ابو سعود الفلاني
زيزوومي جديد
- إنضم
- 29 يونيو 2008
- المشاركات
- 26
- مستوى التفاعل
- 0
- النقاط
- 20
غير متصل
السلام عليكم
يعطيكم العافيه
عندي مشكله على جهازي مقدر اتصفح المواقع يجيني رساله هذي الصوره
علماً عندي برنامج الكاسبر سكاي 2009
- بادئ الموضوع ابو سعود الفلاني
- تاريخ البدء
- 807
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
وعليكم السلام
اعمل التالي
1
2
اعمل التالي
1
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
2
اعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
توقيع : Demo-dash
تأييد
0
ابو سعود الفلاني
زيزوومي جديد
- إنضم
- 29 يونيو 2008
- المشاركات
- 26
- مستوى التفاعل
- 0
- النقاط
- 20
غير متصل
التقرير الاول .....
ComboFix 08-10-30.09 - 010 2008-10-30 19:45:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1428 [GMT 0:00]
Running from: C:\Documents and Settings\010\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\explore.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-30 19:35 . 2008-10-30 19:35 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-10-30 19:35 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-10-30 19:32 . 2008-10-30 19:32 25 --a------ C:\WINDOWS\cdplayer.ini
2008-10-30 18:52 . 2008-10-30 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
2008-10-30 18:49 . 2008-10-30 18:49 <DIR> d-------- C:\Program Files\Common Files\Yahoo!
2008-10-30 18:49 . 2008-10-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Studio 12
2008-10-30 18:49 . 2008-10-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
2008-10-30 18:28 . 2008-10-30 18:28 <DIR> d-------- C:\Documents and Settings\010\Application Data\CyberLink
2008-10-30 18:27 . 2008-10-30 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-30 18:24 . 2008-10-30 18:24 <DIR> d-------- C:\Program Files\CyberLink
2008-10-30 16:01 . 2008-10-30 18:54 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-30 14:57 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-10-30 14:57 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-10-30 14:57 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-10-30 14:57 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-10-30 14:57 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-10-30 14:57 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-10-30 14:57 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-10-30 14:57 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-10-30 14:56 . 2008-10-30 14:56 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-30 14:56 . 2008-10-30 14:57 <DIR> d-------- C:\Program Files\Ahead
2008-10-30 14:23 . 2002-07-26 17:02 153,088 --a------ C:\Program Files\UNWISE.EXE
2008-10-30 14:15 . 2003-11-04 12:37 1,693,696 --a------ C:\WINDOWS\system32\LTCLR13n.dll
2008-10-30 14:14 . 2004-07-02 17:28 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-10-30 14:14 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-10-30 14:13 . 2008-10-30 14:13 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2008-10-30 14:13 . 2008-10-30 14:13 <DIR> d-------- C:\Program Files\SmartSound Software
2008-10-30 14:13 . 2008-10-30 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-10-30 14:06 . 2004-07-16 16:47 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2008-10-30 14:01 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-30 13:58 . 2008-10-30 18:49 <DIR> d-------- C:\Program Files\Pinnacle
2008-10-30 13:58 . 2008-10-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-10-30 13:51 . 2008-10-30 15:35 <DIR> d-------- C:\Documents and Settings\010\Application Data\Ahead
2008-10-29 16:27 . 2008-10-29 16:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-29 16:00 . 2008-10-29 16:00 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-29 16:00 . 2008-10-29 16:00 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-29 16:00 . 2008-10-29 16:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-29 16:00 . 2008-10-29 16:00 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-29 15:59 . 2008-10-29 16:01 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-29 15:44 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-10-29 12:19 . 2008-10-29 12:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-10-29 12:19 . 2008-10-29 12:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-10-29 12:19 . 2008-10-29 12:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-10-29 12:19 . 2008-10-29 12:19 <DIR> d-------- C:\Documents and Settings\010\Application Data\Intel
2008-10-29 12:19 . 2008-10-29 12:19 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-10-29 12:19 . 2008-10-29 12:19 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-29 12:19 . 2008-10-29 12:19 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-10-29 12:19 . 2008-10-29 12:19 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-10-29 12:19 . 2008-10-29 12:19 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-10-29 12:18 . 2008-10-29 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-10-29 11:40 . 2008-10-29 11:40 268 --ah----- C:\sqmdata03.sqm
2008-10-29 11:40 . 2008-10-29 11:40 244 --ah----- C:\sqmnoopt03.sqm
2008-10-29 11:21 . 2008-10-29 12:18 <DIR> d-------- C:\Program Files\Intel
2008-10-29 11:18 . 2007-10-25 10:24 5,624,832 --a------ C:\WINDOWS\system\DriveIcon.dll
2008-10-29 11:18 . 2007-10-25 10:08 46,976 --a------ C:\WINDOWS\system32\drivers\RTSTOR.sys
2008-10-29 11:18 . 2004-06-30 16:24 5,430 --a------ C:\WINDOWS\system\MyMulti.ico
2008-10-29 10:43 . 2008-10-29 10:43 <DIR> d-------- C:\Program Files\Real
2008-10-29 10:43 . 2008-10-29 10:43 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-29 10:43 . 2008-10-29 10:43 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-29 10:43 . 2008-10-29 10:43 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-10-29 10:43 . 2008-10-29 10:43 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-10-29 10:04 . 2008-10-29 10:04 268 --ah----- C:\sqmdata02.sqm
2008-10-29 10:04 . 2008-10-29 10:04 244 --ah----- C:\sqmnoopt02.sqm
2008-10-29 10:01 . 2008-10-29 14:48 <DIR> d-------- C:\Documents and Settings\010\Contacts
2008-10-29 10:00 . 2008-10-29 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-29 10:00 . 2008-10-29 10:00 268 --ah----- C:\sqmdata01.sqm
2008-10-29 10:00 . 2008-10-29 10:00 244 --ah----- C:\sqmnoopt01.sqm
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\Program Files\Windows Live
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-10-29 09:59 . 2008-10-29 09:59 268 --ah----- C:\sqmdata00.sqm
2008-10-29 09:59 . 2008-10-29 09:59 244 --ah----- C:\sqmnoopt00.sqm
2008-10-29 09:54 . 2008-10-29 16:13 <DIR> d-------- C:\Program Files\MSN Messenger
2008-10-29 02:17 . 2008-10-29 02:17 <DIR> d-------- C:\Program Files\Atheros
2008-10-29 02:16 . 2008-10-29 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Atheros
2008-10-29 01:54 . 2008-10-29 01:54 <DIR> d-------- C:\Program Files\ltmoh
2008-10-29 01:54 . 2006-11-28 15:11 1,161,888 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2008-10-29 01:54 . 2006-12-26 16:40 491,520 --a------ C:\WINDOWS\system32\cselect.exe
2008-10-29 01:54 . 2003-02-25 15:42 128,113 --a------ C:\WINDOWS\system32\csellang.ini
2008-10-29 01:54 . 2003-12-05 09:48 77,824 --a------ C:\WINDOWS\system32\tosmreg.exe
2008-10-29 01:54 . 2007-01-09 14:22 50,752 --------- C:\WINDOWS\agrsmdel.exe
2008-10-29 01:54 . 2003-11-01 03:59 45,056 --a------ C:\WINDOWS\system32\csellang.dll
2008-10-29 01:54 . 2006-09-11 14:34 13,312 --a------ C:\WINDOWS\system32\agrscoin.dll
2008-10-29 01:54 . 2007-03-15 12:21 10,150 --a------ C:\WINDOWS\system32\tosmreg.ini
2008-10-29 01:54 . 2006-10-05 12:10 9,216 --a------ C:\WINDOWS\system32\agrsmsvc.exe
2008-10-29 01:54 . 2003-02-25 16:01 7,671 --a------ C:\WINDOWS\system32\cseltbl.ini
2008-10-29 01:51 . 2008-10-29 01:51 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-10-29 01:51 . 2008-01-03 23:10 105,856 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-10-29 01:50 . 2008-10-29 01:50 <DIR> d-------- C:\Documents and Settings\010\Application Data\InstallShield
2008-10-29 01:04 . 2008-10-15 16:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-29 00:57 . 2008-09-08 10:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-29 00:56 . 2008-08-14 10:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-29 00:56 . 2008-08-14 10:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-29 00:56 . 2008-08-14 09:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-29 00:56 . 2008-08-14 09:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-29 00:52 . 2008-08-14 10:04 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-10-29 00:50 . 2008-09-15 12:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-29 00:30 . 2008-04-11 19:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-29 00:27 . 2008-06-13 11:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-29 00:27 . 2008-06-13 11:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-29 00:26 . 2008-05-08 14:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-28 23:36 . 2008-10-29 01:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-28 23:15 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-28 23:15 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-28 23:15 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-28 23:15 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-28 23:15 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-28 22:13 . 2008-10-28 22:13 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-10-28 22:13 . 2008-10-29 19:45 <DIR> d-------- C:\Documents and Settings\010\Application Data\Paltalk
2008-10-28 22:04 . 2008-10-28 22:04 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-28 22:04 . 2008-10-30 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-28 22:04 . 2008-10-30 19:49 1,197,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-28 22:04 . 2008-10-30 19:47 278,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-28 22:04 . 2008-10-28 22:37 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-28 22:04 . 2008-10-28 22:04 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-28 22:04 . 2008-10-30 19:49 11,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-28 22:04 . 2008-10-30 19:47 2,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-28 22:02 . 2008-10-28 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-28 21:28 . 2008-10-28 21:28 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-10-28 21:28 . 2008-04-13 18:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-10-28 21:28 . 2008-10-28 21:28 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-10-28 21:28 . 2008-04-13 16:39 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-10-28 21:28 . 2008-04-13 18:45 56,576 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-10-28 21:28 . 2008-04-13 18:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-10-28 21:28 . 2008-04-13 18:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-10-28 21:23 . 2008-04-13 19:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 21:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-28 17:24 --------- d-----w C:\Program Files\Huawei technologies
2008-10-28 17:16 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-24 08:11 338,560 ----a-w C:\WINDOWS\system32\drivers\RTL8187B.sys
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 15:43 25,088 ----a-w C:\WINDOWS\system32\msxml3a.dll
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-29 20:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-29 185872]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 406016]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-04-06 61440]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.mjpx"= Pvmjpg21.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
--a------ 2008-01-26 03:10 450648 C:\Program Files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 00:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2008-02-05 12:34 162328 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2008-02-05 12:34 141848 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-10-08 14:13 1101824 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2007-10-08 14:18 995328 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2008-02-05 12:34 137752 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
--a------ 2008-03-04 12:12 360448 C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-29 10:43 185872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 FwLnk;FwLnk Driver;C:\WINDOWS\system32\DRIVERS\FwLnk.sys [2007-04-04 5888]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-09-24 338560]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-13 57408]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{212610f9-a6a7-11dd-807c-001644c266dd}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0c9ddd2-a50d-11dd-8819-806d6172696f}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
.
------- Supplementary Scan -------
.
O8 -: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O17 -: HKLM\CCS\Interface\{D9D6F532-0ECF-4A37-81F1-A17AFD376589}: NameServer = 4.2.2.4 4.2.2.3
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-30 19:49:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-30 19:51:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-30 19:51:20
Pre-Run: 46,839,861,248 bytes free
Post-Run: 47,130,587,136 bytes free
261
التقرير الثاني...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:22, on 30/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\Documents and Settings\010\Desktop\Paltalk Messenger.exe
C:\DOCUME~1\010\LOCALS~1\Temp\RarSFX0\Paltalk.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\010\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D6F532-0ECF-4A37-81F1-A17AFD376589}: NameServer = 4.2.2.4 4.2.2.3
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 5406 bytes
ComboFix 08-10-30.09 - 010 2008-10-30 19:45:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1428 [GMT 0:00]
Running from: C:\Documents and Settings\010\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\explore.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-30 19:35 . 2008-10-30 19:35 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-10-30 19:35 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-10-30 19:32 . 2008-10-30 19:32 25 --a------ C:\WINDOWS\cdplayer.ini
2008-10-30 18:52 . 2008-10-30 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
2008-10-30 18:49 . 2008-10-30 18:49 <DIR> d-------- C:\Program Files\Common Files\Yahoo!
2008-10-30 18:49 . 2008-10-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Studio 12
2008-10-30 18:49 . 2008-10-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
2008-10-30 18:28 . 2008-10-30 18:28 <DIR> d-------- C:\Documents and Settings\010\Application Data\CyberLink
2008-10-30 18:27 . 2008-10-30 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-30 18:24 . 2008-10-30 18:24 <DIR> d-------- C:\Program Files\CyberLink
2008-10-30 16:01 . 2008-10-30 18:54 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-30 14:57 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-10-30 14:57 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-10-30 14:57 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-10-30 14:57 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-10-30 14:57 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-10-30 14:57 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-10-30 14:57 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-10-30 14:57 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-10-30 14:56 . 2008-10-30 14:56 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-10-30 14:56 . 2008-10-30 14:57 <DIR> d-------- C:\Program Files\Ahead
2008-10-30 14:23 . 2002-07-26 17:02 153,088 --a------ C:\Program Files\UNWISE.EXE
2008-10-30 14:15 . 2003-11-04 12:37 1,693,696 --a------ C:\WINDOWS\system32\LTCLR13n.dll
2008-10-30 14:14 . 2004-07-02 17:28 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-10-30 14:14 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-10-30 14:13 . 2008-10-30 14:13 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2008-10-30 14:13 . 2008-10-30 14:13 <DIR> d-------- C:\Program Files\SmartSound Software
2008-10-30 14:13 . 2008-10-30 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-10-30 14:06 . 2004-07-16 16:47 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2008-10-30 14:01 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-30 13:58 . 2008-10-30 18:49 <DIR> d-------- C:\Program Files\Pinnacle
2008-10-30 13:58 . 2008-10-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-10-30 13:51 . 2008-10-30 15:35 <DIR> d-------- C:\Documents and Settings\010\Application Data\Ahead
2008-10-29 16:27 . 2008-10-29 16:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-29 16:00 . 2008-10-29 16:00 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-29 16:00 . 2008-10-29 16:00 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-29 16:00 . 2008-10-29 16:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-29 16:00 . 2008-10-29 16:00 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-29 15:59 . 2008-10-29 16:01 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-29 15:44 . 2004-08-03 22:29 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-10-29 12:19 . 2008-10-29 12:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-10-29 12:19 . 2008-10-29 12:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-10-29 12:19 . 2008-10-29 12:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-10-29 12:19 . 2008-10-29 12:19 <DIR> d-------- C:\Documents and Settings\010\Application Data\Intel
2008-10-29 12:19 . 2008-10-29 12:19 376,832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe
2008-10-29 12:19 . 2008-10-29 12:19 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-29 12:19 . 2008-10-29 12:19 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-10-29 12:19 . 2008-10-29 12:19 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-10-29 12:19 . 2008-10-29 12:19 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-10-29 12:18 . 2008-10-29 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-10-29 11:40 . 2008-10-29 11:40 268 --ah----- C:\sqmdata03.sqm
2008-10-29 11:40 . 2008-10-29 11:40 244 --ah----- C:\sqmnoopt03.sqm
2008-10-29 11:21 . 2008-10-29 12:18 <DIR> d-------- C:\Program Files\Intel
2008-10-29 11:18 . 2007-10-25 10:24 5,624,832 --a------ C:\WINDOWS\system\DriveIcon.dll
2008-10-29 11:18 . 2007-10-25 10:08 46,976 --a------ C:\WINDOWS\system32\drivers\RTSTOR.sys
2008-10-29 11:18 . 2004-06-30 16:24 5,430 --a------ C:\WINDOWS\system\MyMulti.ico
2008-10-29 10:43 . 2008-10-29 10:43 <DIR> d-------- C:\Program Files\Real
2008-10-29 10:43 . 2008-10-29 10:43 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-29 10:43 . 2008-10-29 10:43 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-29 10:43 . 2008-10-29 10:43 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-10-29 10:43 . 2008-10-29 10:43 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-10-29 10:04 . 2008-10-29 10:04 268 --ah----- C:\sqmdata02.sqm
2008-10-29 10:04 . 2008-10-29 10:04 244 --ah----- C:\sqmnoopt02.sqm
2008-10-29 10:01 . 2008-10-29 14:48 <DIR> d-------- C:\Documents and Settings\010\Contacts
2008-10-29 10:00 . 2008-10-29 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-29 10:00 . 2008-10-29 10:00 268 --ah----- C:\sqmdata01.sqm
2008-10-29 10:00 . 2008-10-29 10:00 244 --ah----- C:\sqmnoopt01.sqm
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\Program Files\Windows Live
2008-10-29 09:59 . 2008-10-29 09:59 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-10-29 09:59 . 2008-10-29 09:59 268 --ah----- C:\sqmdata00.sqm
2008-10-29 09:59 . 2008-10-29 09:59 244 --ah----- C:\sqmnoopt00.sqm
2008-10-29 09:54 . 2008-10-29 16:13 <DIR> d-------- C:\Program Files\MSN Messenger
2008-10-29 02:17 . 2008-10-29 02:17 <DIR> d-------- C:\Program Files\Atheros
2008-10-29 02:16 . 2008-10-29 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Atheros
2008-10-29 01:54 . 2008-10-29 01:54 <DIR> d-------- C:\Program Files\ltmoh
2008-10-29 01:54 . 2006-11-28 15:11 1,161,888 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2008-10-29 01:54 . 2006-12-26 16:40 491,520 --a------ C:\WINDOWS\system32\cselect.exe
2008-10-29 01:54 . 2003-02-25 15:42 128,113 --a------ C:\WINDOWS\system32\csellang.ini
2008-10-29 01:54 . 2003-12-05 09:48 77,824 --a------ C:\WINDOWS\system32\tosmreg.exe
2008-10-29 01:54 . 2007-01-09 14:22 50,752 --------- C:\WINDOWS\agrsmdel.exe
2008-10-29 01:54 . 2003-11-01 03:59 45,056 --a------ C:\WINDOWS\system32\csellang.dll
2008-10-29 01:54 . 2006-09-11 14:34 13,312 --a------ C:\WINDOWS\system32\agrscoin.dll
2008-10-29 01:54 . 2007-03-15 12:21 10,150 --a------ C:\WINDOWS\system32\tosmreg.ini
2008-10-29 01:54 . 2006-10-05 12:10 9,216 --a------ C:\WINDOWS\system32\agrsmsvc.exe
2008-10-29 01:54 . 2003-02-25 16:01 7,671 --a------ C:\WINDOWS\system32\cseltbl.ini
2008-10-29 01:51 . 2008-10-29 01:51 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-10-29 01:51 . 2008-01-03 23:10 105,856 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-10-29 01:50 . 2008-10-29 01:50 <DIR> d-------- C:\Documents and Settings\010\Application Data\InstallShield
2008-10-29 01:04 . 2008-10-15 16:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-29 00:57 . 2008-09-08 10:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-29 00:56 . 2008-08-14 10:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-29 00:56 . 2008-08-14 10:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-29 00:56 . 2008-08-14 09:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-29 00:56 . 2008-08-14 09:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-29 00:52 . 2008-08-14 10:04 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-10-29 00:50 . 2008-09-15 12:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-29 00:30 . 2008-04-11 19:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-29 00:27 . 2008-06-13 11:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-29 00:27 . 2008-06-13 11:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-29 00:26 . 2008-05-08 14:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-28 23:36 . 2008-10-29 01:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-28 23:15 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-28 23:15 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-28 23:15 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-28 23:15 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-28 23:15 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-28 22:13 . 2008-10-28 22:13 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-10-28 22:13 . 2008-10-29 19:45 <DIR> d-------- C:\Documents and Settings\010\Application Data\Paltalk
2008-10-28 22:04 . 2008-10-28 22:04 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-28 22:04 . 2008-10-30 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-28 22:04 . 2008-10-30 19:49 1,197,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-28 22:04 . 2008-10-30 19:47 278,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-28 22:04 . 2008-10-28 22:37 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-28 22:04 . 2008-10-28 22:04 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-28 22:04 . 2008-10-30 19:49 11,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-28 22:04 . 2008-10-30 19:47 2,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-28 22:02 . 2008-10-28 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-28 21:28 . 2008-10-28 21:28 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-10-28 21:28 . 2008-04-13 18:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-10-28 21:28 . 2008-10-28 21:28 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-10-28 21:28 . 2008-04-13 16:39 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-10-28 21:28 . 2008-04-13 18:45 56,576 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-10-28 21:28 . 2008-04-13 18:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-10-28 21:28 . 2008-04-13 18:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-10-28 21:23 . 2008-04-13 19:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 21:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-28 17:24 --------- d-----w C:\Program Files\Huawei technologies
2008-10-28 17:16 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-24 08:11 338,560 ----a-w C:\WINDOWS\system32\drivers\RTL8187B.sys
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 15:43 25,088 ----a-w C:\WINDOWS\system32\msxml3a.dll
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-29 20:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-29 185872]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 406016]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-04-06 61440]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.mjpx"= Pvmjpg21.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
--a------ 2008-01-26 03:10 450648 C:\Program Files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 00:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2008-02-05 12:34 162328 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2008-02-05 12:34 141848 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-10-08 14:13 1101824 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2007-10-08 14:18 995328 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2008-02-05 12:34 137752 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
--a------ 2008-03-04 12:12 360448 C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-29 10:43 185872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 FwLnk;FwLnk Driver;C:\WINDOWS\system32\DRIVERS\FwLnk.sys [2007-04-04 5888]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-09-24 338560]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-13 57408]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{212610f9-a6a7-11dd-807c-001644c266dd}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0c9ddd2-a50d-11dd-8819-806d6172696f}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
.
------- Supplementary Scan -------
.
O8 -: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O17 -: HKLM\CCS\Interface\{D9D6F532-0ECF-4A37-81F1-A17AFD376589}: NameServer = 4.2.2.4 4.2.2.3
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-30 19:49:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-30 19:51:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-30 19:51:20
Pre-Run: 46,839,861,248 bytes free
Post-Run: 47,130,587,136 bytes free
261
التقرير الثاني...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:22, on 30/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\Documents and Settings\010\Desktop\Paltalk Messenger.exe
C:\DOCUME~1\010\LOCALS~1\Temp\RarSFX0\Paltalk.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\010\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D6F532-0ECF-4A37-81F1-A17AFD376589}: NameServer = 4.2.2.4 4.2.2.3
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 5406 bytes
تأييد
0
صمت السكوت
زيزوومى محترف
- إنضم
- 3 أبريل 2008
- المشاركات
- 5,058
- مستوى التفاعل
- 53
- النقاط
- 830
غير متصل
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D6F532-0ECF-4A37-81F1-A17AFD376589}: NameServer =
ثم التالي
.
=-=-=
.
* الآن ستظهر لنا رسالة للتأكيد على الحذف فنضغط على نعم كما بالصورة ..
.
.
=-=-=
.
وياليت وبعد تنظيف هذه القيم تستخدم هالأدوات ,,
.
(.. شرح تنظيف أداة الخصوصية Cyberscrub_Privacy_Suite ..)
.
.
ننقر على الرابط لتحميل الأداة :
.
* عند تحميل الأداة والنقر عليها دبل كلك سوف تظهر لنا هذه الواجهه وتبدأ في التنظيف
.
.
=-=-=
.
* ننتظر إلى أن تنتهي بنا هذه الواجهه ومن ثم نضغط على كلمة Close وسوف يعيد تشغيل الجهاز وبعد التشغيل سوف يكمل تنظيفه وقد لا يستغرق أقل من ثانيتين
.
.
=-=-=
.
(.. شرح أداة ATF-Cleaner ..)
.
نقوم بتحميل الأداة من :
.
ملاحظة : لا يلزم الدخول للوضع الآمن عند تشغيل الأداة :d:
.
ملاحظة أخرى : نظام تشغيل الأداة على الأكس بي فقط ,,
.
* عند النقر دبل كلك على الأداة سوف تظهر لنا هذه الواجهه فنطبق كما بالصورة ..
.
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D6F532-0ECF-4A37-81F1-A17AFD376589}: NameServer =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم التالي
.
=-=-=
.
* الآن ستظهر لنا رسالة للتأكيد على الحذف فنضغط على نعم كما بالصورة ..
.
.
=-=-=
.
وياليت وبعد تنظيف هذه القيم تستخدم هالأدوات ,,
.
(.. شرح تنظيف أداة الخصوصية Cyberscrub_Privacy_Suite ..)
.
.
ننقر على الرابط لتحميل الأداة :
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
* عند تحميل الأداة والنقر عليها دبل كلك سوف تظهر لنا هذه الواجهه وتبدأ في التنظيف
.
.
=-=-=
.
* ننتظر إلى أن تنتهي بنا هذه الواجهه ومن ثم نضغط على كلمة Close وسوف يعيد تشغيل الجهاز وبعد التشغيل سوف يكمل تنظيفه وقد لا يستغرق أقل من ثانيتين
.
.
=-=-=
.
(.. شرح أداة ATF-Cleaner ..)
.
نقوم بتحميل الأداة من :
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
ملاحظة : لا يلزم الدخول للوضع الآمن عند تشغيل الأداة :d:
.
ملاحظة أخرى : نظام تشغيل الأداة على الأكس بي فقط ,,
.
* عند النقر دبل كلك على الأداة سوف تظهر لنا هذه الواجهه فنطبق كما بالصورة ..
.
توقيع : صمت السكوت
تأييد
0
الديبلوماسي
زيزوومى فضى
غير متصل
بعد هذا ونا خوك ..
تأكد !!
شكله ملف تجسس ولا موقع تروجان !!
تأكد !!
شكله ملف تجسس ولا موقع تروجان !!
توقيع : الديبلوماسي
تأييد
0
ابو سعود الفلاني
زيزوومي جديد
- إنضم
- 29 يونيو 2008
- المشاركات
- 26
- مستوى التفاعل
- 0
- النقاط
- 20
غير متصل
الديبلوماسي انا الحين اطبق الشرح وشهو ملف تجسس او تروجان ياليت تفيددني
تأييد
0
الديبلوماسي
زيزوومى فضى
غير متصل
^
^
خلك مع الشرح ونا خوك ..
لا تفرع تفريعات مالها داعي .. خلنا خطوه خطوه .. والاخوان اللي معك
انا طالب عندهم .. :q:
^
خلك مع الشرح ونا خوك ..
لا تفرع تفريعات مالها داعي .. خلنا خطوه خطوه .. والاخوان اللي معك
انا طالب عندهم .. :q:
توقيع : الديبلوماسي
تأييد
0
ابو سعود الفلاني
زيزوومي جديد
- إنضم
- 29 يونيو 2008
- المشاركات
- 26
- مستوى التفاعل
- 0
- النقاط
- 20
غير متصل
مشكورررررين
Demo-dash
[FONT=Arial (Arabic)][FONT=Arial (Arabic)]خلود[/FONT]
[FONT=Arial (Arabic)]وجزاكم الله الف خير وان شاء الله في موازين حسناتكم[/FONT]
[FONT=Arial (Arabic)]الحمدالله ضبط معاي وراحت المشكله[/FONT]
[/FONT]Demo-dash
[FONT=Arial (Arabic)][FONT=Arial (Arabic)]خلود[/FONT]
[FONT=Arial (Arabic)]وجزاكم الله الف خير وان شاء الله في موازين حسناتكم[/FONT]
[FONT=Arial (Arabic)]الحمدالله ضبط معاي وراحت المشكله[/FONT]
تأييد
0
صمت السكوت
زيزوومى محترف
- إنضم
- 3 أبريل 2008
- المشاركات
- 5,058
- مستوى التفاعل
- 53
- النقاط
- 830
غير متصل
اللهم لك الحمد والشكر من فضل الله عز وجل
توقيع : صمت السكوت
تأييد
0