الكاسبر لا يستجيب

[القلب الوحيد]

السلام عليكم ورحمة الله وبركاته​

في البداية اقدم لكم اعتزازي وتقديري وشكري لهذا المنتدى العريق في حل المشاكل
والحماية والبرامج الجديدة والمفيدة .​

مشاكلي اليوم :no:​

1 - ثقل غريب في الجهاز
2 - الكاسبر لا يستجيب يقفل ويرجع يشتغل
3 - التصفح بطيء جدااا ممكن المشكلة من المصدر افاق دي اس ال شامل​

الجهاز كان شغال معاي تمام
وقبل يومين سويت فحص للجهاز​

اكتشف الكاسبر شويت تروجانات وملفات مفيرسه
المهم لما جيت اخش على التهديدات
عشان احذف الملفات المكتشفة علق علي الكاسبر وقام يقفل ويشتغل​

دخلت من الوضع الامن وسويت فحص ما حصل شي الكاسبر

وهذه الصورة للتوضيح

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهنا الصفحة الي يعلق فيها الكاسبر لما اخش عليه

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

مواصفات جهازي للتعرفة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وفي النهاية اتمنى من الإخوة
حل مشكلتي وشكرا
ومعليش على التطويل :hh:​

 

[السّاجد لله]

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

ثم

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​

​

 

[القلب الوحيد]

هلا بالغالي هشام 77

شكرا على الإهتمام

وهذا التقرير الاول

ComboFix 08-09-19.06 - القلب الوحيد 09/20/2008 4:45:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.1.1025.18.1040 [GMT 3:00]
Running from: C:\Users\القلب الوحيد\Desktop\ززززز\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\القلب الوحيد\Documents\My Documents.url
.
((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 01:51 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-09-20 01:48 630,816 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-09-20 01:48 4,071,456 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-09-20 01:48 36,032 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-09-20 01:48 3,236 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-09-20 00:28 --------- d-----w C:\Program Files\Google
2008-09-19 04:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-19 04:14 --------- d-----w C:\Program Files\Nokia
2008-09-19 03:52 --------- d-----w C:\Program Files\Common Files\delet
2008-09-09 21:29 --------- d-----w C:\Program Files\Microsoft Works
2008-09-04 05:40 --------- d-----w C:\ProgramData\NFS Underground
2008-08-30 18:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 18:59 --------- d-----w C:\Program Files\Circle Developement
2008-08-30 00:04 --------- d-----w C:\ProgramData\ma-config.com
2008-08-30 00:04 --------- d-----w C:\Program Files\ma-config.com
2008-08-19 16:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-11 22:32 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-11 22:27 --------- d-----w C:\ProgramData\Installations
2008-08-11 20:05 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-11 20:03 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-11 13:51 --------- d-----w C:\Program Files\GizmoPlugin
2008-08-06 23:17 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-08-06 13:26 9,728 ----a-w C:\Windows\System32\RtNicProp32.dll
2008-08-06 13:26 124,928 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-08-04 11:53 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-07-28 11:12 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-28 10:49 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-25 09:24 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-25 09:24 --------- d-----w C:\ProgramData\Nokia
2008-07-25 08:42 0 ---ha-w C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-07-25 08:41 --------- d-----w C:\ProgramData\PC Suite
2008-07-25 08:22 --------- d-----w C:\Program Files\DIFX
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-18 14:28 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-07-18 14:28 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-04 21:52 355,584 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll
2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll
2008-06-26 03:29 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-05-13 20:01 174 --sha-w C:\Program Files\desktop.ini
2008-04-12 17:30 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-12 17:30 32 ----a-w C:\ProgramData\ezsid.dat
2007-05-16 20:40 262,144 ----a-w C:\ProgramData\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
12/04/2006 03:03 AM 2854912 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
12/04/2006 03:03 AM 2854912 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 10:33 AM 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="C:\Windows\system32\thpsrv" [X]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/27/2006 11:50 PM 815104]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [03/29/2007 08:39 PM 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/08/2006 02:49 AM 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [03/22/2007 09:46 PM 448632]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [04/27/2007 04:56 AM 538744]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [04/28/2007 01:08 AM 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [04/28/2007 01:08 AM 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [04/28/2007 01:08 AM 133912]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [05/19/2007 03:11 AM 4472832 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [05/26/2007 02:56 AM 1826816 C:\Windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/26/2008 06:41 PM 1232896]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-28 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
12/04/2006 02:50 AM 90112 C:\Windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 12/17/2007 05:13 PM 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6640C25F-D052-4B5C-8CFF-4E6DB516D97E}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.2.407\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.2.407\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{4A380AEE-D5B7-4AE3-BA1A-4AA4D956336D}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.2.407\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.2.407\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{C9DA7ED1-A9DE-4F88-91CC-C3A0F223BE1E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{52A94E63-3186-43CA-9593-9AD5775A7994}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{040F814B-706C-4734-9FF3-7AFFE03628B6}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{8376863D-6698-48B6-A5CF-B8A84957A6A3}C:\\program files\\samy soft\\samy soft tv 1.0\\samy soft tv 1.0.exe"= UDP:C:\program files\samy soft\samy soft tv 1.0\samy soft tv 1.0.exe:Samy Soft TV 1.0
"UDP Query User{BA52184D-204D-4441-B56B-C44D2F836003}C:\\program files\\samy soft\\samy soft tv 1.0\\samy soft tv 1.0.exe"= TCP:C:\program files\samy soft\samy soft tv 1.0\samy soft tv 1.0.exe:Samy Soft TV 1.0
"TCP Query User{F4371B43-D6D6-4B13-B9CA-A0B61771C839}C:\\program files\\samy soft\\samy soft tv 1.0\\samy soft tv 1.0.exe"= UDP:C:\program files\samy soft\samy soft tv 1.0\samy soft tv 1.0.exe:Samy Soft TV 1.0
"UDP Query User{55B48274-0867-4B01-8FCB-55DEBB31584B}C:\\program files\\samy soft\\samy soft tv 1.0\\samy soft tv 1.0.exe"= TCP:C:\program files\samy soft\samy soft tv 1.0\samy soft tv 1.0.exe:Samy Soft TV 1.0
"TCP Query User{2DA6D926-B0AB-47B9-82CE-157662F3C2FF}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{103B107E-2135-408A-93AD-AA8D7859984C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{F033AFF8-8608-4D8C-9CC8-FCC12320D1F0}C:\\program files\\samy soft\\samy soft tv 2.0\\samy soft tv 2.0.exe"= UDP:C:\program files\samy soft\samy soft tv 2.0\samy soft tv 2.0.exe:Samy Soft TV 2.0
"UDP Query User{407BD46B-9495-445C-A16D-CDF2A3CE8660}C:\\program files\\samy soft\\samy soft tv 2.0\\samy soft tv 2.0.exe"= TCP:C:\program files\samy soft\samy soft tv 2.0\samy soft tv 2.0.exe:Samy Soft TV 2.0
"{9B5E0A8F-70D3-4EE4-AA26-95A0B6E61397}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C7881C2F-5F46-4E2C-9E35-8BC9FF022BA7}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{6CD27D49-30E3-4CC3-ADE8-021C1DDD4253}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{3342E44E-BB63-4F33-84C7-8767B1C375F1}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{181997A1-D013-41B4-AB6C-BD2A15232722}C:\\program files\\samy soft\\samy soft tv 2.0\\samy soft tv 2.0.exe"= UDP:C:\program files\samy soft\samy soft tv 2.0\samy soft tv 2.0.exe:Samy Soft TV 2.0
"UDP Query User{CC43DCAA-0EA8-44EC-843E-3058CF2A59EA}C:\\program files\\samy soft\\samy soft tv 2.0\\samy soft tv 2.0.exe"= TCP:C:\program files\samy soft\samy soft tv 2.0\samy soft tv 2.0.exe:Samy Soft TV 2.0
"TCP Query User{D52952BF-5555-427C-9A60-D47963F33474}C:\\program files\\shockwave.com\\thinktanks\\thinktanks.exe"= UDP:C:\program files\shockwave.com\thinktanks\thinktanks.exe:ThinkTanks
"UDP Query User{C3DC9A92-9A5C-4673-91F3-5B5B5286D15C}C:\\program files\\shockwave.com\\thinktanks\\thinktanks.exe"= TCP:C:\program files\shockwave.com\thinktanks\thinktanks.exe:ThinkTanks
"TCP Query User{BE942279-29B5-432C-80F6-5EE571BFB97F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{648BF38F-A3AB-4459-B2D7-53B6670B2A8F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3AB947DA-325C-4FC5-B23D-B693904009E3}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exeoVoo
"UDP Query User{5F7891CD-E0AF-47A4-B635-57950A430FF2}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exeoVoo
"{2C83DD89-DFD5-4DF1-B244-FB11ADAE10D4}"= Disabled:UDP:443oVoo TCP المنفذ 443
"{D3F58E55-3F34-446C-A59C-75E98570B588}"= Disabled:TCP:443oVoo UDP المنفذ 443
"{84242EFE-F253-4F09-9048-81A1B88200A9}"= Disabled:UDP:37674oVoo TCP المنفذ 37674
"{71B5625C-51D4-4D29-8AA7-7EF0ECB26E4D}"= Disabled:TCP:37674oVoo UDP المنفذ 37674
"{417E5EBA-447F-4449-93B1-400876B5EB2B}"= Disabled:TCP:37675oVoo UDP المنفذ 37675
"TCP Query User{60BD2DAF-0224-4395-BC4F-108EF4039BC8}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exeoVoo
"UDP Query User{7E066067-CA26-4560-9137-69A557347FC6}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exeoVoo
"{48E2DA8D-0CCA-41A3-93A2-72187463218E}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D3D4D931-623C-4900-8E2E-A3A0055DEECB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C7AC0843-D255-46E0-8D4F-27FF447AEA29}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{6FC1274D-1014-4B9C-B66E-C8D4E72974C7}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{291DE84B-7E5A-4C84-92F7-75DDC71444D2}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{E55FD8CA-1317-4AF2-BB37-B282A5BD9B3F}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{9B02BBF9-F31E-41C0-BA76-4ED1C4770066}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{2510D11F-2B0A-46EB-BE65-AC9E1B2B37D0}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"{E2C86DFF-415B-4DAE-B80F-CD8D194DC07F}"= UDP:C:\Program Files\GizmoPlugin\GizmoPlugin.exe:GizmoPlugin
"{0A5E6125-F2B2-4DA9-B8BF-C8F2BC630CA7}"= TCP:C:\Program Files\GizmoPlugin\GizmoPlugin.exe:GizmoPlugin
"{8068D2E7-7F1D-471A-B6BF-A1CB004F94EF}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{3CC7DE26-5547-4B88-87FB-7B3F11F95CDF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{13F521DE-5F59-453A-B9C0-F5E9F8487790}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{9C565275-B10D-4237-989B-1D4F2F750EB4}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys [04/27/2007 08:22 PM 21504]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS [02/08/2007 03:29 AM 6528]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [03/26/2008 01:10 PM 20496]
R2 Gizmo Plugin;Gizmo VoIP Service;C:\Program Files\GizmoPlugin\GizmoPlugin.exe [08/11/2008 04:51 PM 962048]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [01/19/2008 10:33 AM 21504]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys [04/10/2007 02:13 AM 8192]
S3 GameConsoleService;GameConsoleService;C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [05/06/2008 01:25 AM 165416]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [07/25/2008 08:57 PM 191656]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsu.sys [02/01/2008 04:17 PM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsuc.sys [02/01/2008 04:17 PM 8320]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [07/05/2008 12:52 AM 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{843436df-4508-11dd-9e9d-00037ab40890}]
\shell\AutoRun\command - F:\rgjkmy3p.exe
\shell\explore\Command - F:\rgjkmy3p.exe
\shell\open\Command - F:\rgjkmy3p.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{843436e4-4508-11dd-9e9d-00037ab40890}]
\shell\AutoRun\command - E:\LaunchU3.exe -a
.
s of the 'Scheduled Tasks' folder
2008-09-20 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R1 -: HKCU-Internet Settings,ProxyOverride = local
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab
C:\Windows\Downloaded Program Files\hardwaredetection.inf
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-20 04:52:38
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\wlanext.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\conime.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\System32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 09/20/2008 4:58:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-20 01:56:54
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 134,372,368,384 bytes free
263 --- E O F --- 2008-09-18 21:12:09


وهذا التقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:01:05 , on 20/09/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\القلب الوحيد\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7360 bytes

في انتظارك يا الغالي​

 

[القلب الوحيد]

يا اخ هشام وينك هذا التقرير

انا في انتظارك يا عزيزي

يا اخوان الي يفهم في التقرير لا يبخل علينا

بالتوجيه

 

[القلب الوحيد]

الغايب عذره معاه
يلا اخوي انا رايح انام

شكرا لكم

 

[ihere]

تحليل تقرير الهايجاك + أدوات التنظيف ,,

صباح الخير ,,
.
بعد إذنك أخوي هشام :king:
.
أخي العزيز : القلب الوحيد
.
بالنسبة لتقرير الهايجاك حدد التالي وعطه ديليت ,,
.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
.
O13 - Gopher Prefix:
.
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
=-=-=
.
وطريقة حذف القيم هي كالآتي :-
.
* من نفس واجهه الهايجاك نحدد القيم المذكورة ومن ثم ننقر على كلمة Fix checked ,, k:
.

.
=-=-=
.
* الآن ستظهر لنا رسالة للتأكيد على الحذف فنضغط على نعم كما بالصورة ..
.

.
=-=-=
.
وياليت وبعد تنظيف هذه القيم تستخدم هالأداة ,,
.
رابط تحميل الأداة :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
شرح الإستخدام ,,
.
عند تحميل الأداة ننقر عليها بالماوس يمين ونختار تشغيل كمسؤول
.
وبعد ذلك نحدد جميع المربعات أو ننقر على كلمة Select All لتحديدها مما جميع
.
وبعد ذلك ننقر على كلمة OK لبدء التنظيف
.
موفق إن شاء الله ,,​

 

[القلب الوحيد]

الف شكر لك يا اخوي ابو راس

ونعم فيك والله

ما تقصر يالذيب كفوو والله

الله يعطيك العافية

يا اخ هشام ان كنت تقرا الموضوع الله يهديك
كذا تستقبلنا وتعلقناا

 

[ihere]

مع فائق أحترامي وتقديري ,,

الف شكر لك يا اخوي ابو راس
.
ونعم فيك والله
.
ما تقصر يالذيب كفوو والله
.
الله يعطيك العافية
.
يا اخ هشام ان كنت تقرا الموضوع الله يهديك
كذا تستقبلنا وتعلقناا

.
الله يعافيك يا غالي وخدمتك حق وواجب ,,
.
وأخوي هشام بعد ما قصر الله يعطيه ألف عافية والغايب عذره معه :king:
.
ونتمنى أن يكون بصحة جيدة وبأحسن حال :king:​