رفع المفكره فلم اعرف كيف ارفعها

فتون · 4 أغسطس 2009

ممكن جواب ياخبراء

Al jNtEeL · 4 أغسطس 2009

وعليكم السلاام ورحمة الله وبركاته

أهلاا بك أختي

أخذفي القيمة التالي فقط :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

HTML clipboardطـــريـقة الحــذف ,,

و ياليت صورة للمفكرة لو سمحتي ؟؟

DCJ_99 · 4 أغسطس 2009

اثناء ظهور المفكره على سطح المكتب اضغطي على مفتاح Print Screen Sysrq في لوحة المفاتيح
ثم افتحي برنامج الرسام واضغطي Ctrl + V
تلاحظين ظهور المفكره داخل مستطيل قومي بحفظ العمل بصيغه Jpg
ثم ارفعي الصوره على موقع زيزوم وانسخيها في ردك القادم

فتون · 4 أغسطس 2009

هذه صورة المفكره

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Al jNtEeL · 4 أغسطس 2009

يعطيك العاافية

بالله اضغطي عليهاا باليمين .. واختار خصائص وصوري لي النافذة الي ظهرت لك

فتون · 4 أغسطس 2009

تفضل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Al jNtEeL · 4 أغسطس 2009

بارك الله فيك اختي

حدثي نسخة الميدياا بلااير عندك إلى النسخة 11 وتجدينهاا هناا :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واحذفي الكودك k lite .. وحملي آخر اصدار له من هناا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

جربي كل ما قلته لكي واعملي رستارت للجهاز

وان شاء الله يذهب الملف

DCJ_99 · 5 أغسطس 2009

متابع

زيزوومي نشيط

زيزوومى محترف

توقيع : فارس الملاك

زيزوومي نشيط

زيزوومى محترف

توقيع : فارس الملاك

زيزوومى محترف

توقيع : فارس الملاك

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : Al jNtEeL

زيزوومى مبدع

توقيع : DCJ_99

زيزوومي نشيط

زيزوومى فضى

توقيع : Al jNtEeL

زيزوومي نشيط

زيزوومى فضى

توقيع : Al jNtEeL

زيزوومى مبدع

توقيع : DCJ_99