مشكلة في تحميل Avira

ج

جبال الألب

زيزوومي جديد
إنضم
20 أكتوبر 2008
المشاركات
56
مستوى التفاعل
0
النقاط
50
غير متصل
.
مســـاء الخـــير للجميــع

عندي مشكلة بجهازي :er: كل ما حملت الافيرا ،، يتحمل وكل شي

لكن لما أجي أثبته تفتح أول وندو وبعدها يختفي / يعني احط التالي وبعدها يختفي

ولا يرضى يتثبت

أرجع أحذفه ببرنامج CCleaner وأحمله ونفس الحالة

حملته من كذا موقع ،، وكذا نسخه والمشكلة هي هي :er:

شآكرهـ لكم المساعدة مقدمــاً وجزاكم الله خير
3.gif


وإذا كان موضوعي مو في القسم المناسب أنقلوهـ :b:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
أخي لعل بقايا ملفات البرنامج هي السبب في المشكلة

اسنعمل هذا البرنامج وتلك الأداة في هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : meuleu
تأييد 0
.
مشكور أخوي على التجاوب وترايي بنت :b:

حملت البرنامج اللي بالموضوع ولا طلع لي الافيرا :?:

وحملت الاداة وطلعت لي بعض الملفات ومسحتهم

ورجعت حملت الافيرا ونفس المشكلة :f:
 
تأييد 0
حياك الله اختي

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
.

تفضل أخـــوي ومشكور على التجاوب


----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:19:08 ص, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AhnRpta.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 4837 bytes
 
تأييد 0



الجهاز فيه فايروسات عشان كذا ما يتثبت لك البرنامج

ما ودي افتي لك و اخرب جهازك :d:



ننتظر احد الاخوان افضل مني :smile:
 
تأييد 0


نزلي هذه الاداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

وبعدها تقرير هايجاك لاهنتي

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم




 
التعديل الأخير بواسطة المشرف:
توقيع : shaded
تأييد 0

خيال إنسان
ما تقصر أخوي


shaded

ألف شكر على المساعدة

سويت اللي قلت لي حملت الاداة وفحصت وقفل الجهاز ولا رجع يشتغل :eek:

رجعت شغلته وصار بس يشتغل ويقفل :f: وصارت تطلع لي وندو خطأ في النظام

فشل النظام في تطبيق التهيئة واذا حطيت موافق يرجع يقفل :f:

حتى صرت مو قادرة اكتب لك الرد ،، أرد من جهاز ثاني :f:
 
تأييد 0
أغلق برنامج الحماية


و قم بتعطيل استعادة النظام كما في الشرح


i10673_.gif



حمل الأداة من هنا


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل


تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


i12831_1.png

i12833_2.png

i12834_3.png

i12835_4.png

i12836_5.png



ثم ألصقه بردك القادم
 
توقيع : format
تأييد 0
بالنسبه للعادة التشغيل

حياك اخوي

قم بعمل التالي

أفتح أبدا >> تشغيل ( Run )

وأكتب

CMD

بعدها

تكتب

shutdown -i

zyzoom-04c946d925.jpg


سوف تفتح معك هذه النافذة

أختار كما هو موضح

zyzoom-6b7264f325.jpg




بعدين استخدم اداه الكاسبر ثم جيب التقرير بردك القادم
 
توقيع : format
تأييد 0
تفضل أخوي التقرير

صرخ لحد ما قال بس :p:

.............................................................................



deleted: Trojan program Trojan.Win32.Agent2.sv File: C:\gy.exe
deleted: Trojan program Trojan-GameThief.Win32.Magania.amdm File: C:\o1.com
deleted: Trojan program Packed.Win32.Krap.g File: C:\ur0.com
deleted: Trojan program Packed.Win32.Krap.g File: C:\w98.com
deleted: Trojan program Packed.Win32.Krap.b File: C:\whi.com
deleted: virus Worm.Win32.AutoRun.flb File: C:\Qoobox\Quarantine\C\0bcobed.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.akhq File: C:\Qoobox\Quarantine\C\0w.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ayzf File: C:\Qoobox\Quarantine\C\0xuc.com.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\1gk8ha.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.auub File: C:\Qoobox\Quarantine\C\1utbfd.bat.vir
deleted: Trojan program Packed.Win32.Krap.g File: C:\Qoobox\Quarantine\C\2.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.beii File: C:\Qoobox\Quarantine\C\2a.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.amqn File: C:\Qoobox\Quarantine\C\2u.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bdhz File: C:\Qoobox\Quarantine\C\3.cmd.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\3rl3lqbq.bat.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\6fnlpetp.exe.vir
deleted: virus Worm.Win32.AutoRun.yza File: C:\Qoobox\Quarantine\C\8.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.bkxc File: C:\Qoobox\Quarantine\C\a1agmur.cmd.vir
deleted: Trojan program Trojan.Win32.Inject.knt File: C:\Qoobox\Quarantine\C\abk.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ayfl File: C:\Qoobox\Quarantine\C\cqxj.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.avkq File: C:\Qoobox\Quarantine\C\cv22.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awdv File: C:\Qoobox\Quarantine\C\dbrxubcw.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.amia File: C:\Qoobox\Quarantine\C\e.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.baer File: C:\Qoobox\Quarantine\C\e2.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.azha File: C:\Qoobox\Quarantine\C\ej10fkdo.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.axjr File: C:\Qoobox\Quarantine\C\em8tqm.cmd.vir
deleted: Trojan program Trojan-Dropper.Win32.Agent.anqq File: C:\Qoobox\Quarantine\C\eyt.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bamj File: C:\Qoobox\Quarantine\C\fbak.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.azkb File: C:\Qoobox\Quarantine\C\g1ljsm.com.vir
deleted: Trojan program Trojan.Win32.Agent2.tu File: C:\Qoobox\Quarantine\C\gfqgq.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.avys File: C:\Qoobox\Quarantine\C\gi2ky.exe.vir
deleted: Trojan program Trojan-Dropper.Win32.Agent.ajxm File: C:\Qoobox\Quarantine\C\gyn.cmd.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\h3.bat.vir
deleted: virus Worm.Win32.AutoRun.fag File: C:\Qoobox\Quarantine\C\hyetn1i.exe.vir
deleted: virus Worm.Win32.AutoRun.thn File: C:\Qoobox\Quarantine\C\i.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.uvyg File: C:\Qoobox\Quarantine\C\i.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awha File: C:\Qoobox\Quarantine\C\i.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.avwe File: C:\Qoobox\Quarantine\C\i6g6x.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bcin File: C:\Qoobox\Quarantine\C\icxpa.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.altw File: C:\Qoobox\Quarantine\C\ij.bat.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\iky.bat.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\iqe68o.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bbxr File: C:\Qoobox\Quarantine\C\j.cmd.vir
deleted: virus Worm.Win32.AutoRun.ets File: C:\Qoobox\Quarantine\C\j60osk9.cmd.vir
deleted: virus Worm.Win32.AutoRun.aayn File: C:\Qoobox\Quarantine\C\jeorels.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.axgd File: C:\Qoobox\Quarantine\C\jm3cx96.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bdfp File: C:\Qoobox\Quarantine\C\lad.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bboj File: C:\Qoobox\Quarantine\C\lc.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.akhs File: C:\Qoobox\Quarantine\C\lky.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.auui File: C:\Qoobox\Quarantine\C\m0vnonh.bat.vir
deleted: Trojan program Packed.Win32.Krap.b File: C:\Qoobox\Quarantine\C\m2nl.bat.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\m9ma.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bami File: C:\Qoobox\Quarantine\C\mt.bat.vir
deleted: Trojan program Packed.Win32.Krap.b File: C:\Qoobox\Quarantine\C\ncyrf.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.WOW.lmf File: C:\Qoobox\Quarantine\C\npee.com.vir
deleted: Trojan program Trojan-Dropper.Win32.Agent.zbi File: C:\Qoobox\Quarantine\C\nq0cq.cmd.vir
deleted: Trojan program Trojan.Win32.Agent.cewy File: C:\Qoobox\Quarantine\C\nu.cmd.vir
deleted: Trojan program Trojan-Downloader.Win32.Agent.bjtf File: C:\Qoobox\Quarantine\C\o.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.aybg File: C:\Qoobox\Quarantine\C\o3n9k.com.vir
deleted: Trojan program Trojan-Dropper.Win32.Agent.agza File: C:\Qoobox\Quarantine\C\opgde.exe.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\p1y2.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.aunz File: C:\Qoobox\Quarantine\C\pook.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.avfh File: C:\Qoobox\Quarantine\C\qphdin.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ayxd File: C:\Qoobox\Quarantine\C\qwtb.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.baqk File: C:\Qoobox\Quarantine\C\rbj9jn1n.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ammv File: C:\Qoobox\Quarantine\C\rcukd.cmd.vir
deleted: virus Worm.Win32.AutoRun.sbo File: C:\Qoobox\Quarantine\C\sq.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awjg File: C:\Qoobox\Quarantine\C\u.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bcpo File: C:\Qoobox\Quarantine\C\ukvr.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.bluc File: C:\Qoobox\Quarantine\C\upw.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.audk File: C:\Qoobox\Quarantine\C\uvsqfgwd.cmd.vir
deleted: Trojan program Trojan-Dropper.Win32.Agent.ajlx File: C:\Qoobox\Quarantine\C\uxkl0apt.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.azmu File: C:\Qoobox\Quarantine\C\vwewav8.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bbul File: C:\Qoobox\Quarantine\C\w.com.vir
deleted: Trojan program Packed.Win32.Krap.g File: C:\Qoobox\Quarantine\C\w2.com.vir
deleted: Trojan program Trojan-Downloader.Win32.AntiVirus360.de File: C:\Qoobox\Quarantine\C\wx8o0bt1.com.vir
deleted: Trojan program Trojan.Win32.Inject.aawt File: C:\Qoobox\Quarantine\C\xdw.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bdea File: C:\Qoobox\Quarantine\C\xh319r9b.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ajjf File: C:\Qoobox\Quarantine\C\xih9.cmd.vir
deleted: Trojan program Trojan.Win32.Agent.bwkj File: C:\Qoobox\Quarantine\C\xsia.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awzm File: C:\Qoobox\Quarantine\C\yh.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.aztf File: C:\Qoobox\Quarantine\C\ymxf2.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bblw File: C:\Qoobox\Quarantine\C\ysep1.exe.vir
deleted: Trojan program Packed.Win32.Krap.g File: C:\Qoobox\Quarantine\C\WINDOWS\system32\afmain0.dll.vir
deleted: Trojan program Trojan.Win32.AntiAV.agj File: C:\Qoobox\Quarantine\C\WINDOWS\system32\afmain1.dll.vir
deleted: virus Worm.Win32.AutoRun.sbo File: C:\Qoobox\Quarantine\C\WINDOWS\system32\ckvo.exe.vir
deleted: virus Worm.Win32.AutoRun.sbo File: C:\Qoobox\Quarantine\C\WINDOWS\system32\ckvo0.dll.vir
deleted: virus Worm.Win32.AutoRun.sbo File: C:\Qoobox\Quarantine\C\WINDOWS\system32\ckvo1.dll.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\WINDOWS\system32\gasretyw0.dll.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\WINDOWS\system32\gasretyw1.dll.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\Qoobox\Quarantine\C\WINDOWS\system32\kamsoft.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bcpr File: C:\Qoobox\Quarantine\C\WINDOWS\system32\nmdfgds2.dll.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.apwa File: C:\Qoobox\Quarantine\C\WINDOWS\system32\vamsoft.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.apwa File: C:\Qoobox\Quarantine\C\WINDOWS\system32\vbsdfe0.dll.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.apwa File: C:\Qoobox\Quarantine\C\WINDOWS\system32\vbsdfe1.dll.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: C:\WINDOWS\system32\gasretyw0.VIR
deleted: Trojan program Trojan-GameThief.Win32.Magania.apwa File: C:\WINDOWS\system32\vbsdfe0.VIR
deleted: Trojan program Trojan-GameThief.Win32.Magania.apwa File: C:\WINDOWS\system32\vbsdfe0.VIR000
deleted: Trojan program Trojan.Win32.Vaklik.bmk File: D:\00hoeav.com
deleted: Trojan program Trojan.Win32.Vaklik.bpw File: D:\0gjn3yw.exe
deleted: virus Worm.Win32.AutoRun.dcz File: D:\1weicxa.com
deleted: Trojan program Trojan-GameThief.Win32.Magania.aiau File: D:\2fiji.com
deleted: virus Worm.Win32.AutoRun.nan File: D:\39lpji.com
deleted: Trojan program Packed.Win32.PolyCrypt.h File: D:\3o.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.svyu File: D:\83fgj.com
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.wde File: D:\cb.bat
deleted: Trojan program Trojan.Win32.Vaklik.coh File: D:\e.com
deleted: Trojan program Trojan.Win32.Vaklik.chp File: D:\g2pfnid.com
deleted: Trojan program Trojan.Win32.Agent2.sv File: D:\gy.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.was File: D:\h1dwg20.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.uyy File: D:\h6o0re.cmd
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.wgy File: D:\ino6.com
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.allv File: D:\invwft2h.com
deleted: Trojan program Trojan-GameThief.Win32.Magania.acmf File: D:\jdhc2x2.com
deleted: Trojan program Trojan-Dropper.Win32.Agent.yjm File: D:\je26200.com
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.acgu File: D:\jfvkcsy.bat
deleted: Trojan program Trojan.Win32.Vaklik.chn File: D:\jk.exe
deleted: virus Worm.Win32.AutoRun.ekz File: D:\k.com
deleted: virus Worm.Win32.AutoRun.llw File: D:\knupkb.com
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.thge File: D:\kqnns.exe
deleted: virus Worm.Win32.AutoRun.ltt File: D:\mnl6on3.com
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.vum File: D:\n2de.cmd
deleted: Trojan program Trojan-Downloader.Win32.Agent.bjtf File: D:\o.exe
deleted: Trojan program Trojan-GameThief.Win32.Magania.amdm File: D:\o1.com
deleted: Trojan program Trojan-GameThief.Win32.Magania.abgx File: D:\ph.com
deleted: virus Worm.Win32.AutoRun.lom File: D:\r2nl.com
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.zll File: D:\t.com
deleted: virus Worm.Win32.AutoRun.dym File: D:\t8vlw.exe
deleted: Trojan program Trojan.Win32.Vaklik.coo File: D:\uis.com
deleted: virus Worm.Win32.AutoRun.dao File: D:\un9.cmd
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\ur0.com
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.uaw File: D:\v.cmd
deleted: virus Worm.Win32.AutoRun.dla File: D:\vy.cmd
deleted: Trojan program Packed.Win32.Krap.g File: D:\w98.com
deleted: Trojan program Packed.Win32.Krap.b File: D:\whi.com
deleted: Trojan program Trojan-GameThief.Win32.Magania.aigw File: D:\xlk9.com
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.adub File: D:\xlu8a8sy.exe
deleted: Trojan program Trojan-GameThief.Win32.Magania.ytx File: D:\xqf.com
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.uej File: D:\yo2mq6.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.arvn File: D:\Qoobox\Quarantine\D\0.com.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.tnph File: D:\Qoobox\Quarantine\D\08dgu.com.vir
deleted: virus Worm.Win32.AutoRun.flb File: D:\Qoobox\Quarantine\D\0bcobed.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.akhq File: D:\Qoobox\Quarantine\D\0w.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ayzf File: D:\Qoobox\Quarantine\D\0xuc.com.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\1gk8ha.bat.vir
deleted: Trojan program Trojan.Win32.Vaklik.cla File: D:\Qoobox\Quarantine\D\1rfw8hjr.com.vir
deleted: virus Worm.Win32.AutoRun.mug File: D:\Qoobox\Quarantine\D\1t6yxlxx.cmd.vir
deleted: virus Worm.Win32.AutoRun.nns File: D:\Qoobox\Quarantine\D\1u0o8bnq.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.auub File: D:\Qoobox\Quarantine\D\1utbfd.bat.vir
deleted: Trojan program Packed.Win32.Krap.g File: D:\Qoobox\Quarantine\D\2.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.suxq File: D:\Qoobox\Quarantine\D\2.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.abkz File: D:\Qoobox\Quarantine\D\22xo.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.beii File: D:\Qoobox\Quarantine\D\2a.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.amqn File: D:\Qoobox\Quarantine\D\2u.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bdhz File: D:\Qoobox\Quarantine\D\3.cmd.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\3rl3lqbq.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.agtn File: D:\Qoobox\Quarantine\D\68.exe.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\6fnlpetp.exe.vir
deleted: virus Worm.Win32.AutoRun.lsw File: D:\Qoobox\Quarantine\D\83l3v.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ahbf File: D:\Qoobox\Quarantine\D\9.cmd.vir
deleted: virus Worm.Win32.AutoRun.ndh File: D:\Qoobox\Quarantine\D\a1.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ahbu File: D:\Qoobox\Quarantine\D\a9.com.vir
deleted: Trojan program Trojan.Win32.Inject.knt File: D:\Qoobox\Quarantine\D\abk.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.aiyc File: D:\Qoobox\Quarantine\D\b.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ahhh File: D:\Qoobox\Quarantine\D\b.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.sqnb File: D:\Qoobox\Quarantine\D\b3b9u.com.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.tnyo File: D:\Qoobox\Quarantine\D\bo1dhu.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.zis File: D:\Qoobox\Quarantine\D\bpu.exe.vir
deleted: virus Worm.Win32.AutoRun.lxm File: D:\Qoobox\Quarantine\D\bwpncb6.com.vir
deleted: virus Worm.Win32.AutoRun.epk File: D:\Qoobox\Quarantine\D\c9hehpa.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.uhv File: D:\Qoobox\Quarantine\D\cfdflx.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ahad File: D:\Qoobox\Quarantine\D\cqdis.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ayfl File: D:\Qoobox\Quarantine\D\cqxj.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.avkq File: D:\Qoobox\Quarantine\D\cv22.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awdv File: D:\Qoobox\Quarantine\D\dbrxubcw.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.amia File: D:\Qoobox\Quarantine\D\e.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.baer File: D:\Qoobox\Quarantine\D\e2.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.azha File: D:\Qoobox\Quarantine\D\ej10fkdo.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.axjr File: D:\Qoobox\Quarantine\D\em8tqm.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.aguq File: D:\Qoobox\Quarantine\D\ev60a2.cmd.vir
deleted: virus Worm.Win32.AutoRun.mhi File: D:\Qoobox\Quarantine\D\f.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.wkn File: D:\Qoobox\Quarantine\D\f.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bamj File: D:\Qoobox\Quarantine\D\fbak.exe.vir
deleted: virus Worm.Win32.AutoRun.eks File: D:\Qoobox\Quarantine\D\ffojc.com.vir
deleted: Trojan program Trojan.Win32.Vaklik.bst File: D:\Qoobox\Quarantine\D\fi.cmd.vir
deleted: Trojan program Trojan.Win32.Vaklik.cky File: D:\Qoobox\Quarantine\D\g.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.azkb File: D:\Qoobox\Quarantine\D\g1ljsm.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.avys File: D:\Qoobox\Quarantine\D\gi2ky.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.yky File: D:\Qoobox\Quarantine\D\gjn2pjlw.exe.vir
deleted: Trojan program Trojan-Dropper.Win32.Agent.ajxm File: D:\Qoobox\Quarantine\D\gyn.cmd.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\h3.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.vzi File: D:\Qoobox\Quarantine\D\hgu.bat.vir
deleted: virus Worm.Win32.AutoRun.fag File: D:\Qoobox\Quarantine\D\hyetn1i.exe.vir
deleted: virus Worm.Win32.AutoRun.thn File: D:\Qoobox\Quarantine\D\i.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.uvyg File: D:\Qoobox\Quarantine\D\i.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awha File: D:\Qoobox\Quarantine\D\i.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.avwe File: D:\Qoobox\Quarantine\D\i6g6x.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bcin File: D:\Qoobox\Quarantine\D\icxpa.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.altw File: D:\Qoobox\Quarantine\D\ij.bat.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\iky.bat.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\iqe68o.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.tncg File: D:\Qoobox\Quarantine\D\itsduel.exe.vir
deleted: Trojan program Trojan.Win32.Vaklik.bxi File: D:\Qoobox\Quarantine\D\ivcvknr.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bbxr File: D:\Qoobox\Quarantine\D\j.cmd.vir
deleted: virus Worm.Win32.AutoRun.ets File: D:\Qoobox\Quarantine\D\j60osk9.cmd.vir
deleted: Trojan program Packed.Win32.Krap.b File: D:\Qoobox\Quarantine\D\j8q8d.cmd.vir
deleted: virus Worm.Win32.AutoRun.aayn File: D:\Qoobox\Quarantine\D\jeorels.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.axgd File: D:\Qoobox\Quarantine\D\jm3cx96.bat.vir
deleted: Trojan program Trojan.Win32.Vaklik.cjd File: D:\Qoobox\Quarantine\D\kdxdweli.cmd.vir
deleted: virus Worm.Win32.AutoRun.mef File: D:\Qoobox\Quarantine\D\kk3.bat.vir
deleted: Trojan program Trojan.Win32.Vaklik.cmb File: D:\Qoobox\Quarantine\D\kn6jhgc.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.aayu File: D:\Qoobox\Quarantine\D\krg62.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bdfp File: D:\Qoobox\Quarantine\D\lad.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bboj File: D:\Qoobox\Quarantine\D\lc.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.akhs File: D:\Qoobox\Quarantine\D\lky.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ahve File: D:\Qoobox\Quarantine\D\m.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.auui File: D:\Qoobox\Quarantine\D\m0vnonh.bat.vir
deleted: Trojan program Packed.Win32.Krap.b File: D:\Qoobox\Quarantine\D\m2nl.bat.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\m9ma.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bami File: D:\Qoobox\Quarantine\D\mt.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.sm File: D:\Qoobox\Quarantine\D\n.com.vir
deleted: Trojan program Trojan.Win32.Pakes.kxf File: D:\Qoobox\Quarantine\D\n6t1h.cmd.vir
deleted: Trojan program Packed.Win32.Krap.b File: D:\Qoobox\Quarantine\D\ncyrf.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.WOW.lmf File: D:\Qoobox\Quarantine\D\npee.com.vir
deleted: Trojan program Trojan-Dropper.Win32.Agent.zbi File: D:\Qoobox\Quarantine\D\nq0cq.cmd.vir
deleted: Trojan program Trojan.Win32.Agent.cewy File: D:\Qoobox\Quarantine\D\nu.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.aybg File: D:\Qoobox\Quarantine\D\o3n9k.com.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\opgde.exe.vir
deleted: virus Worm.Win32.AutoRun.mmk File: D:\Qoobox\Quarantine\D\ov.cmd.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\p1y2.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.agww File: D:\Qoobox\Quarantine\D\pnt.com.vir
deleted: Trojan program Trojan.Win32.Inject.ldi File: D:\Qoobox\Quarantine\D\pook.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.afus File: D:\Qoobox\Quarantine\D\pv6mxu.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.avfh File: D:\Qoobox\Quarantine\D\qphdin.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ayxd File: D:\Qoobox\Quarantine\D\qwtb.com.vir
deleted: virus Worm.Win32.AutoRun.nuy File: D:\Qoobox\Quarantine\D\qwultj1.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.sbwk File: D:\Qoobox\Quarantine\D\qxbx9blb.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.uzo File: D:\Qoobox\Quarantine\D\r.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.tdqz File: D:\Qoobox\Quarantine\D\r1y1.bat.vir
deleted: Trojan program Trojan.Win32.Vaklik.cpe File: D:\Qoobox\Quarantine\D\r813.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.zex File: D:\Qoobox\Quarantine\D\ranvrgn.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ammv File: D:\Qoobox\Quarantine\D\rcukd.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.arvp File: D:\Qoobox\Quarantine\D\rqq2v.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.tbma File: D:\Qoobox\Quarantine\D\rs.cmd.vir
deleted: virus Worm.Win32.AutoIt.bv File: D:\Qoobox\Quarantine\D\s.bat.vir
deleted: virus Worm.Win32.AutoRun.sbo File: D:\Qoobox\Quarantine\D\sq.com.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.sovk File: D:\Qoobox\Quarantine\D\svdioajm.cmd.vir
deleted: virus Worm.Win32.AutoRun.nlr File: D:\Qoobox\Quarantine\D\t0k3c.cmd.vir
deleted: virus Worm.Win32.AutoRun.lqf File: D:\Qoobox\Quarantine\D\t1ypkh.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.zip File: D:\Qoobox\Quarantine\D\tyktjfww.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awjg File: D:\Qoobox\Quarantine\D\u.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.aayk File: D:\Qoobox\Quarantine\D\u9dyi.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bcpo File: D:\Qoobox\Quarantine\D\ukvr.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.bluc File: D:\Qoobox\Quarantine\D\upw.bat.vir
deleted: Trojan program Trojan-Dropper.Win32.Agent.ajlx File: D:\Qoobox\Quarantine\D\uxkl0apt.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ahug File: D:\Qoobox\Quarantine\D\v0s.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.azmu File: D:\Qoobox\Quarantine\D\vwewav8.com.vir
deleted: virus Worm.Win32.AutoRun.ngk File: D:\Qoobox\Quarantine\D\vxl.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bbul File: D:\Qoobox\Quarantine\D\w.com.vir
deleted: Trojan program Packed.Win32.Krap.g File: D:\Qoobox\Quarantine\D\w2.com.vir
deleted: Trojan program Trojan-Downloader.Win32.AntiVirus360.de File: D:\Qoobox\Quarantine\D\wx8o0bt1.com.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soub File: D:\Qoobox\Quarantine\D\x.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.zhd File: D:\Qoobox\Quarantine\D\x0.cmd.vir
deleted: Trojan program Trojan.Win32.Inject.aawt File: D:\Qoobox\Quarantine\D\xdw.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bdea File: D:\Qoobox\Quarantine\D\xh319r9b.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.ajjf File: D:\Qoobox\Quarantine\D\xih9.cmd.vir
deleted: Trojan program Trojan.Win32.Vaklik.bin File: D:\Qoobox\Quarantine\D\xmnm2.cmd.vir
deleted: Trojan program Trojan.Win32.Agent.bwkj File: D:\Qoobox\Quarantine\D\xsia.bat.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awzm File: D:\Qoobox\Quarantine\D\yh.cmd.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.aztf File: D:\Qoobox\Quarantine\D\ymxf2.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.bblw File: D:\Qoobox\Quarantine\D\ysep1.exe.vir
deleted: virus Worm.Win32.AutoRun.lsz File: D:\Qoobox\Quarantine\D\yssjnngm.cmd.vir
 
تأييد 0
اوووووووووووووووووووووووف كل هذا انحدف هههههههههههههههههههههههههههه


هات التقرير هايجك جديد​
 
توقيع : format
تأييد 0
حمل هذهالأداة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلهاو روح على [ Do a system scan and save log ] ...

شوي و يعطيك تقريرداخل مفكرة ...

أنسخه كاملاً ... و بشكل صحيح ...

و لصقه في ردكالقادم ...
 
توقيع : format
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:53 م, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 3723 bytes
 
تأييد 0

شايف كيف :p: غصب الافيرا ما يتحمل :d:

بس انا ماحذفت شي قصدك بمجرد ما سويت فحص كل هالاشياء انحذفت ؟:b:
 
تأييد 0
شايف كيف :p: غصب الافيرا ما يتحمل :d:

بس انا ماحذفت شي قصدك بمجرد ما سويت فحص كل هالاشياء انحذفت ؟:b:
أنقر للتوسيع...

عندك فيروس Win32

ومشاء الله ماكل كل جهازك وظرب الك كل حاجة exe

ولكن الحمد لله انحدفت مع الاداه الكاسبر
 
توقيع : format
تأييد 0
قم بحدف التالي

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')

O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


طريقة الحذف للاكس بي




mg%20%283%29.png




mg%20%284%29.png



بعدين استخدم ها الادوات


التحميل من هنا



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبي فقط




شرح الاستخدام ,,,,,,



عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )




000.png




001.png




وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))




002.png


بعدين

عطل جميع برامج الحمايه ,,

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة


 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
ComboFix 09-05-31.05 - PC 06/01/2009 12:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.479.203 [GMT 3:00]
Running from: c:\documents and settings\PC\سطح المكتب\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\0bcobed.exe
C:\0w.com
C:\0xuc.com
C:\1gk8ha.bat
C:\1ogf.exe
C:\1utbfd.bat
C:\2.bat
C:\2a.exe
C:\2fiy.bat
C:\2u.com
C:\3.cmd
C:\3rl3lqbq.bat
C:\6fnlpetp.exe
C:\8.bat
C:\a1agmur.cmd
C:\abk.bat
C:\autorun.inf
C:\boyedt.com
C:\cqxj.exe
C:\cv22.cmd
C:\dbrxubcw.com
C:\e.cmd
C:\e2.cmd
C:\ej10fkdo.bat
C:\em8tqm.cmd
C:\eyt.exe
C:\fbak.exe
C:\g1ljsm.com
C:\gfqgq.cmd
C:\gi2ky.exe
C:\gyn.cmd
C:\h3.bat
C:\hkn6k.bat
C:\husyu8n.exe
C:\hyetn1i.exe
C:\i.bat
C:\i.cmd
C:\i.com
C:\i6g6x.cmd
C:\icxpa.cmd
C:\ij.bat
C:\iky.bat
C:\iqe68o.bat
C:\j.cmd
C:\j60osk9.cmd
C:\jeorels.cmd
C:\jm3cx96.bat
C:\lad.bat
C:\lc.exe
C:\lky.exe
C:\luk1ylq.com
C:\m0vnonh.bat
C:\m2nl.bat
C:\m9ma.exe
C:\mt.bat
C:\n68mqcra.exe
C:\ncyrf.bat
C:\npee.com
C:\nq0cq.cmd
C:\nu.cmd
C:\o.exe
C:\o3n9k.com
C:\opgde.exe
C:\p1y2.cmd
C:\pook.com
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\000F32DE.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0001050C
c:\program files\MyWebSearch\bar\Cache\00010C6E
c:\program files\MyWebSearch\bar\Cache\000A5BEA.bin
c:\program files\MyWebSearch\bar\Cache\000A688D.bin
c:\program files\MyWebSearch\bar\Cache\000A70E9.bin
c:\program files\MyWebSearch\bar\Cache\000A78E8.bin
c:\program files\MyWebSearch\bar\Cache\003B27EB.bin
c:\program files\MyWebSearch\bar\Cache\003B3643.bin
c:\program files\MyWebSearch\bar\Cache\0060F672
c:\program files\MyWebSearch\bar\Cache\006DFAC9
c:\program files\MyWebSearch\bar\Cache\0125B312
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\q0dhfjf.exe
C:\q9.cmd
C:\qphdin.com
C:\qwtb.com
C:\rbj9jn1n.bat
C:\rcukd.cmd
C:\sq.com
C:\u.com
C:\ukvr.bat
C:\upw.bat
C:\uvsqfgwd.cmd
C:\uxkl0apt.bat
C:\vwewav8.com
C:\w.com
C:\w2.com
c:\windows\AhnRpta.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_003007_.tmp.dll
c:\windows\system32\_003008_.tmp.dll
c:\windows\system32\_003009_.tmp.dll
c:\windows\system32\_003010_.tmp.dll
c:\windows\system32\_003017_.tmp.dll
c:\windows\system32\_003018_.tmp.dll
c:\windows\system32\_003019_.tmp.dll
c:\windows\system32\_003020_.tmp.dll
c:\windows\system32\_003022_.tmp.dll
c:\windows\system32\_003023_.tmp.dll
c:\windows\system32\_003026_.tmp.dll
c:\windows\system32\_003027_.tmp.dll
c:\windows\system32\_003029_.tmp.dll
c:\windows\system32\_003030_.tmp.dll
c:\windows\system32\_003031_.tmp.dll
c:\windows\system32\_003033_.tmp.dll
c:\windows\system32\_003036_.tmp.dll
c:\windows\system32\_003037_.tmp.dll
c:\windows\system32\_003041_.tmp.dll
c:\windows\system32\_003042_.tmp.dll
c:\windows\system32\_003044_.tmp.dll
c:\windows\system32\_003047_.tmp.dll
c:\windows\system32\_003049_.tmp.dll
c:\windows\system32\_003050_.tmp.dll
c:\windows\system32\_003051_.tmp.dll
c:\windows\system32\_003052_.tmp.dll
c:\windows\system32\_003053_.tmp.dll
c:\windows\system32\_003056_.tmp.dll
c:\windows\system32\_003057_.tmp.dll
c:\windows\system32\_003058_.tmp.dll
c:\windows\system32\_003059_.tmp.dll
c:\windows\system32\_003060_.tmp.dll
c:\windows\system32\_003065_.tmp.dll
c:\windows\system32\afmain0.dll
c:\windows\system32\afmain1.dll
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\ckvo1.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\nmdfgds2.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\vamsoft.exe
c:\windows\system32\vbsdfe0.dll
c:\windows\system32\vbsdfe1.dll
C:\wx8o0bt1.com
C:\xdw.com
C:\xh319r9b.bat
C:\xih9.cmd
C:\xsia.bat
C:\yh.cmd
C:\ymxf2.exe
C:\ysep1.exe
D:\0.com
D:\08dgu.com
D:\0bcobed.exe
D:\0w.com
D:\0xuc.com
D:\1gk8ha.bat
D:\1ogf.exe
D:\1rfw8hjr.com
D:\1t6yxlxx.cmd
D:\1u0o8bnq.cmd
D:\1utbfd.bat
D:\2.bat
D:\2.cmd
D:\22xo.exe
D:\2a.exe
D:\2u.com
D:\3.cmd
D:\3rl3lqbq.bat
D:\68.exe
D:\6fnlpetp.exe
D:\83l3v.cmd
D:\9.cmd
D:\a1.bat
D:\a9.com
D:\abk.bat
D:\Autorun.inf
D:\b.com
D:\b.exe
D:\b3b9u.com
D:\bo1dhu.bat
D:\boyedt.com
D:\bpu.exe
D:\bwpncb6.com
D:\c9hehpa.bat
D:\cfdflx.com
D:\cqdis.cmd
D:\cqxj.exe
D:\cv22.cmd
D:\dbrxubcw.com
D:\e.cmd
D:\e2.cmd
D:\ej10fkdo.bat
D:\em8tqm.cmd
D:\ev60a2.cmd
D:\eyt.exe
D:\f.bat
D:\f.exe
D:\fbak.exe
D:\ffojc.com
D:\fi.cmd
D:\g.com
D:\g1ljsm.com
D:\gi2ky.exe
D:\gjn2pjlw.exe
D:\gyn.cmd
D:\h3.bat
D:\hgu.bat
D:\husyu8n.exe
D:\hyetn1i.exe
D:\i.bat
D:\i.cmd
D:\i.com
D:\i6g6x.cmd
D:\icxpa.cmd
D:\ij.bat
D:\iky.bat
D:\iqe68o.bat
D:\itsduel.exe
D:\ivcvknr.bat
D:\j.cmd
D:\j60osk9.cmd
D:\j8q8d.cmd
D:\jeorels.cmd
D:\jm3cx96.bat
D:\kdxdweli.cmd
D:\kk3.bat
D:\kn6jhgc.cmd
D:\krg62.cmd
D:\lad.bat
D:\lc.exe
D:\lky.exe
D:\luk1ylq.com
D:\m.cmd
D:\m0vnonh.bat
D:\m2nl.bat
D:\m9ma.exe
D:\mt.bat
D:\n.com
D:\n68mqcra.exe
D:\n6t1h.cmd
D:\ncyrf.bat
D:\npee.com
D:\nq0cq.cmd
D:\nu.cmd
D:\o3n9k.com
D:\opgde.exe
D:\ov.cmd
D:\p1y2.cmd
D:\pnt.com
D:\pook.com
D:\pv6mxu.bat
D:\q0dhfjf.exe
D:\q9.cmd
D:\qphdin.com
D:\qwtb.com
D:\qwultj1.bat
D:\qxbx9blb.com
D:\r.cmd
D:\r1y1.bat
D:\r813.bat
D:\ranvrgn.exe
D:\rcukd.cmd
D:\rqq2v.bat
D:\rs.cmd
D:\s.bat
D:\sq.com
D:\svdioajm.cmd
D:\t0k3c.cmd
D:\t1ypkh.exe
D:\tyktjfww.exe
D:\u.com
D:\u9dyi.exe
D:\ukvr.bat
D:\upw.bat
D:\uxkl0apt.bat
D:\v0s.cmd
D:\vwewav8.com
D:\vxl.exe
D:\w.com
D:\w2.com
D:\wx8o0bt1.com
D:\x.com
D:\x0.cmd
D:\xdw.com
D:\xh319r9b.bat
D:\xih9.cmd
D:\xmnm2.cmd
D:\xsia.bat
D:\yh.cmd
D:\ymxf2.exe
D:\ysep1.exe
D:\yssjnngm.cmd

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_AVPsys
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 07:10 . 2009-06-01 09:04 649248 --sha-w- c:\windows\system32\drivers\fidbox.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 09:32 . 2009-01-20 16:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-01 09:32 . 2001-09-19 12:00 40602 ----a-w- c:\windows\system32\perfc001.dat
2009-06-01 09:32 . 2001-09-19 12:00 252606 ----a-w- c:\windows\system32\perfh001.dat
2009-06-01 09:26 . 2009-06-01 09:26 -------- d-----w- c:\documents and settings\PC\Application Data\CyberScrub
2009-06-01 09:26 . 2009-06-01 09:26 -------- d-----w- c:\documents and settings\PC\Application Data\cleaner
2009-06-01 09:04 . 2009-06-01 07:10 8684 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-01 07:10 . 2008-10-31 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-01 03:18 . 2009-06-01 03:18 -------- d-----w- c:\program files\Trend Micro
2009-05-31 16:09 . 2009-05-31 16:09 -------- d-----w- c:\documents and settings\PC\Application Data\URSoft
2009-05-31 16:08 . 2009-05-31 16:08 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-30 12:04 . 2009-05-30 12:04 390664 ----a-w- c:\documents and settings\PC\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
.

------- Sigcheck -------

[-] 2007-04-23 04:52 577536 ADC5A589D00030F03FC315F18EACF05F c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2008-04-14 15:59 578048 F95655E872967AE2CD4C19D8914BABB7 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-04-23 04:52 577536 ADC5A589D00030F03FC315F18EACF05F c:\windows\system32\user32.dll

[-] 2007-06-13 13:22 1030656 4E877303248A09847FB303EE173FBD70 c:\windows\explorer.exe
[-] 2007-06-13 13:10 1030656 D0DC9258122F39129966649085F45880 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:22 1030656 4E877303248A09847FB303EE173FBD70 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 22:56 1029632 932F97B77F2625F7FF7DFC97552548F8 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 15:59 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-04-23 04:50 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2008-04-14 16:00 57856 42ECA7EA7D2E8B874BB9E4D147A5F783 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2007-04-23 04:50 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-31 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\5lefr8z9.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-01 12:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-06-01 12:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 09:43

Pre-Run: 34,682,314,752 bytes free
Post-Run: 34,620,985,344 bytes free

470 --- E O F --- 2009-06-01 03:45
 
تأييد 0
هايجك جديد

وتم حدف طن فيروسات من جهازك​
 
توقيع : format
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12:41 م, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 3307 bytes
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى