تقرير جهازي+أرجو المساعدة

[Fasoo0ooly_ss]

السلام عليكم
الله بالخير افري ون وافري ونه :d:

وقسمن بالله الشغل اللي تسونه بذا بطل والله يوفّقكم ويخليكم+يعطيكم العافيه..

عموماً انا سويت سكان بالهاي جاك وهذا الريبورت تبعي..علماً بأن الجهازي حقي يسوي فريز بشكل مستمر+دايم يطلع لي حق الفيجول ديبقر او شي زي كذا.. عموماً هذا التقرير والله لايهينكم k:


Logfile of HijackThis v1.99.1
Scan saved at 04:09:06 م, on 08/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\user\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\user\Application Data\CyberScrub\Privacy Suite"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F96156CC-C582-4D46-94C8-99DB2AD543E0}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: BandLuxe Service (BandLuxe_Service) - Unknown owner - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe" -e (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

 

[Demo-dashDemo-dash is verified member.]

اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[Demo-dashDemo-dash is verified member.]

وعليكم السلام :d:

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

​

 

[Fasoo0ooly_ss]

دوك التقرير ياقلبي

ComboFix 09-04-04.01 - user 04/08/2009 16:27:00.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.247.85 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 13:32 86,048 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-08 13:32 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-08 13:32 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-08 13:32 1,752 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-08 12:49 --------- d-----w c:\documents and settings\user\Application Data\CyberScrub
2009-04-08 12:48 --------- d-----w c:\documents and settings\user\Application Data\cleaner
2009-04-07 18:13 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-07 18:13 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-07 18:13 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-07 17:45 --------- d-----w c:\program files\Kaspersky Lab
2009-04-07 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-07 09:16 --------- d-----w c:\program files\Maximum Software
2009-04-06 23:34 0 ----a-w C:\osy3.sys
2009-03-31 21:20 --------- d-----w c:\program files\Total Video Converter
2009-03-31 21:00 13,824 ----a-w c:\windows\system32\drivers\splitcam.sys
2009-03-31 21:00 --------- d-----w c:\program files\SplitCam
2009-03-30 13:31 --------- d-----w c:\program files\Common Files\xing shared
2009-03-30 13:30 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-30 13:30 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-28 12:57 --------- d-----w c:\documents and settings\user\Application Data\DMCache
2009-03-16 14:36 --------- d-----w c:\program files\CaptureWiz
2009-03-16 14:36 --------- d-----w c:\documents and settings\user\Application Data\PixelMetrics
2009-03-16 11:10 --------- d-----w c:\program files\Hotspot_Shield
2009-03-16 11:10 --------- d-----w c:\program files\Conduit
2009-03-16 11:09 --------- d-----w c:\program files\Hotspot Shield
2009-03-12 22:38 --------- d-----w c:\program files\QuickTime
2009-02-14 14:36 82 ----a-w c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
03/16/2009 02:09 PM 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/03/2004 11:56 PM 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [04/04/2009 12:30 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [10/30/2003 02:46 AM 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [10/30/2003 02:33 AM 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM 132496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [03/13/2009 01:38 AM 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/30/2009 04:29 PM 198160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/07/2009 09:13 PM 206088]
"AGRSMMSG"="AGRSMMSG.exe" [09/12/2003 08:47 PM 88363 c:\windows\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/03/2004 11:56 PM 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58167:TCP"= 58167:TCPando P2P TCP Listening Port
"58167:UDP"= 58167:UDPando P2P UDP Listening Port
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2008-10-03 87264]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-06 117208]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\system32\drivers\wA301b.sys [2008-04-06 33847]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-03-16 31704]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [2007-11-27 104192]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18306756-11b4-11dd-b92d-000cf11a5c9c}]
\Shell\AutoRun\command - F:\f.bat
\Shell\explore\Command - F:\f.bat
\Shell\open\Command - F:\f.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d737d94-098c-11dd-b91d-000cf11a5c9c}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f11486a-df57-11dd-b9ea-000cf11a5c9c}]
\Shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
\Shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9097a7be-1faf-11dd-b94a-000cf11a5c9c}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - m9j.com
\Shell\open\Command - m9j.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc9a152-8455-11dc-b998-000cf11a5c9c}]
\shElL\Autoplay\ComMand - F:\bsht.exe
\shElL\AutoRun\command - F:\bsht.exe
\shElL\ExpLOre\cOmMAND - F:\bsht.exe
\shElL\opEn\CoMmaNd - F:\bsht.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-07 c:\windows\Tasks\Registry Winner Schedule.job
- c:\docume~1\user\LOCALS~1\Temp\RarSFX0\RegistryWinner.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
MSConfigStartUp-Pando - c:\program files\Pando Networks\Pando\Pando.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-08 16:37:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4e4a4b4b-3d18-4d94-8f88-6d8d92cf6df4}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005d
"Therad"=dword:00000008
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4f,06,97,2b,6a,6c,be,56,23,84,2f,41,ca,18,37,dc,9c,1f,55,5b,e8,
a0,13,43,39,2a,01,e4,4b,a1,82,c8,c6,7c,45,6b,10,c0,8a,14,00,00,00,00,00,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\HOTSPOT SHIELD\BIN\OPENVPNAS.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 04/08/2009 16:40:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-08 13:40:10
Pre-Run: 10,410,967,040 bytes free
Post-Run: 10,349,297,664 bytes free
165

 

[Demo-dashDemo-dash is verified member.]

تسلمي والله

الان من اضافه وازاله البرامج احذف


Yahoo! Toolbar

ثم من التقرير الاول الهاي جاك .. احذف



F2 - REG:system.ini: Shell=Explorer.exe


F2 - REG:system.ini: UserInit=userinit.exe


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)



O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe



O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

عطل برنامج الحمايه واستخدم اداة SmitfraudFix​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

​

حمل هالبرنامج (( المحمول )) لتنظيف جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

فك الضغط وشغل البرنامج

ثم

ثم

​

وشوف هل الرساله اختفت ام لا حقت الديبوقر مدري :hh:

لو استمرت ارفع لنا صورة من لرساله
​

 

[Fasoo0ooly_ss]

وقسمن انك بطل العالم ياشيخ...لو انك جمبي تسان بست خشمك..

بس فيه ماقلته ...شلون احذف من التقرير الأول

ياليت تعلمني

 

[Fasoo0ooly_ss]

ايه وصح نسيت تراني حاولت اتلقّفت وسويت تقرير هاي جاي جديد...بس مالقيت القيم اللي انت حاط

 

[Fasoo0ooly_ss]

مدري ليه أحسّ إني إنسفهت

 

[MAAX]

وقسمن انك بطل العالم ياشيخ...لو انك جمبي تسان بست خشمك..

بس فيه ماقلته ...شلون احذف من التقرير الأول

ياليت تعلمني

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود​

 

[مجيد الحلو]

وقسمن انك بطل العالم ياشيخ...لو انك جمبي تسان بست خشمك..

:hh::hh::hh::hh::hh::hh: