وربي جنني الكاسبر وينكم ياخبراء

[فتى الاحزان]

السلام عليكم

كيفكم كويسن ان شاء الله

انا مو كويسكاسبر جننننننننننننني

عندي كاسبر 2009

باليوم الواحد يطلع هذي الرساله 1000000000 مره

ايش الحل اخواني :er:

 

[MAAX]

افاااااااااااا
انت ركب ملف الاعدادات وبتزين ان شاء الله :d:

الانترنت سيكيوريتي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح التركيب

 

[Jack Sparrow]

البرنامج يفيد بانه حذف فايروس وعطاك التقرير ..

سو سكان كامل للجهاز وتروح المشكلة

 

[فتى الاحزان]

يااخوي ماكس ماراحت

 

[MAAX]

طيب اخوي اعد تشغيل الجهاز
واذا ظهرت مرة ثانية اضغط على >>>> view report
وارفع صورة

 

[فتى الاحزان]

ابشر طال عمرك

 

[فتى الاحزان]

مازالت الرساله المزعجه موجوده
وحتى بعداعاده التشغيل
:no::no::no::no::no::no::no::er::er::er::er::er:

ولما اضغط عليها يطلع هذا :er::no:

 

[Jack Sparrow]

حمل هذا البرنامج ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثبته بالجهاز وافحص جهازك .. وراح يحذف ال keylogger

 

[فتى الاحزان]

غير متوافق يمكن

شوف

 

[فتى الاحزان]

:er::er::er::no::no::no:

 

[زيزوووم]

:hh::hh::hh:​

<<<<<<<<<<< ايه اضحك وش عليك ​

هلااا حبيب قلبي ... بالاضافة لكلاام الاخوان الاعزاء​

( 1 )​

عطل جميع برامج الحماية ,,

وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes

بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

--------------------------------------------​

( 2 )​

واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log


لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[فتى الاحزان]

مرحبا الف باستاذي وحبيب قلبي زيوم

اعتذر عن التاخير اولا استاذي

بالنسبه لتقرير كومبو فيكس عند عملها الجهاز بنطفي وتطلع شاشه زرقاء جربتها مرتين :no::er:

وتقرير الهايجاك هذا هو

Logfile of HijackThis v1.99.1
Scan saved at 06:29, on 2008-07-04
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\LG Software\On Screen Display Setup\HotKey.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Program Files\RCrawler\rcrawler.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\waleed\Desktop\Messenger 9 Arabic portable\msnmsgr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\waleed\AppData\Local\Temp\Rar$EX00.560\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.11.191.18:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display Setup\HotKey.exe
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [chin film] "C:\ProgramData\Windowloglog.86v0z"
O4 - HKLM\..\Run: [Hope Draw Obj Funk] "C:\ProgramData\ BLAH FOUR.li429j"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Users\waleed\Desktop\Messenger 9 Arabic portable\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: jhyhvfiizvqxte - Helper - c:\windows\system32\IKTBNF~1.EXE
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Virtual flash drive anti-delete server - Unknown owner - C:\Program Files\Virtual Flash Drive\vserver.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

[فتى الاحزان]

الحمد لله زبط الكومبو

ComboFix 08-07-02.5 - waleed 07/04/2008 6:34:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1256.1.1033.18.321 [GMT -7:00]
Running from: C:\Users\waleed\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\waleed\AppData\Roaming\.#
C:\Windows\system32\VideoEA560DEADrivers.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 13:28 --------- d-----w C:\Program Files\lg_swupdate
2008-07-04 13:26 --------- d---a-w C:\ProgramData\TEMP
2008-07-04 13:26 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-04 13:25 2,368 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-07-04 13:19 376,864 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-07-04 12:06 16,380 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-04 12:06 1,824,288 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-02 15:57 --------- d-----w C:\Program Files\SWiSHmax
2008-06-30 21:18 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-06-30 21:18 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-06-28 08:25 --------- d-----w C:\Users\waleed\AppData\Roaming\Thinstall
2008-06-28 03:07 --------- d-----w C:\ProgramData\LICENSE FORD HOPE DRAW
2008-06-25 19:49 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-25 19:40 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-06-24 16:32 --------- d-----w C:\Program Files\Siber Systems
2008-06-22 19:02 4,424 ----a-w C:\Windows\System32\tmp.reg
2008-06-16 08:54 --------- d-----w C:\Users\waleed\AppData\Roaming\cleaner
2008-06-15 16:49 --------- d-----w C:\Users\waleed\AppData\Roaming\CyberScrub
2008-06-14 13:18 --------- d-----w C:\Program Files\Traduce Gratis
2008-06-12 17:03 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 21:42 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-06-08 12:47 --------- d-----w C:\ProgramData\clockfivetick
2008-06-08 12:47 --------- d-----w C:\Program Files\clockfivetick
2008-06-03 19:02 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-06-03 19:02 172,032 ------w C:\Windows\Setup1.exe
2008-05-31 13:16 --------- d-----w C:\Program Files\Virtual Flash Drive
2008-05-31 13:15 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-31 13:06 6,784 ----a-w C:\Windows\system32\drivers\usbminiport.sys
2008-05-31 13:06 5,632 ----a-w C:\Windows\System32\cocpyinf.dll
2008-05-31 12:55 6,784 ----a-w C:\Windows\system32\drivers\usbbus.sys
2008-05-30 18:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-29 17:40 174 --sha-w C:\Program Files\desktop.ini
2008-05-29 17:29 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-29 17:29 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-29 17:29 --------- d-----w C:\Program Files\Windows Defender
2008-05-29 17:29 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-29 17:29 --------- d-----w C:\Program Files\Windows Calendar
2008-05-29 16:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-29 16:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-26 23:01 --------- d-----w C:\Program Files\RCrawler
2008-05-25 18:11 --------- d-----w C:\Users\waleed\AppData\Roaming\TeamViewer
2008-05-25 14:25 --------- d-----w C:\ProgramData\WLInstaller
2008-05-25 14:25 --------- d-----w C:\ProgramData\WindowsLiveInstaller
2008-05-25 14:25 --------- d-----w C:\Program Files\Windows Live
2008-05-22 12:54 --------- d-----w C:\Program Files\Passware
2008-05-17 04:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 21:23 713,504 ----a-w C:\Windows\System32\HMFAx.dll
2008-05-14 21:23 22,304 ----a-w C:\Windows\system32\drivers\HMFAxCorea80a4be6919607b76f003c74d7f19fad.sys
2008-05-14 21:18 22,304 ----a-w C:\Windows\system32\drivers\HMFAxCore2eb4ed9448036ac0e531bd82f69de4eb.sys
2008-05-14 21:16 22,304 ----a-w C:\Windows\system32\drivers\HMFAxCoref0045cda542d3305782067d1a6ba10b9.sys
