هدا تقرير و الباين علية كله فيروسات

LANCER · 4 أكتوبر 2007

السلام عليكم
المشكلة من موزع النت
التقرير مو راضي يرتفع
اطريت اضيفه عادي
و هدا تقرير الكاسبر

KASPERSKY ONLINE SCANNER REPORT Thursday, October 04, 2007 2:47:41 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 4/10/2007
Kaspersky Anti-Virus database records: 427117

Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerC:\
D:\
E:\
F:\
G:\ Scan StatisticsTotal number of scanned objects57762Number of viruses found4Number of infected objects10Number of suspicious objects0Duration of the scan process00:29:07

Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\031b_File_Monitoring_eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\031e_Web_Monitoring_eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\s\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\s\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\rashid\s\index.dat Object is locked skipped C:\Documents and Settings\rashid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\rashid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\rashid\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\rashid\Local Settings\History\History.IE5\MSHist012007100420071005\index.dat Object is locked skipped C:\Documents and Settings\rashid\Local Settings\Temporary Internet Files\.IE5\index.dat Object is locked skipped C:\Documents and Settings\rashid\NTUSER.DAT Object is locked skipped C:\Documents and Settings\rashid\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP30\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe/webcontrol/btwebcontrol.dll Infected: not-a-virusialer.Win32.BT.g skipped C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe CAB: infected - 1 skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP5\A0000229.vbs Infected: Virus.VBS.Attas.a skipped E:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP6\A0000235.vbs Infected: Virus.VBS.Attas.a skipped E:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP8\A0000500.vbs Infected: Virus.VBS.Attas.a skipped E:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP8\A0000510.exe Infected: Trojan-PSW.Win32.QQPass.jh skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped F:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP12\A0000691.com Infected: Trojan-PSW.Win32.OnLineGames.blt skipped F:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP24\A0011178.com Infected: Trojan-PSW.Win32.OnLineGames.blt skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped G:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP12\A0000693.com Infected: Trojan-PSW.Win32.OnLineGames.blt skipped G:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP24\A0011179.com Infected: Trojan-PSW.Win32.OnLineGames.blt skipped Scan process completed.

وهدا تقرير Avg

__________________________________________________

ewido anti-spyware online scanner

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

__________________________________________________

Name: Tracking.2o7

Path: C:\Documents and Settings\rashid\s\rashid@2o7[1].txt

Risk: Medium

Name: Tracking.Yieldmanager

Path: C:\Documents and Settings\rashid\s\rashid@ad.yieldmanager[2].txt

Risk: Medium

Name: Tracking.Adbrite

Path: C:\Documents and Settings\rashid\s\rashid@adbrite[2].txt

Risk: Medium

Name: Tracking.Adbrite

Path: C:\Documents and Settings\rashid\s\rashid@ads.adbrite[1].txt

Risk: Medium

Name: Tracking.Atdmt

Path: C:\Documents and Settings\rashid\s\rashid@atdmt[1].txt

Risk: Medium

Name: Tracking.Clickbank

Path: C:\Documents and Settings\rashid\s\rashid@clickbank[1].txt

Risk: Medium

Name: Tracking.Doubleclick

Path: C:\Documents and Settings\rashid\s\rashid@doubleclick[1].txt

Risk: Medium

Name: Tracking.Webtrends

Path: C:\Documents and Settings\rashid\s\rashid@m.webtrends[2].txt

Risk: Medium

Name: Tracking.Netflame

Path: C:\Documents and Settings\rashid\s\rashid@ssl-hints.netflame[1].txt

Risk: Medium

Name: Tracking.Onestat

Path: C:\Documents and Settings\rashid\s\rashid@stat.onestat[2].txt

Risk: Medium

Name: Tracking.Statcounter

Path: C:\Documents and Settings\rashid\s\rashid@statcounter[2].txt

Risk: Medium

Name: Tracking.Tacoda

Path: C:\Documents and Settings\rashid\s\rashid@tacoda[2].txt

Risk: Medium

Name: Tracking.Tradedoubler

Path: C:\Documents and Settings\rashid\s\rashid@tradedoubler[1].txt

Risk: Medium

Name: Not-A-Virus.Monitor.Win32.AKL.25

Path: C:\WINDOWS\system32\TDispVol.dll

Risk: Low

الباين عليه كله فيروسات

ارجوا الافادة

و شكرا

زيزوووم · 4 أكتوبر 2007

هلااا فيك ياغالي ,,
تقرير الكاسبر محيوس مررررررررره :tongue:
عندك 4 ملفات مصابه بفايروس ,, و10 ملفات برامج خطره ( ليست فيروسات )

وبودي اتأكد عندك الكاسبر 7 يشتغل او لااا

حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم

LANCER · 4 أكتوبر 2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:24 ?, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\rashid\Desktop\Zyzoom_HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 6856 bytes

LANCER · 4 أكتوبر 2007

هدا التقرير اخي الكريم
زيزووووم
و ارجوا الافادة
مع العلم اني انا كنت استعمل
نورتين انترنت سكيرتي 2006
مع العلم ان النورتين اتت مع التوشيبا
يعني الشركة نفسها منصبة البرنامج
يعني من الاول ما اشتريت الاب توب
وشكرا

زيزوووم · 5 أكتوبر 2007

هلااا فيك ,,
النورتون يجي مع القطع ( سنه مجانا مع التحديث )

لو فيه خير ماجاء هديه :biggrin:

على العموم ,,
باقي ملفات للنورتون لم تحذف ,, والافضل استخدام هذه الاداة لحذفه بالكامل

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

بعده اعد تشغيل جهازك ,, واعمل التالي ,

( اولااا )
تعطيل خدمة استعادة النظام
بالماوس كلك يمين على جهاز الكبيوتر واختر >>> خصائص
واعمل كما بالصوره

بعدها ,, حدث الكاسبر ,, واعمل فحص + تنظيف كامل لجهازك
والطريقه كالتالي ,,
ضبط الاعدادات للفحص والتنظيف
بالماوس كلك يمين على شعار الكاسبر ,, واختر >>>> Settings
عندها تفتح لك شاشة الاعدادات ,, اعمل كما موجود بالصور التاليه ,,

الان شغل البرنامج ,, وافحص جهازك بهذه الطريقه

---------------------------------------------------

بعد عمل السابق ,, ارفق تقرير جديد هايجاك ,,,

عصام ابوهيبه · 5 أكتوبر 2007

LANCER · 5 أكتوبر 2007

هلا اخوي الكريم زيزووم
جمعتك مباركة ان شاء الله
عملت اخوي متل ما قلت
وبارك الله فيك
و هدا التقرير

LANCER · 5 أكتوبر 2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:31:44 ?, on 05/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\rashid\Desktop\Zyzoom_HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 5610 bytes

زيزوووم · 5 أكتوبر 2007

الله يبارك فيك ياغالي ,,

التقرير حلوو ياحلوو

زيزوووم · 5 أكتوبر 2007

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

هلاااا بالذووق كله

لاهنت وبارك الله فيك اخوي عصام

LANCER · 6 أكتوبر 2007

الحمد لله يوجد تقدم و دلك بفضلك اخي زيزووووم
بعد الله سبحانه و تعالى
فايروس واحد و ثنين ملفات ضارة
وهدا تقرير الكاسبر
بس ان شاء الله يكون مو محوس و تقدر تفهمه
وشكرا

Saturday, October 06, 2007 4:29:52 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 6/10/2007
Kaspersky Anti-Virus database records: 428111

Scan Settin

Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue

Scan TargetMy Computer
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 48679
Number of viruses found 1
Number of infected objects 2
Number of suspicious object s0
Duration of the scan process 00:36:54

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP7\Report\038f_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP7\Report\0392_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky
Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local
Settings\Temp\s\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local
Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary
Internet Files\.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked
skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked
skipped
C:\Documents and Settings\rashid\s\index.dat Object is locked
skipped
C:\Documents and Settings\rashid\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\rashid\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\rashid\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rashid\Local
Settings\History\History.IE5\MSHist012007100620071007\index.dat Object is
locked skipped
C:\Documents and Settings\rashid\Local Settings\Temporary Internet
Files\.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rashid\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\rashid\ntuser.dat.LOG Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E10E8749-8455-49BF-B2EC-ACF1E8D95C28}.bin
Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe/webcontrol/btwebcontrol.dll
Infected: not-a-virus

ialer.Win32.BT.g skipped
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe CAB:
infected - 1 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
Scan process completed.

LANCER · 6 أكتوبر 2007

وهدا تقرير Avg

__________________________________________________
ewido anti-spyware online scanner

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

__________________________________________________

Name: Tracking.2o7
Path: C:\Documents and Settings\rashid\s\rashid@2o7[1].txt
Risk: Medium
Name: Tracking.Yieldmanager
Path: C:\Documents and Settings\rashid\s\rashid@ad.yieldmanager[2].txt
Risk: Medium
Name: Tracking.Adbrite
Path: C:\Documents and Settings\rashid\s\rashid@adbrite[2].txt
Risk: Medium
Name: Tracking.Adbrite
Path: C:\Documents and Settings\rashid\s\rashid@ads.adbrite[1].txt
Risk: Medium
Name: Tracking.Atdmt
Path: C:\Documents and Settings\rashid\s\rashid@atdmt[2].txt
Risk: Medium
Name: Tracking.Clickbank
Path: C:\Documents and Settings\rashid\s\rashid@clickbank[1].txt
Risk: Medium
Name: Tracking.Doubleclick
Path: C:\Documents and Settings\rashid\s\rashid@doubleclick[1].txt
Risk: Medium
Name: Tracking.Webtrends
Path: C:\Documents and Settings\rashid\s\rashid@m.webtrends[1].txt
Risk: Medium
Name: Tracking.Netflame
Path: C:\Documents and Settings\rashid\s\rashid@ssl-hints.netflame[1].txt
Risk: Medium
Name: Tracking.Onestat
Path: C:\Documents and Settings\rashid\s\rashid@stat.onestat[2].txt
Risk: Medium
Name: Tracking.Statcounter
Path: C:\Documents and Settings\rashid\s\rashid@statcounter[1].txt
Risk: Medium
Name: Tracking.Tacoda
Path: C:\Documents and Settings\rashid\s\rashid@tacoda[2].txt
Risk: Medium
Name: Tracking.Tradedoubler
Path: C:\Documents and Settings\rashid\s\rashid@tradedoubler[1].txt
Risk: Medium
Name: Not-A-Virus.Monitor.Win32.AKL.25
Path: C:\WINDOWS\system32\TDispVol.dll
Risk: Low

ارجوا الافادة

LANCER · 7 أكتوبر 2007

وينك اخوي زيزوم

زيزوووم · 7 أكتوبر 2007

العيد بعد 4 ايام:tongue:

باقي ملفين ,, احذفهم يدوي (( اللون الاحمر ))

C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe

الثاني

C:\WINDOWS\system32\TDispVol.dll

بالتوفيق

LANCER · 7 أكتوبر 2007

كل عام و انتم بخير
عيد فطر مبارك
على جميع الامة الاسلامة عامة
و على اعضاء المنتدى خاصة
انا يا زيزوم حدفت إلي قتلي عليه
خلات هل حين جهازي خالي من الفيروسات
و مشكور ما قصرت

زيزوووم · 19 أكتوبر 2007

وانت بخير وصحه وسلااامه ,,

يسلمووو حبيب قلبي ولاهنت ,,

== يغلق الموضوع لانتهاء الغرض منه ==

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم​

زيزوومى متألق

توقيع : LANCER

عضو شرف

زيزوومى متألق

توقيع : LANCER

زيزوومى متألق

توقيع : LANCER

عضو شرف

زيزوومى محترف

توقيع : عصام ابوهيبه

زيزوومى متألق

توقيع : LANCER

زيزوومى متألق

توقيع : LANCER

عضو شرف

عضو شرف

زيزوومى متألق

توقيع : LANCER

زيزوومى متألق

توقيع : LANCER

زيزوومى متألق

توقيع : LANCER

عضو شرف

زيزوومى متألق

توقيع : LANCER

عضو شرف

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم