[ تم حل المشكلة ] جزاكم الله خير عندي مشكله في الكاسبر وهي هذه النافذه

[nine one one]

السلام عليكم اخواني في زيزوم الرائع

عندي مشكلة في كاسبر 2009

وهي هذه النافذه تعمل لي مشاكل من اغلاق المتصفح وقطع الاتصال

اتمنى منكم التوضيح وجزاكم الله خير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[السّاجد لله]

اعمل اصلاح للكاسبر

كلك يمين على ايقونة الكاسبر بجوار الساعة ثم settings ثم restore
​

 

[nine one one]

جزاك الله خير اخي هشام
انا عملت الخطوه اللي ذكرتها وان شاءالله انها تزول هذه النافذه

 

[nine one one]

اخي هشام للاسف الرساله مازالت تظهر وبالذات عند بداية تشغيل الوندوز
مع اني حذفت الكاسبر وركبت النسخه الجديده ولكن دون جدوى

اتمنى ان اجد حل وجزاكم الله خير

 

[ابـــو عــبــد الــلــه]

بعد اذن الاخ هشام
....

اغلاق الكاسبر ... كلك يمين على ايقونة الكاسبر بجوار الساعة ثم خروج ... بعد ذلك استخدام الاداة في حذف الكاسبر


اداة حذف برنامج kaspersky 8

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ولا تقم بتثبيت اي برنامج حماية
....


حمل هذا الآداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
أتمنى منك الصبر حتى يتم تحليل التقرير​

 

[nine one one]

Logfile of HijackThis v1.99.1
Scan saved at 10:24:12 PM, on 4/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
c:\Program Files\GlobaX\srvany.exe
c:\Program Files\GlobaX\globax_daemon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APV\autostart_and_process_viewer.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\comp1\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [APV] C:\Program Files\APV\autostart_and_process_viewer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0_04) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GlobaX - Unknown owner - c:\Program Files\GlobaX\srvany.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

 

[nine one one]

في انتظارك اخي ابوريما جزيت خيرا

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 

[ابـــو عــبــد الــلــه]

وين التقرير ...​

 

[nine one one]

وين التقرير ...​

التقرير وضعته في الرد كيف ماشفته؟

 

[ابـــو عــبــد الــلــه]

انا اسف اقصد استخدام الاداة اللى في رد اخي ماكس وعطني تقرير​

 

[nine one one]

ComboFix 09-04-21.A8 - comp1 04/21/2009 23:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1014.500 [GMT 3:00]
Running from: c:\documents and settings\comp1\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
FW: Norton Internet Security 2006 *enabled*
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\ADSTechnology
c:\documents and settings\All Users\Start Menu\Programs\ADSTechnology\Uninstall.lnk
c:\documents and settings\comp1\Application Data\addon.dat
c:\documents and settings\comp1\Application Data\inst.exe
c:\program files\ActivationManager
c:\program files\ActivationManager\Uninstall.exe
c:\program files\ADSTechnology
c:\program files\ADSTechnology\ADSTechnology.dll
c:\program files\ADSTechnology\Uninstall.exe
c:\program files\Bifrost
c:\program files\bifrost\klog.dat
c:\windows\system\oeminfo.ini
c:\windows\system32\au3305adc.dll
c:\windows\system32\au3305arc.dll
c:\windows\system32\Mswinapppiobas60.dll
c:\windows\system32\Ultra.dll
c:\windows\ukxgbh.rti

.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-21 01:16 . 2009-04-21 01:16 37 ---ha-w c:\windows\sysreg.dat
2009-04-21 01:16 . 2009-04-21 01:18 -------- d-----w c:\program files\Dachshund Software
2009-04-20 19:46 . 2009-04-20 19:57 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-20 19:46 . 2009-04-20 19:57 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-20 19:45 . 2009-04-21 20:17 1759776 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-20 19:45 . 2009-04-21 20:17 14828 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-20 19:45 . 2009-04-21 20:17 352288 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-20 19:45 . 2009-04-21 20:17 2284 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-20 19:45 . 2009-04-21 20:17 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-20 19:45 . 2009-04-20 19:45 -------- d-----w c:\program files\Kaspersky Lab
2009-04-20 10:20 . 2009-04-20 10:20 -------- d-----w c:\documents and settings\Woodoo\LOCALS~1
2009-04-20 10:20 . 2009-04-20 10:20 -------- d-----w c:\documents and settings\Woodoo
2009-04-20 10:19 . 2009-04-20 10:19 -------- d-----w c:\program files\Smart Install Maker
2009-04-19 08:21 . 2009-04-19 08:21 22 ----a-w c:\windows\system32\mseixml.sei
2009-04-19 08:21 . 2009-04-19 08:21 22 ----a-w c:\windows\mseixml.sei
2009-04-17 21:48 . 2009-04-17 21:48 -------- d-----w c:\program files\PE Explorer
2009-04-02 11:49 . 2009-04-02 11:49 -------- d-----w c:\documents and settings\comp1\Application Data\%#@_&^
2009-04-02 11:25 . 2009-04-02 11:25 -------- d-----w c:\documents and settings\comp1\Application Data\Kaspersky_Key_Finder_(KKF
2009-03-28 08:09 . 2009-03-28 08:09 -------- d-----w c:\documents and settings\comp1\Application Data\AdobeUM
2009-03-27 11:24 . 2009-03-27 11:33 -------- d-----w c:\program files\CamStudio
2009-03-26 09:18 . 2009-03-26 09:18 -------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-26 09:17 . 2009-03-26 09:17 -------- d-----w c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 20:17 . 2009-02-17 09:23 -------- d-----w c:\program files\APV
2009-04-21 00:37 . 2007-05-10 11:24 -------- d-----w c:\documents and settings\comp1\Application Data\uTorrent
2009-04-20 21:02 . 2009-02-21 20:12 -------- d-----w c:\program files\DynDNS Updater
2009-04-20 19:57 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-19 22:31 . 2009-02-17 09:13 -------- d-----w c:\program files\BreakPoint Software
2009-04-17 21:21 . 2006-12-31 15:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 14:16 . 2009-03-09 01:59 -------- d-----w c:\documents and settings\comp1\Application Data\X-NetStat
2009-04-10 21:42 . 2007-05-24 18:59 -------- d-----w c:\documents and settings\comp1\Application Data\CyberLink
2009-03-30 13:51 . 2009-02-10 11:22 -------- d-----w c:\program files\All Video Splitter
2009-03-30 13:46 . 2008-03-02 10:33 -------- d-----w c:\program files\Save Flash
2009-03-26 10:00 . 2007-08-28 00:29 -------- d-----w c:\documents and settings\comp1\Application Data\bend option send
2009-03-23 20:39 . 2007-09-14 21:12 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-17 08:23 . 2007-11-24 04:21 -------- d-----w c:\program files\No-IP
2009-03-14 19:54 . 2008-02-06 02:15 -------- d-----w c:\program files\Yahoo!
2009-03-14 19:51 . 2009-02-06 11:52 -------- d-----w c:\program files\Nokia
2009-03-12 16:34 . 2009-03-10 09:08 -------- d-----w c:\program files\Proxy Switcher Standard
2009-03-12 14:31 . 2007-08-28 00:29 -------- d-----w c:\documents and settings\All Users\Application Data\TRANS BALM PEAK OKAY
2009-03-12 14:30 . 2009-03-12 14:30 -------- d-----w c:\program files\bend option send
2009-03-12 14:29 . 2009-03-12 14:29 -------- d-----w c:\program files\Circle Developement
2009-03-12 11:22 . 2008-08-08 23:20 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-12 11:17 . 2009-03-12 11:17 -------- d-----w c:\documents and settings\comp1\Application Data\ACD Systems
2009-03-12 08:25 . 2009-03-12 08:24 -------- d-----w c:\documents and settings\comp1\Application Data\Yahoo!
2009-03-11 23:16 . 2009-03-11 23:08 -------- d--h--w c:\program files\GLF5F.tmp
2009-03-11 23:16 . 2009-03-11 22:27 -------- d-----w c:\documents and settings\comp1\Application Data\SlipStream
2009-03-11 22:52 . 2009-03-05 18:07 -------- d-----w c:\documents and settings\comp1\Application Data\PE Explorer
2009-03-11 22:52 . 2009-02-06 11:54 -------- d-----w c:\documents and settings\comp1\Application Data\Nokia
2009-03-11 22:52 . 2007-06-05 19:46 -------- d-----w c:\documents and settings\comp1\Application Data\Aston
2009-03-09 22:44 . 2009-03-09 22:44 -------- d-----w c:\program files\iVocalize Web Conference 4
2009-03-09 01:59 . 2009-03-09 01:59 -------- d-----w c:\program files\X-NetStat Professional
2009-03-05 17:53 . 2006-01-16 11:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-04 22:05 . 2009-03-03 20:59 397 ----a-w C:\home.htm
2009-02-28 22:44 . 2009-02-25 19:06 -------- d-----w c:\documents and settings\comp1\Application Data\Thinstall
2009-02-28 22:44 . 2009-02-28 22:44 -------- d-----w c:\documents and settings\All Users\Application Data\Thinstall
2009-02-28 22:43 . 2009-02-28 22:43 -------- d-----w c:\program files\Trojan Remover 6.7.6 (VMware ThinApp)
2009-02-26 01:42 . 2009-02-26 01:42 -------- d-----w c:\program files\Icon Constructor 3
2009-02-25 19:00 . 2009-02-25 19:00 -------- d-----w c:\program files\DynGate
2009-02-25 18:12 . 2008-12-01 07:55 -------- d-----w c:\documents and settings\comp1\Application Data\TeamViewer
2009-02-25 15:00 . 2007-08-19 11:58 -------- d-----w c:\program files\MSN Messenger
2009-02-20 17:31 . 2009-02-04 14:50 415 ----a-w C:\gmail_debug_headers4.txt
2009-02-20 17:31 . 2009-02-04 14:50 251 ----a-w C:\gmail_debug_headers3.txt
2009-02-20 17:31 . 2009-02-04 14:50 220 ----a-w C:\gmail_debug_response4.txt
2009-02-20 17:31 . 2009-02-04 14:50 145 ----a-w C:\gmail_debug_response3.txt
2009-02-20 17:31 . 2009-02-04 14:50 798 ----a-w C:\gmail_debug_headers2.txt
2009-02-20 17:31 . 2009-02-04 14:50 1512 ----a-w C:\gmail_debug_response2.txt
2009-02-20 17:31 . 2009-02-04 14:50 814 ----a-w C:\gmail_debug_response1.txt
2009-02-20 17:31 . 2009-02-04 14:50 797 ----a-w C:\gmail_debug_headers1.txt
2009-02-10 12:25 . 2009-01-18 21:11 30601 ----a-w c:\windows\java\x.exe
2009-02-06 05:10 . 2009-02-04 10:44 2756608 ----a-w c:\windows\system32\NETw5r32.dll
2009-02-06 05:10 . 2009-02-04 10:44 663552 ----a-w c:\windows\system32\NETw5c32.dll
2009-02-06 05:00 . 2009-02-04 09:56 40056 ----a-w c:\windows\system32\NicInst.dll
2009-02-06 05:00 . 2006-01-16 12:38 35424 ----a-w c:\windows\system32\e100bmsg.dll
2009-02-04 10:49 . 2009-02-04 10:49 147456 ----a-w c:\windows\system32\igfxCoIn_v1437.dll
2009-02-04 09:56 . 2009-02-04 09:56 28272 ----a-w c:\windows\system32\NicCo2.dll
2009-02-04 09:52 . 2009-02-04 09:52 290816 ----a-w c:\windows\vncutil.exe
2009-02-04 09:52 . 2009-02-04 09:52 1826816 ----a-w c:\windows\SkyTel.exe
2009-02-04 09:52 . 2006-01-16 12:27 77824 ----a-w c:\windows\SOUNDMAN.EXE
2009-02-04 09:52 . 2006-01-16 12:27 1200128 ----a-w c:\windows\RtlUpd.exe
2009-02-04 09:52 . 2006-01-16 12:27 9715200 ----a-w c:\windows\RTLCPL.EXE
2009-02-04 09:52 . 2009-02-04 09:52 34816 ----a-w c:\windows\system32\RtkCoInstXP.dll
2009-02-04 09:52 . 2009-02-04 09:52 104992 ----a-w c:\windows\RtkAudioService.exe
2009-02-04 09:52 . 2006-01-16 12:27 18081280 ----a-w c:\windows\RTHDCPL.EXE
2009-02-04 09:52 . 2006-01-16 12:27 2168320 ----a-w c:\windows\MicCal.exe
2009-02-04 09:52 . 2006-01-16 12:27 57344 ----a-w c:\windows\ALCMTR.EXE
2009-02-04 09:52 . 2006-01-16 12:27 2808832 ----a-w c:\windows\ALCWZRD.EXE
2009-02-03 15:38 . 2009-02-03 15:38 356352 ----a-w c:\windows\eSellerateEngine.dll
2009-02-03 12:14 . 2006-10-10 22:14 60616 -c--a-w c:\documents and settings\comp1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-31 09:10 . 2008-08-08 23:18 150 ----a-w C:\YServer.txt
2009-01-23 10:36 . 2009-01-23 10:39 4013 ----a-w c:\windows\system32\config.dll
2007-09-02 01:32 . 2007-03-09 11:11 47360 -c--a-w c:\documents and settings\comp1\Application Data\pcouffin.sys
2007-07-16 04:05 . 2007-07-16 04:05 142576 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-07-11 03:08 . 2006-10-10 22:14 128 -c--a-w c:\documents and settings\comp1\Local Settings\Application Data\fusioncache.dat
2007-03-09 11:56 . 2007-03-09 11:11 87608 -c--a-w c:\documents and settings\comp1\Application Data\ezpinst.exe
2007-02-19 00:28 . 2007-02-19 00:28 18 -c--a-w c:\program files\UseDop.ini
2006-12-31 19:58 . 2006-12-31 19:56 17480 -c--a-w c:\program files\esignal.log
2006-01-17 11:23 . 2007-11-24 14:42 33120 -c--a-w c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-01-17 11:23 . 2006-10-10 22:13 33120 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-01-16 11:42 . 2007-11-24 14:42 128 -c--a-w c:\documents and settings\LogMeInRemoteUser\Local Settings\Application Data\fusioncache.dat
2006-01-16 11:42 . 2006-10-10 22:13 128 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
2008-08-01 08:09 . 2008-07-30 23:44 22451 --sha-w c:\windows\system\klog.dat
.

------- Sigcheck -------

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2002-12-31 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 B4E29943B4B04BD5E7381546848E6669 c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-29 20:58 1655808 B40EB7C75C2CEAAB5328A3BF0209A430 c:\windows\explorer.exe

[-] 2008-05-29 20:58 80216 1FA4B5A2899A41DF1B0068E96B55E9C2 c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"APV"="c:\program files\APV\autostart_and_process_viewer.exe" [2008-06-27 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-20 206088]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2002-12-31 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-17 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2007-11-29 08:42 44400 ----a-w c:\windows\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 15:46 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\comp1\\Desktop\\utorrent\\utorrent.exe"=
"c:\\Documents and Settings\\comp1\\Desktop\\port test\\PorTs TesT 2.0.exe"=
"c:\\Documents and Settings\\comp1\\temp\\TeamViewer3\\TeamViewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:MarketGate
"443:UDP"= 443:UDP:MarketGate
"15936:TCP"= 15936:TCP:BitComet 15936 TCP
"15936:UDP"= 15936:UDP:BitComet 15936 UDP
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"3460:TCP"= 3460:TCPoison Ivy 2.3.2
"3460:UDP"= 3460:UDPoison Ivy 2.3.2

R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 PAC207;VideoCAM GE111;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-20 33808]
S2 GlobaX;GlobaX;c:\program files\GlobaX\srvany.exe [1997-05-14 13312]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2007-08-03 12992]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 LMPC4;LMPC4; [x]
S3 tap0801;Smarthide TAP driver;c:\windows\system32\DRIVERS\tap0801.sys [2007-10-12 55808]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{449b00d2-868a-11da-a583-00a0d1df1b4d}]
\Shell\AutoRun\command - browser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e4dcaeb-6abc-11dd-a2ac-00a0d14c3a1c}]
\Shell\AutoRun\command - RESTORE\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe
\Shell\open\command - RESTORE\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fcdfcf1-063d-11dc-9f0d-00a0d14c3a1c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0259D8A2-3C8D-C0F6-DA3F-793296F98ECD}]
c:\windows\system32\Proxy.com

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EE57CF1-67DC-0911-B5C7-5EA15B263F19}]
c:\windows\system\system.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{214F5D02-9299-DD7F-6E94-07CAB6453B3B}]
c:\documents and settings\comp1\Desktop\مشروع\UpLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{261C733C-EAA5-655F-344E-707F0F710057}]
c:\program files\Bifrost\server.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28A0FB5A-7F97-ADED-C991-F61ACE5C6E98}]
c:\documents and settings\comp1\Desktop\Support_Win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2934FCE8-4FB8-11A6-6F3A-47497BC34129}]
c:\documents and settings\comp1\Desktop\Cryptoware\Cryptoware\at.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3141770F-F02A-4B57-7D3C-3B8AB794B4D0}]
c:\documents and settings\comp1\Desktop\serds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3219B450-6601-28AC-99CC-EF798CFE4D1D}]
c:\documents and settings\comp1\Desktop\dds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5E447397-7FB0-69BF-341A-992DFA04D522}]
c:\docume~1\comp1\LOCALS~1\Temp\IXP000.TMP\6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{656E3139-2658-9B5D-48A2-5BF74855550E}]
c:\documents and settings\comp1\Desktop\azs.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = local
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\comp1\Application Data\Mozilla\Firefox\Profiles\ensgxnj9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2224228&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ddlareakksn Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-21 23:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-532611989-4092441638-2036424298-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"

[HKEY_USERS\S-1-5-21-532611989-4092441638-2036424298-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29A7757F-611F-4C82-8369-A369F8DA10F2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abccdchhmibefpokeodnggkgbppfdhhbha"=hex:61,61,00,00
"bbccdchhmibefpokeomjjibcgkaijmbopgce"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-532611989-4092441638-2036424298-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9934F340-37A8-DE3F-1D5F-E3B0DB8D4301}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-532611989-4092441638-2036424298-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D926360E-4875-2CE2-9F3D-CD791632A06E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):11,dc,89,47,16,af,af,3b,bb,d2,00,1c,ad,3f,2e,e8,5e,5d,79,09,b6,
c3,3a,65,19,08,db,07,63,df,84,a2,b1,b7,b8,6f,ad,af,44,60,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b4ed778d-7e7a-4f3e-bef5-15429a7b33f9}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001a
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,25,d5,85,fd,46,52,f2,30,29,8d,0e,95,00,23,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1612)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\fsp_lmwl.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2192)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lock My PC 4\lockpc.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\Crypserv.exe
c:\program files\GlobaX\globax_daemon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\DynDNS Updater\DynDNS.exe
.
**************************************************************************
.
Completion time: 2009-04-21 23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 20:20

Pre-Run: 12,781,150,208 bytes free
Post-Run: 12,736,774,144 bytes free

358

 

[ابـــو عــبــد الــلــه]

عطل نقطة الاستعادة مثل الموجود في الشرح التالي

::::



حمل اداة الكاسبر من الرابط التالي


...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

...




بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل



تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير



[/B]

ثم قوم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[nine one one]

تفضل اخي ابوريما

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[Corporation]

لا يوجد أصابات ,,

إلى الآن النافذة تظهر معك أخي ,,​

 

[nine one one]

لا يوجد أصابات ,,

إلى الآن النافذة تظهر معك أخي ,,​

من بعد ماشغلت اداة ComboFix حتى الان لم تظهر ولله الحمد وايضا لم يظهر لي اغلاق متصفح الفايرفوكس... ان شاءالله انها زالت المشكله بفضل الله ثم بفضلكم ومتابعتكم .. والله ان لساني يعجز عن شكركم ..احبتي في زيزوم الرائع.. جزاكم الله خير الجزاء ووفقكم الله في دنياكم وآخرتكم