مشكلة انهيار الفايرفوكس
 

دخلت موقع مدري كيف دخلته الا فجأه طالعة على صوره مش كويسه


انا استغربت منها المهم اغلقتها الا وبعد شوي طالعة على مره ثانيه


وكل مااغلقتها تطلع وبعد كذا طلعت صوره ثانيه مكتوب فيها هل تريد صور اخرى

ضع الصوره خلفيه لجهازك المهم تركتها

وفجأة ينهار الفابرفوكس وكل ماجيت بفتح تجيني رسالة واجه الفايرفوكس مشكلة وانهار





وكذلك تجيني :::

توقف الفايرفوكس عن العمل
حدثت مشكلة تسببت في عمل البرنامج بشكل غير صحيح

سيقوم ويندز باغلاق البرنامج


وش السواه يازعماء

أهـلآ وسهـلآ

قد حدثتلي المشكلة اثنـآء تصفح موقع قيمزر المشهور بالبلياردو وكان أحد المستخدمين أرسلي كود تعليق وحدثت المشكلة

هل المشكلة أتت مرة وآحدة ؟ .. أذا كانت أكثر من مرة
أتوقع انه يوجد ملف تجسس بجهازك أو فـآيروس

يوجد برنـآمج صغير سوف يحل المشكلة بأذن الله

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
::أضغط هنـآ للتحميل::
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير قم بنسخه وارسآله بردك القـآدم

بالتوفيق :)

هلابك اخووووي هذا التقرير لاهنت




ComboFix 09-10-11.03 - أبو خالد 10/12/2009 19:23.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1256.966.1025.18.1014.315 [GMT 3:00]
Running from: c:\users\أبو خالد\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\users\أبو خالد\AppData\Roaming\addons.dat
c:\users\أبو خالد\AppData\Roaming\Bifrost
c:\users\أبو خالد\AppData\Roaming\Bifrost\server.exe
c:\windows\system32\mpxa.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-12 16:37 . 2009-10-12 16:38 -------- d-----w- c:\users\أبو خالد\AppData\Local\temp
2009-10-12 16:37 . 2009-10-12 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-12 09:56 . 2009-10-12 10:03 -------- d-----w- c:\users\أبو خالد\AppData\Roaming\FairStars Recorder
2009-10-12 09:56 . 2009-10-12 10:03 -------- d-----w- c:\program files\FairStars Recorder
2009-10-11 11:53 . 2009-10-11 11:53 -------- d-----w- c:\users\أبو خالد\AppData\Roaming\Any DVD Converter Professional
2009-10-11 11:53 . 2009-10-11 11:53 -------- d-----w- c:\program files\Any DVD Converter Professional
2009-10-11 11:46 . 2009-10-11 11:46 -------- d-----w- c:\program files\Any Video Converter
2009-10-11 11:24 . 2009-10-11 11:46 -------- d-----w- c:\users\أبو خالد\AppData\Roaming\Any Video Converter
2009-10-11 08:16 . 2009-10-11 08:16 -------- d-----w- C:\tmp
2009-10-11 07:40 . 2009-10-11 08:36 -------- d-----w- C:\Download
2009-10-11 07:39 . 2009-10-11 07:41 -------- d-----w- C:\YouTubeGet
2009-10-02 23:11 . 2009-10-01 07:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-24 08:30 . 2009-09-29 10:11 -------- d-----w- c:\users\أبو خالد\كاسبر سكاي 7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 16:15 . 2008-09-26 20:44 43549216 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-12 14:39 . 2008-09-26 10:57 -------- d-----w- c:\programdata\Kaspersky Lab
2009-10-12 11:15 . 2008-09-26 20:44 587240 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-12 11:15 . 2008-08-09 16:37 1660 ----a-w- c:\windows\bthservsdp.dat
2009-10-12 11:07 . 2008-06-21 14:55 116784 ----a-w- c:\users\أبو خالد\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-11 11:41 . 2009-05-08 09:05 -------- d-----w- c:\program files\JLC's Software
2009-10-11 11:40 . 2008-08-09 18:34 -------- d-----w- c:\program files\Total Video Converter
2009-10-03 21:49 . 2008-06-21 18:55 -------- d-----w- c:\program files\Google
2009-10-02 07:29 . 2008-06-23 09:33 -------- d-----w- c:\program files\Windows Live
2009-09-29 20:20 . 2006-12-05 05:25 81136 ----a-w- c:\windows\system32\perfc001.dat
2009-09-29 20:20 . 2006-12-05 05:25 460662 ----a-w- c:\windows\system32\perfh001.dat
2009-09-27 07:29 . 2009-02-13 21:07 -------- d-----w- c:\programdata\licenselessway
2009-09-23 22:35 . 2009-08-31 06:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-23 21:03 . 2008-07-08 11:19 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-09-23 17:55 . 2008-09-26 20:45 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-23 17:55 . 2008-09-26 20:45 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-12 15:05 . 2008-09-15 22:51 -------- d-----w- c:\users\أبو خالد\AppData\Roaming\uTorrent
2009-07-26 13:44 . 2009-07-26 13:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pop Film"="c:\programdata\peak bait bait.7l1jnnu" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\system32\MSCONFIG.exe" [2006-11-02 222208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-20 198160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-12-11 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^أبو خالد^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\أبو خالد\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DFA5C827-8656-40C7-BB4B-C16C68F35A8B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E50B61B5-B1C6-4944-B0FA-B7AF86E28229}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E90B8468-FB3C-4233-83CE-96AAA7AAB200}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC5F740F-F4A8-4827-9C0A-68812A1945FE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FBC8D5C4-1DA9-42A1-BE04-B1B5E361D2C3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{1A6F5781-D280-4CBF-AD77-D6FF02A9B1AE}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{283D8950-F29A-41C8-9FCB-D511BC6F3AB3}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{1DE2D94B-CACD-421A-9A2C-00FE5A47EA13}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{04042E48-731A-413C-9415-6043E915C04B}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{DBBC82FF-A201-400F-93E6-9260645B22A3}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorEngine
"{D78C021F-6998-4E9F-80B8-FA32E0D1D3A6}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorEngine
"{D0F16533-7D9C-4884-9134-1C4B8A836FA2}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{84696C03-9B67-427C-A9F9-8C34D23FE1FD}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{057583B1-02EC-47BC-9926-5EBF19C8E520}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{744F4E2B-B4CD-49DE-B7C0-BAF28A4EA0B5}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{AD221321-597D-43EF-B8BA-4BB494606488}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0364C24A-3978-4B2B-9B4E-0097B5F707D6}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"TCP Query User{DCDD01C0-2F9F-4502-97DC-4DBE5A994800}c:\\users\\أبو خالد\\desktop\\170 kb\\utorrent.exe"= UDP:c:\users\أبو خالد\desktop\170 kb\utorrent.exe:utorrent.exe
"UDP Query User{3690D600-8036-4D84-B48D-C40DCAE4DEA9}c:\\users\\أبو خالد\\desktop\\170 kb\\utorrent.exe"= TCP:c:\users\أبو خالد\desktop\170 kb\utorrent.exe:utorrent.exe
"{6071FE97-2993-420A-AA9A-78CA5D14F3B9}"= UDP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0
"{9766AE81-EE80-4948-9762-6AED175DEF89}"= TCP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0
"TCP Query User{D786112E-C11D-4F33-83FD-F1C7730B49B2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C9211929-7049-4A8A-8CA1-70F9EAAF44DF}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C4B89E3A-FE57-4562-9FCD-7BB6824DA770}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{79C5BA38-52A7-4B79-BA82-E54DD22B2053}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{86737E9C-5070-4453-90AF-A8776FEA0D09}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{59B4727F-200A-4221-9C0F-B81BFF9711FF}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{87C05B45-C1EC-4C01-A851-6944DA282F14}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{0639D79A-0666-42C2-ACC8-373E8F0CFFEC}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{7B71AFC2-481F-4198-AE6B-23F01DFB40E9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{5624AA50-0120-4296-B69F-3BABDE5B3459}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{E0403DFE-4F36-4C08-992D-ED37CDF1AAA5}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FBDA1E1C-7CCC-4468-A914-246870BD6973}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{C51192AD-A25E-4A37-B47B-0BCB1562C2C1}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{FCF74C6E-49E2-4C98-BDF2-BFE1629D853A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{043488E9-2058-4A99-9948-628EA1C6DCC2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{ADF5CCE6-013B-4167-93F5-D2E4B76F10B6}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"TCP Query User{F21A4A18-B7C5-4CB8-8161-6628DACD9732}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"UDP Query User{3D04171C-F290-4717-BD86-78E4DFCB1A58}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"TCP Query User{546671C7-3F89-4FE3-BCA6-DE5E52FE2298}c:\\program files\\www.cproxy.com\\cproxy.exe"= UDP:c:\program files\www.cproxy.com\cproxy.exe:CPROXY.com
"UDP Query User{5A0FE89A-3B9D-4649-8653-5541E431150D}c:\\program files\\www.cproxy.com\\cproxy.exe"= TCP:c:\program files\www.cproxy.com\cproxy.exe:CPROXY.com
"TCP Query User{DC023BFA-810A-4D58-AE5C-B95137D8CD6F}c:\\program files\\www.cproxy.com\\cproxy.exe"= UDP:c:\program files\www.cproxy.com\cproxy.exe:CPROXY.com
"UDP Query User{D6F9DD69-C1C8-4A3F-8D05-BAA95C231C7A}c:\\program files\\www.cproxy.com\\cproxy.exe"= TCP:c:\program files\www.cproxy.com\cproxy.exe:CPROXY.com
"TCP Query User{ED7F844F-036B-46B7-96B3-E7676FCE0AD3}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"UDP Query User{7ADB007B-1355-44F8-A620-41701C372D9F}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"TCP Query User{C1C069D3-BE08-4A88-AE54-4244F84520DC}c:\\users\\أبو خالد\\appdata\\local\\temp\\rar$ex00.852\\170 kb\\utorrent.exe"= UDP:c:\users\أبو خالد\appdata\local\temp\rar$ex00.852\170 kb\utorrent.exe:utorrent.exe
"UDP Query User{8AEE6E1E-12E5-47D3-9A3A-7C7F249D3D85}c:\\users\\أبو خالد\\appdata\\local\\temp\\rar$ex00.852\\170 kb\\utorrent.exe"= TCP:c:\users\أبو خالد\appdata\local\temp\rar$ex00.852\170 kb\utorrent.exe:utorrent.exe
"TCP Query User{78F93C42-73B6-43E6-9C76-2618412CB133}c:\\users\\أبو خالد\\desktop\\utorrent.exe"= UDP:c:\users\أبو خالد\desktop\utorrent.exe:utorrent.exe
"UDP Query User{9CDE1647-ECC1-4E81-B93D-14838DBBE5EC}c:\\users\\أبو خالد\\desktop\\utorrent.exe"= TCP:c:\users\أبو خالد\desktop\utorrent.exe:utorrent.exe
"{A25307C9-D42E-4910-8FDA-4ECD4293E170}"= UDP:c:\windows\System32\mpxa.exe:mpxa
"{B22B7796-EAAE-42D8-ADA6-8F7080169ABC}"= TCP:c:\windows\System32\mpxa.exe:mpxa
"TCP Query User{7F253916-9CED-438F-9C2C-F39FB1B51F34}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{850071BF-D2B4-4DF8-9333-65EE9D5AC29A}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{4377A438-13A8-4C6D-B411-98B6721A65C9}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B9B87D35-9A8B-4123-94E1-1C403841A48C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\MSNShell\\Bin\\engie.exe"= c:\program files\MSNShell\Bin\engie.exe:*:Enabled:MSNShell
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [04/04/07 02:59 م 20760]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28/08/08 11:48 م 3664384]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [21/06/08 05:58 م 240128]
S2 gupdate1ca447372954750;gupdate1ca447372954750;c:\program files\Google\Update\GoogleUpdate.exe [04/10/09 12:49 ص 133104]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [02/09/08 04:14 م 191656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 21:49]

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 21:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for - file:///C:/Windows//classes/xmldso.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://174.37.178.22:1999/ReadUid.CAB
FF - ProfilePath - c:\users\أبو خالد\AppData\Roaming\Mozilla\Firefox\Profiles\i9m3ftg7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\users\أبو خالد\AppData\Roaming\Mozilla\Firefox\Profiles\i9m3ftg7.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{B02C8A79-166D-EAED-C15F-3D1CC66CC436} - c:\users\أبو خالد\AppData\Roaming\Bifrost\server.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 19:38
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1466200160-2339364353-1653606426-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1466200160-2339364353-1653606426-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5f,e7,61,18,f4,d6,36,7c,e7,1a,47,f2,db,c6,11,e0,a0,5f,2f,c1,3a,
95,73,95,6e,5b,da,f6,bb,ac,26,d7,77,dc,a4,14,2b,d4,d3,77,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1466200160-2339364353-1653606426-1000_Classes\CLSID\{a3af0d70-306b-468d-adec-9b727f3ab226}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000103
"Therad"=dword:00000019

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\windows\system32\WS2_32.dll

- - - - - - - > 'lsass.exe'(748)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
.
Completion time: 2009-10-12 19:41
ComboFix-quarantined-files.txt 2009-10-12 16:41

Pre-Run: 15,667,068,928 bytes free
Post-Run: 15,478,792,192 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
245 --- E O F --- 2009-06-27 21:40

بآرك الله فيك

جرب الآن وادخل من الفـآير فوكس هل تحدث المشكلة ؟

حاليا

الوضع تمام ولله الحمد

الله يعطيك العافيه يازعيم

هل فية مشكلة بالتقرير

الله يعافيك الحمدالله على حل المشكلة

يوجد برنامج صغير جدآ أسمه هآيجاك يحضرلك تقرير عن جهـآزك شامل وأفضل من البرنامج
الكمبو فيكس ودقيق جدآ

وانـآ افضله بسبب سهولة تحليله
لتحميل برنـآمج الهآيجآك:

::أضغط هنـآ::

شرح أظهـآر التقرير:

http://img119.imageshack.us/img119/1717/29623961.png

وضع التقرير في ردك القآدم
بالتوفيق :yes:

هذا التقرير وياليت توضح لي كيف اعرف اذا كانت فيه مشكلة بالجهاز ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:01 , on 02/09/08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\Integrator.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEARXA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\ar-xa\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra con menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra con menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://voice3.doook.com/cp/files/talk3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

--
End of file - 8486 bytes

بس عندك مشكلة وحدة حدد على القيمة وسولها Fix checked

القيمة هي:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

فقط والجهـآز سليم 100%

بالتوفيق لك :yes:

من وين يالغالي اسويلها Fix checked

أفتح برنامج الهايجاك ثم:

http://img56.imageshack.us/img56/2170/33353802.png

ثم:

http://img56.imageshack.us/img56/7251/60092563.png

بالتوفيق لك

زرقك الله المال والبنون والزوجة الحنون

ماقصرت يازعيم

وماعليش تعبناك معانا