الحالة
مغلق و غير مفتوح للمزيد من الردود.

hariri1966

زيزوومى مميز
إنضم
30 يناير 2009
المشاركات
713
مستوى التفاعل
32
النقاط
530
الإقامة
جده
غير متصل
السلام عليكم ورحمة الله تعالى وبركاته

يا شباب عندى بطى فى التصفح والاقلاع والاكسبلورر

لا يفتح بعض الروابط يتجمد وعند محاوله قفله يعطينى

رسالة لا يمكن فتح الصفحه كما عندى بعض البرامج

اختفت من كافة البرامج من القائمه ابدا ارجو تحليل التقارير

هذا تقرير hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:31:46 م, on 22/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\AMMAR\My Documents\Downloads\Programs\RunScanner.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\AMMAR\My Documents\Downloads\Programs\launch.exe
C:\DOCUME~1\AMMAR\LOCALS~1\Temp\RarSFX0\98f299.exe
C:\DOCUME~1\AMMAR\LOCALS~1\Temp\RarSFX0\cjx7aXP.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\AMMAR\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1117949017.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1117949017.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1117949017.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1117949017.dll/gn_menu2.html
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - Unknown owner - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: XoftSpyService - Unknown owner - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (file missing)
--
End of file - 9325 bytes


وهذا تقرير cambofix

ComboFix 10-01-21.07 - AMMAR 01/22/2010 16:50:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2037.1514 [GMT 3:00]
Running from: c:\documents and settings\AMMAR\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\msncpecrawler.exe.manifest
c:\windows\system32\vbpng1.dll
E:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
.
2010-01-14 00:39 . 2010-01-16 13:22 -------- d-----w- C:\Temp
2010-01-12 18:54 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-12 18:54 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-12 18:26 . 2010-01-12 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-01 06:43 . 2010-01-01 06:43 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0001.dat.drv
2009-12-30 14:37 . 2009-12-30 14:37 -------- d-----w- c:\documents and settings\AMMAR\Local Settings\Application Data\Runscanner.net
2009-12-30 11:36 . 2009-12-30 11:36 -------- d-----w- c:\documents and settings\AMMAR\DoctorWeb
2009-12-27 14:09 . 2009-12-27 14:09 -------- d-----w- c:\documents and settings\AMMAR\Application Data\Malwarebytes
2009-12-27 14:09 . 2009-12-03 13:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-27 14:09 . 2009-12-27 14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 14:09 . 2009-12-27 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-27 14:09 . 2009-12-03 13:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 06:24 . 2009-11-02 17:42 195456 ------w- c:\windows\system32\MpSigStub.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 13:57 . 2009-08-22 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-22 13:55 . 2009-08-22 05:02 -------- d-----w- c:\documents and settings\AMMAR\Application Data\DMCache
2010-01-22 13:55 . 2009-08-20 14:45 16608 ----a-w- c:\windows\gdrv.sys
2010-01-22 13:53 . 2009-08-22 18:15 598048 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-22 13:53 . 2009-08-22 18:15 5220 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-22 13:53 . 2009-08-22 18:15 2114592 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-22 13:53 . 2009-08-22 18:15 19696 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-22 13:47 . 2001-09-19 12:00 72558 ----a-w- c:\windows\system32\perfc001.dat
2010-01-22 13:47 . 2001-09-19 12:00 378270 ----a-w- c:\windows\system32\perfh001.dat
2010-01-22 12:45 . 2009-08-23 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-20 19:40 . 2009-09-09 02:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 17:23 . 2009-08-23 01:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-19 07:53 . 2009-10-24 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-01-19 07:53 . 2009-10-24 06:28 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-12 17:58 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2010-01-12 17:58 . 2009-08-22 18:15 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-12 17:58 . 2009-08-22 18:15 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-12 17:58 . 2009-08-23 02:07 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2010-01-12 17:58 . 2009-08-23 02:07 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2010-01-01 12:04 . 2009-12-14 09:15 -------- d-----w- c:\program files\Batch Watermark Creator
2009-12-31 17:37 . 2009-12-12 11:40 -------- d-----w- c:\program files\Opera
2009-12-31 16:14 . 2009-12-12 17:16 -------- d-----w- c:\program files\Your Uninstaller
2009-12-26 17:24 . 2009-07-06 21:18 95216 ----a-w- c:\documents and settings\AMMAR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 04:42 . 2009-11-23 07:30 71388 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-21 19:05 . 2004-08-03 21:55 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 08:23 . 2009-12-17 08:23 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-14 09:33 . 2009-08-20 14:47 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-12-12 17:16 . 2009-08-22 14:41 -------- d-----w- c:\documents and settings\AMMAR\Application Data\URSoft
2009-12-11 17:40 . 2009-12-11 17:40 -------- d-----w- c:\documents and settings\AMMAR\Application Data\CyberScrub
2009-12-11 17:40 . 2009-12-11 17:40 -------- d-----w- c:\documents and settings\AMMAR\Application Data\zyzcleaner
2009-12-10 12:21 . 2009-12-10 12:21 -------- d-----w- c:\program files\VS Revo Group
2009-12-10 07:15 . 2009-12-10 07:15 -------- d-----w- c:\program files\Proxy Switcher Standard
2009-12-10 07:15 . 2009-12-10 06:39 -------- d-----w- c:\program files\Proxy Switcher Standard(2)
2009-12-09 17:06 . 2009-12-09 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\WNR
2009-12-09 17:06 . 2009-12-09 17:06 -------- d-----w- c:\documents and settings\AMMAR\Application Data\WNR
2009-12-07 09:45 . 2009-11-27 15:13 -------- d-----w- c:\documents and settings\AMMAR\Application Data\IDM
2009-12-02 13:38 . 2009-12-02 13:38 -------- d-----w- c:\program files\Luminositi
2009-12-02 07:34 . 2009-12-01 12:06 -------- d-----w- c:\documents and settings\AMMAR\Application Data\Nuotex
2009-12-01 09:03 . 2009-11-27 09:01 -------- d-----w- c:\program files\SplitCam
2009-11-29 11:11 . 2009-11-29 11:11 4520817 ----a-w- c:\windows\system32\Scenic.scr
2009-11-29 11:11 . 2009-11-29 11:11 3411325 ----a-w- c:\windows\system32\Out and About.scr
2009-11-29 11:11 . 2009-11-29 11:11 15688 ----a-w- c:\documents and settings\AMMAR\Application Data\Microsoft\IM-HM\Giftpack from Hotmail.exe
2009-11-29 11:10 . 2009-11-29 11:11 16693576 ----a-w- c:\documents and settings\AMMAR\Application Data\Microsoft\IM-HM\im-hm-uninst.exe
2009-11-28 09:35 . 2009-11-27 15:13 -------- d-----w- c:\program files\Internet Download Manager
2009-11-27 15:33 . 2009-11-27 15:33 198064 ----a-w- c:\documents and settings\AMMAR\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-11-27 09:01 . 2009-08-20 14:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-26 01:24 . 2009-11-26 01:22 5865064 ----a-w- c:\documents and settings\All Users\Application Data\SweetIM\Messenger\update\sweetimsetup.exe
2009-11-23 16:11 . 2009-11-23 07:30 -------- d-----w- c:\documents and settings\AMMAR\Application Data\Apple Computer
2009-11-23 15:23 . 2009-11-23 15:23 -------- d-----w- c:\program files\QuickTime
2009-11-23 15:22 . 2009-11-23 15:22 -------- d-----w- c:\program files\Common Files\Apple
2009-11-21 15:54 . 2004-08-03 21:55 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-04 05:21 . 2009-11-04 05:21 152576 ----a-w- c:\documents and settings\AMMAR\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:40 . 2004-08-03 21:55 916480 ----a-w- c:\windows\system32\wininet(2).dll
2009-10-29 07:40 . 2004-08-03 21:55 1208832 ----a-w- c:\windows\system32\urlmon(2).dll
2009-10-29 07:40 . 2007-08-13 15:34 1985536 ----a-w- c:\windows\system32\iertutil(2).dll
2009-10-29 07:40 . 2007-08-13 15:54 11069952 ----a-w- c:\windows\system32\ieframe(2).dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-27 3171760]
"DriverCure"="c:\program files\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-23 2922064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-23 208616]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-23 198160]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07/01/2009 11:39 م 20744]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [20/08/2009 05:46 م 80392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [24/09/2009 04:04 ص 54752]
R2 ISD;Intel(r) 82802 Firmware Hub Device (Intel(r) Security Driver);c:\windows\system32\drivers\ISECDRV.SYS [03/09/2009 02:48 ص 32108]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/09/2009 09:55 ص 133104]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07/12/2008 12:44 م 30088]
S3 fsssvc;خدمة أمان العائلة في Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 م 704864]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 02:58 م 26248]
S3 XoftSpyService;XoftSpyService;"c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe" --> c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 06:55]
2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 06:55]
2010-01-22 c:\windows\Tasks\User_Feed_Synchronization-{E7C67597-2F2A-4CAB-AC3B-1F1B88F09961}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://google.com.sa/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Note this (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19--1117949017.dll/gn_menu1.html
IE: Note this item (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19--1117949017.dll/gn_menu2.html
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


FF - ProfilePath - c:\documents and settings\AMMAR\Application Data\Mozilla\Firefox\Profiles\x88uft4c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\AMMAR\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - ORPHANS REMOVED - - - -
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2010-01-22 16:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\.Default\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Ding.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Critical.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Insert.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Remove.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Fail.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Low.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\MailBeep\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Notify.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Error.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Exclamation.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemExit\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Shutdown.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemHand\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Critical Stop.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Balloon.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\SystemStart\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Startup.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logoff Sound.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logon Sound.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\5H*0*nC]
@=""
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\5H*0*nC]
@="Windows XP Pop-up Blocked.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Recycle.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\5H*0*nC]
@="Windows Feed Discovered.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\5H*0*nC]
@=""
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\Explorer\Navigating\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows XP Start.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\Explorer\SearchProviderDiscovered\5H*0*nC]
@=""
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\5H*0*nC]
@="Windows XP Information Bar.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\5H*0*nC]
@="c:\\Program Files\\Messenger\\online.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\5H*0*nC]
@="c:\\Program Files\\Messenger\\newalert.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\5H*0*nC]
@="c:\\Program Files\\Messenger\\newemail.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\5H*0*nC]
@="c:\\Program Files\\Messenger\\type.wav"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\AppEvents\Schemes\Names\5H*0*nC]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="صوت"
[HKEY_USERS\S-1-5-21-73586283-764733703-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f7,4c,bb,90,c6,89,d5,21,ed,06,aa,81,48,e2,da,8e,50,98,10,65,db,
86,7b,1b,8b,d5,a8,ad,83,1c,60,b8,16,a1,85,92,ac,b7,17,8b,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):16,5f,a3,57,d2,72,94,bc,af,ac,ea,cd,eb,38,0b,6c,cf,7f,44,1e,14,
ab,8a,e7,a8,ab,71,1a,22,5c,ea,7b,3c,44,85,66,ad,25,b2,a4,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9cbbe245-0830-4bf1-813c-d0176aad9959}]
@Denied: (Full) (Everyone)
"Model"=dword:00000113
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e37b0e77-44df-4ee0-ab84-603f8140b548}]
@Denied: (Full) (Everyone)
"Model"=dword:00000015
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(920)
c:\windows\system32\WININET.dll
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\MSVCP71.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-01-22 17:00:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-22 14:00
ComboFix2.txt 2009-12-26 10:36
ComboFix3.txt 2009-12-26 07:53
Pre-Run: 27,908,763,648 bytes free
Post-Run: 27,903,164,416 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 358140B0FE21209277D9CCFA2D1C5B03
 

توقيع : hariri1966
الاخ الفاضل ألوحش مشكور على مجهودك

الاداة الاولى اعطانى على طول 76path not found

وعملت الاداة الثانيه ومازالت المشكلة موجوده كافة البرامج

تفتح فى صفحه صغيرة اعلى صفحة ابدا وليس بجانبها وبعض

البرامج غير موجوده وعند دخولى على على لوحة التحكم ومنها

الى الاداء والصيانه ومنها الى ادوات اداريه يعطينى صفحه بيضاء
 

توقيع : hariri1966
Start من ابدأ
Run تشغيل
انسخ والصق هذا الأمر ثم موافق
regsvr32 /i shell32.dll
اعد التشغيل

 
اخى الفاضل ألوحش مشكور على تواصلك

عملت الخطوه الاخيره regsvr32 /i shell32.dll

وعملت اعادة تشغيل الا انها زادت المشكلة اختفت كل

البرامج من سطح المكتب الا جهاز الكمبيوتر والمستندات

وسلة المذوفات والاكسبلورر واختفت كل البرامج من قائمة

كافة البرامج فما ادرى اعمل استعلدة للنظام ام ماذا ؟؟؟؟
 
توقيع : hariri1966

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي






اعمل هذا ثاني وتأكد هناك ملفين وبعدها اعد التشغيل
 

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



الاخ الفاضل ألوحش الف شكر على دعمك

نزلت الملف وبعد فك الضغط اعطانى ملفين ريجسترى

4ك ب و8ك ب ويقولى تمت العمليه بنجاح ولما اعمل

ريستارت اجد اغلب البرامج على سطح المكتب والقائمه

ابدا وكافة البرامج قد اختفت وما اقدر ارجعها الا اعمل استعادة

للنظام
 
توقيع : hariri1966


حمل هذا الملف وفيه ثلاث مجلدات شغله واحد واحد بالترتيب

واعمل موافق وبعد الانتهاء من الثلاث مجلدات اعيد تشغيل
الجهاز



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي






الحل الثاني


اذا ما نفع الاول وهنا اخر :er:


حمل هذا الملف وشغله وطبق الشرح


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





Start menu



ثم اضغط على


restore default


72089592.gif





:cr:​
 
السلام عليكم ورحمة الله وبركاته

الاخ الفاضل ألوحش اسف على التاخير

عملت الخطوتين ومازالت المشكله قائمه

اتعبتك معاى ياغالى
 
توقيع : hariri1966

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




انا هنا استسمحك وعجزت عن الحل ولعل الاخوان يفيدونك :b:
 
بارك الله فيك اخى الفاضل ألوحش على مجهودك

وياريت احصل المساعده من الاخوان لحل هذه

المشكله وصارت تجينى رسالة بعد الدخول على

القائمه ابدا ( لا توجد مساحه كافيه لاظهار بعض

البرامج ) ارجو منكم المساعده
 
توقيع : hariri1966
up
 
توقيع : hariri1966
ادخل هذه الصفحة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

التقرير noor_mcafee
وارفعه على هذا الموقع

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



وارفق رابط التحميل بمشاركتك القادمة
 
السلام عليكم ورحمة الله تعالى وبركاته

الاخ الفاضل ألوحش اشكر لك اهتمامك بالموضوع

وهذا تقرير المكافى

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
توقيع : hariri1966
الاخ الفاضل ألوحش هذا تقرير اخر


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





Virus Scan Report File

Virus Scan Information

McAfee VirusScan for Win32 v5.30.0Copyright (c) 1992-2008 McAfee, Inc. All rights reserved.(408) 988-3832 LICENSED COPY - Jun 16 2008Scan engine v5.3.00 for Win32.Virus data file v5594 created Apr 23 2009Scanning for 521494 viruses, trojans and variants.Virus Scan Results

This program is more than 8 months old. New viruses come out all thetime - we would suggest that you upgrade your copy.01/26/2010 17:31:24Options:/AD /ALL /AFC=512 /APPEND /UNZIP /SUB /STREAMS /HTML REPORT.HTML /ANALYZE /MAILBOX /WINMEM /ALLOLE /PROGRAM /CLEAN /DAM /FAM /NOBREAKScanning C: [AMINXP]Scanning C:\*.*C:\Documents and Settings\AMMAR\Local Settings\Temporary Internet Files\Content.IE5\7S0FJ7I0\mainMobily[1].vir ... Found trojan or variant JS/Exploit-DDay !!! Please send a copy of the file to McAfee The file or process has been renamed.C:\Documents and Settings\AMMAR\Local Settings\Temporary Internet Files\Content.IE5\WBGC1I0Q\mainMobily[1].vir ... Found trojan or variant JS/Exploit-DDay !!! Please send a copy of the file to McAfee The file or process has been renamed.C:\MSOCache\All Users\{90120000-0016-0401-0000-0000000FF1CE}-C\ExcelLR.cab\ATPVBAEN.XLAM_1025\xl/vbaProject.bin ... contains one or more macros.C:\MSOCache\All Users\{90120000-0016-0401-0000-0000000FF1CE}-C\ExcelLR.cab\FUNCRES.XLAM_1025\xl/vbaProject.bin ... contains one or more macros.C:\MSOCache\All Users\{90120000-0016-0401-0000-0000000FF1CE}-C\ExcelLR.cab\LOOKUP.XLAM_1025\xl/vbaProject.bin ... contains one or more macros.C:\MSOCache\All Users\{90120000-0016-0401-0000-0000000FF1CE}-C\ExcelLR.cab\SOLVER.XLAM_1025\xl/vbaProject.bin ... contains one or more macros.C:\MSOCache\All Users\{90120000-0016-0401-0000-0000000FF1CE}-C\ExcelLR.cab\SUMIF.XLAM_1025\xl/vbaProject.bin ... contains one or more macros.C:\MSOCache\All Users\{90120000-006E-0401-0000-0000000FF1CE}-C\OfficeLR.cab\EXPTOOWS.XLA_1025 ... contains one or more macros.C:\MSOCache\All Users\{90120000-0114-0401-0000-0000000FF1CE}-C\Office.en-us\OfficeLR.cab\EXPTOOWS.XLA_1033 ... contains one or more macros.C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab\EUROTOOL.XLAM\xl/vbaProject.bin ... contains one or more macros.C:\MSOCache\All Users\{91120000-0030-0000-0000-0000000FF1CE}-C\EnterrWW.cab\HTML.XLAM\xl/vbaProject.bin ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\1033\EXPTOOWS.XLA ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\1033\EXPTOOWS.XLA ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\OFFICE11\Library\Analysis\ATPVBAEN.XLA ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\Library\Analysis\ATPVBAEN.XLA ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\OFFICE11\Library\Analysis\FUNCRES.XLA ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\Library\Analysis\FUNCRES.XLA ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\OFFICE11\Library\EUROTOOL.XLA ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\Library\EUROTOOL.XLA ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\OFFICE11\Library\HTML.XLA ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\Library\HTML.XLA ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\OFFICE11\Library\LOOKUP.XLA ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\Library\LOOKUP.XLA ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\OFFICE11\Library\SOLVER\SOLVER.XLA ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\Library\SOLVER\SOLVER.XLA ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\OFFICE11\Library\SUMIF.XLA ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\Library\SUMIF.XLA ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\OFFICE11\MACROS\SUPPORT.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\MACROS\SUPPORT.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\NorthwindCS.adp ... contains one or more macros.C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\NorthwindCS.adp ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Agenda Wizard.Wiz ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Agenda Wizard.Wiz ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Batch Conversion Wizard.Wiz ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Batch Conversion Wizard.Wiz ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Brochure.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Brochure.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Calendar Wizard.Wiz ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Calendar Wizard.Wiz ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Contemporary Fax.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Contemporary Fax.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Contemporary Letter.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Contemporary Letter.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Contemporary Memo.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Contemporary Memo.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Contemporary Report.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Contemporary Report.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Contemporary Resume.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Contemporary Resume.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\CONTMADR.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\CONTMADR.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\CONTMFAX.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\CONTMFAX.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\CONTMLTR.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\CONTMLTR.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Directory.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Directory.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Elegant Fax.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Elegant Fax.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Elegant Letter.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Elegant Letter.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Elegant Memo.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Elegant Memo.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Elegant Report.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Elegant Report.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Elegant Resume.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Elegant Resume.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\ELEGMADR.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\ELEGMADR.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\ELEGMFAX.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\ELEGMFAX.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\ELEGMLTR.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\ELEGMLTR.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Envelope Wizard.wiz ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Envelope Wizard.wiz ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Fax Wizard.wiz ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Fax Wizard.wiz ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\LABEL.WIZ ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\LABEL.WIZ ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Letter Wizard.wiz ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Letter Wizard.wiz ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Manual.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Manual.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Memo Wizard.wiz ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Memo Wizard.wiz ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\MERGELTR.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\MERGELTR.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Pleading Wizard.wiz ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Pleading Wizard.wiz ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\PLEADSUB.WIZ ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\PLEADSUB.WIZ ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Professional Fax.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Professional Fax.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Professional Letter.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Professional Letter.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Professional Memo.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Professional Memo.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Professional Report.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Professional Report.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Professional Resume.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Professional Resume.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\PROFMADR.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\PROFMADR.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\PROFMFAX.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\PROFMFAX.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\PROFMLTR.DOT ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\PROFMLTR.DOT ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Resume Wizard.wiz ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Resume Wizard.wiz ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\Microsoft Office\Templates\1033\Thesis.dot ... contains one or more macros.C:\Program Files\Microsoft Office\Templates\1033\Thesis.dot ... All macros have been removed.Checking for another virus in the file ... C:\Program Files\ULTRA SURF 9.9 Türkçe\ULTRA SURF 9.9 Full Türkçe.exe ... Found potentially unwanted program Ultrasurf. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0083098.exe\A0083098.exe ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0083107.pif\A0083107.pif ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0083110.exe\A0083110.exe ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0083143.exe\A0083143.exe ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0084093.exe\A0084093.exe ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0084105.pif\A0084105.pif ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0084108.exe\A0084108.exe ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0084140.exe\A0084140.exe ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0084276.exe\A0084276.exe ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0084282.pif\A0084282.pif ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP585\A0084285.exe\A0084285.exe ... Found potentially unwanted program Tool-NirCmd. The file or process has been deleted.C:\System Volume Information\_restore{5A204C7A-665B-4DC0-B37B-F8849977EBD0}\RP601\A0084888.exe ... Found potentially unwanted program Ultrasurf. The file or process has been deleted.C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60010400000000000F01FEC\12.0.4518\EXPTOOWS.XLA_1025 ... contains one or more macros.C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60010400000000000F01FEC\12.0.4518\EXPTOOWS.XLA_1025 ... All macros have been removed.Checking for another virus in the file ... C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\EXPTOOWS.XLA_1033 ... contains one or more macros.C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.4518\EXPTOOWS.XLA_1033 ... All macros have been removed.Checking for another virus in the file ... C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ATPVBAEN.XLA_1033 ... contains one or more macros.C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ATPVBAEN.XLA_1033 ... All macros have been removed.Checking for another virus in the file ... C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EUROTOOL.XLA ... contains one or more macros.C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EUROTOOL.XLA ... All macros have been removed.Checking for another virus in the file ... C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FUNCRES.XLA_1033 ... contains one or more macros.C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FUNCRES.XLA_1033 ... All macros have been removed.Checking for another virus in the file ... C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SUMIF.XLA_1033 ... contains one or more macros.C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SUMIF.XLA_1033 ... All macros have been removed.Checking for another virus in the file ... Summary report on C:\*.*File(s) Total files: ........... 144681 Clean: ................. 144600 Possibly Infected: ..... 2 Cleaned: ............... 0 Deleted: ............... 13Non-critical Error(s): 3Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Scanning D: []Scanning D:\*.*Summary report on D:\*.*File(s) Total files: ........... 508 Clean: ................. 508 Possibly Infected: ..... 0 Cleaned: ............... 0Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Scanning E: []Scanning E:\*.*E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A4561405.CAB\NWINDCS.NDF_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E3561405.CAB\HTML.XLA ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB\ATPVBAEN.XLA_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB\FUNCRES.XLA_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB\EUROTOOL.XLA ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB\LOOKUP.XLA_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB\SOLVER.XLA_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB\SUMIF.XLA_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\M3561404.CAB\EXPTOOWS.XLA_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\CONTFAX.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\CONTLTR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\CONTMEMO.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\CONTREPO.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\CONTRESU.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\ELEGFAX.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\ELEGLTR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\ELEGMEMO.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\ELEGREPO.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\ELEGRESU.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\ENVELOPE.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\FAX.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\LABEL.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\LETTER.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\MEMO.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\PROFFAX.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\PROFLTR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\PROFMEMO.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\PROFREPO.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\PROFRESU.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB\RESUME.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\AGENDA.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\BROCHURE.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\CALENDAR.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\CONTMADR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\CONTMFAX.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\CONTMLTR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\CONVERT.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\DIRECTRY.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\ELEGMADR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\ELEGMFAX.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\ELEGMLTR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\MANUAL.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\MERGELTR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\PLEADING.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\PLEADSUB.WIZ_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\PROFMADR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\PROFMFAX.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\PROFMLTR.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\THESIS.DOT_1033 ... contains one or more macros.E:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB\SUPPORT.DOT_1033 ... contains one or more macros.Summary report on E:\*.*File(s) Total files: ........... 13973 Clean: ................. 13973 Possibly Infected: ..... 0 Cleaned: ............... 0Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Time: 00:36.14Visit the

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Web Site
Need some help or advice? Send email to Technical Support.
 
توقيع : hariri1966
طيب حبيبي جرب تسوي مستخدم جديد يكون مسئول نظام

واعد تشغيل الجهاز وادخل بحساب المستخدم الجديد

وانظر هل فيه نفس المشكله ولا لا بانتظار ردك
 
السلام عليكم ورحمة الله وبركاته

الاخ الفاضل ألوحش عملت حساب كمسئول نظام

وعملت اعادة تشغيل ودخلت بالحساب الجديد

ومازالت المشكله موجوده . وياريت توضحلى

التقرير كان سليم لانى نزلت برنامج clamwin

محمول ورفضت يشتغل وغيرت اسم البرنامج والحين

شغال وانا اشك ان الجهاز مصاب
 
توقيع : hariri1966
اخى الفاضل ألوحش اتعبتك معاى واخذت كثير من وقتك

هذا تقرير clamwin وفيه اصابتين كيف اقدر احذفها

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




Scan Started Wed Jan 27 13:01:04 2010
-------------------------------------------------------------------------------
C:\Documents and Settings\AMMAR\Local Settings\Application Data\Microsoft\Windows Live Contacts\0395679a-5cd1-4b91-bb06-d35f1df201ab\DBStore\contacts.edb: Permission denied
C:\Documents and Settings\AMMAR\Local Settings\Application Data\Microsoft\Windows Live Contacts\0395679a-5cd1-4b91-bb06-d35f1df201ab\DBStore\tempedb.edb: Permission denied
C:\Documents and Settings\AMMAR\Local Settings\Application Data\Microsoft\Windows Live Contacts\20c9077e-7d66-4e4f-ac28-6360a8e19e45\DBStore\contacts.edb: Permission denied
C:\Documents and Settings\AMMAR\Local Settings\Application Data\Microsoft\Windows Live Contacts\20c9077e-7d66-4e4f-ac28-6360a8e19e45\DBStore\tempedb.edb: Permission denied
C:\Documents and Settings\AMMAR\Local Settings\Application Data\Microsoft\Windows Live Contacts\87a14fff-eae1-4cce-8f98-d5c8d0cfe6be\DBStore\contacts.edb: Permission denied
C:\Documents and Settings\AMMAR\Local Settings\Application Data\Microsoft\Windows Live Contacts\87a14fff-eae1-4cce-8f98-d5c8d0cfe6be\DBStore\tempedb.edb: Permission denied
C:\Documents and Settings\AMMAR\Local Settings\Application Data\Microsoft\Windows Live Contacts\8db643ea-47ce-4729-bde2-e0379bee57fb\DBStore\contacts.edb: Permission denied
C:\Documents and Settings\AMMAR\Local Settings\Application Data\Microsoft\Windows Live Contacts\8db643ea-47ce-4729-bde2-e0379bee57fb\DBStore\tempedb.edb: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied
C:\WINDOWS\system32\drivers\fidbox.idx: Permission denied
C:\WINDOWS\system32\drivers\fidbox2.idx: Permission denied
C:\WINDOWS\temp\cch~1b1c92d3b20.htp: Permission denied
C:\WINDOWS\temp\cch~1b1c937bf28.htp: Permission denied
C:\WINDOWS\temp\cch~1c155408c0c.htp: Permission denied
C:\WINDOWS\temp\cch~1c1554b991c.htp: Permission denied
C:\WINDOWS\temp\cch~f25e231cf9c.htp: Permission denied
C:\WINDOWS\temp\cch~f25e23d2c48.htp: Permission denied
C:\WINDOWS\ServicePackFiles\i386\wextract.exe: Trojan.Agent-124127 FOUND
C:\WINDOWS\system32\wextract.exe: Trojan.Agent-124127 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 702931
Engine version: 0.95.3
Scanned directories: 6755
Scanned files: 55019
Infected files: 2
Data scanned: 37453.46 MB
Data read: 25327.50 MB (ratio 1.48:1)
Time: 6084.953 sec (101 m 24 s)
--------------------------------------
Completed
--------------------------------------
 
توقيع : hariri1966

طبعأ فيه عندك ملفات خبيثه واشك انها سبب
المشكله ولكن لا اجزم دعنا نحذفها ونشوف
ان شاء الله خليك معي والله يعين


اولاً عطل استعادة النظام واقفل الجهاز وعيد تشغيل الجهاز ( خطوه مهمة )


عطل استعادة النظام حسب الشرح التالي

i7549_1.png


i7550_2.png


i7551_3.png






ثم حمل هذا الوحش الروسي


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




واعمل سكان كلين الخيار الثاني وهو فحص وتنظيف ارجو التطبيق جيداً

اتبع الشرح


50393602.png






واي اكتشاف اعمل ديليت ولا تنسى تعطل مكافح الفايروسات حقك







 
اخى الفاضل ألوحش السلام عليكم ورحمة الله وبركاته

بارك الله فيك وفى عمرك وغفر لك ولوالديك وجمعكم

ومن تحبون فى الفردوس الاعلى تحت عرش الرحمن

اخى اسف للتاخير انا حملت البرنامج وما طلعلى اى

فايروس ويبدو ان البرنامج نفسه فيه فايروسات لانى

عملت scan ب clamwin وحددت الاعدادت على

حذف الملفات المصابه وهدى النتيجه

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




Scan Started Thu Jan 28 10:05:45 2010
-------------------------------------------------------------------------------

C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\4000001500002i\SOLOSENT.EXE: Removed.
C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\40000030b00002i\IDMan.exe: Removed.
C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\4000005200002i\SOLOCFG.EXE: Removed.
C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\4000005a00002i\SOLOSCAN.EXE: Removed.
C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\4000009c00002i\IEXPLORE.EXE: Removed.
C:\Documents and Settings\AMMAR\My Documents\Downloads\Compressed\58384solo_antivirus_scanner.rar: Removed.
C:\Documents and Settings\AMMAR\My Documents\Downloads\Compressed\Solo Antivirus Scanner.exe: Removed.
C:\pagefile.sys: Permission denied
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000012.EXE: Removed.
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000013.exe: Removed.
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000014.EXE: Removed.
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000015.EXE: Removed.
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000016.EXE: Removed.
C:\WINDOWS\ServicePackFiles\i386\wextract.exe: Removed.
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied
C:\WINDOWS\system32\drivers\fidbox.idx: Permission denied
C:\WINDOWS\system32\drivers\fidbox2.idx: Permission denied
C:\WINDOWS\system32\wextract.exe: Removed.

C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\4000001500002i\SOLOSENT.EXE: Trojan.IRCBot-3427 FOUND
C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\40000030b00002i\IDMan.exe: Trojan.IRCBot-3427 FOUND
C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\4000005200002i\SOLOCFG.EXE: Trojan.IRCBot-3427 FOUND
C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\4000005a00002i\SOLOSCAN.EXE: Trojan.IRCBot-3427 FOUND
C:\Documents and Settings\AMMAR\Application Data\Thinstall\Solo Antivirus 8.0\4000009c00002i\IEXPLORE.EXE: Trojan.IRCBot-3427 FOUND
C:\Documents and Settings\AMMAR\My Documents\Downloads\Compressed\58384solo_antivirus_scanner.rar: Trojan.IRCBot-3427 FOUND
C:\Documents and Settings\AMMAR\My Documents\Downloads\Compressed\Solo Antivirus Scanner.exe: Trojan.IRCBot-3427 FOUND
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000012.EXE: Trojan.IRCBot-3427 FOUND
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000013.exe: Trojan.IRCBot-3427 FOUND
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000014.EXE: Trojan.IRCBot-3427 FOUND
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000015.EXE: Trojan.IRCBot-3427 FOUND
C:\System Volume Information\_restore5A204C7A-665B-4DC0-B37B-F8849977EBD0\RP1\A0000016.EXE: Trojan.IRCBot-3427 FOUND
C:\WINDOWS\ServicePackFiles\i386\wextract.exe: Trojan.Agent-124127 FOUND
C:\WINDOWS\system32\wextract.exe: Trojan.Agent-124127 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 703771
Engine version: 0.95.3
Scanned directories: 6499
Scanned files: 50116
Infected files: 14

Data scanned: 32671.79 MB
Data read: 20624.21 MB (ratio 1.58:1)
Time: 5677.516 sec (94 m 37 s)
--------------------------------------
Completed
--------------------------------------

وبعد حذف الفيروسات جاتنى رساله تقولى فى ملفات ناقصه

ادخل سيدى الوندوز لاكمالها والا النظام سوف يكون غير مستقر

ودخلت السيدى وماقبل يمكن لان السيدىsp2 وانا محدث الويندوز

الى sp3 وشغلت برنامج paretologic drivecure وكمل

الملفات الناقصه وبعدها نزلت برنامج alfa autorun killer

والحمد لله تم حل المشكله واشكرك اخى الفاضل مره ثانيه على

سعة صدرك وارجو اغلاق الموضوع
 
توقيع : hariri1966
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى