[تم حل المشكلة]مساعدة يا اخواني الزيزوميين فايرس هلك جهازي

  • بادئ الموضوع بادئ الموضوع wanted2
  • تاريخ البدء تاريخ البدء
  • المشاهدات 2,488
الحالة
مغلق و غير مفتوح للمزيد من الردود.
W

wanted2

زيزوومي نشيط
إنضم
22 مارس 2009
المشاركات
154
مستوى التفاعل
0
النقاط
200
الإقامة
السعووووووووودية
غير متصل
السلام عليكم ورحمة الله وبركاته

كيفكم شباب ان شاء الله بخير

انا امس كنت اتصفح النت نزلت صورة يوم فتحتها الا وفيها هذاك الفايروس العين خرب ام الجهاز

اول ماشغلتها علا طول طفا الكاسبر انتي فايرس

بعدين عدت التشغيل اقلع الجهاز لكن ولا شي يشتغل بس المواس تتحرك عال فاضي

حاولت اعمل سيستم ريستور ما ظبط حاولت ادخل من السيف مود عيا يدخل

شبكته ب نتوورك مع جهاز ثاني سويتله فحص كشف كم فيروس ولكن المشكلة ما انحلت

والكمبيوتر يشتغل لمدة 10 دقايق وهو معلق يعني بس الماوس تتحرك والباقي نايم

بعدين تطلع شاشة زرقة ويطفي

ماقدرت اجيبلكم تقرير الهايجاك ولا صورة لان مافي شي يشتغل

ارجو مساعدتي بسرعة

وشكرا
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
الافضل تحميل اسطوانة طوراىء من الكاسبر او الافيرا
وتحرقها على اسطوانة وتقلع منها ثم تفحص بها
 
تأييد 0
امممم

لكن ما اعرف كيف ممكن شرح علا الكاسبر؟؟
 
تأييد 0
اخوي نزلته وجاري البحث عن فايروسات

لكن يقولي يبغاله اب ديت

قلتله سكيب وكمل البحث
 
تأييد 0
ما عندك مشكلة
وبانتظار النتائج النهائية
 
تأييد 0
اخوي الحمد لله خلص البحث واقلع الحهاز مظبوط واشتغل وعملتله سكان مرة ثانية طلع كم فيروس ومسحهم

لكن اذا شغلت برنامجين او ثلاث مع بعض يجمددد اول ماكان كذا

وغير ذالك انه ما يتصل بالنت يتصل بالمودوم لكن مايتصل بالنت

جبتلك تقرير كامبو فيكس




ComboFix 09-07-01.01 - faisoly 07/02/2009 11:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1021.641 [GMT 3:00]
Running from: f:\مهممممممم\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-01 18:58 . 2009-07-01 18:58 91700 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-01 18:58 . 2009-07-01 18:58 85860 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-01 18:57 . 2009-07-02 09:01 6548000 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-01 18:57 . 2009-07-02 09:01 12832 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-30 16:58 . 2009-06-30 16:58 0 ----a-w- c:\windows\system32\cd.dat
2009-06-30 16:55 . 2009-06-30 16:55 -------- d-----w- c:\program files\ESET
2009-06-30 16:55 . 2009-06-30 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-18 18:13 . 2009-07-01 12:52 -------- d-----w- c:\program files\AdVantage
2009-06-18 10:08 . 2009-06-18 10:08 -------- d-----w- c:\documents and settings\faisoly\Application Data\Apple Computer
2009-06-18 10:04 . 2009-06-18 10:06 -------- d-----w- c:\program files\QuickTime
2009-06-18 10:04 . 2009-06-18 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-18 10:04 . 2009-06-18 10:04 -------- d-----w- c:\documents and settings\faisoly\Local Settings\Application Data\Apple
2009-06-18 10:04 . 2009-06-18 10:04 -------- d-----w- c:\program files\Apple Software Update
2009-06-18 10:04 . 2009-06-18 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-18 10:04 . 2009-06-18 10:04 -------- d-----w- c:\documents and settings\faisoly\Local Settings\Application Data\Apple Computer
2009-06-13 22:41 . 2009-06-13 22:41 843 ----a-w- C:\ChangeWinXPKey.vbs
2009-06-13 17:49 . 2009-07-02 08:50 -------- d-----w- c:\windows\system32\NtmsData
2009-06-12 19:18 . 2009-07-01 13:17 69632 ----a-w- c:\windows\Alcmtr.exe
2009-06-12 18:37 . 2009-06-12 18:39 -------- d-----w- c:\windows\NV11202976.TMP
2009-06-12 15:54 . 2009-06-12 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-12 07:59 . 2009-06-12 08:00 -------- d-----w- c:\program files\ma-config.com
2009-06-12 07:59 . 2009-06-12 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-06-09 15:19 . 2009-06-09 15:19 -------- d-----w- C:\Hotspot Shield
2009-06-09 15:18 . 2009-06-11 05:18 -------- d-----w- c:\program files\Hotspot Shield
2009-06-09 14:41 . 2009-06-09 14:41 -------- d-----w- c:\documents and settings\faisoly\Application Data\MessengerDiscovery 2
2009-06-09 14:40 . 2009-06-09 14:40 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-06-09 14:24 . 2009-06-09 14:24 -------- d-----w- c:\windows\system32\ar-SA
2009-06-09 14:23 . 2009-06-09 14:23 130432 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-09 14:22 . 2009-06-09 14:22 -------- d-----w- c:\program files\MSBuild
2009-06-09 14:22 . 2009-06-09 14:24 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-09 14:22 . 2009-06-09 14:22 -------- d-----w- c:\program files\Reference Assemblies
2009-06-09 14:21 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-08 12:08 . 2009-06-08 12:14 -------- d-----w- c:\program files\Common Files\ssdata
2009-06-08 11:49 . 2009-06-08 11:57 -------- d-----w- c:\windows\system32\Sys52Data
2009-06-07 16:07 . 2009-06-07 16:07 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-07 16:07 . 2009-06-07 16:07 -------- d-----w- c:\windows\system32\AGEIA
2009-06-07 16:05 . 2009-06-07 16:05 -------- d-----w- C:\NVIDIA
2009-06-07 14:28 . 2009-06-07 14:28 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-06 12:27 . 2009-06-06 12:28 -------- d-----w- C:\UniScan
2009-06-06 12:25 . 2007-01-16 23:19 438272 ----a-r- c:\windows\system32\hp2436co.dll
2009-06-06 12:25 . 2007-10-30 16:00 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-06 12:25 . 2007-10-30 16:00 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-06 12:25 . 2009-06-06 12:26 -------- d-----w- c:\documents and settings\faisoly\Application Data\Image Zone Express
2009-06-06 10:15 . 2009-06-06 10:30 -------- d-----w- c:\documents and settings\faisoly\Local Settings\Application Data\Adobe
2009-06-06 10:09 . 2009-06-06 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-04 11:01 . 2009-06-04 11:01 -------- d-----w- c:\program files\Bonjour
2009-06-04 10:49 . 2009-06-04 10:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-04 10:48 . 2009-06-04 11:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-04 09:43 . 2009-06-04 10:28 -------- d-----w- c:\program files\Photo-Brush 5
2009-06-03 13:54 . 2009-07-01 13:06 -------- d-----w- c:\program files\Windows Live
2009-06-03 13:45 . 2009-06-03 13:45 3584 ----a-r- c:\documents and settings\faisoly\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-06-03 13:45 . 2009-06-03 13:45 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-06-03 13:45 . 2009-06-03 13:45 -------- d-----w- c:\program files\MSECACHE
2009-06-03 12:26 . 2009-06-03 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Atelier Web
2009-06-03 09:23 . 2009-06-03 09:23 -------- d-s---w- c:\documents and settings\faisoly\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 09:01 . 2009-06-02 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-02 08:59 . 2009-07-01 18:57 2180 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-02 08:59 . 2009-07-01 18:57 98000 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-01 18:53 . 2009-06-02 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-01 13:22 . 2009-04-30 21:31 1626112 ----a-w- c:\windows\system32\nwiz.exe
2009-07-01 13:17 . 2009-06-02 16:59 86016 ----a-w- c:\windows\SoundMan.exe
2009-07-01 13:17 . 2009-06-02 16:59 1826816 ----a-w- c:\windows\SkyTel.exe
2009-07-01 13:06 . 2009-06-02 18:13 -------- d-----w- c:\program files\JetAudio
2009-06-13 12:16 . 2009-06-02 17:05 36976 ----a-w- c:\documents and settings\faisoly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 16:07 . 2009-06-02 18:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-03 13:55 . 2009-06-02 18:23 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-02 19:37 . 2009-06-02 19:37 -------- d-----w- c:\documents and settings\faisoly\Application Data\COWON
2009-06-02 18:26 . 2009-06-02 18:26 390664 ----a-w- c:\documents and settings\faisoly\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-02 18:24 . 2009-06-02 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-02 18:21 . 2009-06-02 18:17 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-06-02 18:17 . 2009-06-02 18:17 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-02 18:17 . 2009-06-02 18:17 -------- d-----w- c:\documents and settings\faisoly\Application Data\TuneUp Software
2009-06-02 18:17 . 2009-06-02 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\program files\Common Files\Real
2009-06-02 18:15 . 2009-06-02 17:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-02 18:15 . 2007-03-11 18:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\program files\Real
2009-06-02 18:13 . 2009-06-02 18:13 -------- d-----w- c:\program files\Common Files\COWON
2009-06-02 18:13 . 2009-06-02 16:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-02 18:06 . 2009-06-02 16:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-02 17:47 . 2009-06-02 17:47 -------- d-----w- c:\program files\Opera
2009-06-02 17:42 . 2009-06-02 17:42 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-02 17:40 . 2009-06-02 17:25 127823 ----a-w- c:\windows\hpgins24.dat
2009-06-02 17:28 . 2009-06-02 17:28 -------- d-----w- c:\program files\Common Files\HP
2009-06-02 17:28 . 2009-06-02 17:25 -------- d-----w- c:\program files\HP
2009-06-02 17:26 . 2009-06-02 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-02 17:26 . 2009-06-02 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-02 17:26 . 2009-06-02 17:26 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-02 17:26 . 2009-06-02 17:26 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-02 17:20 . 2009-06-02 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-06-02 17:11 . 2009-06-02 17:11 -------- d-----w- c:\program files\IVT Corporation
2009-06-02 17:08 . 2009-06-02 17:08 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-02 17:08 . 2009-06-02 16:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-02 16:59 . 2009-06-02 16:57 -------- d-----w- c:\program files\Realtek
2009-06-02 16:59 . 2009-06-02 16:59 315392 ----a-w- c:\windows\HideWin.exe
2009-06-02 16:57 . 2009-06-02 16:57 -------- d-----w- c:\documents and settings\faisoly\Application Data\InstallShield
2009-06-02 16:51 . 2009-06-02 16:51 -------- d-----w- c:\program files\Intel
2009-06-02 16:51 . 2009-06-02 16:51 -------- d-----w- c:\program files\MSXML 4.0
2009-06-02 16:39 . 2009-06-02 16:39 -------- d-----w- c:\program files\microsoft frontpage
2009-06-02 16:35 . 2009-06-02 16:35 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-20 19:54 . 2009-05-20 19:54 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-05-14 18:08 . 2009-05-14 18:08 27136 ----a-w- c:\windows\system32\drivers\tapvpn.sys
2009-04-30 21:31 . 2009-04-30 21:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-04-30 21:30 . 2009-04-30 21:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 21:30 . 2009-04-30 21:30 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-04-30 21:30 . 2009-04-30 21:30 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-04-30 19:02 . 2009-06-02 17:08 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-04-30 19:02 . 2009-04-30 19:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 19:02 . 2009-04-30 19:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 19:02 . 2009-04-30 19:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-04-30 19:02 . 2009-04-30 19:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-26 21:42 . 2009-06-02 17:07 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-23 08:22 . 2009-06-02 16:57 141568 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-04-03 09:39 . 2009-04-03 09:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-06-12_15.48.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 09:18 . 2009-03-03 09:18 73728 c:\windows\system32\RtNicProp32.dll
+ 2009-06-18 20:53 . 2009-06-18 20:53 27108 c:\windows\system32\Restore\rstrlog.dat
+ 2009-06-12 19:18 . 2008-01-16 01:10 86016 c:\windows\system32\ReinstallBackups\0021\DriverFiles\SOUNDMAN.EXE
+ 2009-06-12 19:18 . 2007-10-30 21:33 23552 c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\wdmaud.drv
+ 2009-06-12 19:18 . 2007-10-30 15:46 49280 c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\stream.sys
+ 2009-06-12 19:18 . 2007-10-30 15:46 60160 c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\drmk.sys
+ 2009-04-30 21:30 . 2007-11-06 17:00 81920 c:\windows\system32\nvwddi.dll
- 2009-04-30 21:30 . 2009-04-30 21:30 81920 c:\windows\system32\nvwddi.dll
+ 2009-04-30 21:30 . 2007-11-06 17:00 81920 c:\windows\system32\nvmctray.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 35328 c:\windows\system32\nvcodins.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 35328 c:\windows\system32\nvcod.dll
+ 2008-02-08 15:35 . 2008-02-08 15:35 23604 c:\windows\system32\drivers\klopp.dat
+ 2007-12-13 10:28 . 2007-12-13 10:28 24592 c:\windows\system32\drivers\klim5.sys
+ 2008-06-10 15:56 . 2008-06-10 15:56 34312 c:\windows\system32\drivers\epfwtdir.sys
+ 2008-06-10 15:48 . 2008-06-10 15:48 53256 c:\windows\system32\drivers\easdrv.sys
+ 2008-06-10 15:47 . 2008-06-10 15:47 39944 c:\windows\system32\drivers\eamon.sys
+ 2004-08-04 00:56 . 2007-10-30 21:33 23552 c:\windows\system32\dllcache\wdmaud.drv
+ 2004-08-03 23:08 . 2007-10-30 15:46 49280 c:\windows\system32\dllcache\stream.sys
+ 2009-06-02 16:37 . 2007-10-30 21:32 29184 c:\windows\system32\dllcache\msoobe.exe
+ 2009-06-02 16:59 . 2007-10-30 15:46 60160 c:\windows\system32\dllcache\drmk.sys
- 2009-06-04 11:09 . 2009-06-10 09:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-04 11:09 . 2009-07-01 20:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-02 16:47 . 2009-06-10 09:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-02 16:47 . 2009-07-01 20:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-02 16:47 . 2009-07-01 20:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-02 16:47 . 2009-06-10 09:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-02 17:00 . 2009-01-30 18:25 49152 c:\windows\system32\ChCfg.exe
- 2009-06-02 17:00 . 2008-01-16 01:10 49152 c:\windows\system32\ChCfg.exe
+ 2009-06-18 10:04 . 2009-06-18 10:04 27136 c:\windows\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2009-06-30 16:55 . 2009-06-30 16:55 10134 c:\windows\Installer\{2204AF25-80E5-468E-B46D-795685B35DEB}\callmsi.exe
+ 2009-06-12 19:18 . 2007-10-30 21:31 4096 c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\ksuser.dll
+ 2009-06-02 19:24 . 2007-10-30 21:31 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-06-12 19:18 . 2008-01-16 01:10 131072 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RTLCPAPI.dll
+ 2009-06-12 19:18 . 2008-01-16 01:10 262144 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RTCOMDLL.dll
+ 2009-06-12 19:18 . 2007-10-30 16:31 146048 c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\portcls.sys
+ 2009-06-12 19:18 . 2007-10-30 16:28 141056 c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\ks.sys
+ 2009-06-12 18:37 . 2007-01-11 10:20 194304 c:\windows\system32\ReinstallBackups\0019\DriverFiles\RTL8187.sys
+ 2009-06-12 18:36 . 2009-04-30 19:02 663552 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvcuvid.dll
+ 2009-06-12 18:36 . 2009-04-30 19:02 143360 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvcod.dll
+ 2009-06-12 18:36 . 2009-04-30 19:02 806912 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvapi.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 323584 c:\windows\system32\nvwrspt.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 323584 c:\windows\system32\nvwrspt.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 319488 c:\windows\system32\nvwrsnl.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 319488 c:\windows\system32\nvwrsnl.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 323584 c:\windows\system32\nvwrsit.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 323584 c:\windows\system32\nvwrsit.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 327680 c:\windows\system32\nvwrsfr.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 327680 c:\windows\system32\nvwrsfr.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 335872 c:\windows\system32\nvwrses.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 335872 c:\windows\system32\nvwrses.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 311296 c:\windows\system32\nvwrsde.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 311296 c:\windows\system32\nvwrsde.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 294912 c:\windows\system32\nvwrsda.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 294912 c:\windows\system32\nvwrsda.dll
+ 2009-04-30 21:30 . 2007-11-06 17:00 155716 c:\windows\system32\nvsvc32.exe
+ 2009-04-30 21:31 . 2007-11-06 17:00 466944 c:\windows\system32\nvshell.dll
- 2009-04-30 21:31 . 2009-04-30 21:31 466944 c:\windows\system32\nvshell.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 274432 c:\windows\system32\nvrspt.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 274432 c:\windows\system32\nvrspt.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 274432 c:\windows\system32\nvrsnl.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 274432 c:\windows\system32\nvrsnl.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 278528 c:\windows\system32\nvrsit.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 278528 c:\windows\system32\nvrsit.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 282624 c:\windows\system32\nvrsfr.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 282624 c:\windows\system32\nvrsfr.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 282624 c:\windows\system32\nvrses.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 282624 c:\windows\system32\nvrses.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 278528 c:\windows\system32\nvrsde.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 278528 c:\windows\system32\nvrsde.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 253952 c:\windows\system32\nvrsda.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 253952 c:\windows\system32\nvrsda.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 458752 c:\windows\system32\nvmccssr.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 458752 c:\windows\system32\nvmccssr.dll
+ 2009-04-30 21:30 . 2007-11-06 17:00 188416 c:\windows\system32\nvmccss.dll
- 2009-04-30 21:30 . 2009-04-30 21:30 188416 c:\windows\system32\nvmccss.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 307200 c:\windows\system32\nvexpbar.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 307200 c:\windows\system32\nvexpbar.dll
+ 2009-04-30 21:31 . 2007-11-06 17:00 442368 c:\windows\system32\nvappbar.exe
+ 2007-06-28 16:43 . 2007-11-06 17:00 385024 c:\windows\system32\nvapi.dll
+ 2008-02-08 15:37 . 2008-02-08 15:37 219664 c:\windows\system32\klogon.dll
+ 2009-06-02 17:08 . 2008-06-26 22:39 332928 c:\windows\system32\drivers\RTL8187.sys
+ 2007-12-28 16:51 . 2007-12-28 16:51 195344 c:\windows\system32\drivers\klif.sys
+ 2007-10-31 10:41 . 2007-10-31 10:41 110096 c:\windows\system32\drivers\kl1.sys
+ 2004-03-16 07:58 . 2007-10-30 16:31 146048 c:\windows\system32\dllcache\portcls.sys
+ 2004-08-03 23:15 . 2007-10-30 16:28 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-06-30 16:55 . 2009-06-30 16:55 136448 c:\windows\Installer\{2204AF25-80E5-468E-B46D-795685B35DEB}\egui.exe
+ 2009-06-12 19:18 . 2008-01-16 01:10 1826816 c:\windows\system32\ReinstallBackups\0021\DriverFiles\SkyTel.exe
+ 2009-06-12 19:18 . 2008-01-16 01:10 1191936 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RtlUpd.exe
+ 2009-06-12 19:18 . 2008-01-16 01:10 9715200 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RTLCPL.EXE
+ 2009-06-12 19:18 . 2008-01-16 01:10 4609024 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RtkHDAud.sys
+ 2009-06-12 19:18 . 2008-01-16 01:10 2165760 c:\windows\system32\ReinstallBackups\0021\DriverFiles\MicCal.exe
+ 2009-06-12 19:18 . 2008-01-16 01:10 2808832 c:\windows\system32\ReinstallBackups\0021\DriverFiles\ALCWZRD.EXE
+ 2009-06-12 18:36 . 2009-04-30 19:02 9994240 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvoglnt.dll
+ 2009-06-12 18:36 . 2009-04-30 19:02 1579630 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvdata.bin
+ 2009-06-12 18:36 . 2009-04-30 19:02 1314816 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvcuvenc.dll
+ 2009-06-12 18:36 . 2009-04-30 19:02 1720320 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nvcuda.dll
+ 2009-06-12 18:36 . 2009-04-30 19:02 8055584 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nv4_mini.sys
+ 2009-06-12 18:36 . 2009-04-30 19:02 5896320 c:\windows\system32\ReinstallBackups\0018\DriverFiles\nv4_disp.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 2519040 c:\windows\system32\nvwssr.dll
+ 2009-04-30 21:30 . 2007-11-06 17:00 2486272 c:\windows\system32\nvwss.dll
+ 2009-04-30 21:31 . 2007-11-06 17:00 1019904 c:\windows\system32\nvwimg.dll
+ 2009-04-30 21:31 . 2007-11-06 17:00 1703936 c:\windows\system32\nvwdmcpl.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 3715072 c:\windows\system32\nvvitvsr.dll
+ 2009-04-30 21:30 . 2007-11-06 17:00 3698688 c:\windows\system32\nvvitvs.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 6901760 c:\windows\system32\nvoglnt.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 2854912 c:\windows\system32\nvmoblsr.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 2854912 c:\windows\system32\nvmoblsr.dll
+ 2009-04-30 21:30 . 2007-11-06 17:00 1212416 c:\windows\system32\nvmobls.dll
+ 2009-04-30 21:31 . 2007-11-06 17:00 1474560 c:\windows\system32\nview.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 3330048 c:\windows\system32\nvgamesr.dll
+ 2009-04-30 21:30 . 2007-11-06 17:00 3407872 c:\windows\system32\nvgames.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 1339392 c:\windows\system32\nvdspsch.exe
- 2007-06-28 16:43 . 2007-06-28 16:43 1339392 c:\windows\system32\nvdspsch.exe
+ 2007-06-28 16:43 . 2007-11-06 17:00 5611520 c:\windows\system32\nvdispsr.dll
+ 2009-04-30 21:30 . 2007-11-06 17:00 6541312 c:\windows\system32\nvdisps.dll
- 2007-06-28 16:43 . 2007-06-28 16:43 1073152 c:\windows\system32\nvcpluir.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 1073152 c:\windows\system32\nvcpluir.dll
+ 2009-04-30 21:30 . 2007-11-06 17:00 8523776 c:\windows\system32\nvcpl.dll
+ 2007-06-28 16:43 . 2007-11-06 17:00 5770880 c:\windows\system32\nv4_disp.dll
+ 2009-06-02 19:19 . 2009-06-13 17:49 1481600 c:\windows\system32\FNTCACHE.DAT
- 2009-06-02 19:19 . 2009-06-10 09:54 1481600 c:\windows\system32\FNTCACHE.DAT
+ 2007-06-28 16:43 . 2007-11-06 17:00 7429088 c:\windows\system32\drivers\nv4_mini.sys
+ 2007-06-28 16:43 . 2007-11-06 17:00 7429088 c:\windows\system32\dllcache\nv4_mini.sys
+ 2009-06-02 16:59 . 2009-01-30 18:26 1191936 c:\windows\RtlUpd.exe
- 2009-06-02 16:59 . 2008-01-16 01:10 1191936 c:\windows\RtlUpd.exe
+ 2009-06-12 19:18 . 2008-01-16 01:10 16384512 c:\windows\system32\ReinstallBackups\0021\DriverFiles\RTHDCPL.EXE
+ 2009-06-12 18:36 . 2009-04-30 19:02 20878144 c:\windows\system32\ReinstallBackups\0018\DriverFiles\NvCplSetupEng.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-06-09 15:18 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-10-30 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-10-30 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-07-01 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-07-01 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-30 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-6-2 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\TuneUp Utilities 2008\\OneClick.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/06/2008 06:56 م 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/06/2008 06:53 م 468224]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [01/06/2009 09:13 م 331312]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 01:28 م 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [02/06/2009 08:08 م 332928]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [01/06/2009 09:58 م 34352]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [19/12/2008 04:54 م 195752]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [02/06/2009 08:08 م 13532]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09]

2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:57]
.
.
------- Supplementary Scan -------
.
TCP: {CE0FE872-04AF-426D-8CD2-CC3F596C6C43} = 10.9.208.1
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-02 12:01
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1460)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1528)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(3020)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-07-02 12:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 09:03
ComboFix2.txt 2009-06-12 15:51
ComboFix3.txt 2009-06-03 13:27

Pre-Run: 43,503,501,312 bytes free
Post-Run: 43,499,606,016 bytes free

374






وكمان تقرير للهايجاك






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:08 م, on 02/07/2009
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
F:\مهممممممم\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE0FE872-04AF-426D-8CD2-CC3F596C6C43}: NameServer = 10.9.208.1
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5032 bytes
 
تأييد 0
طيب يا الغالي

اعمل التالي الأن

من تقرير الهايجاك

احذف

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


طريقه الحذف

mg%20(3).png



mg%20(4).png



بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png



وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))


بعد حذف القيم والتنظيف اعمل التالي

عطل استعادة النظام حسب الشرح التالي

i7549_1.png


i7550_2.png


i7551_3.png


ادخل هذه الصفحة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
التقرير noor_mcafee
وارفعه على هذا الموقع
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وارفق رابط التحميل بمشاركتك القادمة
----------------------------
 
توقيع : AbOdy
تأييد 0
اخوي سويت كل شي زي ماقلت

لكن لما جيت بنزل المكافي تلعطلي هذي الرسالة

1246602478.jpg


الكوكيز عندي شغالة بس مدري وش المشكلة
 
تأييد 0
توقيع : AbOdy
تأييد 0
نفس المشكلة

على فكرة ويندوز اكسبلولر عندي قديم الي يجي مع الويندوز
 
تأييد 0
الأكسبلور سهل امره في نهايه الموضوع اعطيك السابع

طيب اعمل التالي

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
 
توقيع : AbOdy
تأييد 0
مشكووور اخوي الان جاري البحث

لكن اول ما نزلته قالي انه يبغى اب ديت لكن كما تعلم مافيه نت قلتله سكيب

وشكرا لاهتمامك

اتوقع انه يطول لان في بجهازي ملفات كثير
 
تأييد 0
خلص البحث وطلع 7 فايروسات وهذا التقرير



Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 3, v.3244

02/07/2009 01:38:05 م
mbam-log-2009-07-02 (13-38-05).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 128638
Time elapsed: 23 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\programs\amer\Design\Graphic\ACDSee Photo Manager v10\Keygen\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\programs\amer\Design\Graphic\Cleaner Zoomer Professional v3.6\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\programs\amer\Multimedia\Studios\Avanquest Ringtone Media Studio v2.20\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\programs\faisal and hosam\Design\ACDSee Photo Editor 2008 5.0.286\CR-AE2K8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\programs\hosam\Anti-Virus\Norton Antivirus v2007\CRACK\KEYGEN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
E:\programs\hosam\Graphics\AcdSee 9.0.108 Photo Manager\KEYGEN.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\programs\hosam\Graphics\Album Creator Pro v3.5\Patch\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{87257FFE-B003-46C6-973A-E2299CECA97E}\RP2\A0011543.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{87257FFE-B003-46C6-973A-E2299CECA97E}\RP2\A0011555.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{E50B7A7E-FADD-47A5-8882-AB4D811FA00A}\RP42\A0017898.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{E50B7A7E-FADD-47A5-8882-AB4D811FA00A}\RP42\A0017880.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{E50B7A7E-FADD-47A5-8882-AB4D811FA00A}\RP42\A0018185.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
 
تأييد 0
ما تشوف شر اخي
ونحيي الاخوان الذين قامو بمساعدك
ونتمني تخبرنا ما هي المستجدات الى صارت معاك
تحياتي
 
توقيع : زرياب10
تأييد 0
اخوي انحلت مشكلة التجميد لكن الا الحين ما يدخل نت والاعدادات كلها مزبوطة
 
تأييد 0
مشكورين اخواني الزيزوميين انحلت المشكلة اخير

انحلت باني نزلت تعريف كرت الوايرلس من جديد وشتغل زين

شكرا لكم ولهتمامكم
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى