عندي مشكلة عند تشغيل الكمبيوتر تظهر لي هذه العلامة ....

  • بادئ الموضوع بادئ الموضوع بو بو
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,470
ب

بو بو

زيزوومي جديد
إنضم
22 نوفمبر 2009
المشاركات
22
مستوى التفاعل
0
النقاط
20
غير متصل
عندي مشكلة عند تشغيل الكمبيوتر تظهر لي هذه العلامة ....
6030219_536x134.jpg




وهذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:55:35 ص, on 22/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Drive Space Indicator\DrvSpace.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\بومنذر\Desktop\RunScanner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [DriveSpace] C:\Program Files\Drive Space Indicator\DrvSpace.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\myproxy\myproxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\myproxy\myproxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\myproxy\myproxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\myproxy\myproxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\myproxy\myproxy.dll
O10 - Unknown file in Winsock LSP: c:\program files\myproxy\myproxy.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11084 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
احذف القيم التالية

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
 
توقيع : Technology G!rl
تأييد 0
طريقة الحذف



mg%20(3).png


mg%20(4).png

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبلغنا اخر النتائج



:ok::ok::ok:​
 
التعديل الأخير بواسطة المشرف:
توقيع : Technology G!rl
تأييد 0
للأسف لم تنحل المشكلة
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : SUL6AN
تأييد 0
ComboFix 09-11-20.05 - بومنذر 11/22/2009 5:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.503.253 [GMT 3:00]
Running from: c:\documents and settings\بومنذر\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091121-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\6676~1\Desktop\6400~1.exe
c:\documents and settings\بومنذر\Application Data\Desktopicon
c:\documents and settings\بومنذر\Application Data\Desktopicon\eBayShortcuts.exe
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
.
2009-11-22 01:00 . 2009-11-22 02:25 -------- d-----w- c:\program files\IE Accelerator
2009-11-22 00:55 . 2009-11-22 00:55 -------- d-----w- c:\program files\Trend Micro
2009-11-22 00:52 . 2009-11-22 00:52 -------- d-----w- c:\documents and settings\بومنذر\Local Settings\Application Data\Runscanner.net
2009-11-21 13:09 . 2009-11-21 16:07 -------- d-----w- c:\program files\Drawing for Children
2009-11-14 20:32 . 2009-11-14 20:32 198064 ----a-w- c:\documents and settings\بومنذر\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-11-14 20:28 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-11-14 20:27 . 2008-09-28 19:00 439440 ----a-w- c:\program files\un_Internet Download Manager_16575.exe
2009-11-14 20:27 . 2009-11-14 20:31 -------- d-----r- c:\documents and settings\All Users\Documents
2009-11-11 22:20 . 2009-11-11 22:20 3119320 ----a-w- c:\documents and settings\بومنذر\Application Data\IDM\idmupdt.exe
2009-11-07 13:21 . 2009-11-21 22:59 -------- d-----w- c:\documents and settings\العويشير\Tracing
2009-11-07 12:24 . 2009-11-07 12:24 -------- d-----w- C:\ERDNT
2009-11-07 12:24 . 2009-11-07 12:24 -------- d-----w- c:\windows\ERUNT
2009-11-07 12:23 . 2009-11-07 12:23 -------- d-----w- C:\!FixIEDef
2009-11-02 20:35 . 2009-11-02 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Zbshareware Lab
2009-11-02 20:34 . 2009-11-02 20:35 -------- d-----w- c:\program files\USB Disk Security
2009-10-29 23:52 . 2009-08-05 19:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-29 23:52 . 2009-10-29 23:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-29 23:51 . 2009-10-29 23:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-29 23:49 . 2009-10-29 23:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-29 22:55 . 2009-10-29 22:55 -------- d-----w- c:\documents and settings\بومنذر\Application Data\URSoft
2009-10-29 22:55 . 2009-11-22 01:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-29 22:55 . 2009-10-29 22:57 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-10-29 10:18 . 2009-10-30 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-28 14:45 . 2009-10-28 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-10-28 12:30 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 12:30 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 12:30 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 12:30 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 12:29 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 12:29 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 12:29 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 12:29 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 12:29 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 12:29 . 2009-10-28 12:29 -------- d-----w- c:\program files\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 02:25 . 2009-05-30 11:47 -------- d-----w- c:\documents and settings\بومنذر\Application Data\DMCache
2009-11-22 01:10 . 2009-11-22 01:10 -------- d-----w- c:\documents and settings\بومنذر\Application Data\CyberScrub
2009-11-22 01:10 . 2009-11-22 01:10 -------- d-----w- c:\documents and settings\بومنذر\Application Data\zyzcleaner
2009-11-14 20:32 . 2009-08-31 00:14 -------- d-----w- c:\documents and settings\بومنذر\Application Data\IDM
2009-11-14 20:28 . 2009-11-14 20:27 11963 ----a-w- c:\program files\un_Internet Download Manager_16575.txt
2009-11-14 20:28 . 2009-08-31 00:14 -------- d-----w- c:\program files\Internet Download Manager
2009-11-10 12:54 . 2009-09-12 00:40 -------- d-----w- c:\program files\Zoom Player
2009-11-07 12:00 . 2009-07-08 03:19 -------- d-----w- c:\program files\Hotspot_Shield
2009-11-01 12:32 . 2009-05-30 11:35 -------- d-----w- c:\program files\Waseet303
2009-10-29 23:52 . 2009-09-08 03:51 -------- d-----w- c:\program files\Windows Live
2009-10-29 23:49 . 2009-09-07 02:08 -------- d-----w- c:\program files\Microsoft
2009-10-29 23:02 . 2009-10-16 12:25 -------- d-----w- c:\program files\MyProxy
2009-10-29 22:29 . 2009-10-16 12:25 -------- d-----w- c:\documents and settings\بومنذر\Application Data\MyProxy
2009-10-28 12:27 . 2009-05-30 11:30 -------- d-----w- c:\program files\ESET
2009-10-16 12:29 . 2009-06-05 15:36 -------- d-----w- c:\documents and settings\بومنذر\Application Data\Ulead Systems
2009-10-16 12:25 . 2009-10-16 12:25 -------- d-----w- c:\documents and settings\بومنذر\Application Data\Obsidium
2009-10-14 03:15 . 2009-10-14 03:15 -------- d-----w- c:\program files\CCleaner
2009-10-14 03:15 . 2009-10-14 03:15 -------- d-----w- c:\program files\Yahoo!
2009-10-02 12:38 . 2009-10-02 12:38 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-10-02 12:38 . 2009-05-30 11:29 -------- d-----w- c:\program files\Java
2009-10-02 12:38 . 2009-10-02 12:38 152576 -c--a-w- c:\documents and settings\بومنذر\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-02 11:23 . 2009-10-02 11:23 -------- d-----w- c:\program files\FormatFactory
2009-10-01 23:41 . 2009-10-01 23:41 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-08 03:07 . 2009-09-08 03:06 5519752 -c--a-w- c:\documents and settings\بومنذر\Application Data\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
2009-09-07 01:59 . 2009-05-30 11:31 277328 ----a-w- c:\documents and settings\بومنذر\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 22:54 . 2009-09-03 22:54 277328 ----a-w- c:\documents and settings\العويشير\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 00:49 . 2009-08-28 01:31 10 -c--a-w- c:\windows\popcinfo.dat
2009-08-29 21:43 . 2009-07-13 13:05 277328 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-22 14:46 . 2009-06-22 14:46 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-09-24 1279216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-08-11 3114416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2009-04-10 393216]
"DriveSpace"="c:\program files\Drive Space Indicator\DrvSpace.exe" [2009-01-15 417073]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-15 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-09-26 806912]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\ںéميï¬ï©\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-30 113664]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASRock WiFi-802.11g.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASRock WiFi-802.11g.lnk
backup=c:\windows\pss\ASRock WiFi-802.11g.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^بومنذر^Start Menu^Programs^Startup^MyProxy.lnk]
path=c:\documents and settings\بومنذر\Start Menu\Programs\Startup\MyProxy.lnk
backup=c:\windows\pss\MyProxy.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18889:TCP"= 18889:TCP:BitComet 18889 TCP
"18889:UDP"= 18889:UDP:BitComet 18889 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28/10/2009 03:29 م 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/10/2009 03:29 م 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [30/10/2009 02:52 ص 54752]
S3 fsssvc;خدمة أمان العائلة في Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 م 704864]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
2009-11-22 c:\windows\Tasks\User_Feed_Synchronization-{2455326B-59C0-4D8B-BDC5-004E63F57297}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\MyProxy\MyProxy.dll
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-11-22 05:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4c1ceaa9-f4fc-45c4-bbb8-bacb5a84d886}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f6
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,27,85,0d,4c,f7,1b,0f,39,66,7c,5b,a2,6c,0e,42,4e,c2,e2,cb,49,c9,90,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ad,46,ee,3f,3f,bc,d9,57,b6,7f,66,52,1e,2e,9e,e7,78,62,49,34,0f,
76,69,7e,6e,84,2a,3e,76,b6,cf,8f,8a,0d,cc,27,4d,fa,85,73,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1108)
c:\windows\system32\idmmbc.dll
c:\program files\MyProxy\MyProxy.dll
- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2009-11-22 05:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-22 02:33
Pre-Run: 29,578,444,800 bytes free
Post-Run: 29,777,797,120 bytes free
- - End Of File - - A615C407EB8AA4106B1B8AF2864D6404
 
تأييد 0
هل مازالت تواجهك الرساله ؟!
 
توقيع : SUL6AN
تأييد 0
نعم لا زالات
 
تأييد 0
حمل الملف التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



وبالماوس دبل كلك على الملف ... بعدها راح يفتح لك واجهة الاداة

اعمل كما بالشرح ...

i17686_000.png


i17687_001.png


i17688_002.png


بعدها اعد تشغيل جهازك
 
توقيع : SUL6AN
تأييد 0
عملت
ولم يحصل اي شيء
 
تأييد 0
نزل هذه الأداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وشغلها بدبل كلك

i17409_1.png


i17412_2.png


ثم اعد تشغيل الجهاز​
 
توقيع : SUL6AN
تأييد 0
عملت الاداة
 
تأييد 0
طيب والنتيجه

وشهي مواصفات جهازك ؟!
 
توقيع : SUL6AN
تأييد 0
لم يظهر أي شيء
 
تأييد 0
توقيع : SUL6AN
تأييد 0
اقصد الرساله هل مازالت تظهر ؟!
 
توقيع : SUL6AN
تأييد 0
نعم مازالت تظهر
 
تأييد 0
أخي الكريم حسب الرسالة
خطأ في الريجستري u32cfg
ولتوضيح المشكلة على هذا الرابط
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وممكن تحميل الملف مباشرة . واما اذا كان في الامر صعوبة تقدر تحمل هالبرنامج وهو يقوم بعملية الاصلاح
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : qq66
تأييد 0
توقيع : qq66
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى