طلب حل لتعارض المكافي مع الكاسبر يوجد صوره

Logfile of HijackThis v1.99.1
Scan saved at 12:51:27 AM, on 3/6/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
​

 

احذف القيم التالية​

O23 - Service: McAfee Engine Service (McAfeeEngineService) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (file missing)​

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)​

O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)​

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe​

طريقة الحذف ​

بعد ذلك ابحث عن اي ملف تابع لبرنامج المكافي في C:\Program Files ...



في انتظارك ... :y:​

​

 

نسيت اقول لك شي ...


من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility


اعمل كما يلي

ارفع علامة الصح من امام كل القيم ذات اللاحقة
C:/program File

ما عدا الانتي فايروس الخاص بك
والمثال هنا على الكاسبر وانت قيس على جهازك






ثم وافق على اعادة التشغيل


​

 

تم كل مافي السابق ولازالت المشكلة

أنا بأتجنن وش السالفة

 

جرب باستخدام الاداة وهي على ما اظن هي احدث من الموجود في الرد السابق​

​

بعد ذلك اعمل تقرير جديد ... :cr: ...​

 

المشكلة قد صارت معي والحل موجود :
في الأول ثبت برنامج كاسبر بعد ماتنتهي من الكاسبر
ثبت المكافي ونشاألله بتنحل المشكله​

 

انا ابي اثبت الكاسبر

ويكون في علمك الله اعلم ان المكافي كان ملحق مع النورتن لان انا ما نزلت المكافي اصلا جاي مع الجهاز النورتن



===============================

التقرير بعد استعمال الاداه واعادة التشغيل

Logfile of HijackThis v1.99.1
Scan saved at 1:41:22 AM, on 3/6/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\AsScrPro.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


=======================

تظهر قيم المكافي لازالت موجوده

لماذا

​

 

أحذف هذي القيمه:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
طريقة الحذف


​

 

مادري انت عمل مثل كذا او لا .... واعمل تشيك على ادارة المهام وشوف فيه اثر للمكافي ..​

 

إيه عملت

ادارة المهام ؟؟؟؟؟

 

ارجع وابحث عن اي ملف في السي ... وكذلك ابحث في الريجستري .. بعد ذلك
...


حمل اداة الكاسبر من الرابط التالي​

http://dnl-eu6.kaspersky-labs.com/devbuilds/AVPTool/​

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل​

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير​

​

​

​

​

​

ثم قم بضغط التقرير ورفعه هنا>>>>شرح الضغط ​

http://www.zyzoomup.com/​

 

بعد اذنكم اخواني ,,
هذا هو برنامج خبيث يلصق نفسه في إضافة وازالة برامج باسم برنامج المكافي
ليمنع برامج الحماية من التثبيت كما تلاحظ في الصورة التالية حتى انه لا يوجد له زر إزالة :cr:
(( الصور مأخوذه من جهازي ))


والحل هو
حمل البرنامج التالي وقم بتثبيته وتسجيله (( التسجيل مرفق مع البرنامج ))



افتح البرنامج واعمل كما بالصورة التالية





إذا طلعت لك نفس هذه الرسالة اضغط على الغاء الأمر



ستظهر لك نفس هذه الرسالة اضغط على نعم









انتهى الحذف والحمد لله
روح نصب اي برنامج حماية تريد ,
بالتوفيق ياغالي ,,

 

كلامك صحيح 100 / 100 ... والمشكلة هذه قد صادفتني ... وتم حذف البرنامج الخبيث بالشرح الموجود اعلاه .. :cr:


ربي يرحم والديك أستاذي الليث الضارب ... :b: ..​

 

^ لعيونكم ^ أداة لحذف جميع أنواع :: الآنتي فايروس :: ومخلفاتهم لتنصيب اي :. برنامج حمايه جديد .: بدون آي مشاكل ‏

>>>> استخدم الاداة في الوضع الامن
​

 

أبو ريما

التقرير

http://www.zyzoomup.com/view.php?file=f7f151e3d7

===========

الليث الضارب

جربت البرنامج هذا

ولكن للأسف المكافي ما يظهر في القائمة

 

سلام عليكم​

كيف وضح جهازك الحين almnsori ... :er:​

 

استخدم الاداة الموجودة في الاسفل .... :er:​

.....​

اداة ComboFix​

​

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

اثناء الفحص ممكن يعاد تشغيل الجهاز​

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى​

 

انتهى الفحص

وهذا التقرير علما ان المشكلة لا زالت ولازال جهازي بدون انتي فيروس (الله يستر)

ComboFix 09-03-06.02 - AL-WED 2009-03-07 15:30:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2140 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.
2009-03-06 20:53 . 2009-03-06 20:53 <DIR> d-------- c:\users\All Users\is-V8HII
2009-03-06 20:53 . 2009-03-06 20:53 <DIR> d-------- c:\programdata\is-V8HII
2009-03-06 20:53 . 2009-03-07 15:33 10,111,008 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-03-06 20:53 . 2008-07-08 13:54 148,496 --a------ c:\windows\System32\drivers\63500369.sys
2009-03-06 20:53 . 2009-03-07 15:32 120,608 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-03-06 20:18 . 2009-03-06 20:18 <DIR> d-------- c:\users\AL-WED\AppData\Roaming\URSoft
2009-03-06 20:18 . 2009-03-06 20:23 <DIR> d-------- c:\program files\Your Uninstaller 2008
2009-03-06 01:10 . 2009-03-06 01:10 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2009-03-06 01:10 . 2009-03-06 01:10 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files
2009-03-05 23:22 . 2009-03-05 23:22 <DIR> d-------- c:\users\AL-WED\AppData\Roaming\Thinstall
2009-03-05 22:52 . 2008-09-29 08:07 74,648 --a------ c:\windows\System32\drivers\mfeapfk.sys
2009-03-05 22:52 . 2008-09-29 08:07 64,432 --a------ c:\windows\System32\drivers\mferkdet.sys
2009-03-05 22:52 . 2008-09-29 08:07 62,704 --a------ c:\windows\System32\drivers\mfetdik.sys
2009-03-05 22:46 . 2009-03-05 22:46 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2009-03-04 19:03 . 2009-03-04 19:03 42 --a------ c:\windows\System32\AK083E209605E394C.lie
2009-03-04 16:41 . 2009-03-04 16:41 <DIR> d-------- c:\users\AL-WED\AppData\Roaming\McAfee
2009-03-01 12:51 . 2009-03-01 13:02 <DIR> d-------- c:\program files\Conquer 2.0
2009-02-26 14:24 . 2008-12-16 06:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-26 14:24 . 2008-12-16 08:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-26 14:24 . 2008-12-16 08:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-26 14:24 . 2008-12-16 08:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-25 23:08 . 2009-02-25 23:08 <DIR> d-------- c:\users\AL-WED\AppData\Roaming\Transcend
2009-02-11 17:58 . 2009-02-11 17:58 <DIR> d-------- c:\users\All Users\Office Genuine Advantage
2009-02-11 17:58 . 2009-02-11 17:58 <DIR> d-------- c:\programdata\Office Genuine Advantage
2009-02-11 17:30 . 2008-06-20 04:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-11 17:30 . 2008-06-20 04:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-11 17:30 . 2008-06-20 04:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-11 17:30 . 2008-06-20 04:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-11 17:30 . 2008-06-20 04:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-11 17:30 . 2008-06-20 04:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-11 17:30 . 2008-06-20 04:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-11 17:30 . 2008-06-20 04:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-11 17:25 . 2009-02-26 21:42 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-11 17:25 . 2008-07-27 21:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-11 17:25 . 2008-07-27 21:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-11 17:25 . 2008-07-27 21:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-11 17:25 . 2008-07-27 21:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-11 17:25 . 2008-07-27 21:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-11 17:11 . 2008-12-05 07:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-11 17:11 . 2008-12-05 07:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-11 17:11 . 2008-12-05 07:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-11 17:11 . 2008-12-05 07:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-11 17:11 . 2008-12-05 07:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 11:07 . 2009-01-15 06:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 11:07 . 2009-01-15 09:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-07 22:18 . 2009-02-07 22:18 <DIR> d-------- c:\users\All Users\Apple Computer
2009-02-07 22:18 . 2009-02-07 22:18 <DIR> d-------- c:\programdata\Apple Computer
2009-02-07 22:18 . 2009-02-07 22:19 <DIR> d-------- c:\program files\QuickTime
2009-02-07 22:17 . 2009-02-07 22:17 <DIR> d-------- c:\users\All Users\Apple
2009-02-07 22:17 . 2009-02-07 22:17 <DIR> d-------- c:\programdata\Apple
2009-02-07 22:17 . 2009-02-07 22:17 <DIR> d-------- c:\program files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 12:32 --------- d-----w c:\users\AL-WED\AppData\Roaming\Orbit
2009-03-06 17:27 --------- d---a-w c:\programdata\Temp
2009-03-04 13:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-01 10:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 04:04 --------- d-----w c:\program files\Orbitdownloader
2009-02-11 14:54 --------- d-----w c:\program files\Windows Mail
2009-02-11 14:35 --------- d-----w c:\program files\Microsoft
2009-02-08 19:35 --------- d-----w c:\programdata\Messenger Plus!
2009-02-07 07:51 --------- d-----w c:\program files\TeamViewer
2009-02-03 12:38 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-02 16:28 --------- d-----w c:\program files\Google
2009-01-31 19:52 --------- d-----w c:\program files\MSXML 4.0
2009-01-31 13:02 --------- d-----w c:\users\AL-WED\AppData\Roaming\HP
2009-01-30 21:54 --------- d-----w c:\users\AL-WED\AppData\Roaming\HPAppData
2009-01-30 21:54 --------- d-----w c:\programdata\HPSSUPPLY
2009-01-30 21:54 --------- d-----w c:\program files\HP
2009-01-30 21:53 --------- d-----w c:\programdata\HP Product Assistant
2009-01-30 21:53 --------- d-----w c:\programdata\HP
2009-01-30 21:53 --------- d-----w c:\program files\Common Files\HP
2009-01-30 20:04 --------- d-----w c:\program files\Hewlett-Packard
2009-01-30 20:03 --------- d-----w c:\programdata\Hewlett-Packard
2009-01-30 20:03 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-01-27 16:19 --------- d-----w c:\users\AL-WED\AppData\Roaming\Bullzip
2009-01-27 16:15 --------- d-----w c:\program files\Bullzip
2009-01-23 20:26 --------- d-----w c:\users\AL-WED\AppData\Roaming\Skype
2009-01-23 13:11 --------- d-----w c:\users\AL-WED\AppData\Roaming\skypePM
2009-01-20 18:13 --------- d-----w c:\program files\Golden Al-Wafi Translator
2009-01-20 18:12 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-01-20 18:12 172,032 ------w c:\windows\Setup1.exe
2009-01-20 18:04 --------- d-----w c:\programdata\Microsoft Help
2009-01-20 03:49 142,848 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2009-01-18 19:14 --------- d-----w c:\program files\QS
2009-01-15 22:10 --------- d-----w c:\program files\Color Planner 2.0
2009-01-14 21:45 --------- d-----w c:\users\AL-WED\AppData\Roaming\GrabPro
2009-01-14 13:15 --------- d-----w c:\program files\Real
2009-01-14 13:15 --------- d-----w c:\program files\Common Files\xing shared
2009-01-14 13:15 --------- d-----w c:\program files\Common Files\Real
2009-01-11 19:21 --------- d-----w c:\users\AL-WED\AppData\Roaming\TeamViewer
2009-01-04 17:27 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-04 17:27 56 ---ha-w c:\programdata\ezsidmv.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-09-07 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-09-07 47672]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
c:\users\AL-WED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-V8HII.lnk - c:\users\AL-WED\Desktop\Virus Removal Tool\is-V8HII\startup.exe [2009-03-06 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
--a------ 2008-02-02 00:29 61440 c:\program files\ASUS\ATK Media\DMedia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
--a------ 2008-01-24 01:34 7766016 c:\program files\ATKOSD2\ATKOSD2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
--a------ 2008-07-19 05:52 104936 c:\program files\CyberLink\Power2Go\CLMLSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
-ra------ 2003-12-22 00:11 17920 c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
--a------ 2008-01-12 08:40 98304 c:\program files\ASUS\ATK Hotkey\HControlUser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-06-09 20:16 2363392 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
--a------ 2008-06-14 04:11 210216 c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-21 05:23 1233920 c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 22:17 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2009-01-08 04:32 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-12-06 13:12 1029416 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-21 05:23 1008184 c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{355B30A9-5690-4C36-9AB0-B1B8038E8402}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{86019295-BA15-47E4-AC1B-56C5F005F2D0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2C546E08-169C-4CB8-9DC7-B6A3DCEC691A}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{4C9633FD-C530-4177-B27B-9715C4C5CD32}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-09-07 29736]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [2008-04-28 3658752]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\System32\drivers\CRFILTER.sys [2008-04-07 6656]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\System32\drivers\mferkdet.sys [2009-03-05 64432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca639e4a-d76d-11dd-b22d-002243a374c8}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca639e6c-d76d-11dd-b22d-002243a374c8}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
*******s of the 'Scheduled Tasks' folder
2009-03-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - AL-WED.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
2009-03-06 c:\windows\Tasks\User_Feed_Synchronization-{38F6C1AF-7442-4E48-ABDF-444FA312C11E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 05:24]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-RegistryMechanic - c:\program files\Registry Mechanic\RMTray.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 15:33:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(708)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3772)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ASUS\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\System32\msiexec.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\conime.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-03-07 15:37:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-07 12:37:08
Pre-Run: 117,789,921,280 bytes free
Post-Run: 117,907,312,640 bytes free
284 --- E O F --- 2009-02-26 11:25:42
​

 

اخوي

ممكن تشوف لي الأداة مره ثانيه

لان هذي اكسبيرد منتهية

 

سلام عليكم

تابع الموضوع التالي ::: درس .. التخلص من الفيروسات الصعبة والتي تعمل بالذاكره وتمنع التحكم بالجهاز :::




​