تم حل المشكلة /مشكلة في الوندوز جاني فايرس عفس الجهاز (مساعدة)

[Windows Vista]

السلام عليكم

الفايرس جاني عن طريق فلاش وضعت في الجهاز وشغلته وانتشر الفايرس >>كل ما صاحبي الزفت
جهازي windows xp sp3
برنامج الحمايه كان antivir_workstation_winu_en_hp
بدلته وركبت الكاسبر انترنت سيكورتي 2009 واعتدل الجهاز بس احسه بطئ
وعفس لي الجهاز ومره يعلق ...
وما اقدر افتح برنامج الماسنجر وعده برامج آخرى ...
وحتى اني كنت احمل كونان 26 جيجا زين ما راح علي بسبب الفايرس اللعين

الموهوم
وهذا كشف الجهاز

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:26:46 م, on 03/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\camel\Apache2\bin\Apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Bramj\USDownloader135\USDownloader.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\camel\Apache2\bin\Apache.exe
C:\Program Files\aboal7roof\aboal7roof.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Documents and Settings\ALiWe  GMC  S\My Documents\Downloads\Programs\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ALiWe  GMC  S\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.awalnet.net.sa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [USDownloader] "D:\Bramj\USDownloader135\USDownloader.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: aboal7roof.lnk = C:\Program Files\aboal7roof\aboal7roof.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب الدعايات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CamelApache - Apache Software Foundation - C:\camel\Apache2\bin\Apache.exe
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9560 bytes

شو الحل برايكم

​

 

[Run]

ركب اعدادات الكاسبر وقم با الفحص الشامل مره اخرى

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[Windows Vista]

جاري ...

 

[Windows Vista]

بسألف افحص بإش
الكاسبر
لو الاداء الي طلع تمنها التقرير

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 

[Windows Vista]

هذا التقرير​

ComboFix 09-04-01.01 - ALiWe GMC S 04/03/2009 15:55:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.510.103 [GMT 3:00]
Running from: c:\documents and settings\ALiWe GMC S\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ALiWe GMC S\Application Data\addon.dat
c:\documents and settings\ALiWe GMC S\Application Data\tazebama
c:\documents and settings\ALiWe GMC S\Application Data\tazebama\tazebama.log
c:\documents and settings\ALiWe GMC S\Application Data\tazebama\zPharaoh.dat
c:\program files\Bifrost
c:\windows\setup.exe
c:\windows\system32\img_utils.dll
c:\windows\system32\imgscaler.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\viscomaudiodata.dll
c:\windows\system32\viscomflvdec.dll
c:\windows\system32\viscomframe.dll
c:\windows\system32\viscommpgdec.dll
c:\windows\system32\viscomwave.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 13:05 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\DMCache
2009-04-03 13:04 532,512 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-03 13:04 41,104 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-03 13:04 4,988,960 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-03 13:04 3,948 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-03 13:04 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-03 13:01 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\uTorrent
2009-04-03 09:53 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-03 06:31 1,124 ----a-w C:\KIS8_2009009027_04488538.zip
2009-04-03 06:31 1,085 ----a-w C:\KIS8_2009009010_043475E5.zip
2009-04-03 06:30 1,070 ----a-w C:\KIS8_2009-06-06_04DDC949.zip
2009-04-02 21:52 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-02 21:50 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-02 21:50 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-02 21:03 --------- d-----w c:\program files\Kaspersky Lab
2009-04-02 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-02 20:55 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-02 20:50 --------- d-----w c:\program files\FlashFXP
2009-04-02 20:48 --------- d-----w c:\program files\uTorrent
2009-04-02 20:48 --------- d-----w c:\program files\QuickTime
2009-04-02 20:47 --------- d-----w c:\program files\iTunes
2009-04-02 10:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-02 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-02 09:49 --------- d-----w c:\program files\Common Files\Adobe
2009-04-02 09:33 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-02 09:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-01 18:49 --------- d-----w c:\program files\MP3Cutter
2009-04-01 09:11 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\MAGIX
2009-04-01 09:10 --------- d-----w c:\program files\MAGIX
2009-04-01 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\MAGIX
2009-04-01 09:09 --------- d-----w c:\program files\Common Files\MAGIX Shared
2009-04-01 09:07 --------- d-----w c:\program files\Common Files\xara
2009-03-31 16:37 --------- d-----w c:\program files\Total Video Converter
2009-03-31 16:24 --------- d-----w c:\program files\DVDVideoSoft
2009-03-31 16:24 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-30 16:28 --------- d-----w c:\program files\Zealot Software
2009-03-29 16:59 --------- d-----w c:\program files\Common Files\xing shared
2009-03-29 16:59 --------- d-----w c:\program files\Common Files\Real
2009-03-27 20:09 --------- d-----w c:\program files\Microsoft.NET
2009-03-26 10:31 --------- d-----w c:\program files\Nokia
2009-03-26 10:29 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-26 10:25 --------- d-----w c:\program files\Common Files\PCSuite
2009-03-26 10:25 --------- d-----w c:\program files\Common Files\Nokia
2009-03-26 10:24 --------- d-----w c:\program files\PC Connectivity Solution
2009-03-25 18:30 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\PC Suite
2009-03-23 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-03-23 14:36 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-03-23 14:35 --------- d-----w c:\program files\TechSmith
2009-03-23 14:34 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-22 18:49 --------- d-----w c:\program files\PhotoZoom Pro 2
2009-03-22 12:34 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\FlashFXP
2009-03-22 11:14 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\AlMAdinahMushaf
2009-03-21 10:58 55,640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-20 12:53 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\Desktopicon
2009-03-20 12:48 --------- d-----w c:\program files\FormatFactory
2009-03-12 00:00 --------- d-----w c:\program files\MSXML 4.0
2009-03-11 21:08 --------- d-----w c:\program files\Java
2009-03-11 12:36 --------- d-----w c:\program files\MSBuild
2009-03-11 12:31 --------- d-----w c:\program files\Reference Assemblies
2009-03-11 09:41 --------- d-----w c:\program files\Any Audio Converter
2009-03-10 21:10 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\Nero
2009-03-10 20:27 --------- d-----w c:\program files\Common Files\Nero
2009-03-10 20:02 --------- d-----w c:\program files\Nero
2009-03-10 20:00 --------- d-----w c:\program files\Windows Sidebar
2009-03-10 19:52 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-08 17:52 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\Apple Computer
2009-03-08 17:51 --------- d-----w c:\program files\iPod
2009-03-08 17:51 --------- d-----w c:\program files\Common Files\Apple
2009-03-08 17:51 --------- d-----w c:\program files\Bonjour
2009-03-08 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-08 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-08 17:49 --------- d-----w c:\program files\Apple Software Update
2009-03-08 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-03-07 10:05 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\Nokia
2009-03-06 17:08 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\IDM
2009-03-05 14:42 --------- d-----w c:\program files\aboal7roof
2009-03-05 09:55 --------- d-----w c:\program files\Remote Professional
2009-03-03 09:40 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-02 16:31 --------- d-----w c:\program files\PhotoInstrument
2009-03-02 16:19 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-02 16:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-02 09:00 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-01 13:00 --------- d-----w c:\program files\Hotspot Shield
2009-03-01 11:54 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-01 11:54 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-01 10:36 --------- d-----w c:\program files\Internet Download Manager
2009-02-28 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-28 19:40 --------- d-----w c:\program files\DIFX
2009-02-28 11:17 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-28 10:20 --------- d-----w c:\documents and settings\ALiWe GMC S\Application Data\Media Player Classic
2009-02-28 10:13 --------- d-----w c:\program files\Windows Live
2009-02-28 10:13 --------- d-----w c:\program files\Microsoft
2009-02-28 10:12 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-28 10:00 --------- d-----w c:\program files\The KMPlayer
2009-02-28 09:38 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-27 19:58 --------- d-----w c:\program files\Microsoft Math Add-in for Word 2007
2009-02-27 19:58 --------- d-----w c:\program files\Classic Menu for Office
2009-02-27 19:52 --------- d-----w c:\program files\Microsoft Works
2009-02-27 19:36 --------- d-----w c:\program files\Real
2009-02-27 19:19 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [04/03/2009 12:51 AM 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [02/28/2009 01:02 PM 2745776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [04/14/2008 09:30 PM 1695232]
"USDownloader"="d:\bramj\USDownloader135\USDownloader.exe" [02/20/2009 06:55 PM 536064]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [12/03/2008 12:47 PM 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [01/05/2009 04:18 PM 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [01/06/2009 01:06 PM 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [03/12/2009 12:08 AM 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/29/2009 07:59 PM 198160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/03/2009 12:52 AM 206088]
"SoundMan"="SOUNDMAN.EXE" [08/03/2006 12:12 AM 577536 c:\windows\SOUNDMAN.EXE]
c:\documents and settings\ALiWe GMC S\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
aboal7roof.lnk - c:\program files\aboal7roof\aboal7roof.exe [2009-03-05 776704]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-05-15 6822728]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\camel\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Documents and Settings\\ALiWe GMC S\\My Documents\\Downloads\\Programs\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 CamelApache;CamelApache;c:\camel\Apache2\bin\Apache.exe [2005-02-10 20541]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 CamelMysql;CamelMysql;c:\camel\mysql\bin\mysqld-nt.exe --defaults-file="c:\camel\mysql\ini\my.ini" CamelMysql --> c:\camel\mysql\bin\mysqld-nt.exe --defaults-file=c:\camel\mysql\ini\my.ini [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-04-01 1527900]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-26 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-26 8320]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44fb3691-1f81-11de-853f-0019db2031d9}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [07/30/2008 12:34 PM]
2009-04-03 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-04-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = proxy.awalnet.net.sa:8080
uInternet Settings,ProxyOverride = *.local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\ALiWe GMC S\Application Data\Mozilla\Firefox\Profiles\lakmyfe7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\ALiWe GMC S\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-03 16:04:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1606980848-62587156-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="a"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\TechSmith\SnagIt 9\TscHelp.exe
c:\program files\TechSmith\SnagIt 9\SnagPriv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
.
**************************************************************************
.
Completion time: 04/03/2009 16:10:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 13:10:37
Pre-Run: 24,247,894,016 bytes free
Post-Run: 26,688,217,088 bytes free
261 --- E O F --- 2009-03-29 00:05:41
​

 

[MAAX]

عطل استعادة النظام حسب الشرح التالي

ثم

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها فتظهر لك واجهة الاداة
احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة​

 

[Windows Vista]

^^^
جاري ...
بس مو كأن حجم الاداة كبيرة 54 ميجا..
بس جاري التحميل ..
....

 

[Windows Vista]

التقرير يصير مكان ما حملنا الأداة صح ...
هذا هو
مو كأنه نفس الفوقي في الرد الاول.؟؟


​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:26:46 م, on 03/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\camel\Apache2\bin\Apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Bramj\USDownloader135\USDownloader.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\camel\Apache2\bin\Apache.exe
C:\Program Files\aboal7roof\aboal7roof.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Documents and Settings\ALiWe GMC S\My Documents\Downloads\Programs\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ALiWe GMC S\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.awalnet.net.sa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [USDownloader] "D:\Bramj\USDownloader135\USDownloader.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: aboal7roof.lnk = C:\Program Files\aboal7roof\aboal7roof.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب الدعايات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CamelApache - Apache Software Foundation - C:\camel\Apache2\bin\Apache.exe
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9560 bytes
​

 

[MAAX]

لا لاياخوي
يظهر لوحده على الشاشة

 

[Windows Vista]

طيب هذا هو
​

Engine Version : 5300.2777
Engine Load Time : 63766 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan

Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\hiberfil.sys : Scan Failed
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\ALiWe GMC S\NTUSER.DAT : Scan Failed
c:\Documents and Settings\ALiWe GMC S\NTUSER.DAT.LOG : Scan Failed
c:\Documents and Settings\ALiWe GMC S\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\ALiWe GMC S\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\ALiWe GMC S\Local Settings\Temp\BCG6.tmp : Scan Failed
c:\Documents and Settings\ALiWe GMC S\Local Settings\Temp\Perflib_Perfdata_d3c.dat : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.ARA : Scan Failed
File : c:\Program Files\FlashFXP\Keygen.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Program Files\FlashFXP\Keygen.exe : Deleted
File : c:\Program Files\WinRAR\keygen.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Program Files\WinRAR\keygen.exe : Deleted
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.idx : Scan Failed
c:\WINDOWS\system32\drivers\fidbox2.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox2.idx : Scan Failed
c:\WINDOWS\Temp\Perflib_Perfdata_540.dat : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 74086
FilesScanned : 50595
FilesNotScanned : 23491

ObjectsFound : 159722
ObjectsInfected : 2
ObjectsCleaned : 0
ObjectsDeleted : 2

FilesInfected : 2
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 2

Started at : 05:04:41 م 08 ربيع الثاني, 1430
Ended at : 05:53:09 م 08 ربيع الثاني, 1430
Duration : 48 minutes 28 seconds
5972 MB scanned in 2908 seconds = 2 MB/s
Engine Version : 5300.2777
Engine Load Time : 24140 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

File : d:\Bramj\Adobe\Adobe Flash CS3 Pro\Crack\Flash Video Encoder.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Flash CS3 Pro\Crack\Flash Video Encoder.exe : Repaired
File : d:\Bramj\Adobe\Adobe Flash CS3 Pro\Crack\Flash.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Flash CS3 Pro\Crack\Flash.exe : Repaired
File : d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\Setup.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\Setup.exe : Repaired
File : d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\Goodies\Adobe Flash CS3 Video Encoder.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\Goodies\Adobe Flash CS3 Video Encoder.exe : Repaired
File : d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsInstaller-KB893803-v2-x86.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsInstaller-KB893803-v2-x86.exe : Repaired
File : d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsServer2003-KB898715-ia64-enu.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsServer2003-KB898715-ia64-enu.exe : Repaired
File : d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsServer2003-KB898715-x64-enu.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsServer2003-KB898715-x64-enu.exe : Repaired
File : d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsServer2003-KB898715-x86-enu.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsServer2003-KB898715-x86-enu.exe : Repaired
File : d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsXP-KB898715-x64-enu.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Flash CS3 Pro\Setup\redist\WindowsXP-KB898715-x64-enu.exe : Repaired
File : d:\Bramj\Adobe\Adobe Photosop CS3 Extended ME\Setup.exe : contains "Virus" called "W32/Mabezat.a" (Cleaned )
d:\Bramj\Adobe\Adobe Photosop CS3 Extended ME\Setup.exe : Repaired
File : d:\Bramj\Adobe\Adobe Photosop CS3 Extended ME\الكراك\Keygen.exe : contains "Trojan" called "Generic.dx" (Deleted )
d:\Bramj\Adobe\Adobe Photosop CS3 Extended ME\الكراك\Keygen.exe : Deleted
File : d:\Bramj\Other\Driver.Genius.Pro.v8.0.+Keymaker\keygen.exe : contains "Trojan" called "Generic.dx" (Deleted )
d:\Bramj\Other\Driver.Genius.Pro.v8.0.+Keymaker\keygen.exe : Deleted
File : d:\Bramj\Other\FlashFXP_v3.4.with.keygen.uaekeys.com\Keygen\Keygen.exe : contains "Trojan" called "Generic.dx" (Deleted )
d:\Bramj\Other\FlashFXP_v3.4.with.keygen.uaekeys.com\Keygen\Keygen.exe : Deleted
File : d:\Bramj\Other\Mask_Surf_Pro_2.0_By_KazamAtuia\Mask.Surf.Pro.2.0.crack\check.dll : contains "Trojan" called "Generic.dx" (Deleted )
d:\Bramj\Other\Mask_Surf_Pro_2.0_By_KazamAtuia\Mask.Surf.Pro.2.0.crack\check.dll : Deleted
File : d:\Bramj\Pressure\Winrar 3.71\keygen.exe : contains "Trojan" called "Generic.dx" (Deleted )
d:\Bramj\Pressure\Winrar 3.71\keygen.exe : Deleted
File : d:\Shuala\منتديات\ستايلات\المستندات\موالد\CEDP-Stealer-Setup.exe : contains "Trojan" called "Generic PWS.y" (Deleted )
d:\Shuala\منتديات\ستايلات\المستندات\موالد\CEDP-Stealer-Setup.exe : Deleted

Summary :-
FilesFound : 68740
FilesScanned : 44695
FilesNotScanned : 24045

ObjectsFound : 76066
ObjectsInfected : 16
ObjectsCleaned : 10
ObjectsDeleted : 6

FilesInfected : 16
FilesCleaned : 10
FilesMoved : 0
FilesDeleted : 6

Started at : 05:53:36 م 08 ربيع الثاني, 1430
Ended at : 06:23:35 م 08 ربيع الثاني, 1430
Duration : 29 minutes 59 seconds
4993 MB scanned in 1799 seconds = 2 MB/s

​

 

[MAAX]

تماام
تم حذف الاصابة
هل تواجه اي مشاكل اخرى ؟

 

[Windows Vista]

لالا الحمد لله تم حل المشكله
ورجع الجهاز مثل ما كان الشكر لله ثم لكم

بس فيه شكلة بسيطه هي اني الماسنجر ما اقدر افتحه

اما اذا طفيت الكاسبر اقدر اشغله
وش العله هنا ...
مع التحيه والشكر
الله يوفقك ان شاء الله

 

[MAAX]

طبق هذا الشرح على المسنجر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبلغني النتائج

 

[Windows Vista]

^^^^^^
الصور في الموضوع مهي ظاهره
وش اسوي ...

 

[MAAX]

طيب طبق هذا الشرح
الريل بلاير مثال فقط
انت طبقه على المسنجر

اعدادات الجدار الناري للكاسبر الاصدار الثامن
للسماح بالبرامج لكي تتصل بالانترنت
وناخذ مثال على برنامج الريل بلاير ,,
اولاً / قم بتشغيل برنامج الريل بلاير ,, بعدها اعمل كما في هذه الصور

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[Windows Vista]

تمام التمام
كل شئ مزبوط
بس آخر طلب
موقع البلياردو ما هو راضي يفتح وبرضو لمن اغلق الكاسبر ..يفتح
اتوقع انه لاغي الادوبي فلاش بس مو محصله كيف اضعه في البرامج الموثوثه ..

استحملوني صاير شوي غفيف ...

 

[MAAX]

ولا يهمك
طبق هذا الشرح على موقع القيم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[Windows Vista]

والله انك قدها وقدود ذيب
مشكور اخوي والله يرحم امك وابوك ...ويجازيك الجنه ...

رجع الجهاز مثل ما كان ...واحسن ...
الحين الجهاز عال العال ...
خلاص انحلت جميع المشاكل ...
مع الشكر لمن ساعدني وشكراً لهذا الصرح الرائع...

مع التحيه ..
​

 

[MAAX]

اللهم آآمين واياك وكل مسلم

الحمدلله على انتهاء المشاكل

موفق