جهازي مخترق وهذا نتيجة الفحص بالهايجاك

  • بادئ الموضوع بادئ الموضوع Noro19
  • تاريخ البدء تاريخ البدء
  • المشاهدات 2,048
N

Noro19

زيزوومي جديد
إنضم
11 فبراير 2008
المشاركات
73
مستوى التفاعل
1
النقاط
80
الإقامة
ksa
غير متصل
السلام عليكم ورحمة الله وبركاته
جهازي اصبح بطئ جدا كما أنه عند فتح الهوتميل يقوم بفتح ايميل غريب لا اعرفه اشعر بأنه مخترق وبعد فحصه بالهايجاك ظهرت لي نتيجة التقرير كالتالي
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:43 م, on 26/01/12
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\nany\AppData\Roaming\cybelsoft.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\paintSched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\nany\AppData\Roaming\Synaptics.exe
C:\Users\nany\AppData\Roaming\Policies.exe
C:\Users\nany\AppData\Roaming\WinRAR.exe
C:\Users\nany\AppData\Roaming\ATI.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: Shell=explorer.exe, svdhalp.exe
F3 - REG:win.ini: load=C:\Users\nany\LOCALS~1\Temp\fe16e9ff0000f48b.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C019FED-AFC4-0DEA-FA61-045A2ADA0786} - c:\windows\system32\azcgtdlo.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [opikndss] C:\Windows\System32\opikndss.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [NT Kernel System] C:\Windows\TEMP\btdho.exe
O4 - HKLM\..\Run: [Windows Network System] C:\Windows\system32\config\systemprofile\AppData\Roaming\imgconvert.exe
O4 - HKLM\..\Run: [paintSched] C:\ProgramData\paintSched.exe
O4 - HKLM\..\Run: [isoexpand] C:\Windows\system32\config\systemprofile\AppData\Roaming\isoexpand.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ODBC] C:\Users\nany\AppData\Roaming\smss.exe
O4 - HKCU\..\Run: [Synaptics] C:\Users\nany\AppData\Roaming\Synaptics.exe
O4 - HKCU\..\Run: [Policies] C:\Users\nany\AppData\Roaming\Policies.exe
O4 - HKCU\..\Run: [WinRAR] C:\Users\nany\AppData\Roaming\WinRAR.exe
O4 - HKCU\..\Run: [Microsoft] C:\Users\nany\AppData\Roaming\Microsoft.exe
O4 - HKCU\..\Run: [ATI] C:\Users\nany\AppData\Roaming\ATI.exe
O4 - HKCU\..\Run: [cybelsoft] C:\Users\nany\AppData\Roaming\cybelsoft.exe
O4 - HKCU\..\Run: [paintSched] C:\ProgramData\paintSched.exe
O4 - HKCU\..\Run: [isoexpand] C:\Users\nany\AppData\Roaming\isoexpand.exe
O4 - HKLM\..\Policies\Explorer\Run: [SXC] C:\Windows\Sxc\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [51206] C:\PROGRA~2\LOCALS~1\Temp\da2c7bff0012e9c2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [opikndss] C:\Windows\system32\config\systemprofile\opikndss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [isoexpand] C:\Windows\system32\config\systemprofile\AppData\Roaming\isoexpand.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ATI] C:\Windows\system32\config\systemprofile\AppData\Roaming\smss.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [opikndss] C:\Windows\system32\config\systemprofile\opikndss.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ATI] C:\Windows\system32\config\systemprofile\AppData\Roaming\smss.exe (User 'Default user')
O4 - Startup: hadeeocj.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - [URL]http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_4_0.cab[/URL]
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - [URL]http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL]
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: NVIDIA Update Service (ONETWO) - Unknown owner - C:\Windows\system32\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: svclocks - Pinnacle Systems - C:\Windows\system32\drivers\svclocks.exe
--
End of file - 8832 bytes

كيف يمكنني حل هذه المشكلة؟ ولكم جزيل الشكر
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام اختي

اختي طبعاً رح ايكون مخترق اذا كان هناك بداخله برامج EXE

اختي في الهايجاك احذفي هذه القيم

O4 - HKCU\..\Run: [WinRAR] C:\Users\nany\AppData\Roaming\WinRAR.exe

O4 - HKCU\..\Run: [Microsoft] C:\Users\nany\AppData\Roaming\Microsoft.exe

O4 - HKLM\..\Policies\Explorer\Run: [SXC] C:\Windows\Sxc\svchost.exe

O4 - HKLM\..\Policies\Explorer\Run: [51206] C:\PROGRA~2\LOCALS~1\Temp\da2c7bff0012e9c2.exe

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ATI] C:\Windows\system32\config\systemprofile\AppData\Roaming\smss.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ATI] C:\Windows\system32\config\systemprofile\AppData\Roaming\smss.exe (User 'Default user')

موفقة اختي
 
توقيع : M.$py.M
تأييد 0
ثم اعملي على هذا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

ef13e017c7f665988b0203b7f6263df3.png


96cdb19a12f25918281cd580e18ea6d8.png

2bf73c43713bd700fce4d3e42e53e06f.png


942c6b91ff169506f993add2690f82ed.png

a400c0bd18f19d5be03699a3b20e7a6a.png


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة









 
توقيع : M.$py.M
تأييد 0
توقيع : M.$py.M
تأييد 0
شكرا جزيلا اخي الفاضل على المساعده عملت زي ماكتبت لي بالضبط وهذه نتيجة المالويربايت
كود: 
Malwarebytes' Anti-Malware 1.51.2.1300
[URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL]
Database version: 8010
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27/01/12 02:42:54 ص
mbam-log-2012-01-27 (02-42-54).txt
Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 251459
Time elapsed: 51 minute(s), 10 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 22
Memory Processes Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\nvidia corporation\Update\daemonupd.exe (Trojan.Agent) -> 1272 -> Unloaded process successfully.
Memory Modules Infected:
c:\Windows\System32\azcgtdlo.dll (IPH.GenericBHO) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2C019FED-AFC4-0DEA-FA61-045A2ADA0786} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Cwqkursu (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C019FED-AFC4-0DEA-FA61-045A2ADA0786} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C019FED-AFC4-0DEA-FA61-045A2ADA0786} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SXC (Trojan.Agent) -> Value: SXC -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssend (Trojan.Agent) -> Value: mssend -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ODBC (Trojan.Delf) -> Value: ODBC -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ATI (Trojan.Delf) -> Value: ATI -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\51206 (Trojan.Agent) -> Value: 51206 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO\Description (Trojan.Agent) -> Value: Description -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Bad: (svdhalp.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe, svdhalp.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\System32\azcgtdlo.dll (IPH.GenericBHO) -> Delete on reboot.
c:\Windows\Sxc\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\xtkd1s2nczvwcjtex23orgphrqduiith2\svcnost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1030831383-233963766-3667811395-1001\$RISBNNG.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Local\Temp\0033d069.tmp (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Local\Temp\00359750.tmp (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Local\Temp\0139601f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\hadeeocj.exe (Trojan.Agent) -> Delete on reboot.
c:\Users\nany\AppData\Roaming\thinstall\natata ebook compiler gold 2.2.1\400000f000002i\ncompiler.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe.ini579 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe179 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\sfecea\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\iuckkn\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Roaming\microsoft.exe (Backdoor.Razor) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Roaming\smss.exe (Trojan.Delf) -> Delete on reboot.
c:\Windows\System32\config\systemprofile\AppData\Roaming\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\winupdate.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\nvidia corporation\Update\daemonupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\syskey2i.drv (Trojan.Spybot) -> Quarantined and deleted successfully.
c:\programdata\local settings\Temp\da2c7bff0012e9c2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

اما الأداة الثانية runscan فهذه نتيجتها التقرير على الرابط التالي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


الخطوة التالية ستكون ماذا؟؟
 
تأييد 0
Noro19 قال:
شكرا جزيلا اخي الفاضل على المساعده عملت زي ماكتبت لي بالضبط وهذه نتيجة المالويربايت
كود: 
Malwarebytes' Anti-Malware 1.51.2.1300
[URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL]
Database version: 8010
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27/01/12 02:42:54 ص
mbam-log-2012-01-27 (02-42-54).txt
Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 251459
Time elapsed: 51 minute(s), 10 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 22
Memory Processes Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\nvidia corporation\Update\daemonupd.exe (Trojan.Agent) -> 1272 -> Unloaded process successfully.
Memory Modules Infected:
c:\Windows\System32\azcgtdlo.dll (IPH.GenericBHO) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2C019FED-AFC4-0DEA-FA61-045A2ADA0786} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Cwqkursu (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C019FED-AFC4-0DEA-FA61-045A2ADA0786} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C019FED-AFC4-0DEA-FA61-045A2ADA0786} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SXC (Trojan.Agent) -> Value: SXC -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssend (Trojan.Agent) -> Value: mssend -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ODBC (Trojan.Delf) -> Value: ODBC -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ATI (Trojan.Delf) -> Value: ATI -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\51206 (Trojan.Agent) -> Value: 51206 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO\Description (Trojan.Agent) -> Value: Description -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Bad: (svdhalp.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe, svdhalp.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\System32\azcgtdlo.dll (IPH.GenericBHO) -> Delete on reboot.
c:\Windows\Sxc\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\xtkd1s2nczvwcjtex23orgphrqduiith2\svcnost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1030831383-233963766-3667811395-1001\$RISBNNG.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Local\Temp\0033d069.tmp (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Local\Temp\00359750.tmp (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Local\Temp\0139601f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\hadeeocj.exe (Trojan.Agent) -> Delete on reboot.
c:\Users\nany\AppData\Roaming\thinstall\natata ebook compiler gold 2.2.1\400000f000002i\ncompiler.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe.ini579 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe179 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\sfecea\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\iuckkn\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Roaming\microsoft.exe (Backdoor.Razor) -> Quarantined and deleted successfully.
c:\Users\nany\AppData\Roaming\smss.exe (Trojan.Delf) -> Delete on reboot.
c:\Windows\System32\config\systemprofile\AppData\Roaming\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\winupdate.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\nvidia corporation\Update\daemonupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\syskey2i.drv (Trojan.Spybot) -> Quarantined and deleted successfully.
c:\programdata\local settings\Temp\da2c7bff0012e9c2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
اما الأداة الثانية runscan فهذه نتيجتها التقرير على الرابط التالي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


الخطوة التالية ستكون ماذا؟؟
أنقر للتوسيع...

شفتي اختي كل التورجنات انحذفت :ok:

والخطوة التالية هي تنضيف رن سكنر

وبالماوس دبل كلك على الملف ... بعدها راح يفتح لك واجهة الاداة

 اعمل كما بالشرح ...

f8fd92ac6c717d0f9c0f0cd8263f51ac.png


2a46f96f18e87bbcebb5807519efca1e.png


ce21e1edb408a7d086d16286d47c176a.png


ثم
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : M.$py.M
تأييد 0
ثم افحصي جهازك بالكاسبرسكي

للتأكد من عدم وجوت فيروسات
 
توقيع : M.$py.M
تأييد 0
والخطوة التالية هي تنضيف رن سكنر

وبالماوس دبل كلك على الملف ... بعدها راح يفتح لك واجهة الاداة

اعمل كما بالشرح ...
أنقر للتوسيع...
اخي محمود لما فتحت الرن سكنر الخاص بجهازي وضغطت على Item fixer لم يعرض لي اي ملف وكاتب لي No data to display
شو هي الملفات الي لازم احذفها؟
 
تأييد 0
اختي ادخلي على رن سكنر كمسؤالة
 
توقيع : M.$py.M
تأييد 0
محمد مدحمود قال:
اختي ادخلي على رن سكنر كمسؤالة
أنقر للتوسيع...
انا شغلت الملف بالدبل كليك كيف ادخل كمسئولة الخيار مش موجود بخيارات الفتح بالزر الايمن
 
تأييد 0
اختي اعتذر ادخلي ديل كليك فقط
 
توقيع : M.$py.M
تأييد 0
محمد مدحمود قال:
اختي اعتذر ادخلي ديل كليك فقط
أنقر للتوسيع...
دخلت دبل كلك فقط وكما ذكرت لك من قبل ضغطت على Item fixer لم يعرض لي اي ملف وكاتب لي No data to display
شو هي الملفات الي لازم احذفها؟
 
تأييد 0
لايوجد ملفات للحذفها
عموما
هايجك جديد لوسمحتِ
 
توقيع : format
تأييد 0
البارون قال:
اعملي هالفحص

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...

فحصت وهذه النتيجة
كود: 
SUPERAntiSpyware Scan Log
[URL]http://www.superantispyware.com[/URL]
Generated 01/27/2012 at 10:01 PM
Application Version : 5.0.1142
Core Rules Database Version : 8173
Trace Rules Database Version: 5985
Scan type       : Complete Scan
Total Scan Time : 00:45:56
Operating System Information
Windows 7 Ultimate 32-bit (Build 6.01.7600)
UAC On - Administrator
Memory items scanned      : 880
Memory threats detected   : 2
Registry items scanned    : 24242
Registry threats detected : 5
File items scanned        : 29390
File threats detected     : 109
Malware.Trace
 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
 HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
 HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
Adware.Tracking Cookie
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@247realmedia[1].txt [ /247realmedia ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@accounts.google[1].txt [ /accounts.google ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@accounts.google[2].txt [ /accounts.google ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@adbrite[2].txt [ /adbrite ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@adbrite[3].txt [ /adbrite ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@ads.adk2[2].txt [ /ads.adk2 ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@ads.pointroll[1].txt [ /ads.pointroll ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@amazon-adsystem[1].txt [ /amazon-adsystem ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@apmebf[2].txt [ /apmebf ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@atdmt[1].txt [ /atdmt ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@c.atdmt[2].txt [ /c.atdmt ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@casalemedia[2].txt [ /casalemedia ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@click.searchnation[1].txt [ /click.searchnation ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@doubleclick[2].txt [ /doubleclick ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@e2.emediate[2].txt [ /e2.emediate ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@imrworldwide[2].txt [ /imrworldwide ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@invitemedia[1].txt [ /invitemedia ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@liveperson[1].txt [ /liveperson ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@liveperson[3].txt [ /liveperson ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@mediaplex[1].txt [ /mediaplex ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@pointroll[2].txt [ /pointroll ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@ru4[1].txt [ /ru4 ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@sales.liveperson[2].txt [ /sales.liveperson ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@serving-sys[1].txt [ /serving-sys ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@specificclick[1].txt [ /specificclick ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@tribalfusion[2].txt [ /tribalfusion ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@zedo[2].txt [ /zedo ]
 C:\Users\nany\AppData\Roaming\Microsoft\Windows\Cookies\nany@se.sitestat[1].txt [ /se.sitestat.com ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\nany@support.google[10].txt [ Cookie:nany@support.google.com/accounts/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@adtech[1].txt [ Cookie:nany@adtech.de/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@mediatraffic.com[1].txt [ Cookie:nany@mediatraffic.com.ua/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@count.yandeg[1].txt [ Cookie:nany@count.yandeg.ru/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@kontera[2].txt [ Cookie:nany@kontera.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@tns-counter[2].txt [ Cookie:nany@tns-counter.ru/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@atdmt[3].txt [ Cookie:nany@atdmt.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@openstat[2].txt [ Cookie:nany@openstat.net/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@tribalfusion[3].txt [ Cookie:nany@tribalfusion.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@serving-sys[1].txt [ Cookie:nany@serving-sys.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@apmebf[1].txt [ Cookie:nany@apmebf.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@bs.serving-sys[2].txt [ Cookie:nany@bs.serving-sys.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@zedo[3].txt [ Cookie:nany@zedo.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@legolas-media[3].txt [ Cookie:nany@legolas-media.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@doubleclick[5].txt [ Cookie:nany@doubleclick.net/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@yadro[1].txt [ Cookie:nany@yadro.ru/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@tradefx.advertserve[2].txt [ Cookie:nany@tradefx.advertserve.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@histats[1].txt [ Cookie:nany@histats.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@imrworldwide[3].txt [ Cookie:nany@imrworldwide.com/cgi-bin ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@pointroll[2].txt [ Cookie:nany@pointroll.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@adinterax[2].txt [ Cookie:nany@adinterax.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@histats[4].txt [ Cookie:nany@histats.com/stats/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@cofidis2.solution.weborama[3].txt [ Cookie:nany@cofidis2.solution.weborama.fr/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@ads.pointroll[1].txt [ Cookie:nany@ads.pointroll.com/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@rambler[3].txt [ Cookie:nany@rambler.ru/ ]
 C:\USERS\NANY\AppData\Roaming\Microsoft\Windows\Cookies\Low\nany@revsci[3].txt [ Cookie:nany@revsci.net/ ]
 C:\USERS\NANY\Cookies\nany@se.sitestat[1].txt [ Cookie:nany@se.sitestat.com/mtg/tv3/ ]
 C:\USERS\NANY\Cookies\nany@specificclick[1].txt [ Cookie:nany@specificclick.net/ ]
 C:\USERS\NANY\Cookies\nany@tribalfusion[2].txt [ Cookie:nany@tribalfusion.com/ ]
 C:\USERS\NANY\Cookies\nany@serving-sys[1].txt [ Cookie:nany@serving-sys.com/ ]
 C:\USERS\NANY\Cookies\nany@247realmedia[1].txt [ Cookie:nany@247realmedia.com/ ]
 C:\USERS\NANY\Cookies\nany@apmebf[2].txt [ Cookie:nany@apmebf.com/ ]
 C:\USERS\NANY\Cookies\nany@amazon-adsystem[1].txt [ Cookie:nany@amazon-adsystem.com/ ]
 C:\USERS\NANY\Cookies\nany@support.google[10].txt [ Cookie:nany@support.google.com/accounts/ ]
 C:\USERS\NANY\Cookies\nany@zedo[2].txt [ Cookie:nany@zedo.com/ ]
 C:\USERS\NANY\Cookies\nany@doubleclick[2].txt [ Cookie:nany@doubleclick.net/ ]
 C:\USERS\NANY\Cookies\nany@click.searchnation[1].txt [ Cookie:nany@click.searchnation.net/ ]
 C:\USERS\NANY\Cookies\nany@accounts.google[2].txt [ Cookie:nany@accounts.google.com/intl/en/ ]
 C:\USERS\NANY\Cookies\nany@imrworldwide[2].txt [ Cookie:nany@imrworldwide.com/cgi-bin ]
 C:\USERS\NANY\Cookies\nany@pointroll[2].txt [ Cookie:nany@pointroll.com/ ]
 C:\USERS\NANY\Cookies\nany@adbrite[3].txt [ Cookie:nany@adbrite.com/ ]
 C:\USERS\NANY\Cookies\nany@ads.pointroll[1].txt [ Cookie:nany@ads.pointroll.com/ ]
 C:\USERS\NANY\Cookies\nany@liveperson[1].txt [ Cookie:nany@liveperson.net/ ]
 C:\USERS\NANY\Cookies\nany@ru4[1].txt [ Cookie:nany@ru4.com/ ]
 C:\USERS\NANY\APPDATA\LOCAL\TEMP\COOKIES\NANY@ACCOUNTS.GOOGLE[2].TXT [ /ACCOUNTS.GOOGLE ]
 C:\USERS\NANY\APPDATA\LOCAL\TEMP\COOKIES\NANY@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
 C:\USERS\NANY\APPDATA\LOCAL\TEMP\COOKIES\NANY@ADBRITE[2].TXT [ /ADBRITE ]
 C:\USERS\NANY\APPDATA\LOCAL\TEMP\COOKIES\NANY@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
 C:\USERS\NANY\APPDATA\LOCAL\TEMP\COOKIES\NANY@CLICK.SEARCHNATION[2].TXT [ /CLICK.SEARCHNATION ]
 C:\USERS\NANY\APPDATA\LOCAL\TEMP\COOKIES\NANY@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
 C:\USERS\NANY\APPDATA\LOCAL\TEMP\COOKIES\NANY@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@006.FREE-COUNTERS.CO[1].TXT [ /006.FREE-COUNTERS.CO ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@006.FREE-COUNTERS.CO[2].TXT [ /006.FREE-COUNTERS.CO ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@247REALMEDIA[1].TXT [ /247REALMEDIA ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@4DMEDIA[1].TXT [ /4DMEDIA ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@CLICKSOR[2].TXT [ /CLICKSOR ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@GETCLICKY[1].TXT [ /GETCLICKY ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@HISTATS[2].TXT [ /HISTATS ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@KOMTRACK[2].TXT [ /KOMTRACK ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@KOMTRACK[1].TXT [ /KOMTRACK ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@OX-D.CLICKMENA[2].TXT [ /OX-D.CLICKMENA ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@STATIC.GETCLICKY[1].TXT [ /STATIC.GETCLICKY ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@TDSTATS[1].TXT [ /TDSTATS ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@TRADEFX.ADVERTSERVE[1].TXT [ /TRADEFX.ADVERTSERVE ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@ZEDO[1].TXT [ /ZEDO ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@ZEDO[2].TXT [ /ZEDO ]
 C:\USERS\NANY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NANY@ZEDO[4].TXT [ /ZEDO ]
 cdn5.tribalfusion.com [ C:\USERS\NANY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CQ6QNXH5 ]
 cdnx.tribalfusion.com [ C:\USERS\NANY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CQ6QNXH5 ]
 ia.media-imdb.com [ C:\USERS\NANY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CQ6QNXH5 ]
Trojan.Agent/Gen-Carberp
 [Google Update] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\$GPATH\GUPDATE.EXE
 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\$GPATH\GUPDATE.EXE
 [Google Update] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\$GPATH\GUPDATE.EXE
 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\GOOGLE\UPDATE\GUPDATE.EXE
 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\WINUPDATE.EXE
Trojan.Agent/Gen-FakeAlert
 C:\USERS\NANY\APPDATA\ROAMING\POLICIES.EXE
 C:\USERS\NANY\APPDATA\ROAMING\POLICIES.EXE
 C:\USERS\NANY\APPDATA\ROAMING\ATI.EXE
 C:\USERS\NANY\APPDATA\ROAMING\ATI.EXE
Spyware.AdaEbook
 ZIP ARCHIVE( C:\USERS\NANY\PSDFULL.ZIP )/¬©¥ ںéهي¢ي¬ي  ںéèںêé.EXE
 C:\USERS\NANY\PSDFULL.ZIP
Trojan.Agent/Gen-Pecetor
 C:\WINDOWS\TEMP\RFMDRCNW.EXE
 
تأييد 0
format قال:
لايوجد ملفات للحذفها

عموما
هايجك جديد لوسمحتِ​
أنقر للتوسيع...
هذا تقرير الهايجاك الثاني
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:43 م, on 26/01/12
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\nany\AppData\Roaming\cybelsoft.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\paintSched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\nany\AppData\Roaming\Synaptics.exe
C:\Users\nany\AppData\Roaming\Policies.exe
C:\Users\nany\AppData\Roaming\WinRAR.exe
C:\Users\nany\AppData\Roaming\ATI.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: Shell=explorer.exe, svdhalp.exe
F3 - REG:win.ini: load=C:\Users\nany\LOCALS~1\Temp\fe16e9ff0000f48b.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C019FED-AFC4-0DEA-FA61-045A2ADA0786} - c:\windows\system32\azcgtdlo.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [opikndss] C:\Windows\System32\opikndss.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [NT Kernel System] C:\Windows\TEMP\btdho.exe
O4 - HKLM\..\Run: [Windows Network System] C:\Windows\system32\config\systemprofile\AppData\Roaming\imgconvert.exe
O4 - HKLM\..\Run: [paintSched] C:\ProgramData\paintSched.exe
O4 - HKLM\..\Run: [isoexpand] C:\Windows\system32\config\systemprofile\AppData\Roaming\isoexpand.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ODBC] C:\Users\nany\AppData\Roaming\smss.exe
O4 - HKCU\..\Run: [Synaptics] C:\Users\nany\AppData\Roaming\Synaptics.exe
O4 - HKCU\..\Run: [Policies] C:\Users\nany\AppData\Roaming\Policies.exe
O4 - HKCU\..\Run: [WinRAR] C:\Users\nany\AppData\Roaming\WinRAR.exe
O4 - HKCU\..\Run: [Microsoft] C:\Users\nany\AppData\Roaming\Microsoft.exe
O4 - HKCU\..\Run: [ATI] C:\Users\nany\AppData\Roaming\ATI.exe
O4 - HKCU\..\Run: [cybelsoft] C:\Users\nany\AppData\Roaming\cybelsoft.exe
O4 - HKCU\..\Run: [paintSched] C:\ProgramData\paintSched.exe
O4 - HKCU\..\Run: [isoexpand] C:\Users\nany\AppData\Roaming\isoexpand.exe
O4 - HKLM\..\Policies\Explorer\Run: [SXC] C:\Windows\Sxc\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [51206] C:\PROGRA~2\LOCALS~1\Temp\da2c7bff0012e9c2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [opikndss] C:\Windows\system32\config\systemprofile\opikndss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [isoexpand] C:\Windows\system32\config\systemprofile\AppData\Roaming\isoexpand.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ATI] C:\Windows\system32\config\systemprofile\AppData\Roaming\smss.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [opikndss] C:\Windows\system32\config\systemprofile\opikndss.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ATI] C:\Windows\system32\config\systemprofile\AppData\Roaming\smss.exe (User 'Default user')
O4 - Startup: hadeeocj.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - [URL]http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_4_0.cab[/URL]
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - [URL]http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL]
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: NVIDIA Update Service (ONETWO) - Unknown owner - C:\Windows\system32\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: svclocks - Pinnacle Systems - C:\Windows\system32\drivers\svclocks.exe
--
End of file - 8832 bytes
 
تأييد 0
توقيع : علي همر
تأييد 0
علي همر قال:
طبقي هذا الفحص​


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي





وضعي التقارير بدون اكواد
أنقر للتوسيع...

Malwarebytes' Anti-Malware 1.51.2.1300
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Database version: 8010
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28/01/12 02:51:31 ص
mbam-log-2012-01-28 (02-51-31).txt
Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 252714
Time elapsed: 52 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
تأييد 0
format قال:
هايجك جديد بدون اكواد
أنقر للتوسيع...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:43 م, on 26/01/12
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\nany\AppData\Roaming\cybelsoft.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\paintSched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\nany\AppData\Roaming\Synaptics.exe
C:\Users\nany\AppData\Roaming\Policies.exe
C:\Users\nany\AppData\Roaming\WinRAR.exe
C:\Users\nany\AppData\Roaming\ATI.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe, svdhalp.exe
F3 - REG:win.ini: load=C:\Users\nany\LOCALS~1\Temp\fe16e9ff0000f48b.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C019FED-AFC4-0DEA-FA61-045A2ADA0786} - c:\windows\system32\azcgtdlo.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [opikndss] C:\Windows\System32\opikndss.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [NT Kernel System] C:\Windows\TEMP\btdho.exe
O4 - HKLM\..\Run: [Windows Network System] C:\Windows\system32\config\systemprofile\AppData\Roaming\imgconvert.exe
O4 - HKLM\..\Run: [paintSched] C:\ProgramData\paintSched.exe
O4 - HKLM\..\Run: [isoexpand] C:\Windows\system32\config\systemprofile\AppData\Roaming\isoexpand.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ODBC] C:\Users\nany\AppData\Roaming\smss.exe
O4 - HKCU\..\Run: [Synaptics] C:\Users\nany\AppData\Roaming\Synaptics.exe
O4 - HKCU\..\Run: [Policies] C:\Users\nany\AppData\Roaming\Policies.exe
O4 - HKCU\..\Run: [WinRAR] C:\Users\nany\AppData\Roaming\WinRAR.exe
O4 - HKCU\..\Run: [Microsoft] C:\Users\nany\AppData\Roaming\Microsoft.exe
O4 - HKCU\..\Run: [ATI] C:\Users\nany\AppData\Roaming\ATI.exe
O4 - HKCU\..\Run: [cybelsoft] C:\Users\nany\AppData\Roaming\cybelsoft.exe
O4 - HKCU\..\Run: [paintSched] C:\ProgramData\paintSched.exe
O4 - HKCU\..\Run: [isoexpand] C:\Users\nany\AppData\Roaming\isoexpand.exe
O4 - HKLM\..\Policies\Explorer\Run: [SXC] C:\Windows\Sxc\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [51206] C:\PROGRA~2\LOCALS~1\Temp\da2c7bff0012e9c2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [opikndss] C:\Windows\system32\config\systemprofile\opikndss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [isoexpand] C:\Windows\system32\config\systemprofile\AppData\Roaming\isoexpand.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ATI] C:\Windows\system32\config\systemprofile\AppData\Roaming\smss.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [opikndss] C:\Windows\system32\config\systemprofile\opikndss.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ATI] C:\Windows\system32\config\systemprofile\AppData\Roaming\smss.exe (User 'Default user')
O4 - Startup: hadeeocj.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: NVIDIA Update Service (ONETWO) - Unknown owner - C:\Windows\system32\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: svclocks - Pinnacle Systems - C:\Windows\system32\drivers\svclocks.exe
--
End of file - 8832 bytes
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى