لدي جهاز توشيبا وفيه مشكلة

  • بادئ الموضوع بادئ الموضوع القوزي
  • تاريخ البدء تاريخ البدء
  • المشاهدات 2,056
ا

القوزي

زيزوومي نشيط
إنضم
26 ديسمبر 2007
المشاركات
186
مستوى التفاعل
1
النقاط
230
الإقامة
rte
غير متصل
لدي جهاز توشيبا وفيه مشكلة وهي انه لا يفتح معي حيث يبدأ يقلع وبجرد ان يظهر سطح المكتب يرجع يعيد التشغيل مرة اخرى.
واصبح لا يعمل الآ في الوضع الآمن
حاولت ان اعمل فرمته له لكن السيدي روم لا يعمل
الحل الله يرضى عليكم .
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
هذا التقرير بعد الفحص بالاداة الاولى
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2
18/06/2009 06:41:50 م
mbam-log-2009-06-18 (18-41-50).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 90717
Time elapsed: 21 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 59
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\URLSearchHook.ToolbarURLSearchHook (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Quran\tbhelper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0006135.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009238.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 

تأييد 0
كررت العملية وهذا التقرير

Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2
18/06/2009 07:22:56 م
mbam-log-2009-06-18 (19-22-50).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 90239
Time elapsed: 17 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
تأييد 0
وهذا تقرير الاداة الثانية

ComboFix 09-06-17.04 - Toshiba 06/18/2009 19:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.495.231 [GMT 3:00]
Running from: c:\documents and settings\Toshiba\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Toshiba\LOCALS~1\Temp\E_N4
c:\program files\antispy2
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\windows\system32\3361
c:\windows\system32\drivers\370f7805.sys
c:\windows\system32\drivers\57482add.sys
c:\windows\system32\drivers\glaide32.sys
C:\xeeqy.exe
C:\xwjfc.exe
c:\docume~1\Toshiba\LOCALS~1\Temp\E_N4\cnvpe.fne
c:\docume~1\Toshiba\LOCALS~1\Temp\E_N4\HtmlView.fne
c:\docume~1\Toshiba\LOCALS~1\Temp\E_N4\internet.fne
c:\docume~1\Toshiba\LOCALS~1\Temp\E_N4\krnln.fnr
c:\docume~1\Toshiba\LOCALS~1\Temp\E_N4\spec.fne
c:\documents and settings\Toshiba\Application Data\wiaserva.log
c:\documents and settings\Toshiba\Application Data\wiaservg.log
c:\documents and settings\Toshiba\Start Menu\Programs\Startup\fmnupd32.exe
C:\kmvu.exe
c:\program files\antispy2\anti_spy.exe
c:\program files\antispy2\s.txt
c:\program files\antispy2\Uninstall\IRIMG1.JPG
c:\program files\antispy2\Uninstall\IRIMG2.JPG
c:\program files\antispy2\Uninstall\IRIMG3.JPG
c:\program files\antispy2\Uninstall\uninstall.dat
c:\program files\antispy2\Uninstall\uninstall.xml
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini
c:\recycler\S-1-5-21-1756721462-7422755793-040095631-9477\wnzip32.exe
C:\smxa.exe
c:\windows\dll\rundll32.exe
c:\windows\freddy46.exe
c:\windows\IE4 Error Log.txt
c:\windows\KBPK090614.log
c:\windows\KBPK090615.log
c:\windows\KBPK090616.log
c:\windows\KBPK090618.log
c:\windows\ld09.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\3361\SVCHOST.EXE
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\dncyool32.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wtukd32.exe
c:\windows\wiaserviv.log
c:\windows\zaponce53198.dat
c:\windows\zaponce53290.dat
c:\windows\zaponce53623.dat
D:\desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATI64SI
-------\Legacy_dhcpsrv
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_ias
-------\Legacy_isadisk
-------\Legacy_msncache
-------\Legacy_NICSK32
-------\Legacy_podmena
-------\Legacy_podmenadrv
-------\Legacy_scardsvrsrservice
-------\Legacy_sopidkc
-------\Legacy_win32x
-------\Service_370f7805
-------\Service_57482add
-------\Service_ati64si
-------\Service_dhcpsrv
-------\Service_fips32cup
-------\Service_glaide32
-------\Service_i386si
-------\Service_ias
-------\Service_msncache
-------\Service_nicsk32
-------\Service_podmena
-------\Service_SCardSvrsrservice
-------\Service_win32x

((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.
2009-06-18 15:18 . 2009-06-18 15:18 -------- d-----w- c:\documents and settings\Toshiba\Application Data\Malwarebytes
2009-06-18 15:18 . 2008-10-16 17:25 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 15:18 . 2008-10-16 17:25 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 15:18 . 2009-06-18 15:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 15:18 . 2009-06-18 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-18 12:35 . 2009-06-18 14:19 -------- d-----w- c:\documents and settings\Toshiba\Local Settings\Application Data\Runscanner.net
2009-06-16 09:59 . 2004-06-14 11:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2009-06-16 09:59 . 2009-06-16 09:59 -------- d-----w- c:\program files\Driver-Soft
2009-06-15 08:47 . 2009-06-18 15:27 -------- d-----w- c:\windows\LastGood
2009-06-13 21:49 . 2009-06-13 21:49 10752 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\924.exe
2009-06-13 21:40 . 2009-06-14 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-13 21:40 . 2009-06-13 21:40 -------- d-----w- c:\program files\AVG
2009-06-13 21:38 . 2009-06-13 21:38 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-06-13 21:35 . 2009-06-13 21:35 266240 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz46.exe
2009-06-13 21:34 . 2009-06-13 21:34 228403 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz44.exe
2009-06-13 21:26 . 2009-06-13 21:26 1 ---h--w- c:\windows\bf23567.dat
2009-06-13 21:25 . 2009-06-13 21:34 24576 ----a-w- C:\jqqdvn.exe
2009-06-13 21:03 . 2002-12-31 12:00 601088 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\mpj38383.dll
2009-06-13 21:03 . 2002-12-31 12:00 601088 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\mta95593.dll
2009-06-13 21:03 . 2002-12-31 12:00 601088 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\mta13187.dll
2009-06-13 21:03 . 2009-06-18 16:30 -------- d-----w- c:\windows\DLL
2009-06-13 21:02 . 2009-06-13 21:02 266240 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz46.exe
2009-06-13 21:02 . 2002-12-31 12:00 601088 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\x1c117884.dll
2009-06-13 21:02 . 2009-06-13 21:02 228403 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz44.exe
2009-06-13 21:02 . 2009-06-13 21:02 2345 ----a-w- c:\documents and settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\stron_1244933794.exe
2009-06-13 21:02 . 2009-06-13 21:02 24576 ----a-w- C:\gsji.exe
2009-06-11 18:41 . 2009-06-11 18:47 -------- d-----w- c:\windows\LastGood.Tmp
2009-06-11 18:40 . 2009-06-11 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-07 09:53 . 2009-06-07 09:53 28160 ----a-w- C:\tablnkq.exe
2009-06-05 13:48 . 2009-06-16 10:16 -------- d--h--w- c:\windows\system32\B29E14
2009-06-05 13:48 . 2009-06-16 10:16 -------- d--h--w- c:\windows\system32\184E47
2009-06-05 13:48 . 2009-06-05 20:02 -------- d--h--w- c:\windows\system32\678931
2009-06-05 13:48 . 2009-06-05 13:48 -------- d--h--w- c:\windows\system32\D05F7A
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 16:36 . 2009-05-07 12:02 99710 ----a-w- c:\windows\system32\drivers\a4a4d2f5.sys
2009-06-18 15:41 . 2009-01-09 17:24 -------- d-----w- c:\program files\Quran
2009-06-18 15:27 . 2009-04-09 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-16 10:07 . 2009-04-15 09:08 -------- d-----w- c:\documents and settings\Toshiba\Application Data\Partdarttons
2009-06-16 10:06 . 2009-04-15 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Hope meow blue sect
2009-06-15 09:48 . 2009-04-09 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\zyz Kaspersky Lab setup files
2009-06-15 08:47 . 2009-04-09 17:57 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-13 22:01 . 2009-04-15 09:19 -------- d-----w- c:\program files\Ashampoo
2009-06-04 10:39 . 2002-12-31 12:00 71168 ----a-w- c:\windows\system32\userinit.exe
2009-05-07 12:00 . 2009-05-07 12:00 32 --s-a-w- c:\windows\system32\2296730716.dat
2009-04-16 13:26 . 2000-01-01 04:08 95216 ----a-w- c:\documents and settings\Toshiba\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 12:13 . 2009-04-16 12:11 25 ----a-w- c:\windows\wpd99.drv
2009-04-16 12:13 . 2009-04-16 12:11 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-04-16 12:13 . 2009-04-16 12:11 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-04-10 17:50 . 2002-12-31 12:00 213376 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-03-24 14:11 . 2000-01-01 04:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-03-24 14:11 . 2000-01-01 04:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-03-22 17:55 . 2009-03-22 17:55 390664 ----a-w- c:\documents and settings\Toshiba\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
.
------- Sigcheck -------
[-] 2009-04-10 17:50 213376 33A26A570B136E5841FEC6B392D13561 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-10 17:50 213376 33A26A570B136E5841FEC6B392D13561 c:\windows\system32\drivers\ndis.sys
[-] 2009-06-04 10:39 71168 B0238A85A62E6F564C7161800026888C c:\windows\system32\userinit.exe
[7] 2002-12-31 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe
[-] 2008-01-12 14:55 1580544 9F960FAC5166F8626B9CDE4DD9A0EB84 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe" [2009-02-23 3508568]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\System32\\00THotkey.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=
S1 ethygxis;ethygxis;c:\windows\system32\drivers\ethygxis.sys --> c:\windows\system32\drivers\ethygxis.sys [?]
S1 zdbprkiulgbu5;zdbprkiulgbu5.sys;c:\windows\system32\DRIVERS\zdbprkiulgbu5.sys --> c:\windows\system32\DRIVERS\zdbprkiulgbu5.sys [?]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 eirknbhtvbvih;eirknbhtvbvih;\??\c:\windows\system32\drivers\hhvfspkjr.sys --> c:\windows\system32\drivers\hhvfspkjr.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-18 19:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a4a4d2f5]
"ImagePath"="\SystemRoot\System32\drivers\a4a4d2f5.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\GTGina.dll
- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
.
**************************************************************************
.
Completion time: 2009-06-18 19:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 16:37
Pre-Run: 55,328,161,792 bytes free
Post-Run: 55,396,040,704 bytes free
229
 
تأييد 0
واعمل تقرير للهايجاك


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي








اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log


لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

لم اعمل هذه لان الرابط لايعمل
 
تأييد 0
قايل لك جهازك سيرفر فيروسات :d:

آخر شئ...
افتح هذه الصفحه
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وحمل برنامج الافيرا 9

وهنا شرح الاستخدام ... وحفظ التقرير
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
القوزي قال:
واعمل تقرير للهايجاك​



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي







اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log


لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم


لم اعمل هذه لان الرابط لايعمل
أنقر للتوسيع...


تفضل
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



واعمله بعد فحص الافيرا
 
تأييد 0
زيزوم قال:
قايل لك جهازك سيرفر فيروسات :d:

آخر شئ...
افتح هذه الصفحه
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وحمل برنامج الافيرا 9

وهنا شرح الاستخدام ... وحفظ التقرير
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...

للاسف حملت البرنامج ولكن عند فتحه تطلع لي هذه الصورة


i18034_1.bmp
 
تأييد 0
وهذا تقرير الهاجيك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:17:51 م, on 18/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Quran - {6226BA26-C017-4007-928C-DE9715C6FA67} - C:\Documents and Settings\All Users\Application Data\{6226BA26-C017-4007-928C-DE9715C6FA67}\tbu657\qurana.dll (file missing)
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Toshiba\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Toshiba\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: EF9A20.lnk = C:\WINDOWS\system32\B29E14\EF9A20.EXE
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 4222 bytes
 
تأييد 0
القوزي قال:
للاسف حملت البرنامج ولكن عند فتحه تطلع لي هذه الصورة


i18034_1.bmp
أنقر للتوسيع...


موجود تحت تحميل الافيرا ... هذه الجمله
( ملااحظه مهمه : لمن تظهر له رسالة خطأ اثناء التشغيل ,, يستخدم هذا الملف ويقوم بتثبيته )

لاهنت افتح الصفحه وحمل الملف ... وقم بتثبيته​
 
تأييد 0
شغل الهايجاك اللي عملت فيه آخر تقرير
واضغط على Scan وأشر على هذه القيم ... واضغط على Fix Checked

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)


O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\


O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\


شرح طريقة الحذف

mg%20(3).png


mg%20(4).png



-----------------------------------------


بعدها حمل هذا الملف وقم بتشغيله
لتنظيف الملفات المؤقته بالجهاز وتصفير مسجل نظام الويندوز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
زيزوم قال:
تفضل
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



واعمله بعد فحص الافيرا
أنقر للتوسيع...

هذا تقرير الاداة التي لم تعمل ووضحت ذلك بالصورة حيث حملت الملف الاخر وعملت وهذا التقرير بعد الفحص


Avira AntiVir Personal
Report file date: 25 جمادى الثانية, 1430 21:48
Scanning for 1476013 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Toshiba
Computer name : YOUR-4FSDILOOL1
Version information:
BUILD.DAT : 9.0.0.386 17962 Bytes 15/03/1430 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 29/02/1430 09:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 03/03/1430 07:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 25/02/1430 08:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 03/03/1430 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/1429 03:29:38
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 16/02/1430 10:32:40
ANTIVIR2.VDF : 7.1.4.87 2982912 Bytes 19/06/1430 06:21:02
ANTIVIR3.VDF : 7.1.4.112 181760 Bytes 25/06/1430 06:32:22
Engineversion : 8.2.0.191
AEVDF.DLL : 8.1.1.1 106868 Bytes 06/05/1430 05:33:10
AESCRIPT.DLL : 8.1.2.9 409978 Bytes 24/06/1430 05:32:45
AESCN.DLL : 8.1.2.3 127347 Bytes 21/05/1430 06:20:35
AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/1429 22:43:26
AEPACK.DLL : 8.1.3.18 401783 Bytes 03/06/1430 08:10:34
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 24/06/1430 05:32:45
AEHEUR.DLL : 8.1.0.133 1798520 Bytes 24/06/1430 05:32:45
AEHELP.DLL : 8.1.3.6 205174 Bytes 18/06/1430 03:44:16
AEGEN.DLL : 8.1.1.45 348532 Bytes 16/06/1430 04:00:09
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/1429 01:49:35
AECORE.DLL : 8.1.6.12 180599 Bytes 03/06/1430 08:10:33
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/1429 01:49:34
AVWINLL.DLL : 9.0.0.3 18177 Bytes 14/12/1429 05:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 07/12/1429 07:32:15
AVREP.DLL : 8.0.0.3 155688 Bytes 25/06/1430 06:32:23
AVREG.DLL : 9.0.0.0 36609 Bytes 07/12/1429 07:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 14/02/1430 04:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 04/02/1430 07:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 02/02/1430 12:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 07/02/1430 05:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 07/12/1429 07:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 14/02/1430 08:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 15/03/1430 12:55:12
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\DOCUME~1\Toshiba\LOCALS~1\Temp\RarSFX0\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 25 جمادى الثانية, 1430 21:48
Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'zyzoom_avira9.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WUSB54GC.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned
Starting master boot sector scan:
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '53' files ).

Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\tablnkq.exe
[DETECTION] Is the TR/Inject.acyf Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak.zip
[0] Archive type: ZIP
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/031.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/239.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/369.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/764.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/7A.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/84.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/924.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/xdfbxewhrrjdzdfbcvne5gwgaabaz44.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Delf.uic dropper
--> dncyool32.sys
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> sopidkc.exe
[DETECTION] Is the TR/Dldr.Delf.uic Trojan
--> tpsaxyd.exe
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/xdfbxewhrrjdzdfbcvne5gwgaabaz46.exe
[DETECTION] Is the TR/VB.rep Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/~TM77.tmp
[DETECTION] Is the TR/Agent.cltv Trojan
--> C/DOCUME~1/Toshiba/LOCALS~1/Temp/~TM81.tmp
[DETECTION] Is the TR/Agent.cltv Trojan
--> C/WINDOWS/Temp/37.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> C/WINDOWS/Temp/xdfbxewhrrjdzdfbcvne5gwgaabaz44.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Delf.uic dropper
--> dncyool32.sys
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> sopidkc.exe
[DETECTION] Is the TR/Dldr.Delf.uic Trojan
--> tpsaxyd.exe
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
--> C/WINDOWS/Temp/xdfbxewhrrjdzdfbcvne5gwgaabaz46.exe
[DETECTION] Is the TR/VB.rep Trojan
--> C/WINDOWS/Temp/~TM34.tmp
[DETECTION] Is the TR/Agent.cltv Trojan
--> C/WINDOWS/Temp/~TM54EA3A.TMP
[DETECTION] Is the TR/Agent.cltv Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\924.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz44.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Delf.uic dropper
--> dncyool32.sys
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> sopidkc.exe
[DETECTION] Is the TR/Dldr.Delf.uic Trojan
--> tpsaxyd.exe
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz46.exe
[DETECTION] Is the TR/VB.rep Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\~TM77.tmp
[DETECTION] Is the TR/Agent.cltv Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\~TM81.tmp
[DETECTION] Is the TR/Agent.cltv Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz44.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Delf.uic dropper
--> dncyool32.sys
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> sopidkc.exe
[DETECTION] Is the TR/Dldr.Delf.uic Trojan
--> tpsaxyd.exe
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz46.exe
[DETECTION] Is the TR/VB.rep Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\~TM34.tmp
[DETECTION] Is the TR/Agent.cltv Trojan
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\~TM54EA3A.TMP
[DETECTION] Is the TR/Agent.cltv Trojan
C:\Documents and Settings\All Users\Application Data\{6226BA26-C017-4007-928C-DE9715C6FA67}\tbu657\tbhelper.dll
[DETECTION] Contains recognition pattern of the ADSPY/Agent.ecw.1 adware or spyware
C:\Qoobox\Quarantine\C\smxa.exe.vir
[DETECTION] Is the TR/Buzus.bgfl Trojan
C:\Qoobox\Quarantine\C\xeeqy.exe.vir
[DETECTION] Is the TR/Buzus.bgfl Trojan
C:\Qoobox\Quarantine\C\xwjfc.exe.vir
[DETECTION] Is the TR/Buzus.bgfl Trojan
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-1756721462-7422755793-040095631-9477\wnzip32.exe.vir
[DETECTION] Is the TR/Buzus.bgfl Trojan
C:\Qoobox\Quarantine\C\WINDOWS\freddy46.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Koobface.XU worm
C:\Qoobox\Quarantine\C\WINDOWS\ld09.exe.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\DLL\RUNDLL32.exe.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir
[DETECTION] Is the TR/Obfuscated.aghs Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dncyool32.sys.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpszxyd.sys.vir
[DETECTION] Is the TR/Downloader.Gen2 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wtukd32.exe.vir
[DETECTION] Is the TR/Downloader.Gen2 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\3361\SVCHOST.EXE.vir
[DETECTION] Is the TR/Agent.clwi Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\57482add.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\glaide32.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_57482add_.sys.zip
[0] Archive type: ZIP
--> 57482add.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_glaide32_.sys.zip
[0] Archive type: ZIP
--> glaide32.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP3\A0000119.dll
[DETECTION] Is the TR/Agent2.kom Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP3\A0000121.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP3\A0000123.sys
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP3\A0000124.exe
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP4\A0000125.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP4\A0000126.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP4\A0000127.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP4\A0000128.exe
[DETECTION] Is the TR/Agent.cltv Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0006133.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0006137.exe
[DETECTION] Is the TR/Spy.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0006138.exe
[DETECTION] Is the TR/Spy.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009231.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009232.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009233.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009234.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009235.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009236.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009237.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009239.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009240.sys
[DETECTION] Contains a recognition pattern of the (harmful) BDS/IEbooot.axr back-door program
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014265.sys
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Refpron.153600C back-door program
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014266.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Refpron.153600C back-door program
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014267.old
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014268.exe
[DETECTION] Is the TR/Dldr.Delf.uic Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014277.exe
[DETECTION] Is the TR/Spy.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014278.dll
[DETECTION] Is the TR/Obfuscated.aghs Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014280.dll
[DETECTION] Is the TR/Agent2.kom Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014281.exe
[DETECTION] Is the TR/Agent2.KOV.5 Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014282.dll
[DETECTION] Is the TR/Dldr.Delf.uia Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014283.sys
[DETECTION] Is the TR/Agent.clsj.B Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014284.dll
[DETECTION] Is the TR/Agent.clsj Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014285.exe
[DETECTION] Is the TR/Downloader.Gen2 Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0014393.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0014394.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0014396.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015306.exe
[DETECTION] Is the TR/Buzus.bgfl Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015307.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015309.EXE
[DETECTION] Is the TR/Agent.clwi Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015310.dll
[DETECTION] Is the TR/Obfuscated.aghs Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015311.sys
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015313.exe
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015314.sys
[DETECTION] Is the TR/Downloader.Gen2 Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015315.exe
[DETECTION] Is the TR/Downloader.Gen2 Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015319.exe
[DETECTION] Contains recognition pattern of the WORM/Koobface.XU worm
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015320.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015326.exe
[DETECTION] Is the TR/Buzus.bgfl Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015328.exe
[DETECTION] Is the TR/Buzus.bgfl Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015329.exe
[DETECTION] Is the TR/Buzus.bgfl Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015335.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015336.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\WINDOWS\system32\userinit.exe
[DETECTION] Is the TR/Mail.Agent.aba Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H6HLIM80\gh[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H6HLIM80\ik[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\WINDOWS\system32\drivers\a4a4d2f5.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\Downloads\Compressed\IDM5.15Build6ByKhalesedArabSeeD.CoM.rar
[0] Archive type: RAR
--> IDM 5.15 Build 6 By Khalesed\crack\Patch 5.xx (2008-12-06).exe
[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
Begin scan in 'E:\'
E:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009242.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
E:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009243.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
Beginning disinfection:
C:\tablnkq.exe
[DETECTION] Is the TR/Inject.acyf Trojan
[NOTE] The file was moved to '4a9c9474.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak.zip
[NOTE] The file was moved to '4aa79479.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\924.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4a6e945b.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz44.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Delf.uic dropper
[NOTE] The file was moved to '4aa0948d.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz46.exe
[DETECTION] Is the TR/VB.rep Trojan
[NOTE] The file was moved to '4aa0948e.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\~TM77.tmp
[DETECTION] Is the TR/Agent.cltv Trojan
[NOTE] The file was moved to '4a87947e.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\DOCUME~1\Toshiba\LOCALS~1\Temp\~TM81.tmp
[DETECTION] Is the TR/Agent.cltv Trojan
[NOTE] The file was moved to '463afb37.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz44.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Delf.uic dropper
[NOTE] The file was moved to '4aa0948f.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\xdfbxewhrrjdzdfbcvne5gwgaabaz46.exe
[DETECTION] Is the TR/VB.rep Trojan
[NOTE] The file was moved to '4618dcf0.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\~TM34.tmp
[DETECTION] Is the TR/Agent.cltv Trojan
[NOTE] The file was moved to '4a87947f.qua'!
C:\Documents and Settings\All Users\Application Data\Ashampoo\Ashampoo UnInstaller 3\Backup\Tempfiles\Tempfiles_2009-06-14_UIBak\C\WINDOWS\Temp\~TM54EA3A.TMP
[DETECTION] Is the TR/Agent.cltv Trojan
[NOTE] The file was moved to '4638ea58.qua'!
C:\Documents and Settings\All Users\Application Data\{6226BA26-C017-4007-928C-DE9715C6FA67}\tbu657\tbhelper.dll
[DETECTION] Contains recognition pattern of the ADSPY/Agent.ecw.1 adware or spyware
[NOTE] The file was moved to '4aa2948d.qua'!
C:\Qoobox\Quarantine\C\smxa.exe.vir
[DETECTION] Is the TR/Buzus.bgfl Trojan
[NOTE] The file was moved to '4ab29499.qua'!
C:\Qoobox\Quarantine\C\xeeqy.exe.vir
[DETECTION] Is the TR/Buzus.bgfl Trojan
[NOTE] The file was moved to '4a9f9491.qua'!
C:\Qoobox\Quarantine\C\xwjfc.exe.vir
[DETECTION] Is the TR/Buzus.bgfl Trojan
[NOTE] The file was moved to '4aa494a3.qua'!
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-1756721462-7422755793-040095631-9477\wnzip32.exe.vir
[DETECTION] Is the TR/Buzus.bgfl Trojan
[NOTE] The file was moved to '4ab4949a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\freddy46.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Koobface.XU worm
[NOTE] The file was moved to '4a9f949e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\ld09.exe.vir
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4a6a9490.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\DLL\RUNDLL32.exe.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4a889481.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir
[DETECTION] Is the TR/Obfuscated.aghs Trojan
[NOTE] The file was moved to '4aa994a0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dncyool32.sys.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4a9d949a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
[NOTE] The file was moved to '4aad949c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpszxyd.sys.vir
[DETECTION] Is the TR/Downloader.Gen2 Trojan
[NOTE] The file was moved to '46683915.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wtukd32.exe.vir
[DETECTION] Is the TR/Downloader.Gen2 Trojan
[NOTE] The file was moved to '4aaf94a0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\3361\SVCHOST.EXE.vir
[DETECTION] Is the TR/Agent.clwi Trojan
[NOTE] The file was moved to '4a7d9482.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\57482add.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4a6e9463.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\glaide32.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4a9b9498.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_57482add_.sys.zip
[NOTE] The file was moved to '4a719461.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_glaide32_.sys.zip
[NOTE] The file was moved to '4aa69493.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP3\A0000119.dll
[DETECTION] Is the TR/Agent2.kom Trojan
[NOTE] The file was moved to '4a6a945d.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP3\A0000121.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '46ad2946.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP3\A0000123.sys
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
[NOTE] The file was moved to '4dd9945e.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP3\A0000124.exe
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
[NOTE] The file was moved to '46a77f96.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP4\A0000125.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '46a590be.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP4\A0000126.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '46ba98f6.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP4\A0000127.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '46bb802e.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP4\A0000128.exe
[DETECTION] Is the TR/Agent.cltv Trojan
[NOTE] The file was moved to '46b88866.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0006133.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4a6a945e.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0006137.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '46bebf97.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0006138.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '46bfa7cf.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009231.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '46bcaf07.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009232.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '46b3c6ef.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009233.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '46bdd77f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009234.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '46b2deb7.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009235.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '46b0ce27.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009236.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '46b1f6af.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009237.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '46b6ff37.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009239.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '46b7e7bf.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009240.sys
[DETECTION] Contains a recognition pattern of the (harmful) BDS/IEbooot.axr back-door program
[NOTE] The file was moved to '46b4e807.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014265.sys
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Refpron.153600C back-door program
[NOTE] The file was moved to '46b5108f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014266.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Refpron.153600C back-door program
[NOTE] The file was moved to '468a1917.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014267.old
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '468b019f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014268.exe
[DETECTION] Is the TR/Dldr.Delf.uic Trojan
[NOTE] The file was moved to '46880a67.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014277.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '468932ef.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014278.dll
[DETECTION] Is the TR/Obfuscated.aghs Trojan
[NOTE] The file was moved to '468e3b77.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014280.dll
[DETECTION] Is the TR/Agent2.kom Trojan
[NOTE] The file was moved to '468f23ff.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014281.exe
[DETECTION] Is the TR/Agent2.KOV.5 Trojan
[NOTE] The file was moved to '468c5447.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014282.dll
[DETECTION] Is the TR/Dldr.Delf.uia Trojan
[NOTE] The file was moved to '468d5ccf.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014283.sys
[DETECTION] Is the TR/Agent.clsj.B Trojan
[NOTE] The file was moved to '46824557.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014284.dll
[DETECTION] Is the TR/Agent.clsj Trojan
[NOTE] The file was moved to '46834ddf.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0014285.exe
[DETECTION] Is the TR/Downloader.Gen2 Trojan
[NOTE] The file was moved to '468075a7.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0014393.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '46817e2f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0014394.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '468666b7.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0014396.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '46876f3f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015306.exe
[DETECTION] Is the TR/Buzus.bgfl Trojan
[NOTE] The file was moved to '46859787.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015307.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '469a9fff.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015309.EXE
[DETECTION] Is the TR/Agent.clwi Trojan
[NOTE] The file was moved to '469b8097.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015310.dll
[DETECTION] Is the TR/Obfuscated.aghs Trojan
[NOTE] The file was moved to '4698891f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015311.sys
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4699b1e7.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015313.exe
[DETECTION] Is the TR/Dldr.Delf.uib Trojan
[NOTE] The file was moved to '47fca557.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015314.sys
[DETECTION] Is the TR/Downloader.Gen2 Trojan
[NOTE] The file was moved to '47fdaddf.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015315.exe
[DETECTION] Is the TR/Downloader.Gen2 Trojan
[NOTE] The file was moved to '47f2d5a7.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015319.exe
[DETECTION] Contains recognition pattern of the WORM/Koobface.XU worm
[NOTE] The file was moved to '47f3de2f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015320.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '47f0c6b7.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015326.exe
[DETECTION] Is the TR/Buzus.bgfl Trojan
[NOTE] The file was moved to '47f1cf3f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015328.exe
[DETECTION] Is the TR/Buzus.bgfl Trojan
[NOTE] The file was moved to '47f6f787.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015329.exe
[DETECTION] Is the TR/Buzus.bgfl Trojan
[NOTE] The file was moved to '47f7f80f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015335.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4a6a945f.qua'!
C:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP6\A0015336.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '47f5e920.qua'!
C:\WINDOWS\system32\userinit.exe
[DETECTION] Is the TR/Mail.Agent.aba Trojan
[NOTE] The file was moved to '4a9f94a2.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H6HLIM80\gh[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4a959497.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H6HLIM80\ik[1].exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4a95949a.qua'!
D:\Downloads\Compressed\IDM5.15Build6ByKhalesedArabSeeD.CoM.rar
[NOTE] The file was moved to '4a879473.qua'!
E:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009242.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
[NOTE] The file was moved to '4a6a9461.qua'!
E:\System Volume Information\_restore{58A85B35-38BA-4D6E-8FD8-53ED36571EC7}\RP5\A0009243.exe
[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
[NOTE] The file was moved to '4dc57cca.qua'!

End of the scan: 25 جمادى الثانية, 1430 22:23
Used time: 34:00 Minute(s)
The scan has been done completely.
4414 Scanned directories
492930 Files were scanned
112 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
85 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
492816 Files not concerned
7879 Archives were scanned
2 Warnings
86 Notes
 
تأييد 0
هذا تقرير الهياجيك بعد حذف القيم

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:31 م, on 18/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Quran - {6226BA26-C017-4007-928C-DE9715C6FA67} - C:\Documents and Settings\All Users\Application Data\{6226BA26-C017-4007-928C-DE9715C6FA67}\tbu657\qurana.dll (file missing)
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Toshiba\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Toshiba\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: EF9A20.lnk = C:\WINDOWS\system32\B29E14\EF9A20.EXE
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 4077 bytes
 
تأييد 0
ما زالت الاصابات موجوده
ولم تعمل بالافيرا كما موجود بالشرح
انت عملت فقط تقرير

والهايجاك نفسه لم تتغير القيم اللي طلبت حذفهاا



اذا حبيت اعمل لك صيانة عن بعد ما عندي مشكله ... وحتى اسحب نسخه من الفيروسات لارسالها لشركات الحماية
وجاري ارسال المعلومات في حال قبولك
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى