فيروس جنني بحق

م

مثل الزمن

زيزوومى متألق
إنضم
24 مارس 2008
المشاركات
306
مستوى التفاعل
2
النقاط
390
الإقامة
02
غير متصل
السلام عليكم

مساكم الله بالخير

كشف هذا البرنامج NoAdware

بوجود هذا الفيروس الموضح في الصورة

ولكن لم يقم بحذفه ، فقد إكتفا بالكشف عنه

حاولت أن أحذفه بواسطة هذا البرنامج ولكن لا فائدة

وإليكم الصورة

D17UAV98NX6R.jpg




أرجوا الافادة ، مع الشكر

ملاحظة : تم طرح هذا الموضوع في أحد المنتديات ولم أجد الحل مع الأسف

وكلي أمل بأن أخرج إلى هذا الفيروس وبيدي الحل :smile:

بإنتظاركم

أطيب تحيه
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم


وعذرا بنقله للقسم المناسب
 
التعديل الأخير بواسطة المشرف:
تأييد 0
شكرا ً جزيلا ً لك يالغالي :smile:

وهذا التقرير كما طلبت



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:18:32, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: *******get] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Third mags.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\Draw mapi.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [slowmath] C:\DOCUME~1\LOCALS~1\APPLIC~1\CLOSES~1\keep wait.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8685 bytes
 
تأييد 0
الله يعطيك العافية

احتاج هذا التقرير ايضا

حمل الاداة ودبل كلك ويظهر تقرير ثم الصقه بمشاركتك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
تأييد 0
تامر أمر أخوي
 
تأييد 0
هذا التقرير الثاني

==================================================
Process Name : smss.exe
ProcessID : 820
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 16/04/1429 00:31:42
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 228 K
Mem Usage Peak : 668 K
Page Faults : 337
Pagefile Usage : 176 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 980
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 16/04/1429 00:31:46
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4636 K
Mem Usage Peak : 4648 K
Page Faults : 20277
Pagefile Usage : 2020 K
Pagefile Peak Usage : 3408 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1004
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:51
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3748 K
Mem Usage Peak : 10556 K
Page Faults : 7205
Pagefile Usage : 6628 K
Pagefile Peak Usage : 7364 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1056
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:53
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3676 K
Mem Usage Peak : 3984 K
Page Faults : 1576
Pagefile Usage : 1928 K
Pagefile Peak Usage : 2384 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1068
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:53
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1264 K
Mem Usage Peak : 6508 K
Page Faults : 18854
Pagefile Usage : 4100 K
Pagefile Peak Usage : 4624 K
File Attributes : A
==================================================
==================================================
Process Name : Ati2evxx.exe
ProcessID : 1212
Priority : Normal
Product Name : ATI External Event Utility for WindowsNT and Windows9X
Version : 6.14.10.4115
Description : ATI External Event Utility EXE Module
Company : ATI Technologies Inc.
Window Title :
File Size : 364,544
File Created Date : 07/03/1426 01:09:32
File Modified Date : 07/03/1426 01:09:32
Filename : C:\WINDOWS\system32\Ati2evxx.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:31:54
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2680 K
Mem Usage Peak : 2884 K
Page Faults : 796
Pagefile Usage : 788 K
Pagefile Peak Usage : 1020 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1248
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:55
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5308 K
Mem Usage Peak : 5564 K
Page Faults : 1619
Pagefile Usage : 3328 K
Pagefile Peak Usage : 23732 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1316
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:55
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4748 K
Mem Usage Peak : 4928 K
Page Faults : 1410
Pagefile Usage : 2112 K
Pagefile Peak Usage : 2332 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1532
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:56
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 20820 K
Mem Usage Peak : 22560 K
Page Faults : 13896
Pagefile Usage : 13760 K
Pagefile Peak Usage : 17172 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1588
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:56
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3648 K
Mem Usage Peak : 3860 K
Page Faults : 1025
Pagefile Usage : 2584 K
Pagefile Peak Usage : 2816 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1716
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:56
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3880 K
Mem Usage Peak : 4044 K
Page Faults : 1701
Pagefile Usage : 1556 K
Pagefile Peak Usage : 1744 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1924
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:57
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4832 K
Mem Usage Peak : 5032 K
Page Faults : 1354
Pagefile Usage : 2032 K
Pagefile Peak Usage : 2288 K
File Attributes : A
==================================================
==================================================
Process Name : Ati2evxx.exe
ProcessID : 212
Priority : Normal
Product Name : ATI External Event Utility for WindowsNT and Windows9X
Version : 6.14.10.4115
Description : ATI External Event Utility EXE Module
Company : ATI Technologies Inc.
Window Title :
File Size : 364,544
File Created Date : 07/03/1426 01:09:32
File Modified Date : 07/03/1426 01:09:32
Filename : C:\WINDOWS\system32\Ati2evxx.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:31:58
Visible Windows : 0
Hidden Windows : 2
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 3300 K
Mem Usage Peak : 3980 K
Page Faults : 1164
Pagefile Usage : 908 K
Pagefile Peak Usage : 2152 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 328
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 04/05/1426 23:53:32
File Modified Date : 04/05/1426 23:53:32
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:31:58
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5720 K
Mem Usage Peak : 5948 K
Page Faults : 1697
Pagefile Usage : 3744 K
Pagefile Peak Usage : 4152 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 488
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : ACERDATA (D:)
File Size : 1,033,216
File Created Date : 18/06/1425 05:00:00
File Modified Date : 28/05/1428 10:23:07
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 16/04/1429 00:31:59
Visible Windows : 3
Hidden Windows : 43
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 14872 K
Mem Usage Peak : 30180 K
Page Faults : 86657
Pagefile Usage : 21652 K
Pagefile Peak Usage : 22840 K
File Attributes : A
==================================================
==================================================
Process Name : RTHDCPL.EXE
ProcessID : 732
Priority : Normal
Product Name : Realtek HD Audio Sound Effect Manager
Version : 2.0.1.7
Description : Realtek HD Audio Control Panel
Company : Realtek Semiconductor Corp.
Window Title :
File Size : 14,854,144
File Created Date : 19/08/1426 21:36:20
File Modified Date : 19/08/1426 21:36:20
Filename : C:\WINDOWS\RTHDCPL.EXE
Base Address : 0x00400000
Created On : 16/04/1429 00:32:02
Visible Windows : 0
Hidden Windows : 49
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 22272 K
Mem Usage Peak : 22272 K
Page Faults : 8536
Pagefile Usage : 19896 K
Pagefile Peak Usage : 20228 K
File Attributes : A
==================================================
==================================================
Process Name : jusched.exe
ProcessID : 476
Priority : Normal
Product Name : Java(TM) Platform SE 6 U5
Version : 6.0.50.13
Description : Java(TM) Platform SE binary
Company : Sun Microsystems, Inc.
Window Title :
File Size : 144,784
File Created Date : 21/03/1429 00:19:32
File Modified Date : 15/02/1429 12:25:21
Filename : C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:03
Visible Windows : 0
Hidden Windows : 0
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 2804 K
Mem Usage Peak : 3004 K
Page Faults : 788
Pagefile Usage : 932 K
Pagefile Peak Usage : 1160 K
File Attributes : A
==================================================
==================================================
Process Name : PDVDServ.exe
ProcessID : 788
Priority : Normal
Product Name : PowerDVD
Version : 6.00.1027
Description : PowerDVD RC Service
Company : Cyberlink Corp.
Window Title :
File Size : 32,768
File Created Date : 21/09/1425 04:24:46
File Modified Date : 21/09/1425 04:24:46
Filename : C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:03
Visible Windows : 0
Hidden Windows : 3
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 3424 K
Mem Usage Peak : 3612 K
Page Faults : 973
Pagefile Usage : 1052 K
Pagefile Peak Usage : 1392 K
File Attributes : A
==================================================
==================================================
Process Name : Monitor.exe
ProcessID : 876
Priority : Normal
Product Name : eRecovery
Version : 1, 3, 7, 6
Description : Monitor
Company : acer Inc.
Window Title :
File Size : 397,312
File Created Date : 16/10/1426 01:00:50
File Modified Date : 16/10/1426 01:00:50
Filename : C:\Acer\Empowering Technology\eRecovery\Monitor.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:03
Visible Windows : 0
Hidden Windows : 6
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 7452 K
Mem Usage Peak : 7776 K
Page Faults : 9524
Pagefile Usage : 3296 K
Pagefile Peak Usage : 3440 K
File Attributes : A
==================================================
==================================================
Process Name : AGRSMMSG.exe
ProcessID : 888
Priority : Normal
Product Name : Agere SoftModem Messaging Applet
Version : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35
Description : SoftModem Messaging Applet
Company : Agere Systems
Window Title :
File Size : 88,363
File Created Date : 23/02/1425 00:49:52
File Modified Date : 12/05/1425 16:06:38
Filename : C:\WINDOWS\AGRSMMSG.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:03
Visible Windows : 0
Hidden Windows : 2
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 2980 K
Mem Usage Peak : 3224 K
Page Faults : 907
Pagefile Usage : 984 K
Pagefile Peak Usage : 1240 K
File Attributes : A
==================================================
==================================================
Process Name : AspireService.exe
ProcessID : 900
Priority : Normal
Product Name : Aspire Service
Version : 2, 0, 18, 0
Description : Win32 Service for Control Board and Remote Controller
Company : Acer Inc.
Window Title :
File Size : 114,688
File Created Date : 27/08/1426 00:07:10
File Modified Date : 27/08/1426 00:07:10
Filename : C:\Program Files\Acer\Acer eMode Management\AspireService.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:03
Visible Windows : 0
Hidden Windows : 2
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 4304 K
Mem Usage Peak : 4508 K
Page Faults : 1224
Pagefile Usage : 2308 K
Pagefile Peak Usage : 2552 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 920
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.3249
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 180,269
File Created Date : 20/03/1429 07:05:58
File Modified Date : 20/03/1429 07:05:58
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:03
Visible Windows : 0
Hidden Windows : 2
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 244 K
Mem Usage Peak : 3124 K
Page Faults : 9864
Pagefile Usage : 1184 K
Pagefile Peak Usage : 1428 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 928
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 6.0.2.614
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 200,768
File Created Date : 12/01/1428 07:02:04
File Modified Date : 12/01/1428 07:02:04
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:03
Visible Windows : 0
Hidden Windows : 6
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 1608 K
Mem Usage Peak : 8560 K
Page Faults : 8837
Pagefile Usage : 6360 K
Pagefile Peak Usage : 7544 K
File Attributes : A
==================================================
==================================================
Process Name : FlashGet.exe
ProcessID : 932
Priority : Normal
Product Name : FlashGet
Version : 1, 9, 6, 1073
Description : FlashGet
Company : FlashGet.com
Window Title : Default - FlashGet
File Size : 2,007,088
File Created Date : 14/09/1428 08:10:50
File Modified Date : 14/09/1428 08:10:50
Filename : C:\Program Files\FlashGet\FlashGet.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:04
Visible Windows : 1
Hidden Windows : 16
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 7692 K
Mem Usage Peak : 14168 K
Page Faults : 33589
Pagefile Usage : 9084 K
Pagefile Peak Usage : 14428 K
File Attributes : A
==================================================
==================================================
Process Name : rundll32.exe
ProcessID : 1028
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Run a DLL as an App
Company : Microsoft Corporation
Window Title :
File Size : 33,280
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\rundll32.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:32:04
Visible Windows : 0
Hidden Windows : 3
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 3824 K
Mem Usage Peak : 4028 K
Page Faults : 1081
Pagefile Usage : 2452 K
Pagefile Peak Usage : 2688 K
File Attributes : A
==================================================
==================================================
Process Name : OrderReminder.exe
ProcessID : 1132
Priority : Normal
Product Name : HP Cartridge Order Reminder
Version : 2, 0, 1, 26
Description : HP Cartridge Order Reminder
Company : Hewlett-Packard
Window Title :
File Size : 98,304
File Created Date : 22/03/1429 21:48:00
File Modified Date : 01/01/1427 09:00:00
Filename : C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:04
Visible Windows : 0
Hidden Windows : 0
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 2324 K
Mem Usage Peak : 2644 K
Page Faults : 709
Pagefile Usage : 804 K
Pagefile Peak Usage : 1092 K
File Attributes : AR
==================================================
==================================================
Process Name : MediaServerService.exe
ProcessID : 1744
Priority : Normal
Product Name : Acer Media Server
Version : 1, 2, 23, 0
Description : Acer UPnP Media Server Service
Company : Acer Inc.
Window Title :
File Size : 438,272
File Created Date : 18/08/1426 21:46:56
File Modified Date : 18/08/1426 21:46:56
Filename : C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:06
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 10268 K
Mem Usage Peak : 10448 K
Page Faults : 2696
Pagefile Usage : 6112 K
Pagefile Peak Usage : 6448 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1824
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:07
Visible Windows : 0
Hidden Windows : 5
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 3688 K
Mem Usage Peak : 3860 K
Page Faults : 1239
Pagefile Usage : 1084 K
Pagefile Peak Usage : 1308 K
File Attributes : A
==================================================
==================================================
Process Name : MsnMsgr.Exe
ProcessID : 1848
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,724,184
File Created Date : 07/10/1428 19:34:42
File Modified Date : 07/10/1428 19:34:42
Filename : C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:08
Visible Windows : 1
Hidden Windows : 18
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 17424 K
Mem Usage Peak : 20552 K
Page Faults : 7334
Pagefile Usage : 9448 K
Pagefile Peak Usage : 9852 K
File Attributes : A
==================================================
==================================================
Process Name : GoogleToolbarNotifier.exe
ProcessID : 1868
Priority : Normal
Product Name : GoogleToolbarNotifier
Version : 2, 0, 301, 1654
Description : GoogleToolbarNotifier
Company : Google Inc.
Window Title :
File Size : 68,856
File Created Date : 22/03/1429 14:47:01
File Modified Date : 22/03/1429 14:47:01
Filename : C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:10
Visible Windows : 0
Hidden Windows : 4
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 560 K
Mem Usage Peak : 6280 K
Page Faults : 4625
Pagefile Usage : 3348 K
Pagefile Peak Usage : 3768 K
File Attributes : A
==================================================
==================================================
Process Name : SRSSSC.exe
ProcessID : 1904
Priority : Normal
Product Name : SRS Audio Sandbox
Version : 2.2.1.0
Description : SRS Audio Sandbox control panel
Company : SRS Labs, Inc.
Window Title :
File Size : 4,354,048
File Created Date : 16/10/1428 00:04:10
File Modified Date : 23/03/1429 04:32:20
Filename : C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:11
Visible Windows : 0
Hidden Windows : 11
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 9460 K
Mem Usage Peak : 9780 K
Page Faults : 25483
Pagefile Usage : 3884 K
Pagefile Peak Usage : 4012 K
File Attributes :
==================================================
==================================================
Process Name : IEXPLORE.EXE
ProcessID : 2020
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.16640 (vista_gdr.080213-1606)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 625,664
File Created Date : 18/06/1425 05:00:00
File Modified Date : 22/02/1429 08:55:46
Filename : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Base Address : 0x00400000
Created On : 16/04/1429 00:32:17
Visible Windows : 0
Hidden Windows : 2
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 10308 K
Mem Usage Peak : 10504 K
Page Faults : 2749
Pagefile Usage : 18884 K
Pagefile Peak Usage : 19184 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 180
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 6.0.2.614
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 200,768
File Created Date : 12/01/1428 07:02:04
File Modified Date : 12/01/1428 07:02:04
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:18
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 21904 K
Mem Usage Peak : 77284 K
Page Faults : 450943
Pagefile Usage : 59292 K
Pagefile Peak Usage : 106820 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 496
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:32:20
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3588 K
Mem Usage Peak : 3800 K
Page Faults : 1024
Pagefile Usage : 2400 K
Pagefile Peak Usage : 2632 K
File Attributes : A
==================================================
==================================================
Process Name : MDM.EXE
ProcessID : 604
Priority : Normal
Product Name : Microsoft® Visual Studio .NET
Version : 7.00.9466
Description : Machine Debug Manager
Company : Microsoft Corporation
Window Title :
File Size : 322,120
File Created Date : 20/04/1424 07:25:00
File Modified Date : 20/04/1424 07:25:00
Filename : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Base Address : 0x00400000
Created On : 16/04/1429 00:32:22
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3112 K
Mem Usage Peak : 3320 K
Page Faults : 996
Pagefile Usage : 1144 K
Pagefile Peak Usage : 1384 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1696
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:32:36
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4516 K
Mem Usage Peak : 4660 K
Page Faults : 1348
Pagefile Usage : 2632 K
Pagefile Peak Usage : 2904 K
File Attributes : A
==================================================
==================================================
Process Name : SnagIt32.exe
ProcessID : 2124
Priority : Normal
Product Name : SnagIt
Version : 8.2.2.225
Description : SnagIt 8
Company : TechSmith Corporation
Window Title :
File Size : 6,379,080
File Created Date : 30/01/1428 02:40:52
File Modified Date : 30/01/1428 02:40:52
Filename : C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:32:50
Visible Windows : 0
Hidden Windows : 25
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 17708 K
Mem Usage Peak : 20608 K
Page Faults : 10440
Pagefile Usage : 7188 K
Pagefile Peak Usage : 8344 K
File Attributes : A
==================================================
==================================================
Process Name : fxssvc.exe
ProcessID : 2212
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Fax Service
Company : Microsoft Corporation
Window Title :
File Size : 267,776
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\fxssvc.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:32:53
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3772 K
Mem Usage Peak : 3972 K
Page Faults : 1084
Pagefile Usage : 1408 K
Pagefile Peak Usage : 1636 K
File Attributes : A
==================================================
==================================================
Process Name : TSCHelp.exe
ProcessID : 2448
Priority : Normal
Product Name :
Version : 8.2.2.225
Description : TechSmith HTML Help Helper
Company : TechSmith Corporation
Window Title :
File Size : 58,952
File Created Date : 30/01/1428 02:41:14
File Modified Date : 30/01/1428 02:41:14
Filename : C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:33:16
Visible Windows : 0
Hidden Windows : 2
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 2936 K
Mem Usage Peak : 3140 K
Page Faults : 841
Pagefile Usage : 824 K
Pagefile Peak Usage : 1060 K
File Attributes : A
==================================================
==================================================
Process Name : SnagPriv.exe
ProcessID : 2476
Priority : Normal
Product Name : SnagPriv
Version : 8.2.2.225
Description : SnagIt RPC Helper
Company : TechSmith Corporation
Window Title :
File Size : 75,336
File Created Date : 30/01/1428 02:41:14
File Modified Date : 30/01/1428 02:41:14
Filename : C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:33:19
Visible Windows : 0
Hidden Windows : 0
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 2628 K
Mem Usage Peak : 2828 K
Page Faults : 743
Pagefile Usage : 756 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 3900
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 16/04/1429 00:34:23
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3888 K
Mem Usage Peak : 4096 K
Page Faults : 1081
Pagefile Usage : 1384 K
Pagefile Peak Usage : 1616 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 1304
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.16640 (vista_gdr.080213-1606)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : فيروس جنني بحق - زيزوووم للأمن والحمايه -
File Size : 625,664
File Created Date : 18/06/1425 05:00:00
File Modified Date : 22/02/1429 08:55:46
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 16/04/1429 00:41:04
Visible Windows : 1
Hidden Windows : 52
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 58820 K
Mem Usage Peak : 91292 K
Page Faults : 484641
Pagefile Usage : 81776 K
Pagefile Peak Usage : 89856 K
File Attributes : A
==================================================
==================================================
Process Name : run.exe
ProcessID : 3180
Priority : Normal
Product Name :
Version : 0. 0.
Description :
Company :
Window Title :
File Size : 132,254
File Created Date : 16/04/1429 09:40:12
File Modified Date : 23/09/1428 05:52:46
Filename : C:\DOCUME~1\mo7ammad\LOCALS~1\Temp\cpr\run.exe
Base Address : 0x00400000
Created On : 16/04/1429 02:40:12
Visible Windows : 0
Hidden Windows : 0
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 2304 K
Mem Usage Peak : 2316 K
Page Faults : 662
Pagefile Usage : 784 K
Pagefile Peak Usage : 848 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2672
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 05:00:00
File Modified Date : 18/06/1425 05:00:00
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 16/04/1429 02:40:12
Visible Windows : 0
Hidden Windows : 1
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 2896 K
Mem Usage Peak : 2908 K
Page Faults : 763
Pagefile Usage : 2180 K
Pagefile Peak Usage : 2184 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3272
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 16/04/1429 09:40:12
File Modified Date : 08/06/1426 14:46:34
Filename : C:\DOCUME~1\mo7ammad\LOCALS~1\Temp\cpr\CProcess.exe
Base Address : 0x00400000
Created On : 16/04/1429 02:40:12
Visible Windows : 0
Hidden Windows : 0
User Name : ACER-A6ABC676F9\mo7ammad
Mem Usage : 2300 K
Mem Usage Peak : 2360 K
Page Faults : 1040
Pagefile Usage : 984 K
Pagefile Peak Usage : 1064 K
File Attributes : A
==================================================​
 
تأييد 0
عطل الكاسبر اللي على جهازك واعمل التالي

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



اختر اخر ملف حسب الصورة التالية

zyzoom-7086381e99.png


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

zyzoom-3d6517b067.png


zyzoom-7717063ed7.png


zyzoom-cda271da05.png


zyzoom-26888dbf15.png


zyzoom-3f4576c288.png


ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
تأييد 0
قيل استخدام اداة الكاسبر ودي تجرب الاداة من هذا الموضوع

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
تأييد 0
أبشر رح أجربها وجايك بالنتيجه يالغالي
 
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



لم تحرك ساكنا ً ياعزيزي ، ومافي أي تغير

كشفت عنه وموجود إلى الآن

وراح أرفع لك التقرير إن شاء الله الآن ، اللي طلبت قبل شوي :smile:
 
تأييد 0
المعذرة على تأخر الرد يالغالي

وقمت بفحص الجهاز كما أمرت بهذا البرنامج

Kaspersky Virus Removal Tool

وهذا التقرير اللي طلبت

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



للمعلومية الفيروس لا زال على الجهاز وكشفته بواسطة البرنامج هذا NoAdware بأول الموضوع
 
تأييد 0
طيب اخي
اعد تشغيل جهازك بالوضع الامن

طريقة تشغيل الجهاز في الوضع الأمن



عند تشغيل الجهاز تبدأ بالضغط على F8


بشكل متكرر حتى تظهر هذه الشاشة


sv02.gif



sv103.gif



sv4.gif



sv5.gif


ثم توجه الى هذا المسار

C:\WINDOWS\system32\wmdrtc32.dll

واحذف ما لونه احمر وهو ملف الفيروس

ثم اعد تشغيل الجهاز بالوضع العادي وتاكد من انه حذف​
 
تأييد 0
أبشر والمعذرة يالغالي دوخني الفيروس بعد الفجرية ورحت أنام :p:

وإن شاء الله جايك بالنتيجية بعد دقايق
 
تأييد 0
عزيزي

سويت اللي طلبت مني بالحرف الواحد

دخلت على المسار هذا C:\WINDOWS\system32\wmdrtc32.dll

وماحصلت الملف أبدا ً وبحثت عنه ومالقته

بينما برنامج NoAdware لازال قائما ً بالكشف عنه

والغريب هذا اللي واجهني

لقيت مجلد رقم واحد

zyzoom-a136ebf8c0.jpg



استمريت بالدخول إلى أن كانت النتيجة لا شيء

zyzoom-09015120d7.jpg


الأخير مجلد فاضي


ملاحظة قد تكون هامة : برنامج NoAdware عندما يقوم بمحاولة حذف الفيروس يعيد تشغيل الجهاز في كل مرة أطلب منه الحذف وبعد التشغيل أكشف عنه وأحصله موجود
 
تأييد 0
حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من الفيروسات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط الاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




شرح الاستخدام ,,,,,,


000.png


وان شاء الله خير
 
توقيع : AbOdy
تأييد 0
تبي تقرير بإستخدام برنامج HijackThis ؟
 
تأييد 0
لالا اخوي شغل الأداة الي عطيتك ياها

:d:
 
توقيع : AbOdy
تأييد 0
أبشر ياغالي

والمعذرة ترا ماعندي خلفيه عن الامور هذي

( ومنكم نستفيد ) :smile:

وجايك بالنتيجة بعد شوي
 
تأييد 0
توقيع : AbOdy
تأييد 0
أخوي الحبيب في شئ مافهمته من الصورة اللي وضعتها


zyzoom-a136ebf8c0.jpg



صيغة الملف تدل انه Dll يعني ملف وليس مجلد و في الصورة ظهر لك مجلد ؟!!

طيب اخوي احذف المجلد الأصفر اللي اسمه wmdrtc32 باللي فيه وتنتهي المشكلة << ماهو مستوعب شئ للحين

:smile:
 
توقيع : RIFLE
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى