فاندام

زيزوومي نشيط
إنضم
25 نوفمبر 2008
المشاركات
109
مستوى التفاعل
9
النقاط
120
غير متصل
السلام عليكم ورحمة الله وبركاته


أنا عندي مشكله أتمنى مساعدتي في حلها

المشكله لما أفتح بعض المواقع تجيني هذي الرساله
ArbShaRe-34300806.jpg


====================

ولما أحمل مقطع فيديو من اليوتوب تجيني هذي الرساله

ArbShaRe-32862416.jpg


==============

أتمنى مساعدتي في حل المشكله ولكم جزيل الشكر وجزاكم الله ألف خير
 

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم




 
التعديل الأخير بواسطة المشرف:
توقيع : Future Tank X-1
يعطيك العافيه أخوي Future Tank X-1

أنا حملت البرنامج وشغلته بس ماحصلت الخيار اللي إنته قلته اللي هو Do a system scan and save log


أنا لما شغلت البرنامج جتني صفحه طويله كلها كلام انجليزي وفيه تحت مربعين

هذي الصفحه اللي طلعت

ArbShaRe-88313900.png



 
اضغط على I Accept بعدين راح يجيك الخيار
 
توقيع : KoNaMi
طلعتلي مفكره وهذا اللي فيها


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:39:27 ص, on 03/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\XP\سطح المكتب\HiJackThis.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7654 bytes
 

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : KoNaMi
شلون اعطل برامج الحمايه
معليش أخواني بتعبكم معي تحملوني الله يجزاكم خير ويعطيكم العافيه
 
توقيع : Al jNtEeL
توقيع : KoNaMi
يعطيكم العافيه إخواني

الحين جتني مفكره وهذي اللي في المفكره

ComboFix 09-08-01.09 - XP 08/03/2009 4:18.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1022.604 [GMT 3:00]
Running from: c:\documents and settings\XP\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\XP\LOCALS~1\Temp\catchme.dll
c:\documents and settings\XP\Local Settings\Temp\catchme.dll
c:\windows\system32\comsa32.sys
c:\windows\system32\kakle.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\msexcl35.dll
c:\windows\system32\P17res.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.
2009-08-02 22:55 . 2009-08-02 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-08-02 22:55 . 2009-08-02 22:55 -------- d-----w- c:\program files\TechSmith
2009-08-02 22:55 . 2009-08-02 22:55 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\TechSmith
2009-08-02 22:54 . 2009-08-02 22:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-31 02:41 . 2004-08-03 21:55 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-07-31 02:41 . 2004-08-03 21:55 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-31 02:41 . 2004-08-03 21:45 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-07-31 02:41 . 2004-08-03 21:45 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-31 02:41 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-07-31 02:41 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-31 01:00 . 2005-01-12 08:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-07-31 01:00 . 2004-09-28 08:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-07-31 01:00 . 2004-08-11 12:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-07-31 01:00 . 2009-07-31 01:02 -------- d-----w- c:\program files\Driver Magician
2009-07-29 20:58 . 2009-07-29 21:02 -------- d-----w- c:\program files\Hotspot Shield
2009-07-26 04:14 . 2009-07-26 04:14 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\Google
2009-07-26 04:12 . 2009-07-26 04:12 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-26 04:12 . 2009-07-26 06:43 -------- d-----w- c:\program files\Google
2009-07-25 22:42 . 2009-07-25 22:42 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\Identities
2009-07-25 03:27 . 2009-07-25 03:27 -------- d-----w- c:\documents and settings\XP\Application Data\Media Player Classic
2009-07-21 21:48 . 2005-07-12 11:25 401408 ----a-w- c:\windows\system32\pvmjpg30.dll
2009-07-21 21:48 . 2003-04-21 13:11 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-07-21 21:48 . 2006-11-15 08:29 1712128 ----a-w- c:\windows\system32\GDIPLUS.DLL
2009-07-21 21:43 . 2009-07-25 03:39 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\ApplicationHistory
2009-07-21 21:43 . 2009-07-21 21:43 125 ----a-w- c:\documents and settings\XP\Local Settings\Application Data\fusioncache.dat
2009-07-21 21:41 . 2009-07-21 21:42 -------- d-----w- c:\windows\system32\URTTemp
2009-07-21 21:40 . 2004-07-02 14:28 89088 ----a-w- c:\windows\system32\atl71.dll
2009-07-21 21:40 . 2004-07-02 14:28 84992 ----a-w- c:\windows\system32\ATL70.DLL
2009-07-21 21:40 . 2007-01-25 23:04 57856 ----a-w- c:\windows\system32\masd32.dll
2009-07-21 21:40 . 2007-01-25 23:04 27648 ----a-w- c:\windows\system32\ma32.dll
2009-07-21 21:40 . 2007-01-25 23:04 196096 ----a-w- c:\windows\system32\macd32.dll
2009-07-21 21:40 . 2007-01-25 23:04 138752 ----a-w- c:\windows\system32\mase32.dll
2009-07-21 21:40 . 2007-01-25 23:04 136192 ----a-w- c:\windows\system32\mamc32.dll
2009-07-21 21:37 . 2005-02-09 09:59 14165 ----a-w- c:\windows\system32\drivers\Pclepci.sys
2009-07-21 21:37 . 2007-01-04 07:07 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-07-21 21:37 . 2004-02-24 10:04 41219 ----a-w- c:\windows\RSETPATH.exe
2009-07-21 21:36 . 2003-11-21 14:48 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2009-07-21 21:36 . 2003-11-21 14:48 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2009-07-21 21:36 . 2003-11-21 14:48 61440 ----a-w- c:\windows\system32\MFC71FRA.DLL
2009-07-21 21:36 . 2003-11-21 14:48 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2009-07-21 21:36 . 2003-11-21 14:48 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2009-07-21 21:36 . 2003-11-21 14:48 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2009-07-21 21:36 . 2003-11-21 14:48 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2009-07-21 21:36 . 2003-11-21 14:48 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2009-07-21 21:36 . 2003-11-21 14:48 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2009-07-21 21:36 . 2002-01-05 01:36 964608 ----a-w- c:\windows\system32\MFC70U.DLL
2009-07-21 21:36 . 2002-01-05 00:38 54784 ----a-w- c:\windows\system32\MSVCI70.DLL
2009-07-21 21:36 . 2006-04-21 07:00 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll
2009-07-21 21:35 . 2009-07-21 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio
2009-07-21 21:32 . 2009-07-21 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-07-21 21:32 . 2009-07-21 21:47 -------- d-----w- c:\program files\Pinnacle
2009-07-21 21:31 . 2009-07-21 21:31 -------- d-----w- c:\documents and settings\XP\Application Data\InstallShield
2009-07-21 16:59 . 2009-07-21 16:59 -------- d-----w- c:\documents and settings\XP\Application Data\Desktopicon
2009-07-21 16:59 . 2009-07-21 16:59 -------- d-----w- c:\program files\FreeTime
2009-07-20 21:58 . 2009-07-20 21:58 -------- d--h--w- c:\windows\PIF
2009-07-09 11:24 . 2009-07-09 11:24 -------- d-----w- c:\documents and settings\XP\Application Data\CyberLink
2009-07-09 01:03 . 2009-07-25 03:27 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-07 20:07 . 2009-07-07 20:07 -------- d-----w- c:\documents and settings\XP\Application Data\Ahead
2009-07-07 11:54 . 2009-07-07 11:54 -------- d-----w- c:\program files\Sakhr
2009-07-07 11:53 . 2009-07-07 11:53 -------- d-----w- c:\documents and settings\XP\WINDOWS
2009-07-06 18:19 . 2009-07-06 18:19 -------- d-----w- C:\PrimerDB
2009-07-05 19:35 . 2009-07-05 19:36 -------- d-----w- c:\program files\Neighbours From Hell 5
2009-07-05 18:09 . 2009-07-05 18:09 -------- d-----w- c:\program files\JoWooD
2009-07-04 19:04 . 2009-07-04 19:04 -------- d-----w- c:\program files\dx-ball3
2009-07-04 19:04 . 2005-08-17 04:29 -------- d-----w- c:\program files\ChickenInvaders
2009-07-04 19:04 . 2009-07-04 19:04 -------- d-----w- c:\program files\BH2002
2009-07-04 19:04 . 2009-07-04 19:04 -------- d-----w- c:\program files\Luxor1
2009-07-04 19:02 . 2009-07-04 19:02 -------- d-----w- c:\program files\AirXonix
2009-07-04 19:02 . 2009-07-04 19:02 -------- d-----w- c:\program files\VCop2
2009-07-04 18:55 . 2009-07-21 13:54 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-04 18:55 . 2009-07-04 18:55 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-07-04 18:55 . 2009-07-04 18:55 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-07-04 18:38 . 2009-07-04 18:55 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-04 18:38 . 2009-07-04 18:55 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-04 18:37 . 2009-08-03 01:24 483360 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-04 18:37 . 2009-08-03 01:24 3365408 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-04 18:37 . 2009-08-03 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-04 18:37 . 2009-07-04 18:37 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-04 16:59 . 2009-07-04 18:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-04 16:40 . 2004-01-11 21:00 348160 ----a-w- C:\msvcr71.dll
2009-07-04 15:24 . 2009-07-04 15:24 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\ESET
2009-07-04 14:38 . 2008-03-03 11:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2009-07-04 14:37 . 2009-07-04 14:37 -------- d-----w- c:\program files\ESET
2009-07-04 14:37 . 2009-07-04 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 01:24 . 2009-07-04 18:37 3780 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-03 01:24 . 2009-07-04 18:37 29468 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-03 00:26 . 2001-09-19 12:00 52890 ----a-w- c:\windows\system32\perfc001.dat
2009-08-03 00:26 . 2001-09-19 12:00 318566 ----a-w- c:\windows\system32\perfh001.dat
2009-07-26 04:12 . 2009-07-02 17:29 -------- d-----w- c:\program files\Common Files\Real
2009-07-23 03:14 . 2009-07-02 16:37 152080 ----a-w- c:\documents and settings\XP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 21:47 . 2009-07-02 17:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-09 10:25 . 2009-07-02 19:46 -------- d-----w- c:\documents and settings\XP\Application Data\uTorrent
2009-07-06 18:33 . 2009-07-06 18:33 -------- d-----w- c:\program files\NCC Education
2009-07-05 13:20 . 2009-07-02 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-04 18:55 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-04 18:11 . 2009-07-04 16:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-04 17:00 . 2009-07-02 17:27 -------- d-----w- c:\program files\mpegable
2009-07-04 16:46 . 2009-07-03 02:14 -------- d-----w- c:\documents and settings\XP\Application Data\COWON
2009-07-04 16:18 . 2009-07-02 17:29 -------- d-----w- c:\program files\Real
2009-07-03 18:22 . 2009-07-03 18:23 720896 ----a-w- c:\windows\iun6002.exe
2009-07-03 18:21 . 2009-07-03 18:21 -------- d-----w- c:\program files\Macromedia
2009-07-03 01:21 . 2009-07-02 19:42 -------- d-----w- c:\program files\2001 TetRize
2009-07-03 01:07 . 2009-07-03 01:07 -------- d-----w- c:\program files\Gabest
2009-07-03 00:44 . 2009-07-03 00:44 -------- d-----w- c:\program files\WinAVI Video Converter
2009-07-02 23:36 . 2009-07-02 19:42 -------- d-----w- c:\program files\SkyMaze
2009-07-02 19:46 . 2009-07-02 19:46 -------- d-----w- c:\program files\uTorrent
2009-07-02 19:41 . 2009-07-02 19:41 -------- d-----w- c:\program files\MoneyMania
2009-07-02 19:21 . 2009-07-02 19:21 -------- d-----w- c:\program files\Paltalk Messenger
2009-07-02 19:21 . 2009-07-02 19:21 -------- d-----w- c:\documents and settings\XP\Application Data\Paltalk
2009-07-02 19:03 . 2009-07-02 19:00 102236 ----a-w- c:\windows\hpoins05.dat
2009-07-02 19:02 . 2009-07-02 19:02 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-07-02 19:01 . 2009-07-02 19:01 -------- d-----w- c:\program files\HP
2009-07-02 18:53 . 2009-07-02 18:53 -------- d-----w- c:\documents and settings\XP\Application Data\Creative
2009-07-02 18:38 . 2009-07-02 17:55 -------- d-----w- c:\program files\Creative
2009-07-02 18:36 . 2009-07-02 18:35 -------- d--h--w- c:\program files\Creative Installation Information
2009-07-02 18:35 . 2009-07-02 18:35 -------- d-----w- c:\program files\Common Files\Creative
2009-07-02 18:33 . 2009-07-02 17:32 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-02 18:16 . 2009-07-02 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-02 18:09 . 2009-07-02 18:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-02 18:01 . 2009-07-02 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative Labs
2009-07-02 17:51 . 2009-07-02 16:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-02 17:35 . 2009-07-02 17:35 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-07-02 17:35 . 2009-07-02 17:35 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-07-02 17:35 . 2009-07-02 17:35 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-07-02 17:35 . 2009-07-02 17:35 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-07-02 17:35 . 2009-07-02 17:35 1986560 ----a-w- c:\windows\system32\akll.dll
2009-07-02 17:35 . 2009-07-02 17:35 196608 ----a-w- c:\windows\system32\maag.dll
2009-07-02 17:35 . 2009-07-02 17:35 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-07-02 17:35 . 2009-07-02 17:35 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-07-02 17:33 . 2009-07-02 17:33 -------- d-----w- c:\program files\Java
2009-07-02 17:33 . 2009-07-02 17:33 -------- d-----w- c:\program files\Common Files\Java
2009-07-02 17:32 . 2009-07-02 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-02 17:32 . 2009-07-02 17:31 -------- d-----w- c:\program files\Yahoo!
2009-07-02 17:31 . 2009-07-02 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-02 17:30 . 2009-07-02 17:29 -------- d-----w- c:\program files\CyberLink
2009-07-02 17:27 . 2009-07-02 17:27 47104 ------w- c:\windows\AKDeInstall.exe
2009-07-02 17:27 . 2009-07-02 17:27 -------- d-----w- c:\program files\Windows Live
2009-07-02 17:27 . 2009-07-02 17:26 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-02 17:27 . 2009-07-02 17:26 -------- d-----w- c:\program files\MSN Messenger
2009-07-02 17:26 . 2009-07-02 17:26 -------- d-----w- c:\program files\Nero
2009-07-02 17:26 . 2009-07-02 17:26 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-02 17:26 . 2009-07-02 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-02 17:16 . 2009-07-02 17:16 -------- d-----w- c:\program files\Microsoft.NET
2009-07-02 17:16 . 2009-07-02 17:16 -------- d-----w- c:\program files\Microsoft Works
2009-07-02 16:43 . 2009-07-02 16:43 -------- d-----w- c:\program files\DIFX
2009-07-02 16:38 . 2009-07-02 16:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-02 16:28 . 2009-07-02 16:28 -------- d-----w- c:\program files\microsoft frontpage
2009-07-02 16:27 . 2009-07-02 16:27 -------- d-----w- c:\program files\MSXML 4.0
2009-07-02 16:24 . 2009-07-02 16:24 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 3810544]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-21 208616]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-26 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-04-23 12451]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-03 99840]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-2 113664]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2008-9-11 11713536]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-1-22 7225672]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [07/10/2008 09:54 م 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [07/10/2008 09:54 م 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [07/10/2008 09:54 م 72728]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-nwiz - nwiz.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-03 04:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ff,72,3c,13,23,
86,8d,22,e2,63,26,f1,3f,c8,ff,68,e7,a3,05,17,be,72,91,f4,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,16,72,2f,b0,a3,
1b,6b,30,6a,9c,d6,61,af,45,84,18,6a,f1,cf,c2,89,90,41,37,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,9a,10,96,32,aa,
aa,91,07,ff,7c,85,e0,43,d4,0e,fe,34,0e,80,3e,d8,f7,1b,05,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,ca,cb,90,0c,15,
53,51,14,86,8c,21,01,be,91,eb,e7,e1,8f,04,db,34,02,29,f5,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,53,1f,5f,5e,8e,
b1,e3,d8,f5,1d,4d,73,a8,13,5c,05,61,56,e6,fb,d2,69,c2,a1,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,69,ca,6a,0b,2e,
4b,25,2f,df,20,58,62,78,6b,cf,c8,ce,ec,a4,28,0a,c2,bb,1c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,81,d7,74,39,b2,
80,1b,c0,fb,a7,78,e6,12,2f,9a,ea,be,ae,10,3d,0c,e4,d6,57,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,70,03,00,48,e3,
ba,75,67,01,3a,48,fc,e8,04,4a,f1,4f,e0,ab,24,86,d9,94,f8,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,2c,95,9f,da,d2,
d2,c9,62,f6,0f,4e,58,98,5b,89,c9,70,7b,1a,e3,d5,fb,bc,c3,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,f2,0b,8f,ca,5e,
86,57,46,3d,ce,ea,26,2d,45,aa,78,0e,98,67,c0,a4,4c,20,4e,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ab,71,e8,e0,ee,
bf,be,a8,2a,b7,cc,b5,b9,7f,41,e7,74,db,a8,6d,d3,34,2e,65,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,aa,af,52,52,21,
30,78,ba,6c,43,2d,1e,aa,22,2f,9c,7c,bb,d4,c0,af,3f,99,a5,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\TechSmith\Snagit 9\TscHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\SnagitEditor.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-08-03 4:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 01:30
Pre-Run: 4,373,786,624 bytes free
Post-Run: 5,293,051,904 bytes free
339
 
هلا بك

ارفع تقرير هايجاك جديد نفس التقرير الي في بدايه الموضوع
 
توقيع : AbOdy
يعطيك العافيه أخوي AbOdy

ياريت توضحلي أكثر والله مافهمت ومعليش لأني أتعبتكم معي
 
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
طلعتلي مفكره وهذا اللي في المفكره


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:48:43 ص, on 03/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7280 bytes
 
اية هدا فاااااااااااااااااااااااااايرس في الرااااااااااااام يالغاااااااااااااااااااااااااالي
 
اية اصلاً كم مرة اشوفها في عدد من الاجهزة ويتضح فايرس طيب ايش من مكافح تستخدم انت
لو عندك كاسبر ساكاي يقدر يطلع الفايرس
 
يعطيكم العافيه أخواني على جهدكم وتعبكم
بس اتمنى تعطوني الحل وبالنسبه للمكافح انا استخدم كاسبر سكاي
 
أتمنى تعطوني الحل للمشكلة لأني شايفكم نسيتوني

معليش أنا عارف إني متعبكم بس ياريت تعطوني الحل لأني قد وديته لمحلات صيانه وماعرفو يصلحوه

فأتمنى تساعدوني الله يجزاكم خير
 
ياشباب أتمنى تفيدوني بحل للمشكله
أو ياريت تقولولي مانستطيع حل المشكله وتريحوني
لاتطنشوني كذا
 


حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة




 
عودة
أعلى