السلام عليكم ورحمة الله وبركاته
اخواني هذا اول موضوع لي ومحتاج مساعدتكم لي الله لايهينكم

افتح الانترنت اكسبلور يفتح معاي
يجيني صفحة مكتوب فيها

Insecure Internet activity. Threat of virus attack
ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ ـــــــــــــــــــــــ
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register AntiSpyCheck.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing. (http://www.antispycheck.com/buy_online.php?aid=1012)
Continue to this website unprotected (not recommended). (javascript:c_alert();)


ولما ادخل اي موقع ثواني يطلع لي تقرير تعذر على انترنت اكسلبور سيتم الاغلاق ارسال تقرير ويقفل وافتح من جديد نفس المشكلة ويالله يفتح معي موقع بعد عدة محاولات والله عقدني ارجوكم شوفو لي حل الله يرضى عليكم

اللي يعرف حل منكم اخواني يساعدني بليز

تكفون اخواني والله محتاج مساعدتكم
لاتخذلوني ارجوووووووووووووووووووكم
والله مارح انساها لكم

لا هنت أخوي
حمل هذا البرنامج
http://download.hijackthis.eu/hijackthis_199.zip (http://download.hijackthis.eu/hijackthis_199.zip)
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم


:D

مشكووور يالغالي بس الله لايهينك كيف طريقة تشغيل الرنامج وانتظر ردي في التقرير

والله ما اعرف ارفع التقرير عن طريق المرفقات عشان كذا نسخت التقرير ولصقته واعذرني يالغالي
ترا انا واحد اثول بالانترنت


وهذا التقرير

Logfile of HijackThis v1.99.1
Scan saved at 06:32:35 م, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX09.782\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - C:\Program Files\ASC 2.1\ASCWarning32.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program Files\Web Technologies\iebt.dll
O3 - Toolbar: Internet Service - {65742936-8079-408B-9F3C-874B78030A72} - (no file)
O3 - Toolbar: (no name) - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browseroption.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browseroption.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://67.198.202.154/talk.cab
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://67.198.202.154/ReadUid.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B40F7ED-D8B2-46BB-8599-D11A4593BAE2}: NameServer = 4.2.2.3 4.2.2.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

ما ادري اذا كان قصدك هذا او غيره

ادري اني تعبتك معاي و بتمل مني لكن مالنا غنى عنكم

جهازك رايح فيها

بس مالك إلا أنه يكون نظيف ..:D




( 1 )


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
http://download.bleepingcomputer.com/sUBs/ComboFix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


--------------------------------------------



( 2 )



واعمل تقرير جديد للهايجاك

اخوي حذفت كل برامج الجمايه وحملت البرنامج تبعك وجربته وطلعلي هالتقرير

ComboFix 08-07-26.1 - User 07/27/2008 18:59:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.652 [GMT 3:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\User\My Documents\My Documents.url
C:\Documents and Settings\User\My Documents\My Music\My Music.url
C:\Documents and Settings\User\My Documents\My Videos\My Video.url
C:\Program Files\AAV
C:\Program Files\AAV\aav0.dat
C:\Program Files\AAV\aav1.dat
C:\Program Files\alexa toolbar
C:\Program Files\alexa toolbar\uninstall.exe
C:\Program Files\Web Technologies
C:\Program Files\Web Technologies\iebt.dll
C:\Program Files\Web Technologies\myd.ico
C:\Program Files\Web Technologies\mym.ico
C:\Program Files\Web Technologies\myp.ico
C:\Program Files\Web Technologies\myv.ico
C:\Program Files\Web Technologies\ot.ico
C:\Program Files\Web Technologies\ts.ico
C:\Program Files\Web Technologies\wcm.exe
C:\Program Files\Web Technologies\wcu.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 13:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-27 11:59 --------- d-----w C:\Program Files\Dachshund Software
2008-07-27 11:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 11:04 --------- d-----w C:\Program Files\IObit
2008-07-27 11:04 --------- d-----w C:\Program Files\Ashampoo
2008-07-27 11:04 --------- d-----w C:\Documents and Settings\User\Application Data\TVU Networks
2008-07-27 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-07-27 11:03 --------- d-----w C:\Program Files\Unlocker
2008-07-27 11:03 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-07-27 11:03 --------- d-----w C:\Program Files\RCrawler
2008-07-27 11:03 --------- d-----w C:\Program Files\Makeovers Trial
2008-07-27 11:02 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-25 15:57 --------- d-----w C:\Documents and Settings\User\Application Data\URSoft
2008-07-25 15:39 --------- d-----w C:\Program Files\lg_fwupdate
2008-07-23 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-23 07:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-22 18:22 --------- d-----w C:\Program Files\Ela-Salaty
2008-07-22 12:43 --------- d-----w C:\Program Files\Huawei technologies
2008-07-21 05:41 --------- d-----w C:\Program Files\Mobily Connect Card
2008-07-21 05:10 --------- d-----w C:\Program Files\ASC 2.1
2008-07-19 04:18 --------- d-----w C:\Documents and Settings\User\Application Data\Media Player Classic
2008-07-18 07:34 --------- d-----w C:\Documents and Settings\User\Application Data\CyberLink
2008-07-18 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-18 05:18 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-07-17 01:10 --------- d-----w C:\Program Files\LtUcx
2008-07-17 00:28 --------- d-----w C:\Program Files\Sun
2008-07-16 21:08 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-07-16 19:44 --------- d-----w C:\Documents and Settings\User\Application Data\DivX
2008-07-10 14:42 --------- d-----w C:\Program Files\Toshiba
2008-07-10 14:32 --------- d-----w C:\Program Files\O2Micro Flash Memory Card Driver
2008-07-10 14:29 --------- d-----w C:\Program Files\Dell
2008-07-03 23:13 --------- d-----w C:\Program Files\Symantec
2008-07-03 23:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-22 15:39 27,262,976 ----a-w C:\VIRTPART.DAT
2008-06-22 15:27 --------- d-----w C:\Documents and Settings\User\Application Data\Symantec
2008-06-22 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-22 14:45 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-22 14:45 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-06-22 14:44 --------- d-----w C:\Program Files\DellTPad
2008-06-22 14:34 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-22 14:34 172,032 ------w C:\WINDOWS\Setup1.exe
2008-06-22 14:31 --------- d-----w C:\Program Files\iTunes
2008-06-22 14:31 --------- d-----w C:\Program Files\iPod
2008-06-22 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-22 14:30 --------- d-----w C:\Program Files\QuickTime
2008-06-22 14:30 --------- d-----w C:\Program Files\Apple Software Update
2008-06-22 14:29 --------- d-----w C:\Program Files\MSN Messenger
2008-06-22 14:25 --------- d-----w C:\Documents and Settings\User\Application Data\Ahead
2008-06-22 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-22 14:23 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-22 14:22 --------- d-----w C:\Program Files\Nero
2008-06-22 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-22 14:20 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-22 14:19 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-06-22 14:19 --------- d-----w C:\Program Files\Picasa2
2008-06-22 14:19 --------- d-----w C:\Program Files\mpegable
2008-06-22 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-22 14:18 --------- d-----w C:\Program Files\Yahoo!
2008-06-22 03:39 --------- d-----w C:\Program Files\DivX
2008-06-22 03:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-22 03:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-22 03:31 --------- d-----w C:\Program Files\Realtek
2008-06-22 03:31 --------- d-----w C:\Documents and Settings\User\Application Data\InstallShield
2008-06-22 03:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-22 03:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-06-22 03:25 --------- d-----w C:\Program Files\Real
2008-06-22 03:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-22 03:25 --------- d-----w C:\Program Files\Common Files\Real
2008-06-22 03:24 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-06-22 03:24 --------- d-----w C:\Program Files\Macromedia
2008-06-22 03:22 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-22 03:00 --------- d-----w C:\Program Files\CyberLink
2008-06-22 02:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-22 02:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-22 02:51 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-22 02:46 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-22 02:40 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-22 02:34 --------- d-----w C:\Program Files\Broadcom
2008-06-22 02:26 --------- d-----w C:\Program Files\Intel
2008-06-22 00:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 10:55 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/22/2008 06:25 AM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxva
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
R3 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [02/15/2008 04:46 AM]
R3 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [02/15/2008 04:46 AM]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;C:\WINDOWS\system32\Drivers\OEM13Afx.sys [06/08/2007 11:00 AM]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys [03/06/2007 04:45 AM]
R3 OEM13Vid;Creative Camera OEM013 Driver;C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys [01/08/2008 11:00 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02db351e-58a6-11dd-9917-001e37f3456e}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e1eeb80-5360-11dd-98ee-001e37f3456e}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e1ef0f6-5360-11dd-98ee-001e37f3456e}]
\Shell\AutoRun\command - G:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!>:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-TaskSYSTEM0@ []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Evidence Eliminator - C:\Program Files\Evidence Eliminator\ee.exe
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKCU-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{9B40F7ED-D8B2-46BB-8599-D11A4593BAE2}: NameServer = 4.2.2.3 4.2.2.4
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://67.198.202.154/talk.cab
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.202.154/ReadUid.CAB
C:\WINDOWS\Downloaded Program Files\ReadUid.ocx

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 19:00:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\User\LOCALS~1\Temp\ASFWHide"
.
Completion time: 07/27/2008 19:01:22
ComboFix-quarantined-files.txt 2008-07-27 16:01:15
Pre-Run: 35,114,438,656 bytes free
Post-Run: 35,142,660,096 bytes free
206 --- E O F --- 2008-07-27 07:58:16


ياليت تفسر لي

مشكووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووو ووووووووووووووووووووووووووووووووووووووووووووووووووووووووووور الف شكر لك يالغالي اقسم بالله فكيت لي ازمه خذيت فره على الانترنت ولاصار شي شي
تعجز الكلمات عن شكرك
لولا الله ثم انت والله كان رميت كمبيوتري من جد عقدني
الف شكر لك يالغالي وماراح انساها لك
بس سؤال لو سمحت ارجع واحمل برنامج الحماية
كنت محمل برنامج الكاسبر وحذفته بطلب منك لكن الحين اقدر احمله؟؟؟؟
لك

وشكرا

مشكووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووووو ووووووووووووووووووووووووووووووووووووووووووووووووووووووووووور الف شكر لك يالغالي اقسم بالله فكيت لي ازمه خذيت فره على الانترنت ولاصار شي شي




تعجز الكلمات عن شكرك

لولا الله ثم انت والله كان رميت كمبيوتري من جد عقدني

الف شكر لك يالغالي وماراح انساها لك
بس سؤال لو سمحت ارجع واحمل برنامج الحماية
كنت محمل برنامج الكاسبر وحذفته بطلب منك لكن الحين اقدر احمله؟؟؟؟
لك





وشكرا






ياراجل تونا في بداية الأمر

جهازك مازال في اصابات كثيرة




اعمل تقرير جديد

HijackThis





البرنامج إللي عطيتك في أول رد لي






:D

هذا التقرير يالغالي وطمني بسرعه لاني الحين على نار

Logfile of HijackThis v1.99.1
Scan saved at 07:23:09 م, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.766\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://67.198.202.154/talk.cab
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://67.198.202.154/ReadUid.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B40F7ED-D8B2-46BB-8599-D11A4593BAE2}: NameServer = 4.2.2.3 4.2.2.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

احذف التالي
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://67.198.202.154/ReadUid.CAB


طريقة الحذف

http://www.zyzoom.net/vb_up/upload/wh_31752766.png

ثم نزل هالاداة لتنظيف الجهاز

http://www.atribune.org/ccount/click.php?id=1 (http://www.atribune.org/ccount/click.php?id=1)

http://www.zyzoom.net/vb_up/upload/wh_15149054.png

واعمل تقرير ثاني لـ hijackthis

في انتظااارك ...

سويت كل اللي قلت لي عليه وبالنسبه لللبرنامج الثاني سويته بس طلع لي مربع مكتوب فيه
no files were removed

وسويت تقرير وطلعت هالنتيجه وتكفى طمني

Logfile of HijackThis v1.99.1
Scan saved at 07:44:52 م, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.329\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.235\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://67.198.202.154/talk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B40F7ED-D8B2-46BB-8599-D11A4593BAE2}: NameServer = 4.2.2.3 4.2.2.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

احذف هذي بس


O11 - Options group: [INTERNATIONAL] International*



ثم


عطل استعادة النظام


http://albronz.net/me/DTeamp/dis_sys_xp.jpg






حمل هالأداة


http://zyzoom.net/zyzoom_absba_/doc/...v0.60.0.24.exe (http://zyzoom.net/zyzoom_absba_/doc/Dial-a-fix/Dial-a-fix-v0.60.0.24.exe)


http://zyzoom.net/zyzoom_absba_/pics/Dial-a-fix.png


اضغط على الصح الاخضر
ثم
GO
بعدها بثواني بيطلع لك الوقت والتاريخ


حط موافق
انتظرالأداة حتى تنتهي من عمليه الأصلاح


ثم


حمل أداة إزالة قيود الفيروسات
http://en.sergiwa.com/modules/mydownloads/visit.php?cid=2&lid=1
[/URL]
وحط صح أمام أي عبارة حمراء
ثم
اضغط على . REMOVE


ثم


سوي تحديث للويندوز
[URL="http://windowsupdate.microsoft.com/"]http://windowsupdate.microsoft.com/ (http://en.sergiwa.com/modules/mydownloads/visit.php?cid=2&lid=1)





واعمل تقرير جديد

اخوي سويت كل شي الا بعض الاشياء
وهي
وهي اداة ازالة قيود الفيروسات
ماطلعت الصوره عندي
تطلع لي علامة اكس
من هنا وتحت ماسويتها للحين اما الباقي سويته
بانتظارك يالغالي

اخوي تعبتك معي والله لكن تحملني
الرابط حق اداة ازالة قيود الفيروسات طلع بس المشكلة الرابط مايفتح
يجيني صفحة مكتوب فيها


Network Error (tcp_error)

A communication error occurred: "Operation timed out" The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
For assistance, contact your network support team.

اخوي تعبتك معي والله لكن تحملني
الرابط حق اداة ازالة قيود الفيروسات طلع بس المشكلة الرابط مايفتح
يجيني صفحة مكتوب فيها


Network Error (tcp_error)

A communication error occurred: "Operation timed out" The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
For assistance, contact your network support team.

حملها من هنا
http://en.sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=1

نفس المشكله يالغالي

يطلع

Network Error (tcp_error)

A communication error occurred: "Operation timed out" The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
For assistance, contact your network support team.

تعبتك معي حملها من المرفقات

لا بالعكس انا اللي تعبتك معاي والله انك ماتقصر
ابشرك خلصت كل شي بس الله لايهينك تشرح لي كيف احدث الويندوز لاني دخلت على الرابط
ولا عرفت اسوي شي
والله اني تعبتك معاي
الله يجزاك الف خير ويجعلها في موازين حسناتك

هلا فيك اخوي معليش ازعجناك بس
هل اقدر احمل برامج حمايه وشكرا
وهذا التقرير حق اخر شي وطمني الله يعطيك العافيه



Logfile of HijackThis v1.99.1
Scan saved at 12:58:26 ص, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.438\RRT.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://67.198.202.154/talk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B40F7ED-D8B2-46BB-8599-D11A4593BAE2}: NameServer = 4.2.2.3 4.2.2.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

بخصوص برنامج
أنا ما قلتلك أحذفه
أنا قايل عطله يعني وقف الحمايه
أو كليك يمين واختر من القائمة
Exit
بس مادام أنك حذفته
ركب الكاسبر سيكورتي 2009

أما التقرير فسليم
بس شغل جدار الحمايه للويندوز