ايقونآت سطح المكتب تختفي ( جميع التقارير )

السلام عليكم ورحمة الله وبركآته ..

كيفكم ايهآ الزيزوميين يآرب على أحسن حال ..؟

بصرآحة بعد تجآرب عدة وبحث في موقع زيززوم ما وجدت حل بنفسي .. :er:

فقلت لأزم اشووف مسآعدة من جهة آخرى وانزل موضوع لحبايبنآ الزيزوميين وبيحلوهآ باذن الله ..!:b:

الموضوع وما فيه ان ايقونآت سطح المكتب وشريط المهام مختفيه ولا اقدر اضغط كلك يمين
وجربت كل شي ..! :d:

هذآ تقرير هايجآك ..


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:36 م, on 07/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\WINDOWS\system32\crypserv.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\win\My Documents\Downloads\HijackThis.exe
C:\Program Files\Microsoft Office\Office12\MSPUB.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Messenger Plus Live UAE Toolbar - {e67adb76-8c25-45c9-8795-7f26c9a71e9b} - C:\Program Files\Messenger_Plus_Live_UAE\tbMes2.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Messenger Plus Live UAE Toolbar - {e67adb76-8c25-45c9-8795-7f26c9a71e9b} - C:\Program Files\Messenger_Plus_Live_UAE\tbMes2.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Messenger Plus Live UAE Toolbar - {e67adb76-8c25-45c9-8795-7f26c9a71e9b} - C:\Program Files\Messenger_Plus_Live_UAE\tbMes2.dll
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [F56BCE] C:\WINDOWS\system32\ABF601\F56BCE.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe " -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [pmnol] C:\Documents and Settings\win\pmnol.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ،،،،،،.lnk = C:\WINDOWS\system32\ABF601\F56BCE.EXE
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: Download &Flash Video - FlashBee - res://C:\Program Files\FlashBee\FlashBee.dll/201
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1265396540656
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: خدمة تحديث Google (gupdate1caa76b3487a6c8) (gupdate1caa76b3487a6c8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/win/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 10821 bytes

وهـذآ رن سكانر ..

هنـــآ
ـــــــــــــــــــــــــ ـــــــــــــــــــــــــ ــــــــــــ

وهذآ تقرير مالوربايت ..؟


************' Anti-Malware 1.50.1.1100
www.************.org

Database version: 5483

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/01/2011 01:32:41 م
mbam-log-2011-01-09 (13-32-41).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 312424
Time elapsed: 9 hour(s), 27 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC} (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\دورة تعلم الفوتوشوب خطوة بخطوة للمبتدئين (fafa11).MyNSHandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\win\local settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\win\Desktop\نص الدسك توب\اخر تعديل_files\برامج\Arabic2\photoeditor\tm ppic\temp. bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\win\Desktop\نص الدسك توب\اخر تعديل_files\برامج\معالج الصور\products\bcd4.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\win\Desktop\نص الدسك توب\اخر تعديل_files\برامج\معالج الصور\products\bcd5.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\win\Desktop\Keygen\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\documents and settings\win\local settings\Temp\E_4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\program files\Arabic2\photoeditor\tmppic\temp.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\معالج الصور\products\bcd4.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\معالج الصور\products\bcd5.gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc8dfc50-af2b-44f9-bb69-029dae017d20}\RP216\A0328165.EXE (Trojan.FlyStudio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc8dfc50-af2b-44f9-bb69-029dae017d20}\RP216\A0328167.EXE (Trojan.FlyStudio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc8dfc50-af2b-44f9-bb69-029dae017d20}\RP216\A0328168.EXE (Trojan.FlyStudio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc8dfc50-af2b-44f9-bb69-029dae017d20}\RP217\A0335157.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cc8dfc50-af2b-44f9-bb69-029dae017d20}\RP217\A0335158.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\17CEF3\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\WINDOWS\mui\FALLBACK\0401\calc.exe.mui (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\win\start menu\Programs\Startup\،،،،،،.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\win\local settings\Temp\E_4\krnln.fnr (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\win\local settings\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.


ولآني ما بعد ماسويت تنظيف بالمالوربايت صرت

افتح قائمه ابدأ عشان اوصل للمستندات او الصور او الموسيقى او لوحه التحكم تظهر لي هذه النافذه !



فكلي أمل بعد الله فيكم تحلوآ هالمشكلة ؟؟

آسف طولت شوي بس هذآ عشآن تكونوآ في الصورة :q:

فائق احترآمي وتقديري

لقلوبكم :getsmile.tmp0018417

أكثر...