أرجووو المساعدهــ ،،فايروس معقد !!!!

  • بادئ الموضوع بادئ الموضوع saw101
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,282
الحالة
مغلق و غير مفتوح للمزيد من الردود.
saw101

saw101

زيزوومي نشيط
إنضم
12 يناير 2009
المشاركات
129
مستوى التفاعل
4
النقاط
170
الإقامة
ksa
غير متصل
السلامــ عليكمـــ
اخوااني حملت ملف وبعد فتره طلع فايروس لعب بالجهاز ،، الجهاز صار يهنج ويعلق وبطيي مرهــ ،، وكل مااسويله تطهيربالكاسبر7(سكيورتي) واحذفه،، واسوي ريستارت للجهاز
بيرجع الكاسبر ويكتشفلي نفس الفاايروس >>مكان الفايروس :f:
C:\WINDOWS\system32\msqpdxlxblxmow.dll
وبعدها الكاسبر ماصار يتحدث وبتطلعلي قاعدهــ البيانات ملغيه
وشكراا لكمـــ ..
 

توقيع : saw101
ترتيب حسب التاريخ ترتيب حسب الأصوات
الله يحييك اخوي
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
الله يسلمكـ ويبقيكــ اخوي مااكس وهذا تقرير الهايجاك ،،علما بان امس لعبت بالهايجاك
وحذفت اربع قيم اوخمس من الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:55:57 م, on 12/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Invisible Browsing\servers\IBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Invisible Browsing\servers\Socks\IBSocksManager.exe
C:\Program Files\Invisible Browsing\servers\Socks\IBSocks.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Invisible Browsing\servers\Http\ibhttp.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\My Documents\Downloads\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: أضافة إلى مضاد الأعلان - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6213 bytes
 
توقيع : saw101
تأييد 0
حمل الاداة التالية


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شغلها بدبل كلك ،، ثواني يظهر المفكرة وفيها تقرير ،، اعمل تحديد الكل وانسخه والصقه بمشاركتك القادمة
 
تأييد 0
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:41 م, on 12/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Invisible Browsing\servers\IBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Invisible Browsing\servers\Socks\IBSocksManager.exe
C:\Program Files\Invisible Browsing\servers\Socks\IBSocks.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Invisible Browsing\servers\Http\ibhttp.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [AskTBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: أضافة إلى مضاد الأعلان - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6333 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 760
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 16/01/1430 12:29:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 56 K
Mem Usage Peak : 476 K
Page Faults : 232
Pagefile Usage : 164 K
Pagefile Peak Usage : 1672 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 812
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 16/01/1430 12:29:42 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2916 K
Mem Usage Peak : 5080 K
Page Faults : 47961
Pagefile Usage : 2160 K
Pagefile Peak Usage : 2176 K
File Attributes :
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 836
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 05/12/1428 06:58:14 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:42 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2048 K
Mem Usage Peak : 14768 K
Page Faults : 9141
Pagefile Usage : 11848 K
Pagefile Peak Usage : 12472 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 880
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:43 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1688 K
Mem Usage Peak : 3852 K
Page Faults : 2056
Pagefile Usage : 2052 K
Pagefile Peak Usage : 2472 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 892
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:43 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2228 K
Mem Usage Peak : 6424 K
Page Faults : 31819
Pagefile Usage : 8352 K
Pagefile Peak Usage : 8576 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1048
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:44 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1612 K
Mem Usage Peak : 5644 K
Page Faults : 1975
Pagefile Usage : 6756 K
Pagefile Peak Usage : 26652 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1112
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:44 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1436 K
Mem Usage Peak : 4104 K
Page Faults : 1254
Pagefile Usage : 4792 K
Pagefile Peak Usage : 4816 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1140
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:44 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 10420 K
Mem Usage Peak : 28144 K
Page Faults : 22673
Pagefile Usage : 22620 K
Pagefile Peak Usage : 22964 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1188
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:44 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 500 K
Mem Usage Peak : 3784 K
Page Faults : 1014
Pagefile Usage : 2976 K
Pagefile Peak Usage : 3000 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1328
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:46 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1092 K
Mem Usage Peak : 4408 K
Page Faults : 1744
Pagefile Usage : 1916 K
Pagefile Peak Usage : 2040 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1368
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:46 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1188 K
Mem Usage Peak : 7444 K
Page Faults : 2185
Pagefile Usage : 6464 K
Pagefile Peak Usage : 6504 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1536
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 04/05/1426 11:53:32 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:47 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 884 K
Mem Usage Peak : 9344 K
Page Faults : 2775
Pagefile Usage : 9084 K
Pagefile Peak Usage : 10112 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1656
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:29:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 41172 K
Mem Usage Peak : 123824 K
Page Faults : 856538
Pagefile Usage : 124692 K
Pagefile Peak Usage : 180284 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1672
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:29:55 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 408 K
Mem Usage Peak : 3656 K
Page Faults : 997
Pagefile Usage : 2784 K
Pagefile Peak Usage : 2808 K
File Attributes : A
==================================================
==================================================
Process Name : IBService.exe
ProcessID : 1744
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 45,056
File Created Date : 14/01/1430 05:20:14 ص
File Modified Date : 20/12/1427 12:38:50 م
Filename : C:\Program Files\Invisible Browsing\servers\IBService.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:29:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 352 K
Mem Usage Peak : 1652 K
Page Faults : 2510
Pagefile Usage : 524 K
Pagefile Peak Usage : 552 K
File Attributes : A
==================================================
==================================================
Process Name : jqs.exe
ProcessID : 1768
Priority : Low
Product Name : Java(TM) Platform SE 6 U11
Version : 6.0.110.3
Description : Java(TM) Quick Starter Service
Company : Sun Microsystems, Inc.
Window Title :
File Size : 152,984
File Created Date : 10/01/1430 09:57:00 م
File Modified Date : 10/01/1430 09:57:00 م
Filename : C:\Program Files\Java\jre6\bin\jqs.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:29:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1436 K
Mem Usage Peak : 16920 K
Page Faults : 3817124
Pagefile Usage : 2632 K
Pagefile Peak Usage : 3244 K
File Attributes : A
==================================================
==================================================
Process Name : IBSocksManager.exe
ProcessID : 1776
Priority : Normal
Product Name : Invisible Browsing
Version : 6, 5, 0, 1
Description : Invisible Browsing
Company : amplusnet.com
Window Title :
File Size : 184,320
File Created Date : 14/01/1430 05:20:14 ص
File Modified Date : 08/09/1428 07:44:02 ص
Filename : C:\Program Files\Invisible Browsing\servers\Socks\IBSocksManager.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:29:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 444 K
Mem Usage Peak : 2180 K
Page Faults : 679
Pagefile Usage : 840 K
Pagefile Peak Usage : 840 K
File Attributes : A
==================================================
==================================================
Process Name : IBSocks.exe
ProcessID : 1788
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 4,586,481
File Created Date : 14/01/1430 05:20:14 ص
File Modified Date : 19/07/1428 09:13:28 م
Filename : C:\Program Files\Invisible Browsing\servers\Socks\IBSocks.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:29:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 13528 K
Mem Usage Peak : 17132 K
Page Faults : 13304
Pagefile Usage : 9356 K
Pagefile Peak Usage : 11216 K
File Attributes : A
==================================================
==================================================
Process Name : MDM.EXE
ProcessID : 1808
Priority : Normal
Product Name : Microsoft® Visual Studio .NET
Version : 7.00.9466
Description : Machine Debug Manager
Company : Microsoft Corporation
Window Title :
File Size : 322,120
File Created Date : 19/04/1424 08:25:00 م
File Modified Date : 19/04/1424 08:25:00 م
Filename : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Base Address : 0x00400000
Created On : 16/01/1430 12:29:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 464 K
Mem Usage Peak : 3316 K
Page Faults : 1133
Pagefile Usage : 3960 K
Pagefile Peak Usage : 3976 K
File Attributes : A
==================================================
==================================================
Process Name : NBService.exe
ProcessID : 1844
Priority : Normal
Product Name : Nero BackItUp
Version : 3, 5, 4, 0
Description : Nero BackItUp
Company : Nero AG
Window Title :
File Size : 877,864
File Created Date : 04/12/1429 12:29:52 م
File Modified Date : 04/12/1429 12:29:52 م
Filename : C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:29:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 600 K
Mem Usage Peak : 7428 K
Page Faults : 1909
Pagefile Usage : 6820 K
Pagefile Peak Usage : 6832 K
File Attributes : A
==================================================
==================================================
Process Name : ibhttp.exe
ProcessID : 1932
Priority : Normal
Product Name : Invisible Browsing
Version : 6.5.0
Description : Invisible Browsing HTTP Proxy
Company : AMPLUSNET
Window Title :
File Size : 301,056
File Created Date : 14/01/1430 05:20:14 ص
File Modified Date : 29/10/1427 02:30:54 م
Filename : C:\Program Files\Invisible Browsing\servers\Http\ibhttp.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:29:57 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1976 K
Mem Usage Peak : 5488 K
Page Faults : 7306
Pagefile Usage : 2384 K
Pagefile Peak Usage : 2948 K
File Attributes : A
==================================================
==================================================
Process Name : IoctlSvc.exe
ProcessID : 1956
Priority : Normal
Product Name : IoctlSvc Application
Version : 1, 6, 0, 0
Description : PLFlash DeviceIoControl Service
Company : Prolific Technology Inc.
Window Title :
File Size : 81,920
File Created Date : 29/11/1427 06:30:26 ص
File Modified Date : 29/11/1427 06:30:26 ص
Filename : C:\WINDOWS\system32\IoctlSvc.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:29:59 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 196 K
Mem Usage Peak : 1960 K
Page Faults : 536
Pagefile Usage : 1008 K
Pagefile Peak Usage : 1008 K
File Attributes : A
==================================================
==================================================
Process Name : HPZipm12.exe
ProcessID : 1992
Priority : Normal
Product Name : HP PML
Version : 10, 1, 1, 5
Description : PML Driver
Company : HP
Window Title :
File Size : 69,632
File Created Date : 18/10/1429 08:19:18 م
File Modified Date : 03/02/1427 06:03:10 م
Filename : C:\WINDOWS\system32\HPZipm12.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:29:59 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 308 K
Mem Usage Peak : 2004 K
Page Faults : 550
Pagefile Usage : 648 K
Pagefile Peak Usage : 648 K
File Attributes : A
==================================================
==================================================
Process Name : RichVideo.exe
ProcessID : 2036
Priority : Normal
Product Name : RichVideo Module
Version : 1.1.0808
Description : RichVideo Module
Company :
Window Title :
File Size : 167,936
File Created Date : 05/12/1428 06:19:49 م
File Modified Date : 04/07/1426 08:54:00 م
Filename : C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:30:00 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 344 K
Mem Usage Peak : 3300 K
Page Faults : 868
Pagefile Usage : 3776 K
Pagefile Peak Usage : 3800 K
File Attributes :
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 204
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:30:00 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1468 K
Mem Usage Peak : 4788 K
Page Faults : 2000
Pagefile Usage : 5896 K
Pagefile Peak Usage : 6016 K
File Attributes : A
==================================================
==================================================
Process Name : ups.exe
ProcessID : 260
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : UPS Service
Company : Microsoft Corporation
Window Title :
File Size : 18,432
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\ups.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:30:00 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 368 K
Mem Usage Peak : 2884 K
Page Faults : 776
Pagefile Usage : 1080 K
Pagefile Peak Usage : 1080 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.exe
ProcessID : 3420
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,656,832
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 21/09/1429 02:43:08 ص
Filename : C:\WINDOWS\Explorer.exe
Base Address : 0x01000000
Created On : 16/01/1430 12:33:41 م
Visible Windows : 3
Hidden Windows : 26
User Name : SAIF\user
Mem Usage : 26644 K
Mem Usage Peak : 58944 K
Page Faults : 269723
Pagefile Usage : 60340 K
Pagefile Peak Usage : 98836 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 3548
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.68
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,872
File Created Date : 18/12/1429 10:11:47 م
File Modified Date : 23/12/1429 07:25:50 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:33:44 م
Visible Windows : 0
Hidden Windows : 1
User Name : SAIF\user
Mem Usage : 136 K
Mem Usage Peak : 3044 K
Page Faults : 17372
Pagefile Usage : 4568 K
Pagefile Peak Usage : 4808 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 3556
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:33:44 م
Visible Windows : 0
Hidden Windows : 4
User Name : SAIF\user
Mem Usage : 4172 K
Mem Usage Peak : 15624 K
Page Faults : 78307
Pagefile Usage : 17824 K
Pagefile Peak Usage : 18984 K
File Attributes : A
==================================================
==================================================
Process Name : IDMan.exe
ProcessID : 3564
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.15.1.0
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title :
File Size : 2,606,512
File Created Date : 28/10/1429 11:35:04 ص
File Modified Date : 25/12/1429 10:42:28 ص
Filename : D:\Program Files\Internet Download Manager\IDMan.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:33:44 م
Visible Windows : 0
Hidden Windows : 6
User Name : SAIF\user
Mem Usage : 8860 K
Mem Usage Peak : 14608 K
Page Faults : 22255
Pagefile Usage : 12088 K
Pagefile Peak Usage : 15060 K
File Attributes : A
==================================================
==================================================
Process Name : IEMonitor.exe
ProcessID : 972
Priority : Normal
Product Name : IEMonitor Application
Version : 5, 12, 8, 0
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,312
File Created Date : 28/10/1429 10:46:37 ص
File Modified Date : 11/02/1429 01:01:02 م
Filename : D:\Program Files\Internet Download Manager\IEMonitor.exe
Base Address : 0x00400000
Created On : 16/01/1430 12:34:00 م
Visible Windows : 0
Hidden Windows : 1
User Name : SAIF\user
Mem Usage : 1964 K
Mem Usage Peak : 6704 K
Page Faults : 3389
Pagefile Usage : 7572 K
Pagefile Peak Usage : 8484 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 3492
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,724,184
File Created Date : 07/10/1428 08:34:42 ص
File Modified Date : 07/10/1428 08:34:42 ص
Filename : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 16/01/1430 08:25:41 م
Visible Windows : 1
Hidden Windows : 31
User Name : SAIF\user
Mem Usage : 13028 K
Mem Usage Peak : 54696 K
Page Faults : 30598
Pagefile Usage : 38580 K
Pagefile Peak Usage : 42468 K
File Attributes : A
==================================================
==================================================
Process Name : usnsvc.exe
ProcessID : 2264
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Messenger Sharing USN Journal Reader Service
Company : Microsoft Corporation
Window Title :
File Size : 98,328
File Created Date : 07/10/1428 08:31:54 ص
File Modified Date : 07/10/1428 08:31:54 ص
Filename : C:\Program Files\Windows Live\Messenger\usnsvc.exe
Base Address : 0x00400000
Created On : 16/01/1430 08:26:21 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2792 K
Mem Usage Peak : 2792 K
Page Faults : 762
Pagefile Usage : 3748 K
Pagefile Peak Usage : 3760 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 1452
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 16/01/1430 05:35:29 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 16/01/1430 08:35:30 م
Visible Windows : 0
Hidden Windows : 0
User Name : SAIF\user
Mem Usage : 2472 K
Mem Usage Peak : 2476 K
Page Faults : 728
Pagefile Usage : 960 K
Pagefile Peak Usage : 964 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 128
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 16/01/1430 08:35:31 م
Visible Windows : 0
Hidden Windows : 1
User Name : SAIF\user
Mem Usage : 3056 K
Mem Usage Peak : 3120 K
Page Faults : 888
Pagefile Usage : 2176 K
Pagefile Peak Usage : 2252 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 2928
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 05/12/1428 05:00:53 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 16/01/1430 08:35:35 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5852 K
Mem Usage Peak : 5852 K
Page Faults : 1523
Pagefile Usage : 6428 K
Pagefile Peak Usage : 6428 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 2492
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 16/01/1430 05:35:29 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 16/01/1430 08:35:43 م
Visible Windows : 0
Hidden Windows : 0
User Name : SAIF\user
Mem Usage : 2460 K
Mem Usage Peak : 2512 K
Page Faults : 971
Pagefile Usage : 1040 K
Pagefile Peak Usage : 1748 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.3156
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0001.0068
c:\program files\common files\real\update_ob\realsched.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
7.00.0000.0125
c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
AskTBar Uninstall
rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
Ask Toolbar
Ask.com
2.01.0010.0002
c:\program files\uninstall ask toolbar.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
IDMan
D:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.15.0001.0000
d:\program files\internet download manager\idman.exe
Task Scheduler
1-Click Maintenance.job
C:\Program Files\TuneUp Utilities 2008\OneClick.exe /schedulestart
File not found: C:\Program Files\TuneUp Utilities 2008\OneClick.exe
Uniblue SpeedUpMyPC Nag.job
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
File not found: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
XoftSpySE 2.job
C:\Program Files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe ShowReminders
Xoftspy
ParetoLogic
4.33.5259.0001
c:\program files\bronz patch pro\xoftspyse\xoftspy.exe
XoftSpySE.job
C:\Program Files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe -t
Xoftspy
ParetoLogic
4.33.5259.0001
c:\program files\bronz patch pro\xoftspyse\xoftspy.exe
.
.
----------- End Report ---------------
 
توقيع : saw101
تأييد 0
اخي الملف اللي تقول عنه غير موجود بالتقارير
اعمل هذا الفحص للتاكد


حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
اخي الغاااالي ماكس ،،ماتتحمل معاي الاداهــ( للمعلوميه عطلت الكاسبر عشان ادخل الموقع)وتظهرلي هالرساله ببرنامج التحميل
398097564.jpg
،، وسويت سكااااان لجهاز الكمبيوتر ببرنامج الكااااسبر الي بالجهاز لكن يوصل لين 30% ويعلق الجهاز واضطر اسويت ريستارت للجهاز ،،
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 
توقيع : saw101
تأييد 0
الغالي ماااكس ،،
حملة الاداهــ وبعد عنااء لكن المشكله مايوصل البحث 9% ويهنق الجهاز بالكامل
واضطر اسوي ريستارت للجهاز بالزر الي بالصندوق​
 
توقيع : saw101
تأييد 0
saw101 قال:
الغالي ماااكس ،،

حملة الاداهــ وبعد عنااء لكن المشكله مايوصل البحث 9% ويهنق الجهاز بالكامل

واضطر اسوي ريستارت للجهاز بالزر الي بالصندوق​
أنقر للتوسيع...

طيب اعمل الفحص بالوضع الامن

طريقة تشغيل الجهاز في الوضع الأمن



عند تشغيل الجهاز تبدأ بالضغط على F8


بشكل متكرر حتى تظهر هذه الشاشة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
التعديل الأخير بواسطة المشرف:
تأييد 0
اخي الغالي ماكس سويت بحث بالاداهــ بالسيف المود ثلاث مراهــ ،، واول مره وثاني مرهــ وصل لتقريبا 10 % وهنق الجهاز بالكاااامل وثالث مرهــ وصل 95% وهنج نفس المشكله ،،، وهذي صوره الفايروس يطلع اول ماايشتغل الجهاز
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : saw101
تأييد 0
حمل الاداة من هذا الموضوع
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها واختر خيار التنظيف

واصبر حتى تنتهي لوحدها ويخرج التقرير
ارفع التقرير على مركز الرفع وارفقه بمشاركتك القادمة
 
تأييد 0
اخي الغالي ماكس هذا رابط تحليل المكاااااافي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وفي استفسار بسيط،، ملفااات النظام الي تنتهي dll .sav..prn ملياانه بالجهاز وبكل مكان المستندات،، القرص d
لان من فترة طويلة احمل برامج واحذفها بالطريقة العاديه مو ببرنامج Your Uninstaller! 2008
وتحياااااااااااااااتي واشووواقي لكـــــــــــــــــــــ ،،
 
توقيع : saw101
تأييد 0
الان اعد الفحص باداة الكاسبر بالوضع الامن
اداة المكافي حذفت عدة ملفات ضارة لكن ليس من بينها الملف المطلوب حذفه
 
تأييد 0
اخي ماااااااكس المشكلة نفسها تهنيج الجهاااااااز ،،
والكاسبر 7 تاكدت من التاريخ والوقت للجهاز وموراضي يتحدث
 
توقيع : saw101
تأييد 0
saw101 قال:
اخي ماااااااكس المشكلة نفسها تهنيج الجهاااااااز ،،


والكاسبر 7 تاكدت من التاريخ والوقت للجهاز وموراضي يتحدث
أنقر للتوسيع...

اخي التهنيق بالوضع الامن رح يكون سببه ارتفاع حرارة الجهاز
تاكد من مراوح الجهاز انها تعمل
ولازم تقرير الكاسبر

بالانتظار
 
تأييد 0
توقيع : saw101
تأييد 0
لم يكشف اي اصابة
هل التحذير مستمر ؟
 
تأييد 0
لا يالغلاء لمــ يعد يجيني اي تحدذير حذفت الفايروس وملف تاني طلع بواسطه الاداهــ ********
ولكن عندي استفسار بسيط،، حملت برنامج على انه يزيد السرعه ،، وحذته ولكن نشب باعدادت lan
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ويجيني هالرابط في استخدام البرنامج التكوين التلقائي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : saw101
تأييد 0
هلاا بك
ما اشوف فيها اي مشكلة
اعمل تقرير هايجاك للتاكد
 
تأييد 0
يعطيكــ العااافيه اخوي ماكس على المساعدهــ ،،
وبيض الله وجهكــ وماقصرت يالغلاء ،،
وبالنسبه للتقرير مايحتاج اسويهــ اذا مافيه مشكلهــ ،،
خلاص الفايروس طار بشرهـ ،،
 
توقيع : saw101
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى