- بادئ الموضوع abuadnan
- تاريخ البدء
- 794
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
قم بتحميل هذه الاداة وتشغيلها وحذف الفيروس فقط اضغط ريموف
وتحميلها من
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم عمل Restart (اعادة تشغيل) للجهاز
===========================
توقيع : السّاجد لله
تأييد
0
حمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
يجب ان تكون جميع النوافذ مغلقة تماما
لا تلمس الماوس نهائيا عند الاستخدام
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
يجب ان تكون جميع النوافذ مغلقة تماما
لا تلمس الماوس نهائيا عند الاستخدام
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
اخى المراقب بارك الله فيك تم تنفيذ المطلوب وهذة هى النتيجة
ComboFix 08-09-05.02 - Administrator 09/06/2008 16:58:35.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.653 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 14:03 5,114,400 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-06 14:03 42,084 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-06 14:03 2,632 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-06 14:03 147,488 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-06 05:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-09-05 11:16 354,560 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-05 03:27 --------- d-----w C:\Program Files\Uniblue
2008-09-04 14:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-09-03 04:09 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-03 03:34 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-03 03:33 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-03 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-03 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-02 11:56 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-02 11:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-09-02 11:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-08-30 04:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\COWON
2008-08-29 13:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-08-28 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-28 14:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-08-28 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-28 13:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HP
2008-08-28 13:55 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-28 13:48 --------- d-----w C:\Program Files\HP
2008-08-28 12:14 --------- d-----w C:\Program Files\Yahoo!
2008-08-28 12:14 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-28 12:14 --------- d-----w C:\Program Files\ACD Systems
2008-08-28 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-28 12:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-08-28 12:04 --------- d-----w C:\Program Files\QuickWiz
2008-08-28 12:04 --------- d-----w C:\Program Files\Common Files\GuruNet Shared
2008-08-28 12:04 --------- d-----w C:\Program Files\Common Files\Accent Shared
2008-08-28 11:50 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-28 11:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-28 11:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-08-28 11:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-28 11:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-28 11:45 --------- d-----w C:\Program Files\Skype
2008-08-28 11:45 --------- d-----w C:\Program Files\Real
2008-08-28 11:45 --------- d-----w C:\Program Files\Google
2008-08-28 11:45 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-28 11:45 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-28 11:45 --------- d-----w C:\Program Files\Common Files\Real
2008-08-28 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-28 11:41 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-28 11:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-28 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-28 11:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-08-28 08:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 08:45 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-28 08:45 --------- d-----w C:\Program Files\JetAudio
2008-08-28 08:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-28 08:45 --------- d-----w C:\Program Files\Common Files\COWON
2008-08-28 08:44 --------- d-----w C:\Program Files\Eset
2008-08-28 08:12 --------- d-----w C:\Program Files\MSBuild
2008-08-28 08:12 --------- d-----w C:\Program Files\Microsoft Works
2008-08-28 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-28 07:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 17:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 15:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-26 08:15 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 03:12 AM 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [08/28/2008 02:46 PM 171448]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/02/2008 03:03 PM 2610608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/06/2003 09:19 PM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/06/2003 09:07 PM 114688]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum
n /alertsn /notificationsn /systrayIconn /fln /frn /appDatan
"HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [06/12/2006 01:36 PM 9344]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [09/05/2008 02:16 PM 354560]
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\acqk7t5q.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-06 17:04:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\ACD SYSTEMS\EN\DEVDETECT.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEMONITOR.EXE
.
**************************************************************************
.
Completion time: 09/06/2008 17:06:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 14:05:56
Pre-Run: 12,889,325,568 bytes free
Post-Run: 12,869,599,232 bytes free
166 --- E O F --- 2008-09-01 00:00:39
2-
Logfile of HijackThis v1.99.1
Scan saved at 05:08:08 م, on 06/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACADAA6-3372-4DB6-8FD4-FF511476EA7B}: NameServer = 212.71.21.19,212.71.32.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACADAA6-3372-4DB6-8FD4-FF511476EA7B}: NameServer = 212.71.21.19,212.71.32.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
ComboFix 08-09-05.02 - Administrator 09/06/2008 16:58:35.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.653 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 14:03 5,114,400 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-06 14:03 42,084 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-06 14:03 2,632 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-06 14:03 147,488 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-06 05:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-09-05 11:16 354,560 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-05 03:27 --------- d-----w C:\Program Files\Uniblue
2008-09-04 14:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-09-03 04:09 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-03 03:34 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-03 03:33 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-03 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-03 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-02 11:56 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-02 11:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-09-02 11:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-08-30 04:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\COWON
2008-08-29 13:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-08-28 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-28 14:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-08-28 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-28 13:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HP
2008-08-28 13:55 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-28 13:48 --------- d-----w C:\Program Files\HP
2008-08-28 12:14 --------- d-----w C:\Program Files\Yahoo!
2008-08-28 12:14 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-28 12:14 --------- d-----w C:\Program Files\ACD Systems
2008-08-28 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-28 12:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-08-28 12:04 --------- d-----w C:\Program Files\QuickWiz
2008-08-28 12:04 --------- d-----w C:\Program Files\Common Files\GuruNet Shared
2008-08-28 12:04 --------- d-----w C:\Program Files\Common Files\Accent Shared
2008-08-28 11:50 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-28 11:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-28 11:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-08-28 11:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-28 11:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-28 11:45 --------- d-----w C:\Program Files\Skype
2008-08-28 11:45 --------- d-----w C:\Program Files\Real
2008-08-28 11:45 --------- d-----w C:\Program Files\Google
2008-08-28 11:45 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-28 11:45 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-28 11:45 --------- d-----w C:\Program Files\Common Files\Real
2008-08-28 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-28 11:41 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-28 11:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-28 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-28 11:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-08-28 08:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 08:45 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-28 08:45 --------- d-----w C:\Program Files\JetAudio
2008-08-28 08:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-28 08:45 --------- d-----w C:\Program Files\Common Files\COWON
2008-08-28 08:44 --------- d-----w C:\Program Files\Eset
2008-08-28 08:12 --------- d-----w C:\Program Files\MSBuild
2008-08-28 08:12 --------- d-----w C:\Program Files\Microsoft Works
2008-08-28 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-28 07:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 17:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 15:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-26 08:15 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 03:12 AM 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [08/28/2008 02:46 PM 171448]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/02/2008 03:03 PM 2610608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/06/2003 09:19 PM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/06/2003 09:07 PM 114688]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum
n /alertsn /notificationsn /systrayIconn /fln /frn /appDatan"HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [06/12/2006 01:36 PM 9344]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [09/05/2008 02:16 PM 354560]
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\acqk7t5q.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-09-06 17:04:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\ACD SYSTEMS\EN\DEVDETECT.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEMONITOR.EXE
.
**************************************************************************
.
Completion time: 09/06/2008 17:06:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 14:05:56
Pre-Run: 12,889,325,568 bytes free
Post-Run: 12,869,599,232 bytes free
166 --- E O F --- 2008-09-01 00:00:39
2-
Logfile of HijackThis v1.99.1
Scan saved at 05:08:08 م, on 06/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACADAA6-3372-4DB6-8FD4-FF511476EA7B}: NameServer = 212.71.21.19,212.71.32.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACADAA6-3372-4DB6-8FD4-FF511476EA7B}: NameServer = 212.71.21.19,212.71.32.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
توقيع : abuadnan
تأييد
0
التقارير مافيهاا شي !!!
فقط احذف تول بار جوجل وياهو
وعطل استعادة النظام
لغلق استعادة النظام :
1-اضغط بيمين الماوس على my computer ثم properties (خصائص)
2-اضغط على system restore في القوائم اعلى النافذة( استعادة النظام )
3-اضغط على المربع الصغير بجانب turn off system restore on all drives بالعربي اظن(اطفىء استعادة النظام في كل
الاقراص)، حتى يظهر اشارة صح في المربع
4-اضغط ok(موافق)، ثم يسالك ان كنت موافق و تقول yes(نعم)
ونظف الجهاز
فقط احذف تول بار جوجل وياهو
وعطل استعادة النظام
لغلق استعادة النظام :
1-اضغط بيمين الماوس على my computer ثم properties (خصائص)
2-اضغط على system restore في القوائم اعلى النافذة( استعادة النظام )
3-اضغط على المربع الصغير بجانب turn off system restore on all drives بالعربي اظن(اطفىء استعادة النظام في كل
الاقراص)، حتى يظهر اشارة صح في المربع
4-اضغط ok(موافق)، ثم يسالك ان كنت موافق و تقول yes(نعم)
ونظف الجهاز
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
قم بتحميل هذه الاداة وتشغيلها وحذف الفيروس فقط اضغط ريموف
وتحميلها منيجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
ثم عمل Restart (اعادة تشغيل) للجهاز
===========================
اخى / حسام
الاداة يوجد بها فيروس
الله المستعان
توقيع : abuadnan
تأييد
0