الكاسبر 2009 والفيروسات والتروجانات اللي ما قدر يصديها (( أنتظر مساعدتكم ))

م

مشاكس 2050

زيزوومى متألق
إنضم
19 مايو 2008
المشاركات
321
مستوى التفاعل
2
النقاط
390
الإقامة
%Temp%
غير متصل
السلام عليكم ورحمة الله وبركاته

كيف حال الجميع ؟ إن شالله بخير ؟!

أخواني أنا صارت عندي مشكلة من كم يوم ؟

وهي أني لمن أستخدم الفايرفوكس أو الإنترنت إكسبلورر تعلق الصفحات

ولمن أشغل Windows Task Manager أحصل أن أستخدم CPU 100%
شيء غريب ما كان أول زي كذا

المهم سويت فحص بالكاسبر ما طلع شيء والصراحة الكاسبر الجديد ما عرفت أستخدمه

يا زين الكاسبر القديم 6


المهم مالكم بالطويلة

الحين انا داخل موقع مكافيء وجالس أسوي فحص لجهازي أون لاين
والحين طلع عندي فايروسين ما طلعهن الكاسبر ؟:eek:

والحين أنا داخل على موقع
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وجالس أسوي فحص عن التروجانات وطلعت عندي حاليـًا 19 تروجان ما طلعهن الكاسبر :cr:

شيء يرفع الضغط

فأتوقع أن الفيروسات هذي والتروجانات هي اللي مخلية جهازي معلق :mad:


وش رايكم بالكاسبر الجديد ؟

سؤالي هو كالآتي :

أنا أبغى جميع برامج الحماية الخاصة : بالفيروسات والتروجانات وملفات التجسس ؟
كل برنامج متخصص
يعني ما أبغى أحد يقولي الكاسبر يكفي <<< لو فيه خير كان نشب للفيروسات اللي بجهازي :no:
يعني أتوقع الفيروسات لها برنامج متخصص
والتروجانات لها برنامج متخصص
وكذلك ملفات التجسس لها برنامج متخصص

أنا أبغى أفضل البرامج

وآسف على الأطالة

وشكرًا لكم

أخوكم

مشاكس
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
AbOdy قال:
المعذرة

اخوي لاهنت جرب احذف الفايروفكس وثبته من جديد ... هذا نقطه ..

نقطه ثانية اعمل التالي في الوضع الأمن ...


شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
أنقر للتوسيع...
AbOdy قال:

لو سمحت ولاهنت ...​




طبق الخطوات بالترتيب



وابي التقارير كلها وبالترتيب




لاهنت يا الذيب








أنقر للتوسيع...


بعد القيام بكل ماطلب مراقبنا
طبق المواضيع التاليه على جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

تأييد 0
السلام عليكم

جزاكم الله خير على التفاعل

وأنا حاليا أطبق الخطوات

وراجع لكم إن شالله بالتقارير

شكرًا لكم
 
تأييد 0
السلام عليكم

هذا تقرير الأداة الأولى وأنا الحين داخل من الوضع الأمن وخلصت من الأداة الأولى وهذا تقريرها علما بأني قبل ما أبدأ بشيء حذفت الفايرفوكس من الوضع الأمن

التقرير
======
SmitFraudFix v2.342
Scan done at 2:03:36.76, 29/08/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 10.140.1.160
DNS Server Search Order: 10.140.3.165
HKLM\SYSTEM\CCS\Services\Tcpip\..\{618CA990-A958-4229-A509-7C4CEC00A711}: DhcpNameServer=10.140.1.160 10.140.3.165
HKLM\SYSTEM\CS1\Services\Tcpip\..\{618CA990-A958-4229-A509-7C4CEC00A711}: DhcpNameServer=10.140.1.160 10.140.3.165
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.140.1.160 10.140.3.165
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.140.1.160 10.140.3.165

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End


وتقرير الأداة الثانية إن شالله بعد شوي

وأشكركم
 
تأييد 0
السلام عليكم

هذا تقرير الأداة الثاني بعد الفحص :

27/08/29 02:07:32 ص Engine version =5200.2160
27/08/29 02:07:32 ص AntiVirus DAT version =5242.0000
27/08/29 02:07:32 ص Number of detection signatures in EXTRA.DAT =None
27/08/29 02:07:32 ص Names of detection signatures in EXTRA.DAT =None
27/08/29 02:07:27 ص Scan Started TOSHIBA\Administrator On-Demand Scan
27/08/29 02:07:48 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@2o7[2].txt\00000000.ie -2O7(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@ad.yieldmanager[1].txt\00000000.ie -Yieldmanager(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@ad.yieldmanager[1].txt\00000000.ie -Yieldmanager(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@ad.yieldmanager[1].txt\00000000.ie -Yieldmanager(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@ad.yieldmanager[1].txt\00000000.ie -Yieldmanager(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@ad.yieldmanager[1].txt\00000000.ie -Yieldmanager(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@ad.yieldmanager[1].txt\00000000.ie -Yieldmanager(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@ad.yieldmanager[1].txt\00000000.ie -Yieldmanager(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@ad.yieldmanager[1].txt\00000000.ie -Yieldmanager(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@atdmt[1].txt\00000000.ie -Atdmt(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@doubleclick[1].txt\00000000.ie -Doubleclick(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@fastclick[1].txt\00000000.ie -Fastclick(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@fastclick[1].txt\00000000.ie -Fastclick(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@fastclick[1].txt\00000000.ie -Fastclick(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@pro-market[2].txt\00000000.ie -ProMarket(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@pro-market[2].txt\00000000.ie -ProMarket(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@statcounter[1].txt\00000000.ie -Statcounter(Potentially Unwanted Program)
27/08/29 02:07:52 ص Deleted Administrator c:\documents and settings\dhawi\s\dhawi@tribalfusion[2].txt\00000000.ie -Tribalfusion(Potentially Unwanted Program)
27/08/29 02:08:20 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\COMBOFIX.EXE RemAdm-ProcLaunch!171(Remote Admin Tool)
27/08/29 02:08:37 ص No Action Taken (Clean failed) Administrator c:\Documents and Settings\Administrator\Desktop\ComboFix.exe\PSEXEC.CFEXE RemAdm-ProcLaunch!171(Remote Admin Tool)
27/08/29 02:08:41 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\SMITFRAUDFIX.EXE PrcViewer(Potentially Unwanted Program)
27/08/29 02:09:06 ص No Action Taken (Clean failed) Administrator c:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe\PROCESS.EXE PrcViewer(Potentially Unwanted Program)
27/08/29 02:09:06 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\SMITFRAUDFIX.EXE Generic PUP.g(Potentially Unwanted Program)
27/08/29 02:09:15 ص No Action Taken (Clean failed) Administrator c:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe\REBOOT.EXE Generic PUP.g(Potentially Unwanted Program)
27/08/29 02:09:24 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\SMITFRAUDFIX\PROCESS.EXE PrcViewer(Potentially Unwanted Program)
27/08/29 02:09:24 ص Deleted Administrator c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe PrcViewer(Potentially Unwanted Program)
27/08/29 02:09:24 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\SMITFRAUDFIX\REBOOT.EXE Generic PUP.g(Potentially Unwanted Program)
27/08/29 02:09:24 ص Deleted Administrator c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Generic PUP.g(Potentially Unwanted Program)
27/08/29 02:10:57 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\DHAWI\DESKTOP\COMBOFIX.EXE RemAdm-ProcLaunch!171(Remote Admin Tool)
27/08/29 02:11:08 ص No Action Taken (Clean failed) Administrator c:\Documents and Settings\Dhawi\Desktop\ComboFix.exe\PSEXEC.CFEXE RemAdm-ProcLaunch!171(Remote Admin Tool)
27/08/29 02:11:15 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\DHAWI\DESKTOP\SMITFRAUDFIX.EXE PrcViewer(Potentially Unwanted Program)
27/08/29 02:11:24 ص No Action Taken (Clean failed) Administrator c:\Documents and Settings\Dhawi\Desktop\SmitfraudFix.exe\PROCESS.EXE PrcViewer(Potentially Unwanted Program)
27/08/29 02:11:24 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\DHAWI\DESKTOP\SMITFRAUDFIX.EXE Generic PUP.g(Potentially Unwanted Program)
27/08/29 02:11:29 ص No Action Taken (Clean failed) Administrator c:\Documents and Settings\Dhawi\Desktop\SmitfraudFix.exe\REBOOT.EXE Generic PUP.g(Potentially Unwanted Program)
27/08/29 02:13:40 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\DHAWI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\.IE5\YPYN6HM1\COMBOFIX[1].EXE RemAdm-ProcLaunch!171(Remote Admin Tool)
27/08/29 02:14:06 ص No Action Taken (Clean failed) Administrator c:\Documents and Settings\Dhawi\Local Settings\Temporary Internet Files\.IE5\YPYN6HM1\ComboFix[1].exe\PSEXEC.CFEXE RemAdm-ProcLaunch!171(Remote Admin Tool)
27/08/29 02:15:20 ص Not scanned (The file is encrypted) Administrator c:\Documents and Settings\Dhawi\My Documents\Downloads\Compressed\CIaCE YIO CaIaCO aa CaYCiNaOCE.rar\SAFEBUG.ZIP\PROCESS.EXE
27/08/29 02:15:34 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\DHAWI\MY DOCUMENTS\DOWNLOADS\COMPRESSED\CIACE YIO CAIACO AA CAYCINAOCE.RAR PrcViewer(Potentially Unwanted Program)
27/08/29 02:16:11 ص No Action Taken (Clean failed) Administrator c:\Documents and Settings\Dhawi\My Documents\Downloads\Compressed\CIaCE YIO CaIaCO aa CaYCiNaOCE.rar\ZYZOOM_AUTORUN_VIRUSES_KILLER_V2.EXE\PROCESS.EXE PrcViewer(Potentially Unwanted Program)
27/08/29 02:17:04 ص Deleted Administrator C:\DOCUMENTS AND SETTINGS\DHAWI\MY DOCUMENTS\DOWNLOADS\COMPRESSED\YIO CAECEOCE ACAقNO CAOAE.RAR PrcViewer(Potentially Unwanted Program)
27/08/29 02:17:18 ص No Action Taken (Clean failed) Administrator c:\Documents and Settings\Dhawi\My Documents\Downloads\Compressed\YIO CaECEOCE aCaقNO CaOaE.rar\,, 驫 㤡 靦 ꢭ1.EXE\PROCESS.EXE PrcViewer(Potentially Unwanted Program)
27/08/29 02:44:17 ص Not scanned (The file is encrypted) Administrator d:\Desktop\من سيربح المليون.zip\ GOLDEN MILLION.SIS
27/08/29 02:44:34 ص Not scanned (The file is encrypted) Administrator d:\Downloads\xp.exe\CLICK1.OGG
27/08/29 02:44:41 ص Not scanned (The file is encrypted) Administrator d:\Downloads\Compressed\netcut 2.8.rar\NETCUT.EXE
27/08/29 02:44:41 ص Not scanned (The file is encrypted) Administrator d:\Downloads\Compressed\P. IDMan 5.11.8.rar\P. IDMAN 5.11.8.EXE
27/08/29 02:44:45 ص Not scanned (The file is encrypted) Administrator d:\Downloads\Compressed\الجافا للمبتدئين.rar\PL036.PDF
27/08/29 02:44:46 ص Not scanned (The file is encrypted) Administrator d:\Downloads\Compressed\جرافيكس جافا.rar\JAVA1.PDF
27/08/29 02:44:46 ص Not scanned (The file is encrypted) Administrator d:\Downloads\Compressed\كتاب جافا_كلمة المرور_tipsclub.rar\5.HTM
27/08/29 02:44:46 ص Not scanned (The file is encrypted) Administrator d:\Downloads\Compressed\كتاب شامل عن لغة السي.rar\PL011.PDF
27/08/29 02:44:55 ص Deleted Administrator d:\Downloads\Masra7eyat\بو متيح\Desktop_.ini W32/Fujacks.ini(Virus)
27/08/29 02:44:55 ص Deleted Administrator d:\Downloads\Masra7eyat\سيف العرب\Desktop_.ini W32/Fujacks.ini(Virus)
27/08/29 02:51:02 ص Deleted Administrator D:\USB ملفات\كراك برنامج STYLE XP.ZIP Keygen-XPStyle(Potentially Unwanted Program)
27/08/29 02:51:20 ص No Action Taken (Clean failed) Administrator d:\USB ملفات\كراك برنامج Style xp.zip\KEYGEN.EXE Keygen-XPStyle(Potentially Unwanted Program)
27/08/29 02:51:20 ص Deleted Administrator D:\USB ملفات\برامج تحويل الملفات الصوتية\CRACK STREEM BOX.ZIP Crack-PCV(Potentially Unwanted Program)
27/08/29 02:51:31 ص No Action Taken (Clean failed) Administrator d:\USB ملفات\برامج تحويل الملفات الصوتية\crack streem box.zip\SBOXRIP2009CRK.EXE Crack-PCV(Potentially Unwanted Program)
27/08/29 02:51:35 ص No Action Taken (Clean failed) Administrator d:\USB ملفات\برامج تحويل الملفات الصوتية\streambox.zip\STREAMBOXRIPPER.ZIP\RIPPERCRACK.ZIP\SBOXRIP2009CRK.EXE Crack-PCV(Potentially Unwanted Program)
27/08/29 02:51:38 ص No Action Taken (Clean failed) Administrator d:\USB ملفات\برامج تحويل الملفات الصوتية\برنامج ستريم بوكس\streamboxRipper.zip\RIPPERCRACK.ZIP\SBOXRIP2009CRK.EXE Crack-PCV(Potentially Unwanted Program)
27/08/29 02:51:38 ص Deleted Administrator D:\USB ملفات\برامج تحويل الملفات الصوتية\برنامج ستريم بوكس\STREAMBOXRIPPER\RIPPERCRACK.ZIP Crack-PCV(Potentially Unwanted Program)
27/08/29 02:52:06 ص No Action Taken (Clean failed) Administrator d:\USB ملفات\برامج تحويل الملفات الصوتية\برنامج ستريم بوكس\streamboxRipper\RipperCrack.zip\SBOXRIP2009CRK.EXE Crack-PCV(Potentially Unwanted Program)
27/08/29 02:52:06 ص Deleted Administrator D:\USB ملفات\برامج تحويل الملفات الصوتية\برنامج ستريم بوكس\STREAMBOXRIPPER\SBOXRIP2009CRK.EXE Crack-PCV(Potentially Unwanted Program)
27/08/29 02:52:06 ص Deleted Administrator d:\USB ملفات\برامج تحويل الملفات الصوتية\برنامج ستريم بوكس\streamboxRipper\SboxRip2009crk.exe Crack-PCV(Potentially Unwanted Program)
27/08/29 02:52:06 ص Deleted Administrator D:\USB ملفات\برامج تحويل الملفات الصوتية\برنامج ستريم بوكس\STREAMBOXRIPPER\RIPPERCRACK\SBOXRIP2009CRK.EXE Crack-PCV(Potentially Unwanted Program)
27/08/29 02:52:06 ص Deleted Administrator d:\USB ملفات\برامج تحويل الملفات الصوتية\برنامج ستريم بوكس\streamboxRipper\RipperCrack\SboxRip2009crk.exe Crack-PCV(Potentially Unwanted Program)
27/08/29 02:55:32 ص Not scanned (The file is encrypted) Administrator d:\برامج\Winrar3.62\Crack Winrar3.62.rar\PATCH (CRACK).EXE
27/08/29 02:55:35 ص Not scanned (The file is encrypted) Administrator d:\برامج\المكتبة الشاملة\shamela[1].part1.rar\SHAMELA.CHM
27/08/29 02:56:10 ص Not scanned (The file is encrypted) Administrator d:\فيجوال بيسك\فيجوال بيسك\VB.NET كتاب\VB.NET.part16.zip\AUTHORSBOOKS.DLL
27/08/29 02:56:30 ص Not scanned (The file is encrypted) Administrator d:\فيجوال بيسك\فيجوال بيسك 2\أمثلة مشاريع\MOHASEB6\MOHASEB6.ace\INVENTORY.BAS
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Scan Summary
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Processes scanned : 15
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Processes detected : 0
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Processes cleaned : 0
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Boot sectors scanned : 2
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Boot sectors detected: 0
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Boot sectors cleaned : 0
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Files scanned : 69701
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Files with detections: 18
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator File detections : 36
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Files cleaned : 0
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Files deleted : 6
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Files not scanned : 35
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Scan Summary (Registry Scanning)
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Keys scanned : 26614
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Keys detected : 0
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Keys cleaned : 0
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Keys deleted : 0
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Scan Summary ( Scanning)
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator s scanned : 265
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator s detected : 18
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator s cleaned : 0
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator s deleted : 18
27/08/29 02:58:14 ص Scan Summary TOSHIBA\Administrator Run time : 0:50:47
27/08/29 02:58:14 ص Scan Complete TOSHIBA\Administrator On-Demand Scan
 
تأييد 0
والحين راح أسوي تقرير الأداتين

بعد قليل
 
تأييد 0
والله يا عندك بلاوي
الصدق شي يضيق الصدر الكاسبر ما قدر يصيد الفايروس => amvo.exe
اذا تبي علمي
ثبت الأفيرا وافحص جهازك بعد تحديثه
وناظر النتيجه كيف راح تكون
بدل ما توجع راسك بكل الي سويته هذا كله
الأفيرا بيجمعه في ضغطه وحده
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
والله ياخوك مدري وش فيه شكله كان إجازة

هههههههه
 
تأييد 0
وهذا تقرير الأداة الثالثة من الوضع الآمين

ComboFix 08-08-28.04 - Administrator 2008-08-29 3:17:29.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.371 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
2008-08-29 02:07 . 2008-08-29 02:51 <DIR> d-------- C:\QUARANTINE
2008-08-29 02:07 . 2008-08-29 02:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-29 02:03 . 2008-08-29 02:03 3,506 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-28 02:03 . 2008-03-05 11:41 148,496 --a------ C:\WINDOWS\system32\drivers\92736188.sys
2008-08-28 01:55 . 2008-07-06 07:01 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-28 01:55 . 2008-07-06 07:01 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-08-28 01:55 . 2008-07-06 07:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2008-08-28 01:55 . 2008-07-06 07:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-08-28 01:55 . 2008-07-06 07:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-08-28 01:55 . 2008-07-05 23:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-08-28 01:55 . 2008-07-06 07:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-08-28 01:55 . 2008-08-28 01:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-27 23:44 . 2008-08-27 23:44 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-08-26 01:24 . 2008-08-26 01:28 <DIR> d-------- C:\Program Files\Proxifier
2008-08-26 01:24 . 1997-06-06 15:52 11,264 --a------ C:\WINDOWS\system32\SPORDER.DLL
2008-08-24 19:43 . 2008-08-24 19:44 <DIR> d-------- C:\Program Files\Hotspot Shield
2008-08-22 02:14 . 2008-08-22 02:14 <DIR> d-------- C:\Program Files\CCleaner
2008-08-20 20:45 . 2008-08-20 20:46 <DIR> d-------- C:\Documents and Settings\Dhawi\Application Data\ArtOfPing
2008-08-20 20:34 . 2008-08-20 20:34 <DIR> d-------- C:\TEMP
2008-08-20 20:34 . 2008-08-20 20:34 <DIR> d-------- C:\Documents and Settings\Dhawi\Application Data\GPass-3
2008-08-20 20:08 . 2008-08-20 20:08 <DIR> d-------- C:\Documents and Settings\Dhawi\Application Data\GPass
2008-08-20 15:25 . 2008-08-20 15:25 <DIR> d-------- C:\Program Files\4arabnetwork
2008-08-19 21:06 . 2008-08-19 21:06 <DIR> d-------- C:\Program Files\TeamViewer3
2008-08-19 21:06 . 2008-08-19 22:30 <DIR> d-------- C:\Documents and Settings\Dhawi\Application Data\TeamViewer
2008-08-19 20:48 . 2008-08-19 20:48 <DIR> d-------- C:\Documents and Settings\Dhawi\temp
2008-08-18 23:26 . 2008-08-18 23:30 <DIR> d-------- C:\s2h
2008-08-18 20:59 . 2008-08-28 02:33 <DIR> d-------- C:\Program Files\HTTP-Tunnel
2008-08-15 22:43 . 2008-08-15 22:43 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-06 22:10 . 2008-08-06 22:10 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-06 05:52 . 2008-08-09 11:46 <DIR> d-------- C:\Program Files\Ares
2008-08-03 19:16 . 2008-08-03 19:16 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-03 19:16 . 2008-08-03 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-03 03:26 . 2008-08-03 03:26 <DIR> d-------- C:\Program Files\Microsoft Firewall Client 2004
2008-07-29 22:07 . 2008-08-28 23:55 <DIR> d-------- C:\Documents and Settings\Dhawi\Tracing
2008-07-29 21:54 . 2008-08-01 04:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 00:15 401,440 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-29 00:15 2,452 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-29 00:15 16,172 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-29 00:15 1,931,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-29 00:09 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\DMCache
2008-08-29 00:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-26 00:59 --------- d-----w C:\Program Files\InterVideo
2008-08-24 16:38 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\uTorrent
2008-08-23 17:58 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-22 23:35 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\IDM
2008-08-20 17:26 --------- d-----w C:\Program Files\uTorrent
2008-08-19 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-08-12 00:58 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-06 19:10 --------- d-----w C:\Program Files\Common Files\Real
2008-08-05 21:38 37,088 ----a-w C:\Documents and Settings\Dhawi\Application Data\GDIPFONTCACHEV1.DAT
2008-08-03 16:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-03 09:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Babylon
2008-07-29 18:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-26 19:09 --------- d-----w C:\Program Files\Windows Live
2008-07-26 19:09 --------- d-----w C:\Program Files\MSN Messenger
2008-07-25 12:56 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-25 12:56 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-25 12:28 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-25 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 13:47 --------- d-----w C:\Program Files\TechSmith
2008-07-23 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-23 13:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 02:26 --------- d--h--w C:\Program Files\Zenographics
2008-07-19 02:26 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-15 13:25 --------- d-----w C:\Program Files\Babylon
2008-07-14 03:55 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\AdobeUM
2008-07-12 18:58 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-12 18:58 172,032 ------w C:\WINDOWS\Setup1.exe
2008-07-12 13:44 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-11 20:58 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-07-06 22:16 --------- d-----w C:\Program Files\Real
2008-07-06 21:52 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Media Player Classic
2008-07-06 14:53 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-06 07:33 --------- d-----w C:\Program Files\Symantec
2008-07-06 07:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-06 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-06 04:12 --------- d-----w C:\Program Files\Windows Desktop Search
2008-07-06 04:12 --------- d-----w C:\Program Files\Toshiba
2008-07-06 04:11 --------- d-----w C:\Program Files\Synaptics
2008-07-06 04:11 --------- d-----w C:\Program Files\Sonic
2008-07-06 04:11 --------- d-----w C:\Program Files\Realtek
2008-07-06 04:10 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-06 04:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-06 04:10 --------- d-----w C:\Program Files\ltmoh
2008-07-06 04:10 --------- d-----w C:\Program Files\Java
2008-07-06 04:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 04:08 --------- d-----w C:\Program Files\Common Files\Java
2008-07-06 04:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-06 04:08 --------- d-----w C:\Program Files\ATI Technologies
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Windows Desktop Search
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\toshiba
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Sonic
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\ATI
2008-07-06 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-07-05 20:51 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Protector Suite
2008-07-05 20:49 --------- d-----w C:\Program Files\Protector Suite QL
2008-07-05 20:48 --------- d-----w C:\Program Files\Common Files\Protector Suite QL
2008-07-05 20:47 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-05 20:47 --------- d-----w C:\Program Files\Intel
2008-07-05 20:47 --------- d-----w C:\Documents and Settings\Dhawi\Application Data\Intel
2008-07-05 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-07-05 20:44 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_SATELLITE A100_04705-AR_PSAA9E-0R101.MRK
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 14:26 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 03:12 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 17:02 352256]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 13:31 118784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 08:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 18:02 761948]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 15:04 7557120]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 15:04 49152]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 14:11 73728]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41 602182]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 17:36 30208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-06 22:09 185896]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-10 01:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 16:29 88203 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 17:26 266240 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 18:03 73728 C:\WINDOWS\system32\TDispVol.exe]
"nwiz"="nwiz.exe" [2006-05-01 15:04 1519616 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:12 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2/3/2006 12:19:10 AM 1753088]
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe [12/9/2006 7:04:10 PM 117568]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 15:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\CCProxy\\CCProxy.v6.60\\CCProxy.v6.60\\CCProxy.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Dhawi\\Desktop\\CCProxy\\CCProxy.dat"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-12-16 23:37]
S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
S1 is-UCIE8drv;is-UCIE8drv;C:\WINDOWS\system32\drivers\92736188.sys [2008-03-05 11:41]
S2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 18:00]
S2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 17:59]
S2 FwcAgent;Firewall Client Agent;C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 19:04]
S2 is-UCIE8;is-UCIE8;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-UCIE8\is-UCIE8.exe []
S2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2006-05-05 17:33]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
S3 NetHook_ControlCenter;ArtOfPing ControlCenter;C:\Program Files\PingFu Iris\ControlCenter.sys []
S3 NetHook_Interceptor;ArtOfPing TDI Interceptor;C:\Program Files\PingFu Iris\Interceptor.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{449b00d2-868a-11da-a583-00a0d1df1b4d}]
\Shell\AutoRun\command - browser.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-is-UCIE8 - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-UCIE8\is-UCIE8.exe

.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyServer = stuproxy.kfupm.edu.sa:80
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: &MSN Search - C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 -: Open in new background tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui/229?5ffc62ad4625433481b64c2b04fe285
O8 -: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui/230?5ffc62ad4625433481b64c2b04fe285
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-29 03:19:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-29 3:20:02
ComboFix-quarantined-files.txt 2008-08-29 00:20:00
ComboFix2.txt 2008-08-29 00:02:53
ComboFix3.txt 2008-08-27 22:15:59
Pre-Run: 59,801,964,544 bytes free
Post-Run: 59,801,038,848 bytes free
213
 
تأييد 0
وهذا تقرير الأداة الرابعة من الوضع الآمن

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:22:21, on 29/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = stuproxy.kfupm.edu.sa:80
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\Hotspot Shield\AnchorFree\ie\AFBho.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui/229?5ffc62ad4625433481b64c2b04fe285
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui/230?5ffc62ad4625433481b64c2b04fe285
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: is-UCIE8 - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-UCIE8\is-UCIE8.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 7135 bytes
 
تأييد 0
والحين أعطيتكم التقارير بالترتيب

الله لايهينكم أنتظر الحل

وجزاكم الله خير :)
 
تأييد 0
التقارير سليمه
ان شاء الله يكون جهازك الحين تمام
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى