يا جماعة الخير هذا تقرير جهازى

ا

المنصورى

زيزوومي جديد
إنضم
31 أكتوبر 2007
المشاركات
70
مستوى التفاعل
0
النقاط
80
الإقامة
uae
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:10 PM, on 3/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\*******.IE5\C9GHHHLI\Zyzoom_HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.84 _sip._tls.abcd.winnerip.com
O1 - Hosts: 62.189.6.84 _sip._ssl.abcd.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._tls.efgh.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._ssl.efgh.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{1F97F0DA-8333-422C-8ADF-5594297A0383}: NameServer = 213.42.20.20,195.229.241.222
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 10042 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات

حمل الاداة التالية ثم شغلها بدبل كلك
بعدها اعد تشغيل جهازك وارفع تقرير ثاني للمتابع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
التقرير بعد ما عملت ريستارت وشغلت الاداه

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:17 PM, on 3/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\*******.IE5\VE1IQVAN\Zyzoom_HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{1F97F0DA-8333-422C-8ADF-5594297A0383}: NameServer = 213.42.20.20,195.229.241.222
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 9336 bytes
 
تأييد 0
تمام اخوي .. الاداه ادت مفعولها .. وجهازك فيه بعض الإصابات

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
اخوى مشكور على المجهود والتواصل

مش مطلوب احف قيم من التقرير بتكون مصابه ولا شئ ؟؟؟؟

ولك جزيل الشكر
 
تأييد 0
المنصورى قال:
اخوى مشكور على المجهود والتواصل

مش مطلوب احف قيم من التقرير بتكون مصابه ولا شئ ؟؟؟؟

ولك جزيل الشكر
أنقر للتوسيع...

ايوه يالغالي .. فيه قيمتين يتطلب منك حذفها

لاكن الأفضل حذف القيم بعد تنظيف الجهاز .. لأن لو حذفناها والجهاز مصاب راح ترجع ثاني
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
اخوى الغالى الاداه خلصت وتمام وطلعتلى تقرير log ارفقه ليك ولا ارفقلك تقرير hijackthis

مشكور على التواصل يا غالى
 
تأييد 0
هاتهم الأثنين
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
هذا التقرير اخوى hijackthis اخوى

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:14 PM, on 3/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\*******.IE5\VE1IQVAN\Zyzoom_HijackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{1F97F0DA-8333-422C-8ADF-5594297A0383}: NameServer = 213.42.20.20,195.229.241.222
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 8765 bytes
 
تأييد 0
اهلا بك .. هذا تقرير الهاي جاك

اين تقرير الكومبو فكس
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
هذا هو اخى الكريم

ComboFix 09-03-15.01 - Administrator 2009-03-16 18:01:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.894.435 [GMT 4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\2.bat
C:\2fiy.bat
C:\a1agmur.cmd
C:\autorun.inf
C:\dbrxubcw.com
C:\i6g6x.cmd
C:\u.com
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\nmdfgds2.dll
c:\windows\system32\olhrwef.exe
D:\2.bat
D:\2fiy.bat
D:\a1agmur.cmd
D:\Autorun.inf
D:\dbrxubcw.com
D:\i6g6x.cmd
D:\u.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.
2009-03-16 17:39 . 2009-03-16 17:38 110,629 -r-hs---- C:\luk1ylq.com
2009-03-15 16:37 . 2009-03-15 16:37 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-15 16:29 . 2009-03-15 16:29 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-15 13:51 . 2009-03-15 13:51 <DIR> d-------- c:\program files\Microsoft
2009-03-15 13:37 . 2009-03-15 14:24 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-15 13:18 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-03-15 13:13 . 2009-03-15 13:13 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-15 13:06 . 2009-03-16 18:09 <DIR> d-------- c:\documents and settings\Administrator\Tracing
2009-03-15 13:05 . 2009-03-15 13:51 <DIR> d-------- c:\program files\Windows Live
2009-03-15 13:05 . 2005-05-04 14:45 2,890,240 --a------ c:\windows\system32\msi.dll
2009-03-15 13:05 . 2005-05-04 14:45 2,890,240 --a--c--- c:\windows\system32\dllcache\msi.dll
2009-03-15 13:05 . 2005-05-04 14:45 884,736 --a------ c:\windows\system32\msimsg.dll
2009-03-15 13:05 . 2005-05-04 14:45 884,736 --a--c--- c:\windows\system32\dllcache\msimsg.dll
2009-03-15 13:05 . 2005-05-04 14:45 271,360 --a------ c:\windows\system32\msihnd.dll
2009-03-15 13:05 . 2005-05-04 14:45 271,360 --a--c--- c:\windows\system32\dllcache\msihnd.dll
2009-03-15 13:05 . 2005-05-04 14:45 78,848 --a------ c:\windows\system32\msiexec.exe
2009-03-15 13:05 . 2005-05-04 14:45 78,848 --a--c--- c:\windows\system32\dllcache\msiexec.exe
2009-03-15 13:05 . 2005-05-04 14:45 15,360 --a------ c:\windows\system32\msisip.dll
2009-03-15 13:05 . 2005-05-04 14:45 15,360 --a--c--- c:\windows\system32\dllcache\msisip.dll
2009-03-13 17:34 . 2009-03-13 17:33 108,968 -r-hs---- C:\xdw.com
2009-03-12 13:36 . 2009-03-12 13:40 <DIR> d-------- C:\Slideshow
2009-03-12 13:36 . 2009-03-12 13:46 <DIR> d-------- c:\program files\Slideshow pro
2009-03-12 13:36 . 2009-03-12 13:36 <DIR> d-------- c:\program files\mresreg
2009-03-12 13:36 . 2009-03-12 13:36 <DIR> d-------- C:\DVD-Slideshow
2009-03-12 11:49 . 2009-03-16 00:39 69 --a------ c:\windows\NeroDigital.ini
2009-03-11 18:25 . 2009-03-11 18:25 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ahead
2009-03-11 18:22 . 2009-03-11 18:22 <DIR> d-------- c:\program files\Nero
2009-03-11 18:22 . 2009-03-11 18:24 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-11 18:22 . 2009-03-11 18:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-11 18:20 . 2009-03-11 18:20 <DIR> d-------- c:\program files\AskTBar
2009-03-10 21:58 . 2009-03-10 21:58 108,313 -r-hs---- C:\cb.exe
2009-03-08 15:25 . 2009-03-08 15:25 108,446 -r-hs---- C:\i.com
2009-03-06 16:05 . 2009-03-06 16:05 268 --ah----- C:\sqmdata09.sqm
2009-03-06 16:05 . 2009-03-06 16:05 244 --ah----- C:\sqmnoopt09.sqm
2009-03-06 14:44 . 2009-03-14 20:31 <DIR> d-------- c:\program files\SIP Phone
2009-03-06 13:50 . 2009-03-06 13:50 268 --ah----- C:\sqmdata08.sqm
2009-03-06 13:50 . 2009-03-06 13:50 244 --ah----- C:\sqmnoopt08.sqm
2009-03-06 00:59 . 2009-03-06 00:59 268 --ah----- C:\sqmdata07.sqm
2009-03-06 00:59 . 2009-03-06 00:59 244 --ah----- C:\sqmnoopt07.sqm
2009-03-05 21:27 . 2009-03-05 21:27 268 --ah----- C:\sqmdata06.sqm
2009-03-05 21:27 . 2009-03-05 21:27 244 --ah----- C:\sqmnoopt06.sqm
2009-03-05 19:11 . 2009-03-05 19:11 268 --ah----- C:\sqmdata05.sqm
2009-03-05 19:11 . 2009-03-05 19:11 244 --ah----- C:\sqmnoopt05.sqm
2009-03-05 15:55 . 2009-03-05 15:55 268 --ah----- C:\sqmdata04.sqm
2009-03-05 15:55 . 2009-03-05 15:55 244 --ah----- C:\sqmnoopt04.sqm
2009-03-05 14:47 . 2009-03-15 17:29 <DIR> d-------- c:\program files\TCalls
2009-03-02 19:47 . 2009-03-02 19:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nero
2009-03-02 15:28 . 2009-03-02 15:28 <DIR> d-------- c:\program files\UltraISO
2009-03-02 15:28 . 2009-03-02 15:28 <DIR> d-------- c:\program files\Common Files\EZB Systems
2009-03-01 13:51 . 2009-03-01 13:51 <DIR> d-------- c:\program files\Phoneserve
2009-02-28 01:14 . 2009-02-28 01:14 107,008 -r-hs---- C:\gi2ky.exe
2009-02-25 19:57 . 2009-02-25 21:29 1,905 --a------ c:\windows\diagwrn.xml
2009-02-25 19:57 . 2009-02-25 21:29 1,905 --a------ c:\windows\diagerr.xml
2009-02-25 00:56 . 2009-02-25 00:56 <DIR> d-------- c:\program files\Nuclear Coffee
2009-02-24 23:59 . 2009-02-24 23:59 <DIR> d-------- c:\program files\Sun
2009-02-24 23:58 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-24 23:57 . 2009-02-24 23:58 <DIR> d-------- c:\program files\Java
2009-02-24 23:46 . 2009-02-24 23:46 <DIR> d-------- c:\program files\Common Files\Java
2009-02-23 22:30 . 2009-02-23 22:30 <DIR> d-------- c:\program files\Network LookOut
2009-02-23 22:26 . 2009-02-23 22:27 <DIR> d-------- c:\program files\قاموس صخر الجديد
2009-02-23 13:36 . 2009-02-23 13:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Hide IP NG
2009-02-22 22:36 . 2009-02-22 22:36 <DIR> d--h----- c:\windows\PIF
2009-02-20 18:19 . 2009-02-20 18:19 230,432 --a------ C:\StiImg.dat
2009-02-20 14:10 . 2009-03-09 19:33 138 --a------ c:\windows\system32\temp_0000_65-21.aok
2009-02-20 14:09 . 2009-03-12 17:45 180 --a------ c:\windows\system32\test.aok
2009-02-18 15:03 . 2009-02-18 15:03 268 --ah----- C:\sqmdata03.sqm
2009-02-18 15:03 . 2009-02-18 15:03 244 --ah----- C:\sqmnoopt03.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 14:10 34,908,192 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-16 14:09 295,200 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-16 14:07 474,692 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-16 14:07 30,692 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-16 13:37 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-15 11:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Nuotex
2009-03-12 13:39 --------- d-----w c:\program files\3GP Player
2009-03-12 09:44 2,502 ----a-w c:\windows\system32\ltrdp13n.dll
2009-03-01 09:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 07:26 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-24 16:40 --------- d-----w c:\program files\Wondershare
2009-02-23 13:01 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-02-08 16:10 --------- d-----w c:\program files\Allok 3GP PSP MP4 iPod Video Converter
2009-02-08 13:33 --------- d-----w c:\program files\BuddyCheck
2009-02-07 07:24 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-06 14:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 18:49 --------- d-----w c:\program files\Driver-Soft
2009-02-04 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-04 13:57 --------- d-----w c:\program files\Skype
2009-02-04 13:57 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-04 13:39 --------- d-----w c:\program files\Hotspot Shield
2009-02-03 07:11 --------- d-----w c:\program files\PC Camera
2009-02-03 07:11 --------- d-----w c:\program files\Common Files\PCCamera
2009-02-03 07:10 --------- d-----w c:\documents and settings\Administrator\Application Data\Yahoo!
2009-02-03 06:57 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-03 06:53 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-03 06:52 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-03 06:52 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 06:52 --------- d-----w c:\program files\Common Files\Adobe
2009-02-03 06:49 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-03 06:49 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-03 06:48 --------- d-----w c:\program files\Yahoo!
2009-02-03 06:47 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-03 06:47 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-03 06:47 --------- d-----w c:\program files\Real
2009-02-03 06:47 --------- d-----w c:\program files\Common Files\xing shared
2009-02-03 06:47 --------- d-----w c:\program files\Common Files\Real
2009-02-03 06:45 155,995 ----a-w c:\windows\java\Packages\2O757R9V.ZIP
2009-02-03 06:40 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-03 06:39 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-03 06:38 --------- d-----w c:\program files\Microsoft.NET
2009-02-03 06:32 --------- d-----w c:\program files\TinaSoft
2009-02-03 06:32 --------- d-----w c:\program files\Borland
2009-02-03 06:26 --------- d-----w c:\program files\Kaspersky Lab
2009-02-03 06:23 --------- d-----w c:\program files\HP
2009-02-03 06:23 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-02-03 06:22 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-02-03 06:22 --------- d-----w c:\program files\Common Files\HP
2009-02-03 06:22 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-02-03 06:19 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-02-03 06:16 --------- d-----w c:\documents and settings\Administrator\Application Data\HP
2009-02-03 06:15 --------- d-----w c:\program files\Hewlett-Packard
2009-02-03 06:14 --------- d--h--w c:\program files\Zenographics
2009-02-03 06:12 --------- d-----w c:\program files\D-Link
2009-02-03 06:10 --------- d-----w c:\program files\ATI Technologies
2009-02-03 06:05 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-09 4670704]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-03 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 227856]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-03 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\pfc027.sys [2005-04-08 162176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{430931f2-04ab-11de-b1ab-001f81000100}]
\Shell\AutoRun\command - g:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
\Shell\open\command - g:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{587db848-0fd3-11de-9130-0015e92ef8d5}]
\Shell\AutoRun\command - G:\xdw.com
\Shell\open\Command - G:\xdw.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{587dbc62-0fd3-11de-9130-0015e92ef8d5}]
\Shell\AutoRun\command - G:\xdw.com
\Shell\open\Command - G:\xdw.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{690ec816-0a34-11de-9105-0015e92ef8d5}]
\Shell\AutoRun\command - forSV.exe
\Shell\explore\Command - forSV.exe
\Shell\open\Command - forSV.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{690ed682-0a34-11de-9105-0015e92ef8d5}]
\Shell\AutoRun\command - G:\dbrxubcw.com
\Shell\open\Command - G:\dbrxubcw.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9c1c40-f2c7-11dd-b165-001f81000100}]
\Shell\AutoRun\command - xdw.com
\Shell\open\Command - xdw.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ff989bd-0d72-11de-911f-0015e92ef8d5}]
\Shell\AutoRun\command - G:\u.com
\Shell\open\Command - G:\u.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b95cbf2-f90f-11dd-b18b-001f81000100}]
\Shell\AutoRun\command - G:\2fiy.bat
\Shell\open\Command - G:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92dcc929-029f-11de-b1a8-001f81000100}]
\Shell\AutoRun\command - G:\2fiy.bat
\Shell\open\Command - G:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92dcc952-029f-11de-b1a8-001f81000100}]
\Shell\AutoRun\command - G:\2fiy.bat
\Shell\open\Command - G:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92dcca10-029f-11de-b1a8-001f81000100}]
\Shell\AutoRun\command - G:\gi2ky.exe
\Shell\open\Command - G:\gi2ky.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92dcca32-029f-11de-b1a8-001f81000100}]
\Shell\AutoRun\command - G:\2fiy.bat
\Shell\open\Command - G:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92dccbb4-029f-11de-b1a8-001f81000100}]
\Shell\AutoRun\command - G:\2fiy.bat
\Shell\open\Command - G:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92dccc04-029f-11de-b1a8-001f81000100}]
\Shell\AutoRun\command - G:\2fiy.bat
\Shell\open\Command - G:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9418bf42-01c1-11de-b1a5-001f81000100}]
\Shell\AutoRun\command - G:\2fiy.bat
\Shell\open\Command - G:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94689870-0898-11de-90ff-001f81000100}]
\Shell\AutoRun\command - G:\a1agmur.cmd
\Shell\open\Command - G:\a1agmur.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca4deb9d-f852-11dd-b187-001f81000100}]
\Shell\AutoRun\command - G:\2fiy.bat
\Shell\open\Command - G:\2fiy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d14ea1d9-10b6-11de-913b-0015e92ef8d5}]
\Shell\AutoRun\command - G:\xdw.com
\Shell\open\Command - G:\xdw.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d84555ed-fe87-11dd-b198-001f81000100}]
\Shell\AutoRun\command - G:\ur0.com
\Shell\open\Command - G:\ur0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de6a8eaa-f515-11dd-b170-001f81000100}]
\Shell\AutoRun\command - G:\xdw.com
\Shell\open\Command - G:\xdw.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e84b2eb4-fb1f-11dd-b194-001f81000100}]
\Shell\AutoRun\command - G:\a1agmur.cmd
\Shell\open\Command - G:\a1agmur.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef5113f4-f675-11dd-b17b-001f81000100}]
\Shell\AutoRun\command - G:\cb.exe
\Shell\open\Command - G:\cb.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27e04c5-0e4a-11de-9127-0015e92ef8d5}]
\Shell\AutoRun\command - G:\acdsee.exe
\Shell\open\Command - G:\acdsee.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe
ShellExecuteHooks-{BB4C402F-882A-4526-8C08-51278EA437C1} - c:\windows\system32\afmain0.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
,
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {1F97F0DA-8333-422C-8ADF-5594297A0383} = 213.42.20.20,195.229.241.222
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6n8y2o6u.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-16 18:09:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1568)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1624)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
- - - - - - - > 'explorer.exe'(936)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-03-16 18:16:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-16 14:16:23
Pre-Run: 41,235,533,824 bytes free
Post-Run: 44,047,880,192 bytes free
356

وجزاك الله عنا كل الخير​
 
تأييد 0
الكلام اللي رآح يقول لك علييه الاستأذ ديممو :hh:

هات تقرير جديد :d:

أمسى علييك بالخير ياغالي ,,
 
توقيع : Corporation
تأييد 0
الله المستعان

جهازك فيه اصابات .. اعمل التالي

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



 
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
COMPAQ99 قال:
الكلام اللي رآح يقول لك علييه الاستأذ ديممو :hh:

هات تقرير جديد :d:

أمسى علييك بالخير ياغالي ,,
أنقر للتوسيع...

هذا انا ماقلته :hh:
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
توقيع : Corporation
تأييد 0
جزاكم الله خير جارى تحميل الادااااة

بس النت شوى بطئ ان شاء الله يحملها واطلع التقرير وتكون النتيجه خير ( ولد )

بارك الله فيكم جميعاااااااااا
 
تأييد 0
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
المنصورى قال:
جزاكم الله خير جارى تحميل الادااااة

بس النت شوى بطئ ان شاء الله يحملها واطلع التقرير وتكون النتيجه خير ( ولد )

بارك الله فيكم جميعاااااااااا
أنقر للتوسيع...

مو مشكله .. واحنا بالإنتظار

سواء كان انا او كومباك ... مش هيك :d:
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Demo-dash قال:
مو مشكله .. واحنا بالإنتظار

سواء كان انا او كومباك ... مش هيك :d:
أنقر للتوسيع...
هيك هيك ياقلبي :d:

بس مآتذكر بالبند اللي ينص على ,,
- تجنب محاولة حل مشكلة ما ثم تركها في منتصف الطريق الا لضرورة ولتكن متابعا للموضوع الذي بدأته قدر الامكان فلا شي اجمل من حب الخير لاخوتك وتذليل الصعاب امامهم فأن نفدت منك الوسائل فكلمة لا اعلم نصف العلم كما يقال ولا يكلف الله نفسا الا وسعها
أنقر للتوسيع...
يبي يحرجك :hh:

يآخي متملل مآ تحس ردودي كذآ فضآوة :d:

عذراُ منك صآحب الموضوع مآصدقت صدت المتخفي :bleh:
 
توقيع : Corporation
تأييد 0
:eek:

خلاص ... انا لها ورب الكعبة :d:

الى اطلع لك جهازك يلق لق

--

لكن يعلم الله كم انا مشغول ..

و اخرتها تحت توقيعي باسوي زيك عشان اقدم عذر مسبق :d::d:

:bleh:

------------------

ان شاء الله حاكون بإنتظار تقرير الكاسبر اخي المنصورى

:king:
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى