بعض المشاكل التي تتعلق بـ system32

  • بادئ الموضوع بادئ الموضوع murderous
  • تاريخ البدء تاريخ البدء
  • المشاهدات 750
M

murderous

زيزوومي جديد
إنضم
21 سبتمبر 2008
المشاركات
11
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم
شباب عندي مشكله ومالقيت لها حل جربت كل شي
اذا اشغل الجهاز في البدايه تظهر لي هالرساله
c:\servu\server32.exe Restart
restart/الاعدادات الشخصيه/c:system32
وعند اغلاق الجهاز تظهر رساله
c: iexplore.exe
و
c: avp.exe


المشكله ان الجهاز صار بطيء اذا شغلته ومع بعض التعليق
.
.
.

فحصته بال combofix وهذي النتيجه


ComboFix 09-07-29.01 - Admin 07/29/2009 19:53.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.503.196 [GMT 3:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\server.exe
c:\program files\PC-Cleaner
c:\program files\PC-Cleaner\PCCleaner.exe
c:\program files\PC-Cleaner\unins000.dat
c:\program files\PC-Cleaner\unins000.exe
c:\windows\system32\bpk.dat
c:\windows\system32\bpk.exe
c:\windows\system32\inst.dat
c:\windows\system32\kakle.dll
c:\windows\system32\pk.bin
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\web.dat
c:\windows\system32\winitn.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 13:36 . 2009-07-29 13:36 7680 ----a-w- c:\documents and settings\Admin\Application Data\Thinstall\EVEREST Ultimate Edition v4.60\4000002e300003i\everest_bench.dll
2009-07-29 13:35 . 2009-07-29 13:35 7680 ----a-w- c:\documents and settings\Admin\Application Data\Thinstall\EVEREST Ultimate Edition v4.60\400000d700002i\everest_diskbench.dll
2009-07-29 13:35 . 2009-07-29 13:35 7680 ----a-w- c:\documents and settings\Admin\Application Data\Thinstall\EVEREST Ultimate Edition v4.60\1000000b00002i\Rundll32.exe
2009-07-29 13:35 . 2009-07-29 13:35 7680 ----a-w- c:\documents and settings\Admin\Application Data\Thinstall\EVEREST Ultimate Edition v4.60\4000009c00002i\IEXPLORE.EXE
2009-07-29 13:30 . 2009-07-29 13:30 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Thinstall
2009-07-29 13:30 . 2009-07-29 13:30 -------- d-----w- c:\documents and settings\Admin\Application Data\Thinstall
2009-07-29 12:59 . 2009-07-29 13:01 -------- d-----w- c:\documents and settings\Admin\Application Data\RegistrySmart
2009-07-29 12:58 . 2009-07-29 12:59 -------- d-----w- c:\program files\RegistrySmart
2009-07-29 09:25 . 2009-07-29 09:25 172032 ----a-w- c:\documents and settings\Admin\Application Data\MSN Pass Steal.exe
2009-07-25 19:40 . 2009-07-29 17:01 -------- d-----w- c:\windows\system32\dt
2009-07-25 04:26 . 2009-07-26 09:13 -------- d-sh--r- C:\servu
2009-07-25 02:15 . 2009-07-25 20:34 -------- d-sh--w- c:\program files\IWM
2009-07-23 16:58 . 2009-07-23 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
2009-07-23 16:58 . 2009-07-23 16:58 735744 ----a-w- c:\documents and settings\Admin\Application Data\Boltwindoweach\qcxnnzds.exe
2009-07-23 16:58 . 2009-07-23 16:58 -------- d-----w- c:\program files\Boltwindoweach
2009-07-23 16:57 . 2009-07-23 16:59 -------- d-----w- c:\program files\WinZix
2009-07-23 04:58 . 1993-10-14 14:57 21648 ----a-w- c:\windows\system\CTL3DV2.DLL
2009-07-23 04:58 . 1995-04-28 01:50 97072 ----a-w- c:\windows\system\BWCC0007.DLL
2009-07-23 04:58 . 1995-04-28 01:50 96928 ----a-w- c:\windows\system\BWCC000C.DLL
2009-07-23 04:58 . 1995-04-28 01:50 96912 ----a-w- c:\windows\system\BWCC0009.DLL
2009-07-23 04:58 . 1995-04-28 01:50 164928 ----a-w- c:\windows\system\BWCC.DLL
2009-07-23 04:58 . 1994-11-16 23:19 264800 ----a-w- c:\windows\system\BOCOLE.DLL
2009-07-23 04:58 . 1995-04-28 01:50 58192 ----a-w- c:\windows\system\MHRUN300.DLL
2009-07-23 04:58 . 1995-04-28 01:50 244192 ----a-w- c:\windows\system\MHCARDS.DLL
2009-07-23 04:58 . 1995-04-28 01:50 81920 ----a-w- c:\windows\system\BIVBX11.DLL
2009-07-23 04:58 . 2009-07-23 04:58 -------- d-----w- C:\TCWIN45
2009-07-23 04:57 . 1994-09-01 21:00 65408 ----a-w- c:\windows\system\ICCVID.DRV
2009-07-23 04:57 . 1994-09-01 21:00 18384 ----a-w- c:\windows\system\DCISVGA.DRV
2009-07-23 04:57 . 1994-09-01 21:00 151040 ----a-w- c:\windows\system\IR32.DLL
2009-07-23 04:57 . 1993-11-18 21:00 77664 ----a-w- c:\windows\system\IR21_R.DLL
2009-07-23 04:57 . 1993-11-18 21:00 7168 ----a-w- c:\windows\system\DISPDIB.DLL
2009-07-23 04:57 . 1993-11-18 21:00 49616 ----a-w- c:\windows\system\MSACM.DLL
2009-07-23 04:57 . 1993-11-18 21:00 43520 ----a-w- c:\windows\system\MSVIDC.DRV
2009-07-23 04:57 . 1993-11-18 21:00 22816 ----a-w- c:\windows\system\MSACM.DRV
2009-07-23 04:57 . 1993-11-18 21:00 14208 ----a-w- c:\windows\system\CTL3D.DLL
2009-07-23 04:57 . 1993-11-18 21:00 12800 ----a-w- c:\windows\system\ACMCMPRS.DLL
2009-07-23 04:57 . 1993-11-18 21:00 11776 ----a-w- c:\windows\system\MSRLE.DRV
2009-07-22 05:30 . 2009-07-22 19:44 117760 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-22 05:30 . 2009-07-22 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-22 05:29 . 2009-07-22 20:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-22 05:29 . 2009-07-22 05:29 -------- d-----w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2009-07-22 04:04 . 2009-07-22 19:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-22 04:04 . 2009-07-22 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-21 18:35 . 2009-07-21 18:35 -------- d-----w- c:\documents and settings\Admin\Application Data\gtk-2.0
2009-07-21 15:16 . 2009-07-21 18:50 -------- d-----w- c:\documents and settings\Admin\.zenmap
2009-07-21 14:52 . 2009-07-21 14:52 0 ----a-w- c:\windows\nsreg.dat
2009-07-21 14:52 . 2009-07-21 14:52 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2009-07-19 17:09 . 1997-01-22 13:34 312320 ----a-w- c:\windows\IsUninst.exe
2009-07-19 17:09 . 2009-07-19 17:09 -------- d-----w- c:\documents and settings\Admin\WINDOWS
2009-07-19 01:11 . 2009-07-19 01:11 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Help
2009-07-18 19:01 . 2009-07-18 19:02 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2009-07-16 14:05 . 2009-07-16 14:05 -------- d-----w- c:\documents and settings\Admin\amsn_received
2009-07-16 14:05 . 2009-07-16 14:14 -------- d-----w- c:\documents and settings\Admin\amsn
2009-07-12 13:55 . 2009-07-12 13:55 -------- d-----w- c:\program files\StuffPlug3
2009-07-12 12:13 . 2009-07-12 12:13 405504 ----a-w- c:\documents and settings\Admin\Application Data\Boltwindoweach\soft upload phone gpl.exe
2009-07-12 12:13 . 2009-07-19 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\file cash army online
2009-07-12 12:13 . 2009-07-12 12:13 876544 ----a-w- c:\documents and settings\Admin\Application Data\Boltwindoweach\wxwddhek.exe
2009-07-12 12:12 . 2009-07-23 17:25 -------- d-----w- c:\documents and settings\Admin\Application Data\Boltwindoweach
2009-07-12 12:11 . 2009-07-12 12:11 -------- d-----w- c:\program files\Cicle Developement
2009-07-04 00:39 . 2009-07-04 00:39 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-02 22:42 . 2009-07-11 06:50 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-07-01 03:22 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-01 03:22 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-01 00:20 . 2009-07-29 16:05 -------- d-----w- c:\documents and settings\Admin\Tracing
2009-07-01 00:18 . 2009-07-01 00:18 -------- d-----w- c:\program files\Microsoft
2009-07-01 00:18 . 2009-07-01 00:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-30 23:26 . 2009-06-30 23:26 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-30 04:42 . 2009-06-30 04:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-30 04:42 . 2009-07-24 02:28 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2009-06-30 04:35 . 2009-07-24 04:42 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2009-06-30 04:34 . 2009-06-30 04:34 -------- d-----w- c:\program files\Common Files\Skype
2009-06-30 04:34 . 2009-06-30 04:34 -------- d-----r- c:\program files\Skype
2009-06-30 04:34 . 2009-06-30 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 17:10 . 2001-09-19 11:00 331338 ----a-w- c:\windows\system32\perfh001.dat
2009-07-29 17:10 . 2001-09-19 11:00 59878 ----a-w- c:\windows\system32\perfc001.dat
2009-07-29 17:05 . 2009-03-20 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-29 17:03 . 2009-03-20 12:50 655392 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-29 17:03 . 2009-03-20 12:50 5416 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-29 17:03 . 2009-03-20 12:50 26744 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-29 17:03 . 2009-03-20 12:50 2480160 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-29 13:48 . 2009-06-23 03:41 -------- d-----w- c:\program files\LimeWire
2009-07-29 13:48 . 2009-05-15 15:00 -------- d-----w- c:\program files\Ask Search Assistant
2009-07-29 13:48 . 2009-03-20 13:02 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-07-29 09:37 . 2009-05-14 14:26 -------- d-----w- c:\documents and settings\Admin\Application Data\MessengerDiscovery 2
2009-07-26 14:13 . 2009-06-23 03:42 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
2009-07-25 02:40 . 2009-04-01 12:37 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
2009-07-22 21:50 . 2009-05-15 04:02 -------- d-----w- c:\program files\CamStudio
2009-07-22 04:47 . 2009-06-03 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-07-22 04:08 . 2009-03-20 12:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 04:07 . 2009-03-27 06:16 -------- d-----w- c:\program files\Google
2009-07-21 10:34 . 2009-03-20 14:06 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-07-15 13:52 . 2009-03-20 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-12 12:11 . 2009-03-20 13:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-04 00:39 . 2009-03-20 13:09 -------- d-----w- c:\program files\Common Files\Real
2009-07-01 02:31 . 2009-03-20 13:33 -------- d-----w- c:\program files\Windows Live
2009-07-01 01:11 . 2009-03-20 13:30 -------- d-----w- c:\program files\MSN Messenger
2009-06-30 22:48 . 2009-03-20 13:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-30 22:48 . 2009-03-20 13:09 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-26 12:28 . 2009-03-20 13:13 81920 ----a-w- c:\windows\system32\viscomwave.dll
2009-06-26 12:28 . 2009-03-20 13:13 98304 ----a-w- c:\windows\system32\viscomtran.dll
2009-06-26 12:27 . 2009-03-20 13:13 48640 ----a-w- c:\windows\system32\viscomsamplerate.dll
2009-06-26 12:27 . 2009-03-20 13:13 118784 ----a-w- c:\windows\system32\viscomrmenc.dll
2009-06-26 12:27 . 2009-03-20 13:13 147456 ----a-w- c:\windows\system32\viscomqtenc.dll
2009-06-26 12:27 . 2009-03-20 13:13 602112 ----a-w- c:\windows\system32\viscomqtde.dll
2009-06-26 12:27 . 2009-03-20 13:13 1470464 ----a-w- c:\windows\system32\viscomm4aenc.dll
2009-06-26 12:27 . 2009-03-20 13:13 86016 ----a-w- c:\windows\system32\viscomframe.dll
2009-06-26 12:27 . 2009-03-20 13:13 1462272 ----a-w- c:\windows\system32\viscomflvenc.dll
2009-06-26 12:27 . 2009-03-20 13:13 1470464 ----a-w- c:\windows\system32\viscomdata3.dll
2009-06-26 12:27 . 2009-03-20 13:13 118784 ----a-w- c:\windows\system32\viscomflvdec.dll
2009-06-26 12:27 . 2009-03-20 13:13 1454080 ----a-w- c:\windows\system32\viscomdata2.dll
2009-06-26 12:27 . 2009-03-20 13:13 1462272 ----a-w- c:\windows\system32\viscomdata1.dll
2009-06-26 12:27 . 2009-03-20 13:13 18628608 ----a-w- c:\windows\system32\viscomavi.dll
2009-06-26 12:26 . 2009-03-20 13:13 110592 ----a-w- c:\windows\system32\viscomaudioencoder.dll
2009-06-26 12:26 . 2009-03-20 13:13 94208 ----a-w- c:\windows\system32\viscomaudiodata.dll
2009-06-26 12:26 . 2009-03-20 13:13 1454080 ----a-w- c:\windows\system32\viscomamrenc.dll
2009-06-26 12:26 . 2009-03-20 13:13 1462272 ----a-w- c:\windows\system32\viscom3gpenc.dll
2009-06-26 12:26 . 2009-03-20 13:13 6963712 ----a-w- c:\windows\system32\videotrans.dll
2009-06-26 12:26 . 2009-03-20 13:13 18599936 ----a-w- c:\windows\system32\videoencode.dll
2009-06-26 12:24 . 2009-03-20 13:13 1128128 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-06-26 12:24 . 2009-03-20 13:13 2846720 ----a-w- c:\windows\system32\ALOAudioCompress3.dll
2009-06-26 12:24 . 2009-03-20 13:13 18595840 ----a-w- c:\windows\system32\coredata.dll
2009-06-26 12:24 . 2009-03-20 13:13 778240 ----a-w- c:\windows\system32\ALOAudioCompress2.dll
2009-06-25 04:00 . 2009-03-20 12:40 132744 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-17 11:56 . 2009-06-17 11:56 -------- d-----w- c:\program files\Trend Micro
2009-06-16 14:53 . 2004-08-03 21:55 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2001-09-19 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 03:46 . 2009-06-12 03:46 -------- d-----w- c:\documents and settings\Admin\Application Data\oovootb
2009-06-12 01:20 . 2009-06-12 01:20 -------- d-----w- c:\documents and settings\Admin\Application Data\Yahoo! Inc
2009-06-12 01:19 . 2009-06-12 01:19 -------- d-----w- c:\documents and settings\Admin\Application Data\Yahoo!
2009-06-03 19:25 . 2004-08-03 21:55 1288704 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 11:48 . 2009-06-03 11:30 -------- d-----w- c:\documents and settings\Admin\Application Data\ooVoo Details
2009-06-02 16:08 . 2009-06-02 16:08 390664 ----a-w- c:\documents and settings\Admin\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-22 11:19 . 2009-03-20 12:51 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-22 11:19 . 2009-03-20 12:51 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-18 04:52 . 2009-05-18 04:52 4775936 ----a-w- c:\documents and settings\Admin\Application Data\Thinstall\EVEREST Ultimate Edition v4.60\%ProgramFilesDir%\RegistrySmart\RegistrySmart.exe
2009-05-09 14:37 . 2009-05-09 14:37 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-05-07 15:42 . 2004-08-03 21:55 344064 ----a-w- c:\windows\system32\localspl.dll
2009-07-15 21:41 . 2009-07-21 14:51 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2008-04-14 15:59 1571328 6B8B7B206FA0C50B4CF99EEE2AC14BC7 c:\windows\SoftwareDistribution\Download\7ddc38335814ac754f158e6c7fa2b6cb\sfcfiles.dll
[-] 2008-05-25 09:18 1547776 6E932D21E116B51ED9D5157E31C48E33 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-20 133104]
"Netlog 24"="c:\program files\Netlog 24\Notifier\Netlog24Notifier.exe" [2009-03-24 1380352]
"serva"="c:\servu\server32.exe" [2006-04-13 1327104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 303104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-04 198160]
"IWM Agent"="c:\program files\IWM\IWM.exe" [2007-04-26 488448]
"btr"="c:\windows\system32\btr.exe" [2008-07-25 417792]
"servup"="c:\servu\server32.exe" [2006-04-13 1327104]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"serva"="c:\servu\server32.exe" [2006-04-13 1327104]

c:\documents and settings\All Users\çں‍ê، ں*§ڑ\ںé*©ںê¤\*§ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-20 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP المنفذ 37675
"37676:TCP"= 37676:TCP:ooVoo TCP المنفذ 37676
"37676:UDP"= 37676:UDP:ooVoo UDP المنفذ 37676
"37677:UDP"= 37677:UDP:ooVoo UDP المنفذ 37677

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 06:29 م 33808]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [10/3/2008 10:41 ص 87264]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 07:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 06:06 م 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [5/9/2009 05:41 م 332928]
S3 ATE_PROCMON;ATE_PROCMON; [x]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [3/21/2009 02:06 ص 104192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{T5TBB77L-4678-0MKC-421Q-14416031DYU6}]
c:\servu\server32.exe Restart
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-73586283-1801674531-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 15:39]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-73586283-1801674531-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 15:39]

2009-07-26 c:\windows\Tasks\Registry Winner Schedule.job
- d:\registry winner\RegistryWinner.exe [2009-07-26 14:09]

2009-07-29 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe [2009-05-18 04:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www2.iesearch.com/
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\41wqyt99.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-29 20:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-73586283-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="MsnMsgr.Exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1896)
c:\windows\system32\athgina.dll
c:\windows\system32\athcfg11.dll
c:\windows\system32\athcfg11Res.dll

- - - - - - - > 'explorer.exe'(1776)
c:\program files\IWM\IWM.007
c:\windows\system32\shdoclc.dll
c:\windows\system32\msi.dll
c:\program files\Dell\QuickSet\dadkeyb.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\MessengerDiscovery 2\MessengerDiscovery 2.exe
c:\program files\Photodex\ProShowProducer\scsiaccess.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-29 20:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 17:19

Pre-Run: 802,271,232 bytes free
Post-Run: 728,756,224 bytes free

360 --- E O F --- 2009-07-15 13:52











وسويت بالهايجاك(hijack) وهذي النتيجه بعد


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:22:56 م, on 7/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [btr] C:\WINDOWS\system32\btr.exe
O4 - HKLM\..\Run: [servup] C:\servu\server32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [serva] C:\servu\server32.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [serva] C:\servu\server32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 7610 bytes

ياليت اللي عنده خبره يعلمني
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حمل هذا البرنامج


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



وبعد انتهاء الفحص اعمل التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وهات تقرير فحص الاداة في ردك القادم​
 
توقيع : Future Tank X-1
تأييد 0
ثم ,,


حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وارفعه هنـا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او على اي مركز رفع


 
توقيع : Future Tank X-1
تأييد 0
Future Tank X-1 قال:
حمل هذا البرنامج



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهات تقرير فحص الاداة في ردك القادم
أنقر للتوسيع...
:ok::ok:

ضروووري هذا الفحص
 
تأييد 0
Future Tank X-1 قال:
حمل هذا البرنامج


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



وبعد انتهاء الفحص اعمل التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وهات تقرير فحص الاداة في ردك القادم​
أنقر للتوسيع...


اخوي سويت كل شي وهذي النتايج

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/31/2009 10:53:15 ص
mbam-log-2009-07-31 (10-53-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 149500
Time elapsed: 1 hour(s), 35 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{t5tbb77l-4678-0mkc-421q-14416031dyu6} (Generic.Bot.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\winzixmanager.winzixshell (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{10954590-2b3a-41ec-97bb-c95a5e646da9} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{41ca7d4d-ae77-4b13-9459-e9ab7efecaad} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ee91f4cc-6ba2-424c-a1fe-64910ccb6a42} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\winzixmanager.winzixshell.1 (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7e5ead8fa251c5a45a24533a7762dc9e (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9de13aa5855d8404b8e108518d8a827b (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\d3fbc9a707fa89d43a63227c7e3b0b6d (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09571a4b-f1fe-4c60-9760-de6d310c7c31} (Malware.Packer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{345caa15-4f12-4a28-afe9-383625563a83} (Malware.Packer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f23b1f18-cb1a-47ed-a1fe-b60494a626d0} (Malware.Packer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzix (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\winzix (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\WinZixManager (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\WinZixManager (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinZix.exe (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ee91f4cc-6ba2-424c-a1fe-64910ccb6a42} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\قائمة ابدأ\البرامج\registrysmart\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\قائمة ابدأ\البرامج\WinZix (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\WinZix (Trojan.Lop) -> Delete on reboot.

Files Infected:
C:\servu\server32.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Program Files\WinZix\WinZixManager.dll (Trojan.Lop) -> Delete on reboot.
c:\program files\WinZix\winzix.exe (Rogue.WinZix) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\pc-cleaner\PC-Cleaner.lnk (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\pc-cleaner\Uninstall PC-Cleaner.lnk (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\pc-cleaner\Visit PC-Cleaner online.url (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
c:\program files\registrysmart\DataBase.ref (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\RegistrySmart.exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\RegistrySmart.url (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\registrysmart\RegistrySmart on the Web.lnk (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\registrysmart\RegistrySmart.lnk (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\Log\2009 Jul 29 - 04_55_55 PM_359.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\Log\2009 Jul 29 - 05_05_53 PM_609.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\registry backups\2009-07-29_16-01-29.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\registry backups\2009-07-29_17-00-26.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\قائمة ابدأ\البرامج\WinZix\HomePage.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\قائمة ابدأ\البرامج\WinZix\Uninstall.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\قائمة ابدأ\البرامج\WinZix\WinZix.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\Flexi.skf (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\search_error.htm (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\SkinCrafterDll.dll (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\support_error.htm (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\t_bg.jpg (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\uninstall.exe (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\WinZix.url (Trojan.Lop) -> Quarantined and deleted successfully.
c:\documents and settings\all users\سطح المكتب\RegistrySmart.lnk (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pk.bin (Keylogger) -> Quarantined and deleted successfully.
 
تأييد 0
murderous قال:
اخوي سويت كل شي وهذي النتايج

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/31/2009 10:53:15 ص
mbam-log-2009-07-31 (10-53-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 149500
Time elapsed: 1 hour(s), 35 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{t5tbb77l-4678-0mkc-421q-14416031dyu6} (Generic.Bot.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\winzixmanager.winzixshell (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{10954590-2b3a-41ec-97bb-c95a5e646da9} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{41ca7d4d-ae77-4b13-9459-e9ab7efecaad} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ee91f4cc-6ba2-424c-a1fe-64910ccb6a42} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\winzixmanager.winzixshell.1 (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7e5ead8fa251c5a45a24533a7762dc9e (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9de13aa5855d8404b8e108518d8a827b (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\d3fbc9a707fa89d43a63227c7e3b0b6d (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09571a4b-f1fe-4c60-9760-de6d310c7c31} (Malware.Packer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{345caa15-4f12-4a28-afe9-383625563a83} (Malware.Packer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f23b1f18-cb1a-47ed-a1fe-b60494a626d0} (Malware.Packer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzix (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\winzix (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\WinZixManager (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\WinZixManager (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinZix.exe (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ee91f4cc-6ba2-424c-a1fe-64910ccb6a42} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\قائمة ابدأ\البرامج\registrysmart\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\قائمة ابدأ\البرامج\WinZix (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\WinZix (Trojan.Lop) -> Delete on reboot.

Files Infected:
C:\servu\server32.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Program Files\WinZix\WinZixManager.dll (Trojan.Lop) -> Delete on reboot.
c:\program files\WinZix\winzix.exe (Rogue.WinZix) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\pc-cleaner\PC-Cleaner.lnk (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\pc-cleaner\Uninstall PC-Cleaner.lnk (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\pc-cleaner\Visit PC-Cleaner online.url (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
c:\program files\registrysmart\DataBase.ref (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\RegistrySmart.exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\RegistrySmart.url (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\registrysmart\RegistrySmart on the Web.lnk (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\all users\قائمة ابدأ\البرامج\registrysmart\RegistrySmart.lnk (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\Log\2009 Jul 29 - 04_55_55 PM_359.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\Log\2009 Jul 29 - 05_05_53 PM_609.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\registry backups\2009-07-29_16-01-29.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\application data\registrysmart\registry backups\2009-07-29_17-00-26.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\قائمة ابدأ\البرامج\WinZix\HomePage.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\قائمة ابدأ\البرامج\WinZix\Uninstall.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\قائمة ابدأ\البرامج\WinZix\WinZix.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\Flexi.skf (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\search_error.htm (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\SkinCrafterDll.dll (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\support_error.htm (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\t_bg.jpg (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\uninstall.exe (Trojan.Lop) -> Quarantined and deleted successfully.
c:\program files\WinZix\WinZix.url (Trojan.Lop) -> Quarantined and deleted successfully.
c:\documents and settings\all users\سطح المكتب\RegistrySmart.lnk (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pk.bin (Keylogger) -> Quarantined and deleted successfully.
أنقر للتوسيع...

وهذا الفحص الثاني اختفت الرساله اللي كانت تطلع لي بس للحين بطيء الجهاز عند التشغيل ونسيت اشكرك عالاداة وهذه الخدمه وبيض الله وجهك


Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/31/2009 12:19:32 م
mbam-log-2009-07-31 (12-19-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 149833
Time elapsed: 1 hour(s), 24 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\WinZix\WinZixManager.dll (Trojan.Lop) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{t5tbb77l-4678-0mkc-421q-14416031dyu6} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinZix (Trojan.Lop) -> Delete on reboot.

Files Infected:
C:\servu\server32.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
c:\program files\WinZix\WinZixManager.dll (Trojan.Lop) -> Delete on reboot.
 
تأييد 0
Future Tank X-1 قال:
ثم ,,​



حمل اداة الكاسبر من الرابط التالي​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل​

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير​


zyzoom-7ce8879e89.png

zyzoom-cdd75c8aa3.png

zyzoom-89156f000e.png

zyzoom-6d533c4f2e.png

zyzoom-f20f3644d0.png

ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفعه هنـا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او على اي مركز رفع​
أنقر للتوسيع...


:ok::ok:
اعمل هذا الفحص الأن
 
توقيع : AbOdy
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى