مشكلة ظهور رسالتين عند الدخول للويندوز

س

سلطان العريفي

زيزوومي نشيط
إنضم
9 يوليو 2009
المشاركات
193
مستوى التفاعل
0
النقاط
230
غير متصل
السلاام عليكم ورحمة الله وبركاته اخواان انا لما افتح جهازي

يطلع لي اول مايشتغل هالاشارتين مادري حق ايش ..

على ماعتقد انهاا فايروس . فـ مادري كيف احذفه او اش اسوي فيه ؟

وهذه هي الصوره الاولى ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وهذه هي الصوره الثانيه ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ارجوا مساعدتكم . اخوااني ..

انتظر ردكم ..
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اخي انتظر لدخول الاعضاء حتى يساعدوك
 
تأييد 0
توقيع : صالح
تأييد 0
تأييد 0
حمل هذا البرنامج[/FONT]
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
شغل البرنامج[/FONT] ==> واضغط على[/FONT]
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة[/FONT]==>قم بنسخه ولصقه في ردك القاادم[/FONT] ,,
 
توقيع : النقيب
تأييد 0
هذا التقرير اخوي
.
.

Trend Micro End User License Agreement
Software: HijackThis
Version: English/Multi-country
Date: April 2007


IMPORTANT: YOU MUST CAREFULLY READ AND AGREE TO ALL TERMS AND
CONDITIONS OF THE FOLLOWING END USER LICENSE AGREEMENT BEFORE
INSTALLING OR USING THE SOFTWARE.

THIS AGREEMENT SETS FORTH THE TERMS AND CONDITIONS UNDER WHICH
TREND MICRO IS WILLING TO LICENSE THE "SOFTWARE" TO "YOU" AS AN
INDIVIDUAL USER OR AN AUTHORIZED REPRESENTATIVE OF AN ENTITY.
BY CLICKING THE "I ACCEPT" BUTTON BELOW, YOU ARE EXPRESSING YOUR
INTENT TO ENTER INTO, AND ARE ENTERING INTO, A BINDING LEGAL
CONTRACT ("AGREEMENT") BETWEEN YOU AND TREND MICRO
INCORPORATED OR ONE OF ITS AFFILIATES ("TREND MICRO"). THE TERMS
AND CONDITIONS OF THE AGREEMENT THEN APPLY TO YOUR USE OF THE
SOFTWARE. WE ENCOURAGE YOU TO PRINT A COPY OF THE AGREEMENT FOR
YOUR RECORDS
YOU MUST ACCEPT THIS AGREEMENT BEFORE YOU INSTALL OR USE THE
SOFTWARE. IF YOU ARE ACQUIRING THE SOFTWARE ON BEHALF OF AN ENTITY, THEN YOU
MUST BE PROPERLY AUTHORIZED TO REPRESENT THAT ENTITY AND TO
ACCEPT THIS AGREEMENT ON ITS BEHALF.

YOU ACCEPT THIS END USER LICENSE BY CLICKING THE "I ACCEPT" BUTTON
BELOW. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, SELECT
"I DO NOT ACCEPT". YOU WILL THEN NOT BE PERMITTED TO INSTALL OR USE
THE SOFTWARE.

1. LICENSE. Upon Your acceptance of the terms and conditions of this Agreement,
Trend Micro hereby grants You a nonexclusive, nontransferable, non-sublicensable,
royalty-free, worldwide license, to download, install the Software, for Your own use only.
Trend Micro reserves the right to enhance, modify, or discontinue the Software or to
impose new or different conditions on its use at any time without notice.

2. USE RESTRICTIONS AND OWNERSHIP. The Software is licensed not sold. Trend
Micro owns the title and intellectual property rights to the Software, and reserves all rights
not expressly granted to You in this Agreement. You agree that you will not rent, loan,
lease or sublicense the Software. You agree not to attempt to reverse engineer,
decompile, modify, translate, disassemble, discover the source code of, or create
derivative works from, any part of the Software or authorize others to undertake any of
these acts.

3. BACKUP. For as long as You use the Software, You agree to regularly back-up Your
computer programs and files ("Data") on a separate media. You acknowledge that the
failure to do so may cause You to lose Data in the event that any error in the Software
causes computer problems, and that Trend Micro is not responsible for any such Data
loss.

4. TERMINATION. Trend Micro may terminate the license at any time for any reason.
Upon such termination, You agree to delete or destroy all copies of the Software. You
may terminate this Agreement at any point by destroying or deleting all copies of the
Software.

5. REPORTS AND PRIVACY. At any time during the term of this Agreement, You may
choose to send to Trend Micro a report of log files that may include personal information
that the Software scanned on Your computer. By accepting this Agreement, You hereby
give Your consent to Trend Micro to process log file data provided by You ("Information")
in connection with this Agreement; processing may include collection, registration,
storage, modification or disclosure of such Information to third parties. As a condition to
using the Software and by accepting this Agreement, You ensure, represent and warrant
that You are legally permitted to provide Trend Micro with access to the Information and
You also give Your consent to Trend Micro to transfer or store the Information in one or
more of its group companies, located in and/or outside the country where You are
located, and/or in jurisdictions which may have a lower level of protection of Information
than is applicable in the country where You are located or where pr
ivacy laws may not be as stringent as those in Your own country.

6. CAUTION AND ACKNOWLEDGEMENT. The Software is designed to identify different
types of files, operating system changes, registry or browser settings, which, in Trend
Micro's judgment, may compromise computer security or productivity. You agree that
Trend Micro shall not be responsible for any removal or disabling of files or settings or the
results of such removal or disabling. You are solely responsible for selecting which files or
settings to remove from Your computer.

7. NO WARRANTY. THE SOFTWARE IS PROVIDED "AS IS," WITHOUT
WARRANTIES OF ANY KIND. TREND MICRO DOES NOT WARRANT THAT YOUR
USE OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR FREE. TO THE
FULLEST EXTENT PERMITTED BY APPLICABLE LAW, TREND MICRO DISCLAIMS
AND EXCLUDES ALL REPRESENTATIONS AND WARRANTIES WITH RESPECT TO
THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO IMPLIED WARRANTIES OF NONINFRINGEMENT OF THIRD PARTY RIGHTS,
SATISFACTORY QUALITY, MERCHANTABILITY, AND FITNESS FOR A
PARTICULAR PURPOSE.

8. NO LIABILITY FOR CONSEQUENTIAL DAMAGES.
(A) TREND MICRO DOES NOT SEEK TO LIMIT OR EXCLUDE ITS LIABILITY IN THE
EVENT OF DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE OR FOR
FRAUD OR FOR ANY OTHER LIABILITY FOR WHICH IT IS NOT PERMITTED BY
LAW TO EXCLUDE.
(B) TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, TREND MICRO
DISCLAIMS ALL LIABILITY FOR CONSEQUENTIAL, SPECIAL, INCIDENTAL OR
INDIRECT DAMAGES OF ANY KIND OR FOR LOST OR CORRUPTED DATA OR
MEMORY, SYSTEM CRASH, DISK/SYSTEM DAMAGE, LOST PROFITS OR
SAVINGS, OR LOSS OF BUSINESS, ARISING OUT OF OR RELATED TO THIS
AGREEMENT. YOU ALSO UNDERSTAND AND AGREE THAT YOU DOWNLOAD,
INSTALL AND/OR USE THE SOFTWARE AT YOUR OWN DISCRETION AND RISK
AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR
COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE USE OF THE
SOFTWARE.
9. CONSUMER PROTECTION AND PRIVACY. SOME COUNTRIES, STATES AND
PROVINCES, INCLUDING MEMBER STATES OF THE EUROPEAN ECONOMIC
AREA, DO NOT ALLOW CERTAIN EXCLUSIONS OR LIMITATIONS OF LIABILITY, SO
THE ABOVE DISCLAIMER OF WARRANTY AND EXCLUSION OR LIMITATION OF
LIABILITIES (SECTIONS 7 AND 8) MAY NOT FULLY APPLY TO YOU. YOU MAY
HAVE ADDITIONAL RIGHTS AND REMEDIES. SUCH POSSIBLE RIGHTS OR
REMEDIES, IF ANY, SHALL NOT BE AFFECTED BY THIS AGREEMENT. THERE
MAY BE MANDATORY REGULATIONS OR LEGAL PROVISIONS THAT ARE
APPLICABLE TO YOU AS A CONSUMER.
10. COMPLIANCE WITH ALL LAWS, EXPORT CONTROL. The Software is subject to
export controls under the U.S. Export Administration Regulations. The Software may not
be exported or re-exported to entities within, or residents or citizens of, embargoed
countries or countries subject to applicable trade sanctions, nor to prohibited or denied
persons or entities without proper government licenses. Information about such
restrictions can be found at the following websites:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
and
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
. You are responsible
for any violation of the US export control laws related to Your copy of the Software. By
accepting this Agreement, You confirm that You are not a resident or citizen of any
country currently embargoed by the U.S. and that You are not otherwise prohibited from
receiving the Software.

11. U.S. GOVERNMENT RESTRICTED RIGHTS. If the entity on whose behalf You are
acquiring the Software is any unit or agency of the United States Government, then that
Government entity acknowledges that the Software, (i) was developed at private
expense, (ii) is commercial in nature, (iii) is not in the public domain, and (iv) is "Restricted
Computer Software" as that term is defined in Clause 52.227 19 of the Federal
Acquisition Regulations (FAR) and is "Commercial Computer Software" as that term is
defined in Subpart 227.471 of the Department of Defense Federal Acquisition Regulation
Supplement (DFARS). The Government agrees that (i) if the Software is supplied to the
Department of Defense (DoD), the Software is classified as "Commercial Computer
Software" and the Government is acquiring only "restricted rights" in the Software and its
documentation as that term is defined in Clause 252.227 7013(c)(1) of the DFARS, and
(ii) if the Software is supplied to any unit or agency of the United States Government ot
her than DoD, the Government's rights in the Software and its documentation will be as
defined in Clause 52.227 19(c)(2) of the FAR.

12. GOVERNING LAW. Unless otherwise required by the specific jurisdiction’s laws,
this Agreement will be governed by the laws of the State of California, USA, without
regard to the provisions of the United Nations Convention on Contracts for the
International Sale of Goods and the conflict of laws provisions of Your state or country of
residence.

13. GENERAL PROVISIONS. This is the entire agreement between You and Trend
Micro with respect to the subject matter hereof and supersedes and replaces all prior or
contemporaneous understandings or agreements regarding such subject matter. Any
waiver of any provision of this Agreement will be effective only if in writing and signed by
Trend Micro. In the event that any provision or portion of this Agreement is found to be
invalid, that finding will not affect the validity of the remaining parts of this Agreement.
Trend Micro may assign or subcontract some or all of its obligations under this Agreement
to qualified third parties or its affiliates and/or subsidiaries, provided that no such
assignment or subcontract shall relieve Trend Micro of its obligations under this
Agreement.

14. QUESTIONS. Address all questions about this Agreement to:
legalnotice@trendmicro.com.


The Software is protected by copyright, trade secret and U.S. PATENT laws, and
international treaty provisions. UNAUTHORIZED REPRODUCTION OR DISTRIBUTION
IS SUBJECT TO CIVIL AND CRIMINAL PENALTIES.
 
تأييد 0
شغل الاداة من جديد واضغط على
Do a system scan and save log
 
التعديل الأخير بواسطة المشرف:
توقيع : النقيب
تأييد 0
هذا مره ثانيه اخوي ..

.
.

Trend Micro End User License Agreement
Software: HijackThis
Version: English/Multi-country
Date: April 2007


IMPORTANT: YOU MUST CAREFULLY READ AND AGREE TO ALL TERMS AND
CONDITIONS OF THE FOLLOWING END USER LICENSE AGREEMENT BEFORE
INSTALLING OR USING THE SOFTWARE.

THIS AGREEMENT SETS FORTH THE TERMS AND CONDITIONS UNDER WHICH
TREND MICRO IS WILLING TO LICENSE THE "SOFTWARE" TO "YOU" AS AN
INDIVIDUAL USER OR AN AUTHORIZED REPRESENTATIVE OF AN ENTITY.
BY CLICKING THE "I ACCEPT" BUTTON BELOW, YOU ARE EXPRESSING YOUR
INTENT TO ENTER INTO, AND ARE ENTERING INTO, A BINDING LEGAL
CONTRACT ("AGREEMENT") BETWEEN YOU AND TREND MICRO
INCORPORATED OR ONE OF ITS AFFILIATES ("TREND MICRO"). THE TERMS
AND CONDITIONS OF THE AGREEMENT THEN APPLY TO YOUR USE OF THE
SOFTWARE. WE ENCOURAGE YOU TO PRINT A COPY OF THE AGREEMENT FOR
YOUR RECORDS
YOU MUST ACCEPT THIS AGREEMENT BEFORE YOU INSTALL OR USE THE
SOFTWARE. IF YOU ARE ACQUIRING THE SOFTWARE ON BEHALF OF AN ENTITY, THEN YOU
MUST BE PROPERLY AUTHORIZED TO REPRESENT THAT ENTITY AND TO
ACCEPT THIS AGREEMENT ON ITS BEHALF.

YOU ACCEPT THIS END USER LICENSE BY CLICKING THE "I ACCEPT" BUTTON
BELOW. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, SELECT
"I DO NOT ACCEPT". YOU WILL THEN NOT BE PERMITTED TO INSTALL OR USE
THE SOFTWARE.

1. LICENSE. Upon Your acceptance of the terms and conditions of this Agreement,
Trend Micro hereby grants You a nonexclusive, nontransferable, non-sublicensable,
royalty-free, worldwide license, to download, install the Software, for Your own use only.
Trend Micro reserves the right to enhance, modify, or discontinue the Software or to
impose new or different conditions on its use at any time without notice.

2. USE RESTRICTIONS AND OWNERSHIP. The Software is licensed not sold. Trend
Micro owns the title and intellectual property rights to the Software, and reserves all rights
not expressly granted to You in this Agreement. You agree that you will not rent, loan,
lease or sublicense the Software. You agree not to attempt to reverse engineer,
decompile, modify, translate, disassemble, discover the source code of, or create
derivative works from, any part of the Software or authorize others to undertake any of
these acts.

3. BACKUP. For as long as You use the Software, You agree to regularly back-up Your
computer programs and files ("Data") on a separate media. You acknowledge that the
failure to do so may cause You to lose Data in the event that any error in the Software
causes computer problems, and that Trend Micro is not responsible for any such Data
loss.

4. TERMINATION. Trend Micro may terminate the license at any time for any reason.
Upon such termination, You agree to delete or destroy all copies of the Software. You
may terminate this Agreement at any point by destroying or deleting all copies of the
Software.

5. REPORTS AND PRIVACY. At any time during the term of this Agreement, You may
choose to send to Trend Micro a report of log files that may include personal information
that the Software scanned on Your computer. By accepting this Agreement, You hereby
give Your consent to Trend Micro to process log file data provided by You ("Information")
in connection with this Agreement; processing may include collection, registration,
storage, modification or disclosure of such Information to third parties. As a condition to
using the Software and by accepting this Agreement, You ensure, represent and warrant
that You are legally permitted to provide Trend Micro with access to the Information and
You also give Your consent to Trend Micro to transfer or store the Information in one or
more of its group companies, located in and/or outside the country where You are
located, and/or in jurisdictions which may have a lower level of protection of Information
than is applicable in the country where You are located or where pr
ivacy laws may not be as stringent as those in Your own country.

6. CAUTION AND ACKNOWLEDGEMENT. The Software is designed to identify different
types of files, operating system changes, registry or browser settings, which, in Trend
Micro's judgment, may compromise computer security or productivity. You agree that
Trend Micro shall not be responsible for any removal or disabling of files or settings or the
results of such removal or disabling. You are solely responsible for selecting which files or
settings to remove from Your computer.

7. NO WARRANTY. THE SOFTWARE IS PROVIDED "AS IS," WITHOUT
WARRANTIES OF ANY KIND. TREND MICRO DOES NOT WARRANT THAT YOUR
USE OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR FREE. TO THE
FULLEST EXTENT PERMITTED BY APPLICABLE LAW, TREND MICRO DISCLAIMS
AND EXCLUDES ALL REPRESENTATIONS AND WARRANTIES WITH RESPECT TO
THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO IMPLIED WARRANTIES OF NONINFRINGEMENT OF THIRD PARTY RIGHTS,
SATISFACTORY QUALITY, MERCHANTABILITY, AND FITNESS FOR A
PARTICULAR PURPOSE.

8. NO LIABILITY FOR CONSEQUENTIAL DAMAGES.
(A) TREND MICRO DOES NOT SEEK TO LIMIT OR EXCLUDE ITS LIABILITY IN THE
EVENT OF DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE OR FOR
FRAUD OR FOR ANY OTHER LIABILITY FOR WHICH IT IS NOT PERMITTED BY
LAW TO EXCLUDE.
(B) TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, TREND MICRO
DISCLAIMS ALL LIABILITY FOR CONSEQUENTIAL, SPECIAL, INCIDENTAL OR
INDIRECT DAMAGES OF ANY KIND OR FOR LOST OR CORRUPTED DATA OR
MEMORY, SYSTEM CRASH, DISK/SYSTEM DAMAGE, LOST PROFITS OR
SAVINGS, OR LOSS OF BUSINESS, ARISING OUT OF OR RELATED TO THIS
AGREEMENT. YOU ALSO UNDERSTAND AND AGREE THAT YOU DOWNLOAD,
INSTALL AND/OR USE THE SOFTWARE AT YOUR OWN DISCRETION AND RISK
AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR
COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE USE OF THE
SOFTWARE.
9. CONSUMER PROTECTION AND PRIVACY. SOME COUNTRIES, STATES AND
PROVINCES, INCLUDING MEMBER STATES OF THE EUROPEAN ECONOMIC
AREA, DO NOT ALLOW CERTAIN EXCLUSIONS OR LIMITATIONS OF LIABILITY, SO
THE ABOVE DISCLAIMER OF WARRANTY AND EXCLUSION OR LIMITATION OF
LIABILITIES (SECTIONS 7 AND 8) MAY NOT FULLY APPLY TO YOU. YOU MAY
HAVE ADDITIONAL RIGHTS AND REMEDIES. SUCH POSSIBLE RIGHTS OR
REMEDIES, IF ANY, SHALL NOT BE AFFECTED BY THIS AGREEMENT. THERE
MAY BE MANDATORY REGULATIONS OR LEGAL PROVISIONS THAT ARE
APPLICABLE TO YOU AS A CONSUMER.
10. COMPLIANCE WITH ALL LAWS, EXPORT CONTROL. The Software is subject to
export controls under the U.S. Export Administration Regulations. The Software may not
be exported or re-exported to entities within, or residents or citizens of, embargoed
countries or countries subject to applicable trade sanctions, nor to prohibited or denied
persons or entities without proper government licenses. Information about such
restrictions can be found at the following websites:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
and
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
. You are responsible
for any violation of the US export control laws related to Your copy of the Software. By
accepting this Agreement, You confirm that You are not a resident or citizen of any
country currently embargoed by the U.S. and that You are not otherwise prohibited from
receiving the Software.

11. U.S. GOVERNMENT RESTRICTED RIGHTS. If the entity on whose behalf You are
acquiring the Software is any unit or agency of the United States Government, then that
Government entity acknowledges that the Software, (i) was developed at private
expense, (ii) is commercial in nature, (iii) is not in the public domain, and (iv) is "Restricted
Computer Software" as that term is defined in Clause 52.227 19 of the Federal
Acquisition Regulations (FAR) and is "Commercial Computer Software" as that term is
defined in Subpart 227.471 of the Department of Defense Federal Acquisition Regulation
Supplement (DFARS). The Government agrees that (i) if the Software is supplied to the
Department of Defense (DoD), the Software is classified as "Commercial Computer
Software" and the Government is acquiring only "restricted rights" in the Software and its
documentation as that term is defined in Clause 252.227 7013(c)(1) of the DFARS, and
(ii) if the Software is supplied to any unit or agency of the United States Government ot
her than DoD, the Government's rights in the Software and its documentation will be as
defined in Clause 52.227 19(c)(2) of the FAR.

12. GOVERNING LAW. Unless otherwise required by the specific jurisdiction’s laws,
this Agreement will be governed by the laws of the State of California, USA, without
regard to the provisions of the United Nations Convention on Contracts for the
International Sale of Goods and the conflict of laws provisions of Your state or country of
residence.

13. GENERAL PROVISIONS. This is the entire agreement between You and Trend
Micro with respect to the subject matter hereof and supersedes and replaces all prior or
contemporaneous understandings or agreements regarding such subject matter. Any
waiver of any provision of this Agreement will be effective only if in writing and signed by
Trend Micro. In the event that any provision or portion of this Agreement is found to be
invalid, that finding will not affect the validity of the remaining parts of this Agreement.
Trend Micro may assign or subcontract some or all of its obligations under this Agreement
to qualified third parties or its affiliates and/or subsidiaries, provided that no such
assignment or subcontract shall relieve Trend Micro of its obligations under this
Agreement.

14. QUESTIONS. Address all questions about this Agreement to:
legalnotice@trendmicro.com.


The Software is protected by copyright, trade secret and U.S. PATENT laws, and
international treaty provisions. UNAUTHORIZED REPRODUCTION OR DISTRIBUTION
IS SUBJECT TO CIVIL AND CRIMINAL PENALTIES.
 
تأييد 0
اخوي سوي اللي في الصورة

i32447_28082009033402.png



i32446_28082009033201.png




بعدين بيظهر لك تقرير انسخه والصقه بردك القادم



 
توقيع : النقيب
تأييد 0
مشكور اخوي ع الشرح . اان سويتها غلط ..

وهذا التقرير ..

.
.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47:47 ?, on 28/08/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\inf\Other.exe
F3 - REG:win.ini: run=C:\Windows\system32\config\Win.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AFProg] C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ??? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: ???? ????? Google (gupdate1c9fc48e7b6f605) (gupdate1c9fc48e7b6f605) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\STacSV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 10572 bytes
 
تأييد 0
[/FONT]
[/FONT]
عطل برامج الحماية عن العمل[/FONT]
[/FONT]ثم [/FONT]
[/FONT]حمل الاداة التالية واحفظها على سطح المكتب[/FONT]
[/FONT]
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

[/FONT]عند تشغيلها بتظهر لك رسالة ,, اضغط على [/FONT]>> Yes[/FONT]
[/FONT]بعدها بتظهر لك رساله ثانيه ,, اضغط على [/FONT]>> Yes[/FONT]
[/FONT]اثناء الفحص ممكن يعاد تشغيل الجهاز[/FONT]
[/FONT]وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه[/FONT]
[/FONT]لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي[/FONT]
[/FONT]انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة[/FONT][/FONT]
 
توقيع : النقيب
تأييد 0
هذا اخوي اللي طلع لي بعد الفحص .. يرب تنحل مشكلتي ويااك ياخوك والله تعبتني
.
.
ComboFix 09-08-27.02 - HP 08/28/2009 4:41.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1025.18.2044.931 [GMT 3:00]
Running from: c:\users\HP\Documents\Pictures\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1283941076-3748240430-1743499878-500
c:\$recycle.bin\S-1-5-21-2073995779-4141097240-994633595-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger .lnk
c:\windows\Fonts\lpsports1.ttf
c:\windows\Installer\1aac7b.msp
c:\windows\Installer\1aac8e.msp
c:\windows\Installer\1fa20.msi
c:\windows\Installer\2adc20.msi
c:\windows\Installer\4bfe5c.msp

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-27 23:58 . 2009-08-27 23:58 -------- d-----w- c:\program files\Trend Micro
2009-08-26 22:10 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 16:13 . 2009-08-26 16:13 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll
2009-08-26 16:13 . 2009-08-26 16:13 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll
2009-08-26 16:13 . 2009-08-26 16:13 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll
2009-08-26 16:13 . 2009-08-26 16:13 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll
2009-08-26 15:51 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 15:51 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 17:36 . 2009-08-24 20:30 -------- d-----w- c:\users\HP\AppData\Roaming\Vso
2009-08-21 20:31 . 2009-08-21 20:31 -------- d-----w- c:\program files\Common Files\Skype
2009-08-14 21:49 . 2009-08-14 21:49 -------- d-----w- c:\program files\CCleaner
2009-08-14 00:29 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 00:29 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 00:29 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 00:29 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 00:29 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 00:29 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 00:29 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 00:29 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 20:59 . 2008-12-03 22:25 120832 ----a-w- c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\31wyrvco.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-08-13 15:07 . 2009-08-13 15:07 -------- d-----w- c:\users\HP\AppData\Local\Mozilla
2009-08-11 19:44 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 19:38 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 19:38 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 19:37 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 19:37 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 19:37 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 19:37 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 19:37 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-03 18:42 . 2009-08-03 18:42 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-30 23:56 . 2008-09-18 08:36 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-07-30 23:56 . 2008-09-18 08:36 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-07-30 23:56 . 2008-09-18 08:35 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-07-30 23:56 . 2009-07-30 23:56 -------- d-----w- c:\windows\system32\SupportAppXL
2009-07-30 07:00 . 2009-07-30 07:00 7168 ----a-w- c:\users\HP\AppData\Roaming\Thinstall\Kelk 2000 Arabic - Persian\4000003d00003i\crypserv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 00:12 . 2009-04-08 21:45 -------- d-----w- c:\programdata\Kaspersky Lab
2009-08-28 00:12 . 2008-10-09 12:33 63378 ----a-w- c:\programdata\nvModes.dat
2009-08-26 22:51 . 2009-06-25 19:03 892960 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-26 22:51 . 2009-06-25 19:03 7046176 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-26 22:51 . 2009-06-25 19:03 57176 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-26 22:51 . 2009-06-25 19:03 5180 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-26 22:50 . 2008-08-06 13:25 2484 ----a-w- c:\windows\bthservsdp.dat
2009-08-26 05:00 . 2009-05-04 09:05 -------- d-----w- c:\users\HP\AppData\Roaming\skypePM
2009-08-26 04:59 . 2009-05-04 09:02 -------- d-----w- c:\users\HP\AppData\Roaming\Skype
2009-08-25 17:18 . 2009-03-01 19:21 312248 ----a-w- c:\users\HP\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-21 20:32 . 2009-05-04 09:01 -------- d-----r- c:\program files\Skype
2009-08-21 20:31 . 2009-05-04 09:01 -------- d-----w- c:\programdata\Skype
2009-08-19 20:19 . 2008-08-06 14:11 -------- d-----w- c:\programdata\WildTangent
2009-08-13 16:21 . 2009-04-24 22:16 -------- d-----w- c:\program files\Mobily Connect Card
2009-08-12 00:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-03 19:12 . 2009-07-06 21:07 -------- d-----w- c:\program files\SWiSH Max2
2009-08-03 18:42 . 2009-03-01 19:41 -------- d-----w- c:\program files\Common Files\Real
2009-08-03 17:19 . 2009-07-03 23:48 -------- d-----w- c:\program files\SWiSHmax
2009-07-30 23:56 . 2008-08-06 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 07:00 . 2009-06-29 16:46 -------- d-----w- c:\users\HP\AppData\Roaming\Thinstall
2009-07-28 01:53 . 2009-07-28 01:52 -------- d-----w- c:\program files\CamStudio
2009-07-28 01:40 . 2009-07-27 02:28 -------- d-----w- c:\users\HP\AppData\Roaming\SWiSH Max2
2009-07-27 19:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-27 19:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-27 19:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-27 19:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-27 19:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-27 19:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-27 19:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-27 19:29 . 2009-07-27 19:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-07-27 19:28 . 2008-10-09 12:44 -------- d-----w- c:\programdata\NVIDIA
2009-07-23 22:16 . 2009-07-20 18:03 -------- d-----w- c:\users\HP\AppData\Roaming\Blueberry
2009-07-21 17:46 . 2009-06-26 14:56 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-21 17:46 . 2009-07-21 17:46 35160 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\wmi64.exe
2009-07-21 17:46 . 2009-07-21 17:46 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmifw.exe
2009-07-21 17:46 . 2009-07-21 17:46 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmiav.exe
2009-07-21 17:46 . 2009-07-21 17:46 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmias.exe
2009-07-21 17:46 . 2009-06-26 14:09 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-07-20 18:07 . 2009-07-20 18:03 -------- d-----w- c:\programdata\Blueberry
2009-07-19 16:01 . 2009-05-10 10:42 680 ----a-w- c:\users\HP\AppData\Local\d3d9caps.dat
2009-07-18 16:06 . 2009-07-28 22:30 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 22:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 22:30 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 04:28 . 2009-07-16 04:28 -------- d-----w- c:\program files\Nidesoft Studio
2009-07-12 22:08 . 2009-03-01 19:43 -------- d-----w- c:\program files\Paltalk Messenger
2009-07-12 21:02 . 2009-03-01 19:37 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 23:45 . 2009-03-01 19:43 -------- d-----w- c:\users\HP\AppData\Roaming\Paltalk
2009-07-11 00:31 . 2009-07-08 23:18 -------- d-----w- c:\users\HP\AppData\Roaming\TeamViewer
2009-07-09 15:57 . 2009-07-08 22:29 -------- d-----w- c:\users\HP\AppData\Roaming\Desktopicon
2009-07-08 23:18 . 2009-07-08 23:18 -------- d-----w- c:\program files\TeamViewer
2009-07-08 18:18 . 2009-07-08 18:18 14752800 ----a-w- C:\IE7-WindowsXP-x86-ara.exe
2009-07-06 21:08 . 2009-07-06 21:08 -------- d-----w- c:\program files\LameACM
2009-07-06 21:07 . 2009-07-06 21:07 -------- d-----w- c:\program files\Common Files\SWiSHzone.com
2009-07-05 20:35 . 2009-07-01 21:26 -------- d-----w- c:\program files\Ares
2009-07-04 15:32 . 2009-07-04 15:32 12800 ----a-w- c:\users\HP\AppData\Roaming\Thinstall\Inpaint\1000000e00002i\rundll32.exe
2009-07-04 01:44 . 2009-03-01 19:34 -------- d-----w- c:\program files\Google
2009-07-04 01:34 . 2009-07-04 01:34 390664 ----a-w- c:\users\HP\AppData\Roaming\Real\RealPlayer\setup\AU_setup.exe
2009-07-01 18:26 . 2009-07-01 18:24 -------- d-----w- c:\program files\Hotspot Shield
2009-07-01 18:22 . 2009-07-01 18:22 -------- d-----w- c:\program files\AnchorFree
2009-06-29 21:19 . 2009-06-29 21:19 -------- d-----w- c:\users\HP\AppData\Roaming\Apple Computer
2009-06-29 21:18 . 2009-06-29 21:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-29 21:18 . 2009-06-29 21:18 -------- d-----w- c:\program files\Bonjour
2009-06-29 21:16 . 2009-06-29 21:16 -------- d-----w- c:\program files\Apple Software Update
2009-06-29 21:15 . 2009-06-29 21:15 -------- d-----w- c:\programdata\Apple
2009-06-26 14:59 . 2009-06-26 14:59 176656 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\scrchpg.dll
2009-06-26 14:56 . 2009-06-26 14:56 38416 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\klbg.sys
2009-06-26 14:56 . 2009-06-26 14:56 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-26 14:56 . 2009-06-26 14:55 247312 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista64\klif.sys
2009-06-26 14:55 . 2009-06-26 14:55 239120 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista\klif.sys
2009-06-26 14:55 . 2009-06-26 14:54 218640 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP64\klif.sys
2009-06-26 14:54 . 2009-06-26 14:53 226832 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-26 14:53 . 2009-06-26 14:53 230032 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\w2000\klif.sys
2009-06-26 14:48 . 2009-06-26 14:47 176656 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\scrchpg.dll
2009-06-26 14:45 . 2009-06-26 14:44 38416 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\klbg.sys
2009-06-26 14:44 . 2009-06-26 14:44 227856 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista64\klif.sys
2009-06-26 14:44 . 2009-06-26 14:43 202768 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP64\klif.sys
2009-06-26 14:43 . 2009-06-26 14:42 213520 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys
2009-06-26 14:42 . 2009-06-26 14:41 215824 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\w2000\klif.sys
2009-06-26 14:41 . 2009-06-26 14:41 38416 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\klbg.sys
2009-06-26 14:41 . 2009-06-26 14:41 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-06-26 14:40 . 2009-06-26 14:40 227856 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\Vista64\klif.sys
2009-06-26 14:40 . 2009-06-26 14:39 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\Vista\klif.sys
2009-06-26 14:39 . 2009-06-26 14:38 202768 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP64\klif.sys
2009-06-26 14:38 . 2009-06-26 14:37 213520 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-06-26 14:37 . 2009-06-26 14:36 215824 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\w2000\klif.sys
2009-06-26 14:30 . 2009-06-26 14:30 22792 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\vkbd64.dll
2009-06-26 14:30 . 2009-06-26 14:29 176656 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\scrchpg.dll
2009-06-26 14:29 . 2009-06-26 14:29 60168 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\ievkbd.dll
2009-06-26 14:29 . 2009-06-26 14:29 21256 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-06-26 14:28 . 2009-06-26 14:25 861448 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2009-06-26 14:21 . 2009-06-26 14:21 83208 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-06-26 14:20 . 2009-06-26 14:19 62728 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-06-26 14:18 . 2009-06-26 14:17 43784 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-06-26 14:17 . 2009-06-26 14:16 365832 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-06-26 14:14 . 2009-06-26 14:13 201992 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-06-26 14:09 . 2009-06-26 14:09 44808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-06-26 14:09 . 2009-06-26 14:09 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-06-26 14:09 . 2009-06-26 14:09 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys
2009-06-26 11:28 . 2009-06-26 11:28 390664 ----a-w- c:\users\HP\AppData\Roaming\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-26 11:28 . 2009-06-26 11:28 390664 ----a-w- c:\users\HP\AppData\Roaming\Real\Update\temp\~Upg6\realplayer11gold.exe
2008-08-06 12:16 . 2008-08-06 12:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
"AFProg"="c:\program files\AnchorFree\bin\ctrl\AFController.exe" [2006-11-20 81920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-28 442433]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-03 198160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-30 727592]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-6-30 11536384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):16,b0,41,84,f2,0e,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2073995779-4141097240-994633595-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{04844CAC-4895-42DD-B90B-F8C14791C400}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{E298EEF5-88C5-4988-A4F4-33E8C7CD8FB0}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8D1167D8-6076-4F68-B5C5-9766FE24C912}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{60C09396-1258-4006-9C31-B893A594F297}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A7551F0E-5465-41DA-B2F4-E26C1154B9AB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C005FD44-FCBD-414F-93A3-27790DFED357}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D140C7DB-0867-48EA-9CDB-90988697767E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe [2008-02-12 73728]
R2 gupdate1c9fc48e7b6f605;???? ????? Google (gupdate1c9fc48e7b6f605);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 133104]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-06-26 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-25 185640]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-28 599344]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-28 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 01:43]

2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 01:43]

2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{6458010C-7CC7-4D6B-983F-194418957BB4}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe
SafeBoot-Wdf01000.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ????? ??? ???? ????????? - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: ???? ??? ?????? ?????? ?? ???? ?? ?????????? -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} - hxxp://f5f9.redirectme.net/imscp/talkc38.cab
DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://98.126.41.66:1999/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.112/saudi1999/talks3n.cab
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\31wyrvco.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-28 04:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2009-08-28 4:54
ComboFix-quarantined-files.txt 2009-08-28 01:54

Pre-Run: 96,908,701,696 bytes free
Post-Run: 96,965,992,448 bytes free

366 --- E O F --- 2009-08-27 16:15
 
تأييد 0
[/FONT]
حمل هذا البرنامج [/FONT]
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله[/FONT] وقم[/FONT] بتحديثه[/FONT] واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير[/FONT]

zyzoom-3217b04352.png

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
zyzoom-e4c8201db0.png

[/FONT]

[/FONT]

[/FONT]
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة[/FONT]


بعدها اعمل تقرير بالاداة الاولى​



[/FONT][/FONT]
 
توقيع : النقيب
تأييد 0
جالس يفحص ساعه :( .. انتظرر اخوي لاهنت
 
تأييد 0
هذا تقرير الفحص اخووي .. بالبرنامج اللي عطيتني هو
.
.

Malwarebytes' Anti-Malware 1.40
Database version: 2708
Windows 6.0.6001 Service Pack 1

28/08/09 06:41:26 ?
mbam-log-2009-08-28 (06-41-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 294218
Time elapsed: 1 hour(s), 7 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
تأييد 0
ورجعت سويت زي ماقلتلي بالاداه بعد مافحصت بالبرنامج وهذا تقريرها
.
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:45:14 ?, on 28/08/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AFProg] C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ??? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: ???? ????? Google (gupdate1c9fc48e7b6f605) (gupdate1c9fc48e7b6f605) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\STacSV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 9699 bytes
 
تأييد 0
طيب الان اعطينا تقرير بالاداة الاولى
 
توقيع : النقيب
تأييد 0
طيب الان اعطينا تقرير بالاداة الاولى .. هذا هو التقرير اخوي
.
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:57:19 ?, on 28/08/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AFProg] C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ??? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: ???? ????? Google (gupdate1c9fc48e7b6f605) (gupdate1c9fc48e7b6f605) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\STacSV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 9741 bytes
 
تأييد 0
احذف القيم التالية

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي





طريقة الحذف

[/FONT]
i16155_5aznhec3b746572.png


mg%20%283%29.png

[/FONT]
mg%20%284%29.png




بعدها



حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


i16154_5aznhcfe2f7d475.png



i16161_140630054827.png
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
[/FONT]
[/FONT]



 
توقيع : النقيب
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى