مشكلة في جهازي ..... مرفق تقرير هايجاك

غَيّوضْ · 13 مايو 2008

صبحكم الله بالخير جميعا

لدي برنامج مكافي لا استطيع حذفه وتظهر رسايل تحذير لا اعلم ماهي

وهذا تقرير هايجاك

النظام اكس بي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:24 AM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\System\fphwhio.exe
C:\WINDOWS\RavMonE.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOBILY~1\Mobily Connect Card.exe
C:\Program Files\Common Files\Microsoft Shared\nviwish.exe
C:\Documents and Settings\Laila Al Otaishan\Desktop\برامج مهمة\Zyzoom_HijackThis.exe
c:\program files\mcafee.com\agent\mcupdate.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.saudi.net.sa:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [eiqdvoq] C:\Program Files\Common Files\System\fphwhio.exe
O4 - HKLM\..\Run: [pytsmvt] C:\Program Files\Common Files\Microsoft Shared\nviwish.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E61C9D7-0CD5-4920-8345-F76C5A5DCA4E}: NameServer = 212.93.192.4,212.93.192.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{46919152-B920-401B-AEA2-DE59AC296714}: NameServer = 10.6.9.12 10.6.9.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE183C62-233F-4136-891C-94BA949BEF82}: NameServer = 212.93.192.4,212.93.192.5
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9900 bytes

ارجو الإفادة

غَيّوضْ · 14 مايو 2008

زيزوم قال:
حلوووووووووه تبققت خخخخخخخخخخخخخخخخخ

الله يسعدك دنيا وآخره

شكل الملفات مخفيه

لاهنت حمل الملف هذا وشغله
http://www.zshare.net/download/1200626737f2cd53/

لحظات وافتح محرك الاقراص سي بتجد مجلد باسم zyzoooom
اضغطه وارفعه على http://www.zshare.net

بانتظارك

بااااااااك

تفضل ياغالي هذا الملف

http://www.zshare.net/download/1200684050934f54/

زيزوووم · 14 مايو 2008

فتى الشرقية قال:
فــــديـــــــــتـــــك

:king:

تسلم ياقلبي

زيزوووم · 14 مايو 2008

لاهنت اتبع التالي بالترتيب

( 1 )
حمل هذا الملف وقم بتشغيله
عندها يعاد تشغيل جهازك تلقائيا ... بعدها يظهر لك تقرير
انسخه والصقه بردك القادم

http://www.zshare.net/download/1200843934816552/

------------------------------

( 2 )
حمل هذا الملف وشغله ( تظهر شاشة سوداء وتختفي )
http://www.zshare.net/download/12008356fda50476/

----------------------------------

( 3 )
حمل هذا الملف وشغله
بتظهر لك شاشة سوداء ويبدأ الكاسبر فحص وتنظيف جهازك تلقائيا
http://www.zyzoom.net/soft/security/tools_1/kav.exe

احتمال تستغرق العملية اكثر من ساعة

زيزوووم · 14 مايو 2008

بعد عمل السابق ...

اعد تشغيل جهازك واعمل تقرير جديد

( 1 )

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------

( 2 )

واعمل تقرير للهايجاك

http://download.hijackthis.eu/hijackthis_199.zip

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log

لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

غَيّوضْ · 14 مايو 2008

زيزوم قال:
بعد عمل السابق ...

اعد تشغيل جهازك واعمل تقرير جديد

( 1 )

عطل جميع برامج الحماية ,,

وحمل هذه الاداة واحفظها على سطح المكتب
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes

بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------

( 2 )

واعمل تقرير للهايجاك

http://download.hijackthis.eu/hijackthis_199.zip

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log

لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

ابشر استاذي وجاري عمل الخطوااات بالترتيب وسأوافيك بالنتايج

يعطيك العافية

؟؟؟؟؟؟؟؟؟؟؟؟؟؟

غَيّوضْ · 14 مايو 2008

مساء الخير استاااااذ زيزوووم

بالنسبه للأداة الأولى لم تعمل معي

وباقي الخطوات نفذتها بالترتيب وهذا تقرير الفحص

ComboFix 08-05-11.1 - Laila Al Otaishan 2008-05-14 22:59:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1256.966.1033.18.586 [GMT 3:00]
Running from: C:\Documents and Settings\Laila Al Otaishan\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.
2008-05-14 14:21 . 2008-05-14 14:21 <DIR> d-------- C:\zyzoooom
2008-05-14 12:58 . 2008-05-14 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-13 16:33 . 2008-05-13 16:33 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-13 16:30 . 2008-05-13 16:30 <DIR> d-------- C:\Program Files\Windows Live
2008-05-13 16:30 . 2008-05-13 16:30 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-05-13 16:30 . 2008-05-13 16:30 <DIR> d-------- C:\Program Files\Circle Developement
2008-05-13 15:03 . 2008-05-13 15:03 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\CyberScrub
2008-05-13 13:18 . 2008-05-13 13:18 <DIR> d-------- C:\Program Files\Avira
2008-05-13 13:18 . 2008-05-13 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-10 20:11 . 2008-05-10 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-10 20:10 . 2008-05-10 20:10 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\vlc
2008-05-10 20:09 . 2008-05-10 20:09 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-10 20:05 . 2008-05-10 20:06 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-10 20:05 . 2008-03-04 12:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-10 20:05 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-10 19:53 . 2008-05-10 19:54 <DIR> d-------- C:\Program Files\CCleaner
2008-05-10 19:29 . 2008-05-10 19:29 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\Uniblue
2008-05-10 19:27 . 2008-05-10 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-10 18:42 . 2008-05-10 18:50 5,452 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-10 17:15 . 2008-05-10 18:28 <DIR> d-------- C:\Program Files\Mobily Connect Card
2008-05-10 17:15 . 2007-07-16 18:23 101,120 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-05-10 17:15 . 2007-07-16 18:23 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-05-10 17:07 . 2008-05-10 17:14 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-05-10 17:07 . 2008-05-10 17:07 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\URSoft
2008-05-10 17:07 . 2008-05-13 12:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 16:35 . 2008-05-13 15:03 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\cleaner
2008-04-30 16:47 . 2008-04-30 16:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-30 16:47 . 2008-04-30 16:47 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 19:58 6,998 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-13 13:33 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-13 13:33 --------- d-----w C:\Program Files\Common Files\Real
2008-05-13 13:32 --------- d-----w C:\Program Files\Real
2008-05-13 13:30 --------- d-----w C:\Program Files\MSN Messenger
2008-05-13 13:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-10 18:04 --------- d-----w C:\Program Files\Dell
2008-05-10 14:02 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-03 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-22 15:30 2,085,376 ----a-w C:\WINDOWS\system32\x264vfw.dll
2007-11-23 10:25 220,552 ----a-w C:\Documents and Settings\Laila Al Otaishan\Application Data\GDIPFONTCACHEV1.DAT
2006-06-18 04:00 88 --sh--r C:\WINDOWS\system32\BD62F108D7.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-12 03:52 1409024]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-08-10 01:41 4617720]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 07:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 07:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 07:10 114688]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 23:08 1347584]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 00:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 09:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 18:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 18:44 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 09:02 86016]
"bacstray"="C:\Program Files\Broadcom\BACS\\BacsTray.exe" [2003-12-15 20:08 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-19 15:37 98304]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 14:18 98304]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 18:29 237568]
"eiqdvoq"="C:\Program Files\Common Files\System\fphwhio.exe" [ ]
"pytsmvt"="C:\Program Files\Common Files\Microsoft Shared\nviwish.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 10:06 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-13 16:33 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A93A4625-6216-499C-B360-BBD0A7C0D479}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\QQGS1.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2006-04-19 19:30 728176 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-08-10 01:41 4617720 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-13 13:20]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-09 15:57]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-07 10:06]
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys [2004-05-22 03:18]
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-04 09:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e0b03e3-dff0-11dc-8c70-0014a58bde36}]
\Shell\AutoRun\command - E:\xo8wr9.exe
\Shell\explore\Command - E:\xo8wr9.exe
\Shell\open\Command - E:\xo8wr9.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5da07928-1eab-11dd-8cc0-0014a58bde36}]
\Shell\AutoRun\command - E:\pytsmvt.exe
\Shell\explore\Command - E:\pytsmvt.exe
\Shell\open\Command - E:\pytsmvt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63f11e24-1e98-11dd-8cbd-0014a58bde36}]
\Shell\AutoRun\command - D:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662d1470-881b-11db-8bd2-001422a9abc0}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea188aa0-20c4-11dd-8cc4-0014a58bde36}]
\Shell\AutoRun\command - F:\AutoRun.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 23:02:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-14 23:04:34
ComboFix-quarantined-files.txt 2008-05-14 20:04:26
ComboFix2.txt 2008-05-14 10:23:13
Pre-Run: 40,981,045,248 bytes free
Post-Run: 40,984,043,520 bytes free
152 --- E O F --- 2008-02-20 19:33:09

وهذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:34 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Laila Al Otaishan\Desktop\برامج مهمة\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [eiqdvoq] C:\Program Files\Common Files\System\fphwhio.exe
O4 - HKLM\..\Run: [pytsmvt] C:\Program Files\Common Files\Microsoft Shared\nviwish.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E61C9D7-0CD5-4920-8345-F76C5A5DCA4E}: NameServer = 212.93.192.4,212.93.192.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{46919152-B920-401B-AEA2-DE59AC296714}: NameServer = 10.6.9.12 10.6.9.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE183C62-233F-4136-891C-94BA949BEF82}: NameServer = 212.93.192.4,212.93.192.5
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8558 bytes

بالإنتظار استاذي

زيزوووم · 15 مايو 2008

ماش شكلك ما استخدمت الملف هذا
حمل هذا الملف وشغله ( تظهر شاشة سوداء وتختفي )
http://www.zshare.net/download/12008356fda50476/

بعدها اعد تشغيل جهازك واعمل التقرير ... هذا

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------

غَيّوضْ · 15 مايو 2008

والله يا استاذ الملف مو راضي يتحمل معي اضغط على الرابط وتفتحلي صفحة التحميل واضغط داون لود وعلى طول تختفي الصفحة وتظهر لي صفحه ثانية فيها دعاية جوال وكذاااا .......وجربت التحميل من جهازين للملف ولكن نفس الحكاية .... اذا كان بالإمكان ترفعه على الميديا فير يمكن اقدر احمله ..أسف جدا لإزعاجك .....

زيزوووم · 15 مايو 2008

تفضل ياغالي

غَيّوضْ · 15 مايو 2008

وهذا التقرير استاذي تفضل <div align="center">ComboFix 08-05-11.1 - Laila Al Otaishan 2008-05-15 14:17:13.3 - NTFSx86</p>

Microsoft Windows XP Home Edition 5.1.2600.2.1256.966.1033.18.504 [GMT 3:00]
Running from: C:\Documents and Settings\Laila Al Otaishan\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.
2008-05-14 14:21 . 2008-05-14 14:21 <DIR> d-------- C:\zyzoooom
2008-05-14 12:58 . 2008-05-14 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-13 16:33 . 2008-05-13 16:33 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-13 16:30 . 2008-05-13 16:30 <DIR> d-------- C:\Program Files\Windows Live
2008-05-13 16:30 . 2008-05-13 16:30 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-05-13 16:30 . 2008-05-13 16:30 <DIR> d-------- C:\Program Files\Circle Developement
2008-05-13 15:03 . 2008-05-13 15:03 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\CyberScrub
2008-05-13 13:18 . 2008-05-13 13:18 <DIR> d-------- C:\Program Files\Avira
2008-05-13 13:18 . 2008-05-13 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-10 20:11 . 2008-05-10 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-10 20:10 . 2008-05-10 20:10 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\vlc
2008-05-10 20:09 . 2008-05-10 20:09 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-10 20:05 . 2008-05-10 20:06 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-10 20:05 . 2008-03-04 12:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-10 20:05 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-10 19:53 . 2008-05-10 19:54 <DIR> d-------- C:\Program Files\CCleaner
2008-05-10 19:29 . 2008-05-10 19:29 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\Uniblue
2008-05-10 19:27 . 2008-05-10 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-10 18:42 . 2008-05-10 18:50 5,452 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-10 17:15 . 2008-05-10 18:28 <DIR> d-------- C:\Program Files\Mobily Connect Card
2008-05-10 17:15 . 2007-07-16 18:23 101,120 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-05-10 17:15 . 2007-07-16 18:23 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-05-10 17:07 . 2008-05-10 17:14 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-05-10 17:07 . 2008-05-10 17:07 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\URSoft
2008-05-10 17:07 . 2008-05-13 12:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 16:35 . 2008-05-13 15:03 <DIR> d-------- C:\Documents and Settings\Laila Al Otaishan\Application Data\cleaner
2008-04-30 16:47 . 2008-04-30 16:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-30 16:47 . 2008-04-30 16:47 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 20:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 19:58 6,998 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-13 13:33 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-13 13:33 --------- d-----w C:\Program Files\Common Files\Real
2008-05-13 13:32 --------- d-----w C:\Program Files\Real
2008-05-13 13:30 --------- d-----w C:\Program Files\MSN Messenger
2008-05-13 13:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-10 18:04 --------- d-----w C:\Program Files\Dell
2008-05-10 14:02 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-22 15:30 2,085,376 ----a-w C:\WINDOWS\system32\x264vfw.dll
2007-11-23 10:25 220,552 ----a-w C:\Documents and Settings\Laila Al Otaishan\Application Data\GDIPFONTCACHEV1.DAT
2006-06-18 04:00 88 --sh--r C:\WINDOWS\system32\BD62F108D7.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-14_13.19.27.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 09:58:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 11:13:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-06 20:31:40 20,752 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-14 20:22:21 20,752 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-06 20:31:40 183,048 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 20:22:21 183,048 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-06 20:31:40 19,216 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-14 20:22:21 19,216 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-06 20:31:40 43,792 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-14 20:22:21 43,792 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-06 20:31:40 158,480 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
+ 2008-05-14 20:22:21 158,480 ----a-r C:\WINDOWS\Installer\{30120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-12 03:52 1409024]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-08-10 01:41 4617720]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 07:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 07:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 07:10 114688]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 23:08 1347584]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 00:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 09:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 18:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 18:44 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 09:02 86016]
"bacstray"="C:\Program Files\Broadcom\BACS\\BacsTray.exe" [2003-12-15 20:08 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-19 15:37 98304]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 14:18 98304]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 18:29 237568]
"eiqdvoq"="C:\Program Files\Common Files\System\fphwhio.exe" [ ]
"pytsmvt"="C:\Program Files\Common Files\Microsoft Shared\nviwish.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 10:06 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-13 16:33 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A93A4625-6216-499C-B360-BBD0A7C0D479}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\QQGS1.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2006-04-19 19:30 728176 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-08-10 01:41 4617720 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-13 13:20]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-09 15:57]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-07 10:06]
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys [2004-05-22 03:18]
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-04 09:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e0b03e3-dff0-11dc-8c70-0014a58bde36}]
\Shell\AutoRun\command - E:\xo8wr9.exe
\Shell\explore\Command - E:\xo8wr9.exe
\Shell\open\Command - E:\xo8wr9.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5da07928-1eab-11dd-8cc0-0014a58bde36}]
\Shell\AutoRun\command - E:\pytsmvt.exe
\Shell\explore\Command - E:\pytsmvt.exe
\Shell\open\Command - E:\pytsmvt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63f11e24-1e98-11dd-8cbd-0014a58bde36}]
\Shell\AutoRun\command - D:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662d1470-881b-11db-8bd2-001422a9abc0}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea188aa0-20c4-11dd-8cc4-0014a58bde36}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 14:20:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-15 14:22:01
ComboFix-quarantined-files.txt 2008-05-15 11:21:44
ComboFix2.txt 2008-05-14 20:04:36
ComboFix3.txt 2008-05-14 10:23:13
Pre-Run: 40,942,895,104 bytes free
Post-Run: 40,935,911,424 bytes free
168 --- E O F --- 2008-02-20 19:33:09

زيزوووم · 15 مايو 2008

دام فضلك ياغالي

تفضل شغل الملف هذا

بعدها اعمل تقرير هايجاك ... حتى نحذف قيم الباك دور من مسجل النظام

غَيّوضْ · 15 مايو 2008

تفضل استاذي هذا التقرير وأسف جدا جدا لأزعاجك

غلبتك معاي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:00 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Laila Al Otaishan\Desktop\برامج مهمة\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [eiqdvoq] C:\Program Files\Common Files\System\fphwhio.exe
O4 - HKLM\..\Run: [pytsmvt] C:\Program Files\Common Files\Microsoft Shared\nviwish.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E61C9D7-0CD5-4920-8345-F76C5A5DCA4E}: NameServer = 212.93.192.4,212.93.192.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{46919152-B920-401B-AEA2-DE59AC296714}: NameServer = 10.6.9.12 10.6.9.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE183C62-233F-4136-891C-94BA949BEF82}: NameServer = 212.93.192.4,212.93.192.5
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8642 bytes

زيزوووم · 15 مايو 2008

عادي ياقلبي

لاهنت شغل الهايجاك قفل متصفح الانترنت
وباستخدام البرنامج Hijack This اللي عملت فيه التقرير
اعمل فحص جديد واشر على هذه القيم >>> واضغط على Fix Checked

O4 - HKLM\..\Run: [eiqdvoq] C:\Program Files\Common Files\System\fphwhio.exe

O4 - HKLM\..\Run: [pytsmvt] C:\Program Files\Common Files\Microsoft Shared\nviwish.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

وهذا شرح للعمليه (( القيم غير حقيقيه اللهم للشرح ))

غَيّوضْ · 15 مايو 2008

زيزوم قال:
عادي ياقلبي

لاهنت شغل الهايجاك قفل متصفح الانترنت
وباستخدام البرنامج Hijack This اللي عملت فيه التقرير
اعمل فحص جديد واشر على هذه القيم >>> واضغط على Fix Checked

O4 - HKLM\..\Run: [eiqdvoq] C:\Program Files\Common Files\System\fphwhio.exe

O4 - HKLM\..\Run: [pytsmvt] C:\Program Files\Common Files\Microsoft Shared\nviwish.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

وهذا شرح للعمليه (( القيم غير حقيقيه اللهم للشرح ))

جزاك الله الف خير ورحم الله والديك

واسكنهم فسيح جناته استاذ زيزووم

نفذت كل الخطوات بالتمام ...

هل من شيء آخر أعمله

وبالنسبة لعمل الجهاز الأن ممتاااااز ولكن عروض

البوربوينت لا تعمل يعني لما اجي افتح عرض من

العروض تطلع لي رسالة ماعرف ايش مضمونها

؟؟؟؟؟؟؟؟

زيزوووم · 16 مايو 2008

أدعو الله أن يتقبل دعائك ... وأن يجمعنا وإياك ووالدي ووالديك في جنات النعيم ..

آمــــــــين يارب العالـــمـــين ..

لاهنت وتسلم ياغالي

وياليت تعمل صوره للرسالة

غَيّوضْ · 16 مايو 2008

زيزوم قال:
أدعو الله أن يتقبل دعائك ... وأن يجمعنا وإياك ووالدي ووالديك في جنات النعيم ..

آمــــــــين يارب العالـــمـــين ..

لاهنت وتسلم ياغالي

وياليت تعمل صوره للرسالة

مساك الله بالخير أستاذي وعساك عالقوة

لاهنت هذي صورة الرسالة اللي تطلع لي عند

تشغيل عرض البوربوينت

زيزوووم · 16 مايو 2008

يقويك وتسلم يالغلااا

اذا عندك الاوفيس اعد تركيبه

غَيّوضْ · 16 مايو 2008

زيزوم قال:
يقويك وتسلم يالغلااا

اذا عندك الاوفيس اعد تركيبه

استاذي معليش ترى والله عليمي للحين

ياريت تعلمني كيف خطوات التركيب وبعدين الأوفس اشوفه في

قائمة البرامج موجود

زيزوووم · 16 مايو 2008

هلااا فيك يالغلااا
اعد تركيبه فقط >>> حتى تنحل المشكله
والشرح للتركيب .. ياليت تعطيني رقم الاصدار اللي عندك

غَيّوضْ · 16 مايو 2008

زيزوم قال:
هلااا فيك يالغلااا
اعد تركيبه فقط >>> حتى تنحل المشكله
والشرح للتركيب .. ياليت تعطيني رقم الاصدار اللي عندك

معليش استاذ مو عارف من وين اطلع رقم الأصدار بس مكتوب ميكروسوفت 2007 بيتا

يعني وورد 2007 بيتا وهكذا الباقي كله 2007 بيتا

:b: :b:

خجلان من تناحتي

عضو شرف

توقيع : غَيّوضْ

عضو شرف

توقيع : غَيّوضْ

عضو شرف

عضو شرف

عضو شرف

عضو شرف

توقيع : غَيّوضْ

عضو شرف

توقيع : غَيّوضْ

عضو شرف

عضو شرف

توقيع : غَيّوضْ

عضو شرف

عضو شرف

توقيع : غَيّوضْ

عضو شرف

عضو شرف

توقيع : غَيّوضْ

عضو شرف

عضو شرف

توقيع : غَيّوضْ

عضو شرف

عضو شرف

توقيع : غَيّوضْ

عضو شرف

عضو شرف

توقيع : غَيّوضْ

عضو شرف

عضو شرف

توقيع : غَيّوضْ