2008-05-12 18:40 9,908,022 ----a-w C:\Program Files\kingooo_photoshop_cs2.part4.rar
2008-05-11 17:59 99,000,000 ----a-w C:\Program Files\kingooo_photoshop_cs2.part3(4).rar
2008-05-11 15:40 99,000,000 ----a-w C:\Program Files\kingooo_photoshop_cs2.part2.rar
2008-05-11 14:30 99,000,000 ----a-w C:\Program Files\kingooo_photoshop_cs2.part1(2).rar
2008-05-10 03:35 885,248 ----a-w C:\Windows\System32\RacEngn.dll
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-09 23:23 --------- d-----w C:\Users\waleed\AppData\Roaming\FlashGet
2008-05-08 17:34 1,111,344 ----a-w C:\Windows\System32\CS.dll
2008-05-08 15:43 --------- d-----w C:\Program Files\Circle Developement
2008-05-08 15:34 --------- d-----w C:\ProgramData\AntiVir PersonalEdition Premium
2008-05-07 19:55 --------- d-----w C:\Program Files\EASEUS
2008-05-05 19:25 --------- d-----w C:\Program Files\Save Flash
2008-05-03 21:12 757,760 ----a-w C:\Windows\System32\help.dll
2008-05-03 21:12 135,168 ----a-w C:\Windows\System32\Lock.dll
2008-05-03 21:11 11,776 ----a-w C:\Windows\System32\reghmf.exe
2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-26 01:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-14 15:18 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-14 15:18 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-14 15:18 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-14 15:18 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-14 15:18 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-14 15:18 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-14 15:18 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-14 15:18 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-14 15:18 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-14 15:18 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-14 15:17 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-14 15:17 2,032,128 ----a-w C:\Windows\System32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 12:33 AM 1233920]
"MsnMsgr"="C:\Users\waleed\Desktop\Messenger 9 Arabic portable\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"WindowsWelcomeCenter"="oobefldr.dll" [01/19/2008 12:36 AM 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"chin film"="C:\ProgramData\Windowloglog.86v0z" [X]
"Hope Draw Obj Funk"="C:\ProgramData\ BLAH FOUR.li429j" [X]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 01:35 PM 90112]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [10/09/2007 04:23 PM 102400]
"KeybdUtility"="C:\Program Files\LG Software\On Screen Display Setup\HotKey.exe" [11/05/2007 07:11 PM 2872624]
"BatteryMiser 5"="C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe" [11/19/2007 12:41 PM 693552]
"LG Intelligent Update"="C:\Program Files\lg_swupdate\giljabistart.exe" [05/08/2008 10:31 AM 247088]
"Registry Crawler"="C:\PROGRA~1\RCrawler\RCrawler.exe" [02/03/2004 09:06 AM 454656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"RtHDVCpl"="RtHDVCpl.exe" [09/19/2007 03:50 PM 4702208 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [5/16/2008 9:55:44 PM 113664]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [5/1/2007 11:11:48 AM 6395464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "C:\Windows\system32\bmpsap.dll" [12/11/2006 04:58 PM 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-643570263-3026065265-240377862-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3C22B2A9-DAAA-46B4-A2B4-3787A6890390}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{4CB0CF0F-429E-4886-9F36-A4B9D731B286}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BEAF4492-062E-4084-92A4-5A73FBDA17C4}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{62B6BE95-74E0-4A60-9F50-CD1A60EBDDEA}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{F28EF434-543D-458A-8AA3-5C5ABE82C9B0}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D4BF7017-FB97-4B78-87E7-C720182A596C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{6C3E892B-AE1C-4B31-9E07-B1C949C5AF55}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"TCP Query User{1B83FB0A-2F1B-467D-AB45-7C89C910CE4D}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{7B1BE85E-EB25-4AA6-A17B-D4EB2FC2E377}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{8A922996-7A8D-4B1E-BB78-943C4C2B02ED}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{93AF4E15-10F9-46C2-8354-E63D57612AC7}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"TCP Query User{CAE3D5B0-48FE-47B6-A1BE-5F06933BE916}C:\\kav\\kis7.0\\english\\setup.exe"= UDP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{D6A37092-F6FE-4043-A4F0-519F6C4BDAC1}C:\\kav\\kis7.0\\english\\setup.exe"= TCP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{7F0AFF3B-C4B0-454B-AB85-2E55264C0D32}"= UDP:\STHIWv\STSetup.exe:SpeedTouch Home Install Wizard
"{641ABB3B-DA49-4128-8142-7FC61D7BE4CD}"= TCP:\STHIWv\STSetup.exe:SpeedTouch Home Install Wizard
"TCP Query User{CF191C20-59DB-4FC5-9D97-E29128761E21}C:\\users\\waleed\\desktop\\messenger 9 arabic portable\\msnmsgr.exe"= UDP:C:\users\waleed\desktop\messenger 9 arabic portable\msnmsgr.exe:msnmsgr.exe
"UDP Query User{639AF841-5D5B-4F8F-9D10-9AB29C1FBF94}C:\\users\\waleed\\desktop\\messenger 9 arabic portable\\msnmsgr.exe"= TCP:C:\users\waleed\desktop\messenger 9 arabic portable\msnmsgr.exe:msnmsgr.exe
"{08B07F85-33B0-45D1-8A76-27B4EA6BF52A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CB561386-A7F8-4C5E-A88D-CDDB77F7B66F}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{22567470-A06A-4B0A-A169-F43B25816B07}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [10/30/2006 12:23 PM]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R0 usbport;VUSB Miniport;C:\Windows\system32\DRIVERS\usbminiport.sys [05/31/2008 06:06 AM]
R1 HMFAxCore2eb4ed9448036ac0e531bd82f69de4eb;HMFAxCore2eb4ed9448036ac0e531bd82f69de4eb;C:\Windows\system32\drivers\HMFAxCore2eb4ed9448036ac0e531bd82f69de4eb.sys [05/14/2008 02:18 PM]
R1 HMFAxCorea80a4be6919607b76f003c74d7f19fad;HMFAxCorea80a4be6919607b76f003c74d7f19fad;C:\Windows\system32\drivers\HMFAxCorea80a4be6919607b76f003c74d7f19fad.sys [05/14/2008 02:23 PM]
R1 HMFAxCoreee93b382cb2186e98c08c67a9b47d932;HMFAxCoreee93b382cb2186e98c08c67a9b47d932;C:\Windows\system32\drivers\HMFAxCoreee93b382cb2186e98c08c67a9b47d932.sys [05/03/2008 02:12 PM]
R1 HMFAxCoref0045cda542d3305782067d1a6ba10b9;HMFAxCoref0045cda542d3305782067d1a6ba10b9;C:\Windows\system32\drivers\HMFAxCoref0045cda542d3305782067d1a6ba10b9.sys [05/14/2008 02:16 PM]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [03/26/2008 01:10 PM]
R2 jhyhvfiizvqxte;jhyhvfiizvqxte;c:\windows\system32\IKTBNF~1.EXE [02/13/2007 06:00 AM]
R2 Virtual flash drive anti-delete server;Virtual flash drive anti-delete server;C:\Program Files\Virtual Flash Drive\vserver.exe [12/18/2006 09:38 AM]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [09/14/2007 11:16 PM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 US30Kbd;US30Kbd;C:\Windows\system32\Drivers\US30Kbd2K.sys [11/12/2007 06:02 PM]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [07/30/2007 11:21 AM]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [09/14/2007 11:16 PM]
S3 UserIO;UserIO;C:\Program Files\lg_swupdate\UserIO.sys [12/27/2006 03:59 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
"2008-07-03 16:41:13 C:\Windows\Tasks\User_Feed_Synchronization-{F8E49BBC-FEA5-4A34-9DDD-90CE154F6247}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Device Detector - DevDetect.exe

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-07-04 06:38:08
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 07/04/2008 6:39:36
ComboFix-quarantined-files.txt 2008-07-04 13:39:32
Pre-Run: 121,907,372,032 bytes free
Post-Run: 122,254,684,160 bytes free
209 --- E O F --- 2008-07-03 13:01:44

 

[Jack Sparrow]

عذرا عن اخي زيزووم حدد هذي القيم :-

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 212.11.191.18:80

O4 - HKLM\..\Run: [chin film] "C:\ProgramData\Windowloglog.86v0z"

O4 - HKLM\..\Run: [Hope Draw Obj Funk] "C:\ProgramData\ BLAH FOUR.li429j"O4 - HKLM\..\Run: [Hope Draw Obj Funk] "C:\ProgramData\ BLAH FOUR.li429j"

حدد القيم السابقة واضغط على fix checked

 

[زيزوووم]

الله يبارك فيك ويسلمك

لاهنت حمل الملف هذا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واشوف عندك الكاسبر ..
عطله .. بعدها شغل الملف
تلقائيا راح ينعاد تشغيل جهازك مرتين

بعدها بيظهر لك تقرير ... انسخه والصقه بردك القادم

بعدها
اعمل تقرير هايجاك جديد​

 

[زيزوووم]

عذرا عن اخي زيزووم حدد هذي القيم :-

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 212.11.191.18:80

O4 - HKLM\..\Run: [chin film] "C:\ProgramData\Windowloglog.86v0z"

O4 - HKLM\..\Run: [Hope Draw Obj Funk] "C:\ProgramData\ BLAH FOUR.li429j"O4 - HKLM\..\Run: [Hope Draw Obj Funk] "C:\ProgramData\ BLAH FOUR.li429j"

حدد القيم السابقة واضغط على fix checked

بارك الله فيك ...

والقيمه الاولى خاصه بالبروكسي ... وغلط انك تحذفها

 

[فتى الاحزان]

Logfile of The Avenger Version 2.0, (c) by Swandog46

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File "C:\Windows\System32\tmp.reg" deleted successfully.
File "C:\Windows\system32\drivers\HMFAxCorea80a4be6919607b76f003c74d7f19fad.sys" deleted successfully.
File "C:\Windows\system32\drivers\HMFAxCore2eb4ed9448036ac0e531bd82f69de4eb.sys" deleted successfully.
File "C:\Windows\system32\drivers\HMFAxCoref0045cda542d3305782067d1a6ba10b9.sys" deleted successfully.
Error: file "C:\Windows\system32\drivers\HMFAxCore2eb4ed9448036ac0e531bd82f69de4eb.sys" not found!
Deletion of file "C:\Windows\system32\drivers\HMFAxCore2eb4ed9448036ac0e531bd82f69de4eb.sys" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist

Error: file "C:\Windows\system32\drivers\HMFAxCorea80a4be6919607b76f003c74d7f19fad.sys" not found!
Deletion of file "C:\Windows\system32\drivers\HMFAxCorea80a4be6919607b76f003c74d7f19fad.sys" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist
File "C:\Windows\system32\drivers\HMFAxCoreee93b382cb2186e98c08c67a9b47d932.sys" deleted successfully.
Error: file "C:\Windows\system32\drivers\HMFAxCoref0045cda542d3305782067d1a6ba10b9.sys" not found!
Deletion of file "C:\Windows\system32\drivers\HMFAxCoref0045cda542d3305782067d1a6ba10b9.sys" failed!
Status: 0xc0000034 (STATUS__NAME_NOT_FOUND)
--> the does not exist
File "c:\windows\system32\IKTBNF~1.EXE" deleted successfully.
File "C:\Windows\system32\drivers\us30kbd2k.sys" deleted successfully.
Driver "jhyhvfiizvqxte" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|Hope Draw Obj Funk" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 07:22:16 ص, on 04/07/08
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\LG Software\On Screen Display Setup\HotKey.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Program Files\RCrawler\rcrawler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\waleed\Desktop\Messenger 9 Arabic portable\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\waleed\AppData\Local\Temp\Rar$EX00.544\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.11.191.18:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display Setup\HotKey.exe
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [chin film] "C:\ProgramData\Windowloglog.86v0z"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Users\waleed\Desktop\Messenger 9 Arabic portable\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Virtual flash drive anti-delete server - Unknown owner - C:\Program Files\Virtual Flash Drive\vserver.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

[زيزوووم]

قفل متصفح الانترنت
وباستخدام البرنامج Hijack This اللي عملت فيه التقرير
اعمل فحص جديد واشر على هذه القيم >>> واضغط على Fix Checked​

O4 - HKLM\..\Run: [chin film] "C:\ProgramData\Windowloglog.86v0z"

وهذا شرح للعمليه (( القيم غير حقيقيه اللهم للشرح ))

 

[زيزوووم]

وحمل الملف هذا وشغله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدها أعد تشغيل جهازك​

 

[زيزوووم]

بعدها عطني أخبار الكاسبر ... ركد وصار رجال :hh:
او باقي يجننك :bleh::bleh::q: