تم حل المشكلة مشكلة مع فايرس win32/Dorkbot.D worm

الحالة
مغلق و غير مفتوح للمزيد من الردود.
د

ديوان2

زيزوومي جديد
إنضم
22 ديسمبر 2011
المشاركات
16
مستوى التفاعل
0
النقاط
20
الإقامة
KSA
غير متصل
السلام عليكم أنا عضو جديد في المنتدى يجيد أستخدام الحاسب الآلي
تعرض جهازي لأحد الفايروسات المذكور في عنوان الموضوع
قمت بتحديث برنامج الحماية
ESET Smart Security
ثم فحص الجهاز اكتشف الفايروس ولكن لا يستطيع حذفه أو تنظيفه
كما أنه عند إدخال الفلاش مموري أو الهاردسك فأن جميع المجلدات تختفي وكذلك تظهر بعذ المجلدات على هيئة LNK وهذه صور من نتيجة فحص برنامج مضاد الفايروسات وكذلك صورة لملفات الفلاش.

علما بأن نظام الويندوز 7

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


تقرير هايجاك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:57:57 م, on 12/23/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Global Graphics\Jaws PDF Creator\PDFClient.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\diwan\AppData\Roaming\regsrv64.exe
C:\Users\diwan\AppData\Roaming\A92A.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\diwan\AppData\Roaming\2F80.exe
C:\Users\diwan\AppData\Roaming\2F80.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (file missing)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: ChatVibes.com - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - C:\Program Files\ChatVibes.com\prxtbCha0.dll
O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\diwan\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\WebScout Toolbar\tbcore3.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O3 - Toolbar: WebScout Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\WebScout Toolbar\tbcore3.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (file missing)
O3 - Toolbar: ChatVibes.com Toolbar - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - C:\Program Files\ChatVibes.com\prxtbCha0.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Corsair Add-on - {B4FBA8C3-2083-4ED8-A35B-148478739826} - C:\Program Files\Corsair Addon\corsair.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\RunUSBGuard.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PDFCreatorClient] "C:\Program Files\Global Graphics\Jaws PDF Creator\PDFClient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKLM\..\Run: [RRT-Auto] C:\Users\diwan\Desktop\RRT.exe auto
O4 - HKLM\..\RunOnce: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [FileHunter Check for updates] C:\Users\diwan\AppData\Roaming\FileHunter\update.exe
O4 - HKCU\..\Run: [Xqbqbn] C:\Users\diwan\AppData\Roaming\Xqbqbn.exe
O4 - HKCU\..\Run: [Microsoft DLL Registration] C:\Users\diwan\AppData\Roaming\regsrv64.exe
O4 - HKCU\..\Run: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKCU\..\RunOnce: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAP4LAK.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O21 - SSODL: Windows Task Services - C:\Users\diwan\AppData\Roaming\2F80.exe - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd. - C:\Windows\System32\PDFCreatorMessages.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe (file missing)
--
End of file - 14297 bytes​



قائمة البرامج المثبته


====== معلومات نظام التشغيل ======
X86 WIN_7 7601 Service Pack 1​

====== قائمة البرامج المثبتة ======
Update for Microsoft Office 2007 (KB2508958)
@BIOS
µTorrent
7-Zip 4.65
AC3Filter 1.63b
Adobe After Effects CS4
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Community Help
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe InDesign CS5
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Reader 8 - Arabic
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Amazon Add to Wish List IE Extension 1.2
Ap PDF Split/Merge
A-PDF Merger 2.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio Paint
Ashampoo Photo Optimizer 3.02
Ask Toolbar
AutoGreen B09.1014.2
AutoGreen B09.1014.2
AutoPlay Media Studio 7.5 Trial
AutoPlay Media Studio 8 Trial
Autorun Virus Remover 2.3.0209
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.2.126
AVS4YOU Software Navigator 1.4
Boilsoft Video Splitter 5.01
Bonjour
Browser Configuration Utility
Canon LBP3200
CD Audio Reader Filter (remove only)
ChatVibes.com Toolbar
Complitly
Cool Edit Pro 2.0
Corsair Addon
DCoder Image Source (remove only)
DES 2.0
Dirrect X11Beta
Discover Painting for Kids Version 1.0
DScaler 5 Mpeg Decoders
Easy Tune 6 B10.0521.1
Easy Tune 6 B10.0521.1
EDIUS 5 Settings
EDIUS 5(SetupManager)
ESET Smart Security
FairStars Audio Converter 1.81
FastStone Capture 6.7
FFMPEG Core Files (remove only)
FolderDefence Pro 1.0.0.35
Format Factory 2.20 2.20
Free Video Dub version 1.8.12.602
Gabest MPEG Splitter (remove only)
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
GetRight Pro
Glary Utilities Pro 2.29.0.1032
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 2.1
iCloud
ImTOO Video Editor 2
Install Rite 2.5
InstallRite 2.5
Intel(R) Management Engine Components
Internet Download Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Jaws PDF Creator 4.1
JDownloader
Juicer 3.82
K-Lite Mega Codec Pack 7.7.7
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
MagicCamera 7.1.0
McAfee Security Scan Plus
MediaBar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
Microsoft Office InfoPath MUI (Arabic) 2007
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft PhotoDraw 2000 V2
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MKVtoolnix 4.2.0
MobileMe Control Panel
Mozilla Firefox 4.0 (x86 ar)
MSVCRT
NEC Electronics USB 3.0 Host Controller Driver
NEC Electronics USB 3.0 Host Controller Driver
Nero 8 Micro 8.3.6.0
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Stereoscopic 3D Driver
Ocean_Puzzle 2.0.0
ON_OFF Charge B10.0427.1
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
PDF Settings CS5
PDF Splitter and Merger 3.0
PDF Splitter Merger
Photodex Presenter
PhotoInstrument 4.8
Photoshop Camera Raw
Pixel Bender Toolkit
ProShow Gold
QuickTime
Real Alternative 1.9.0
RealMedia (remove only)
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Safari
ScanSpyware 3.9.2.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SHOUTcast Source (remove only)
Skype™ 5.2
Smart 6 B10.0422.1
StartNow Toolbar
Suite Shared Configuration CS4
SWiSH Max4
UltraISO Premium V9.36
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Upgrade
USB Disk Security
VeryPDF PDF Split-Merge v3.0
Video Convert Master 11.0.11.17
VLC media player 1.0.1
VMware ThinApp
VobSub v2.23 (Remove Only)
WebScout Toolbar
WinAVI All in One Converter
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Zoom Player (remove only)
برنامج اليسير
تحديث لـ Microsoft Office Excel 2007 Help (KB963678)
تحديث لـ Microsoft Office Powerpoint 2007 Help (KB963669)
تحديث لـ Microsoft Office Word 2007 Help (KB963665)​

مع خالص شكري وتقديري لكم​
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حمل اداة الدكتور ويب من الرابط التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


واتبع الشرح لتنظيف جهازك وحفظ التقرير
شغل الاداة بدبل كلك ثم​

b5dab16e5de5db4c417d7e1ab6b709b3.png

847eae702c34ef1d29a04af1298e7b03.png

ecc038b9c85d240b50a43862cb30e207.png

43466e8c885decc132292f4775ab5406.png

7a64850e491bc4a0cfde49fe6ce2b732.png

d94825bc8efd42d3ebe27b9355384552.png

c087a58c8977afc70982b0d4c8dfbb5f.png

94801656e22a41fb257a588985ae63ad.png

d292894cb52978fa70594a666ef6ffcc.png

5897a14b095fe829ee3920215b50dc38.png

قم بضغط التقارير >>>

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


وارفع الملف هنا

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
توقيع : format
تأييد 0
تم استخدام الأداة وتم التنظيف وحفظ التقرير ورفعه على هذا الرابط

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
تأييد 0
من اضافة وازالة البرامج احذف التالي

Ask Toolbar
Browser Configuration Utility
Google Toolbar for Internet Explorer
McAfee Security Scan Plus
StartNow Toolbar
WebScout Toolbar

ثم اعد تشغيل الجهاز
واعمل تقرير هايجاك ورن سكنر جديد
 
تأييد 0
هذا تقرير هايجاك جديد
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:50:06 م, on 12/25/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\diwan\AppData\Roaming\2F80.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Global Graphics\Jaws PDF Creator\PDFClient.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\Windows\System32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Users\diwan\AppData\Roaming\regsrv64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Users\diwan\AppData\Roaming\DBFD.exe
C:\Users\diwan\AppData\Roaming\2F80.exe
C:\Windows\system32\conhost.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (file missing)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ChatVibes.com - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - C:\Program Files\ChatVibes.com\prxtbCha0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (file missing)
O3 - Toolbar: ChatVibes.com Toolbar - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - C:\Program Files\ChatVibes.com\prxtbCha0.dll
O3 - Toolbar: Corsair Add-on - {B4FBA8C3-2083-4ED8-A35B-148478739826} - C:\Program Files\Corsair Addon\corsair.DLL
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\RunUSBGuard.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PDFCreatorClient] "C:\Program Files\Global Graphics\Jaws PDF Creator\PDFClient.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKLM\..\RunOnce: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [FileHunter Check for updates] C:\Users\diwan\AppData\Roaming\FileHunter\update.exe
O4 - HKCU\..\Run: [Xqbqbn] C:\Users\diwan\AppData\Roaming\Xqbqbn.exe
O4 - HKCU\..\Run: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKCU\..\Run: [Microsoft DLL Registration] C:\Users\diwan\AppData\Roaming\regsrv64.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKLM\..\Policies\Explorer\Run: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Task Services] C:\Users\diwan\AppData\Roaming\2F80.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAP4LAK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O21 - SSODL: Windows Task Services - C:\Users\diwan\AppData\Roaming\2F80.exe - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd. - C:\Windows\System32\PDFCreatorMessages.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe (file missing)
--
End of file - 12081 bytes

وهذا ملف التقرير الخاص رن سكنر

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



أشكركم على اهتمامكم​
 
تأييد 0
تأييد 0
السلام عليكم
الخطوة الأولى عملتها أما الخطوة الثانية مضاد الفيروسات يرفض عمل البرنامج مع الرغم إني أغلقته
كما في الصورة التالية:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
تأييد 0
أيضا لا يسمح بعمل البرنامج
هل أقوم بحذف برنامج الحماية
 
تأييد 0
اعمل الفحص من الوضع الامن اخي
 
تأييد 0
تم عمل المسح والتظيف وهذا هو التقرير
Malwarebytes' Anti-Malware 1.51.2.1300

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Database version: 7622
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421
12/27/2011 05:06:04 م
mbam-log-2011-12-27 (17-06-04).txt
Scan type: Full scan (C:\|)
Objects scanned: 577340
Time elapsed: 1 hour(s), 2 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 37
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC} (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\القواعد الإملائية.MyNSHandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Corsair Addon (Redir.ZWink) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\CORSAIR (Redir.ZWink) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Corsair\search_domain (Redir.ZWink) -> Value: search_domain -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Users\diwan\AppData\Roaming\filehunter (PUP.FileHunter) -> Not selected for removal.
c:\Users\diwan\AppData\Roaming\filehunter\downloads (PUP.FileHunter) -> Not selected for removal.
c:\Users\diwan\AppData\Roaming\filehunter\metafiles (PUP.FileHunter) -> Not selected for removal.
Files Infected:
c:\program files\corsair addon\corsair.dll (Redir.ZWink) -> Quarantined and deleted successfully.
c:\program files\corsair addon\uninstall.exe (Redir.ZWink) -> Quarantined and deleted successfully.
c:\program files\ESET\eset login viewer.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\program files\internet download manager\SnDk&p.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Local\Temp\FH\1.exe (Redir.ZWink.H) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\14A8.exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\2617.exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\37F0.exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\3A41.exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\93B.exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\B0A8.exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\CCA7.exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\DBFD.exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\regsrv64.exe (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\thinstall\{501f5d29-0586-463b-89d6-ad14fed4b7fe}\40000021400002i\pdfspme_win.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Users\diwan\desktop\proshow gold\proshow.products.keygen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\diwan\desktop\الفلاش الذهبية\البرامج الإثرائية\منهج الصف الثالث جميع المواد ف1+2\autorun.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\diwan\desktop\الفلاش الذهبية\برنامج دون لود منجر الجديد بالكراك internet.download.manager.v5.18.3\9_internet.download.manager.v5.18.3\Keygen\Patch.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\diwan\desktop\الفلاش الذهبية\تعريفات الكانون\installer_driver_canon_lbp-3200_1_5_english.exe (PUP.SmsPay.pns) -> Not selected for removal.
c:\Users\diwan\desktop\مصادر 2012\مسابقات\مسابقة خمسة تكسب - الاصدار الثاني\تعليمات.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\go_englaish\p02\abc4 kids\abc 4 kids help.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\manahj\03\programes\all_3_12\autorun.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\mosabqat\p01\greatest paper airplanes\on-line help.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\mosabqat\p01\greatest paper airplanes\release notes.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\mosabqat\p01\greatest paper airplanes\screen saver setup.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\mosabqat\p01\greatest paper airplanes\uninstall.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\mosabqat\p02\5win\تعليمات.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\painter\p01\creative painter\purchase creative painter.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\painter\p01\creative painter\uninstall.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\painter\p01\creative painter\user manual.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\painter\p01\drawing for children 2.2\documentation.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\painter\p01\drawing for children 2.2\drawing for children.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\painter\p01\drawing for children 2.2\uninstall drawing for children.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\documents\autoplay media studio 8\Projects\حقيبة المصادر الإلكترونية\CD_Root\AutoPlay\quran_p\q\quran - searcher 5.0\uninstall quran - searcher 5.0.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\diwan\AppData\Roaming\filehunter\pumpa.state (PUP.FileHunter) -> Not selected for removal.
c:\Users\diwan\AppData\Roaming\filehunter\pumpa.exe (PUP.FileHunter) -> Not selected for removal.
c:\Users\diwan\AppData\Roaming\filehunter\version (PUP.FileHunter) -> Not selected for removal.
 
تأييد 0
تمام
اعمل تقرير هايجاك + رن سكنر جديد
 
تأييد 0
تقرير هايجاك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:57:41 ص, on 12/28/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\Windows\System32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\diwan\Desktop\555\Tor Browser\App\vidalia.exe
C:\Users\diwan\Desktop\555\Tor Browser\App\polipo.exe
C:\Windows\system32\conhost.exe
C:\Users\diwan\Desktop\555\Tor Browser\PidginPortable\PidginPortable.exe
C:\Users\diwan\Desktop\555\Tor Browser\PidginPortable\App\Pidgin\pidgin-portable.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\RunUSBGuard.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Xqbqbn] C:\Users\diwan\AppData\Roaming\Xqbqbn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAP4LAK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd. - C:\Windows\System32\PDFCreatorMessages.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
--
End of file - 7700 bytes​

تقرير رن سكنر
Runscanner logfile

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


* = signed file
- = file not found
General info
------------
Computer name : DIWAN-PC
Creation time : 12/28/2011 02:58:58 ص
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 9.0.8112.16421
OS : Windows 7 Ultimate
OS Build : 7601
OS SP : Service Pack 1
RunScanner Version : 2.0.0.50
User Language : العربية (السعودية)‏
User rights : Administrator
Windows folder : C:\Windows
Running processes
-----------------
* C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\Windows\System32\spool\drivers\w32x86\3\CAP4SWK.EXE (CANON INC.)
* C:\Windows\System32\spool\drivers\w32x86\3\CAP4SWK.EXE (CANON INC.)
* C:\Windows\System32\CAP4RSK.EXE (CANON INC.)
* C:\Windows\System32\spool\drivers\w32x86\3\CAP4LAK.EXE (CANON INC.)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\conhost.exe (Microsoft Corporation)
* C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
* C:\Windows\System32\dwm.exe (Microsoft Corporation)
* C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
* C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\taskhost.exe (Microsoft Corporation)
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
* C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
* C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
* C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
* C:\Windows\System32\lsass.exe (Microsoft Corporation)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
* C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
* C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
C:\Windows\System32\PDFCreatorMessages.exe (Global Graphics Software Ltd.)
C:\Users\diwan\desktop\555\Tor Browser\PidginPortable\App\Pidgin\pidgin-portable.exe (The Pidgin developer community)
* C:\Users\diwan\desktop\555\Tor Browser\PidginPortable\PidginPortable.exe (PortableApps.com)
C:\Users\diwan\desktop\555\Tor Browser\App\polipo.exe
* C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
* C:\Windows\System32\services.exe (Microsoft Corporation)
C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
* C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
* C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
C:\Users\diwan\desktop\555\Tor Browser\App\vidalia.exe
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
C:\Zyzoom_Forum_Tools\zyzoom.exe
* C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\winlogon.exe (Microsoft Corporation)
* C:\Windows\System32\lsm.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
Unrated items
-------------
002 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
002 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
002 C:\Program Files\USB Disk Security\RunUSBGuard.exe (Zbshareware Lab)
003 C:\Users\diwan\AppData\Roaming\Xqbqbn.exe
010 C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module)
010 C:\Windows\System32\PDFCreatorMessages.exe (PDFCreatorMessages Module)
010 * C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe (ScsiAccess.exe)
010 C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Smart TimeLock Service)
010 * C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (SwitchBoard Server (32 bit))
011 * C:\Windows\system32\DRIVERS\cdrblock.sys (cdrblock)
011 * C:\Windows\system32\Drivers\GVTDrv.sys (GVTDrv)
011 * C:\Program Files\UltraISO\drivers\ISODrive.sys (ISO DVD/CD-ROM Device Driver)
011 C:\Windows\system32\DRIVERS\fmsg.sys (Scanner Filter)
011 * C:\Windows\system32\DRIVERS\taphss.sys (TAP-Win32 Virtual Network Driver)
052 * C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) {31FF080D-12A3-439A-A2EF-4BA95A3148E8}
061 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
061 * C:\Program Files\UltraISO\isoshell.dll (EZB Systems, Inc.) {AD392E40-428C-459F-961E-9B147782D099}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
069 C:\Windows\system32\PDFCreator.DLL (Global Graphics Software Ltd.)
100 ProxyOverride HKCU : local;*.local
100 Start Page HKCU :

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


100 Start Page HKLM :

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

}
105 Download with GetRight Pro : C:\Program Files\GetRight\GRdownload.htm
105 Open Picture in &Microsoft PhotoDraw : res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
105 Open with GetRight Pro Browser : C:\Program Files\GetRight\GRbrowse.htm
105 ت&صدير إلى Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
105 تحميل الكل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEGetAll.htm
105 تحميل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEExt.htm
170 {cd163ff9-2f82-11e0-ac32-1c6f6588a782} : "I:\WD SmartWare.exe" autoplay=true
173 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
223 * C:\Users\diwan\AppData\Local\Temp\zxq2\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Users\diwan\AppData\Local\Temp\zxq2\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Users\diwan\AppData\Local\Temp\zxq2\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Program Files\UltraISO\isoshell.dll (EZB Systems, Inc.) {AD392E40-428C-459F-961E-9B147782D099}
225 * C:\Program Files\UltraISO\isoshell.dll (EZB Systems, Inc.) {AD392E40-428C-459F-961E-9B147782D099}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
227 * C:\Program Files\UltraISO\isoshell.dll (EZB Systems, Inc.) {AD392E40-428C-459F-961E-9B147782D099}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
231 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
251 C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}​
Missing files
-------------
011 C:\Windows\system32\drivers\mbamswissarmy.sys
011 System32\drivers\rdvgkmd.sys



الجهاز أصبح بطيئا جدا جدا جدا
 
تأييد 0
باستخدام اداة الهايجاك احذف التالي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local;*.local

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKCU\..\Run: [Xqbqbn] C:\Users\diwan\AppData\Roaming\Xqbqbn.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

بعد الحذف اعد تشغيل الجهاز وبلغنا النتيجة
 
تأييد 0
الحمدلله عاد الجهاز لسرعته المعتادة والبطء اختفى

لكن هل الفيروسات اختفت من جهازي؟
 
تأييد 0
الله يبشرك بالخير
ايه اخوي ان شاء الله مافي فيروسات والجهاز صار نظيف
هل لك اي ملاحظات اخرى ؟
 
تأييد 0
أشكر لكم هذا الحرص الكبير في متابعة المشاكل التي تعترض الأعضاء

فقط طلب أخير عندما أدخل الفلاش مموري في الجهاز تصبح مجلدات الفلاش مخفية

هل هذا فايروس ؟
 
تأييد 0
الله يسلمك ويبارك فيك
بالغالب نعم ايروس
اعمل فحص للفلاش بالانتي فايروس اللي عندك ورد لنا خبر
 
تأييد 0
عملت فحص بالإنتي فايرس اللي بجهازي ولم تزال المجلدات مخفية​

استخدمت الأداه التالية
USB Show
وعادت المجلدات
-----------------------
سؤال أخير قبل قفل الموضوع
هل توجد أداة أو برنامج إنتي فايرس قادر على حذف
Dorkbot.D worm
لأنه سبب هذه المشاكل كلها ومضاد الفايروسات لا يستطيع حذفه وإنما يتعامل معه من خلال
Quarantine
الشئ الأخير ما رأيكم يا أصحاب الخبرة في برنامج الحماية
NOD32
فقط هذا ما أردت مع خالص شكري وتقدير لهذا المنتدى المتميز​
 
تأييد 0
والله يا اخي بالنسبة لي برنامج النود لا يصلح الا لعرض الازياء :d:

انصحك تغيره لاي برنامج اخر مهما كان هو افضل من النود :q:
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى