- بادئ الموضوع عــزوز
- تاريخ البدء
- 1,363
أغلق برنامج الحمايه لديك
وحمل هذا الأداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
OR
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة ==> انسخه والصقه بردك القادم
بالآآنتظآآر ,,
توقيع : أعتز بك
تأييد
0
عــزوز
زيزوومي نشيط
غير متصل
هلا اخوي هذا التقرير حق الكاسببر
اتفضل
Scan
----
Scanned: 254017
Detected: 1
Untreated: 0
Start time: 12/05/1430 10:56:31 م
Duration: 02:12:06
Finish time: 13/05/1430 01:08:37 ص
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-PSW.Win32.QQSender.af File: D:\بـَ رَ آمـِ ج\44436c00bef4ac128c3ccab9d21c96eb.zip/Desktop Icon Toy 3.1/Keygen.exe
Events
------
اتفضل
Scan
----
Scanned: 254017
Detected: 1
Untreated: 0
Start time: 12/05/1430 10:56:31 م
Duration: 02:12:06
Finish time: 13/05/1430 01:08:37 ص
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-PSW.Win32.QQSender.af File: D:\بـَ رَ آمـِ ج\44436c00bef4ac128c3ccab9d21c96eb.zip/Desktop Icon Toy 3.1/Keygen.exe
Events
------
تأييد
0
عــزوز
زيزوومي نشيط
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:11 م, on 08/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Documents and Settings\so cute\سطح المكتب\فرش باكسوليه1(\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\so cute\سطح المكتب\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A7511AC-9A42-4356-B340-45864DE803E9}: NameServer = 84.23.102.172 84.23.101.84
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 4639 bytes
Scan saved at 10:40:11 م, on 08/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Documents and Settings\so cute\سطح المكتب\فرش باكسوليه1(\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\so cute\سطح المكتب\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A7511AC-9A42-4356-B340-45864DE803E9}: NameServer = 84.23.102.172 84.23.101.84
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 4639 bytes
تأييد
0
عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : أعتز بك
تأييد
0
عــزوز
زيزوومي نشيط
غير متصل
تفضل
ComboFix 09-05-08.03 - so cute 05/09/2009 0:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.958.704 [GMT 3:00]
Running from: c:\documents and settings\so cute\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.
2009-05-08 19:38 . 2009-05-08 19:38 -------- d-----w c:\program files\Trend Micro
2009-05-08 18:05 . 2009-05-08 18:05 -------- d-----w c:\windows\LastGood
2009-05-06 19:54 . 2009-05-08 21:19 3692576 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-06 19:30 . 2009-05-06 19:30 -------- d-s---w c:\documents and settings\so cute\UserData
2009-05-05 16:55 . 2009-05-05 16:55 -------- d-----w c:\windows\Adobe Illustrator CS
2009-04-29 13:41 . 2009-04-29 13:41 -------- d-----w c:\program files\AmitySource
2009-04-24 11:36 . 2009-04-24 11:36 -------- d-----w c:\documents and settings\so cute\Application Data\Ambient Design
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 14:51 . 2008-12-18 16:32 26 ----a-w c:\windows\popcinfo.dat
2009-05-07 13:30 . 2009-05-06 19:54 29288 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-05 16:56 . 2008-12-16 18:28 -------- d-----w c:\program files\Common Files\Adobe
2009-05-05 16:55 . 2008-12-16 18:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 19:13 . 2001-09-19 11:00 256190 ----a-w c:\windows\system32\perfh001.dat
2009-05-04 19:13 . 2001-09-19 11:00 42044 ----a-w c:\windows\system32\perfc001.dat
2009-04-24 13:29 . 2008-12-16 18:57 -------- d-----w c:\program files\Google
2009-03-31 12:35 . 2009-03-31 12:35 -------- d-----w c:\program files\Vertus Fluid Mask 3
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\kvmdjjn.dll
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\grcauth2.dll
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\grcauth1.dll
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\clauth2.dll
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\clauth1.dll
2009-03-30 18:08 . 2009-01-07 19:44 -------- d-----w c:\program files\WMV9_VCM
2009-03-30 18:08 . 2009-01-07 19:44 -------- d-----w c:\program files\Common Files\xara
2009-03-30 18:08 . 2009-01-07 19:44 -------- d-----w c:\program files\Xara
2009-03-27 19:53 . 2008-12-28 18:56 480584 ----a-w c:\documents and settings\so cute\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 14:18 . 2008-12-19 21:24 -------- d-----w c:\program files\Kelk 2000
2009-03-13 10:24 . 2009-02-06 17:15 -------- d-----w c:\program files\MessengerPlus! 3
2009-03-12 17:07 . 2008-12-16 18:40 -------- d-----w c:\program files\Ahead
2009-03-11 22:44 . 2009-03-09 14:14 -------- d-----w c:\program files\2D and 3D Animator
2009-03-07 14:58 . 2009-03-07 14:58 319488 ----a-w c:\windows\HideWin.exe
2009-03-06 14:20 . 2008-04-14 17:29 283136 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:09 . 2008-04-14 17:29 664576 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:09 . 2008-04-14 17:29 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2008-04-14 17:07 1846656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:22 . 2008-04-14 21:12 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2008-04-14 17:12 2146816 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2008-04-14 17:30 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-14 17:29 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-14 17:29 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-14 17:29 681472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-14 17:29 693760 ----a-w c:\windows\system32\ntdll.dll
.
------- Sigcheck -------
[-] 2008-06-09 19:04 1571328 CA1867A515E40A015BA6D9ADD83FB823 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-03-13 190024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-16 185872]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-03-13 190024]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-02 577536]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-04-11 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-16 110592]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\Documents and Settings\\so cute\\سطح المكتب\\فرش باكسوليه1(\\MSN Messenger\\msnmsgr.exe"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [16/12/2008 09:17 م 11264]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IS-TPPTDDRV
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cc1ee82-cdcc-11dd-ae65-0019db7144e1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc85023c-31ab-11de-b04e-0019db7144e1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc85023d-31ab-11de-b04e-0019db7144e1}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TrueTransparency - c:\documents and settings\so cute\سطح المكتب\TrueTransparency\TrueTransparency.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{46012075-ED62-464b-9554-AD0BEC35D1EC} -
IE: {{46012076-ED62-464b-9554-AD0BEC35D1EC}
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-09 00:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-08 0:22
ComboFix-quarantined-files.txt 2009-05-08 21:21
Pre-Run: 26,239,004,672 bytes free
Post-Run: 28,222,046,208 bytes free
130 --- E O F --- 2009-05-03 11:56
ComboFix 09-05-08.03 - so cute 05/09/2009 0:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.958.704 [GMT 3:00]
Running from: c:\documents and settings\so cute\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.
2009-05-08 19:38 . 2009-05-08 19:38 -------- d-----w c:\program files\Trend Micro
2009-05-08 18:05 . 2009-05-08 18:05 -------- d-----w c:\windows\LastGood
2009-05-06 19:54 . 2009-05-08 21:19 3692576 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-06 19:30 . 2009-05-06 19:30 -------- d-s---w c:\documents and settings\so cute\UserData
2009-05-05 16:55 . 2009-05-05 16:55 -------- d-----w c:\windows\Adobe Illustrator CS
2009-04-29 13:41 . 2009-04-29 13:41 -------- d-----w c:\program files\AmitySource
2009-04-24 11:36 . 2009-04-24 11:36 -------- d-----w c:\documents and settings\so cute\Application Data\Ambient Design
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 14:51 . 2008-12-18 16:32 26 ----a-w c:\windows\popcinfo.dat
2009-05-07 13:30 . 2009-05-06 19:54 29288 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-05 16:56 . 2008-12-16 18:28 -------- d-----w c:\program files\Common Files\Adobe
2009-05-05 16:55 . 2008-12-16 18:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 19:13 . 2001-09-19 11:00 256190 ----a-w c:\windows\system32\perfh001.dat
2009-05-04 19:13 . 2001-09-19 11:00 42044 ----a-w c:\windows\system32\perfc001.dat
2009-04-24 13:29 . 2008-12-16 18:57 -------- d-----w c:\program files\Google
2009-03-31 12:35 . 2009-03-31 12:35 -------- d-----w c:\program files\Vertus Fluid Mask 3
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\kvmdjjn.dll
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\grcauth2.dll
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\grcauth1.dll
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\clauth2.dll
2009-03-31 12:20 . 2008-04-14 17:29 1024 ----a-w c:\windows\system32\clauth1.dll
2009-03-30 18:08 . 2009-01-07 19:44 -------- d-----w c:\program files\WMV9_VCM
2009-03-30 18:08 . 2009-01-07 19:44 -------- d-----w c:\program files\Common Files\xara
2009-03-30 18:08 . 2009-01-07 19:44 -------- d-----w c:\program files\Xara
2009-03-27 19:53 . 2008-12-28 18:56 480584 ----a-w c:\documents and settings\so cute\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 14:18 . 2008-12-19 21:24 -------- d-----w c:\program files\Kelk 2000
2009-03-13 10:24 . 2009-02-06 17:15 -------- d-----w c:\program files\MessengerPlus! 3
2009-03-12 17:07 . 2008-12-16 18:40 -------- d-----w c:\program files\Ahead
2009-03-11 22:44 . 2009-03-09 14:14 -------- d-----w c:\program files\2D and 3D Animator
2009-03-07 14:58 . 2009-03-07 14:58 319488 ----a-w c:\windows\HideWin.exe
2009-03-06 14:20 . 2008-04-14 17:29 283136 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:09 . 2008-04-14 17:29 664576 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:09 . 2008-04-14 17:29 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2008-04-14 17:07 1846656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:22 . 2008-04-14 21:12 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2008-04-14 17:12 2146816 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2008-04-14 17:30 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-14 17:29 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-14 17:29 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-14 17:29 681472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-14 17:29 693760 ----a-w c:\windows\system32\ntdll.dll
.
------- Sigcheck -------
[-] 2008-06-09 19:04 1571328 CA1867A515E40A015BA6D9ADD83FB823 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-03-13 190024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-16 185872]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-03-13 190024]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-02 577536]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-04-11 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-16 110592]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\Documents and Settings\\so cute\\سطح المكتب\\فرش باكسوليه1(\\MSN Messenger\\msnmsgr.exe"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [16/12/2008 09:17 م 11264]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IS-TPPTDDRV
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cc1ee82-cdcc-11dd-ae65-0019db7144e1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc85023c-31ab-11de-b04e-0019db7144e1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc85023d-31ab-11de-b04e-0019db7144e1}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-TrueTransparency - c:\documents and settings\so cute\سطح المكتب\TrueTransparency\TrueTransparency.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
IE: {{46012076-ED62-464b-9554-AD0BEC35D1EC}
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-09 00:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-08 0:22
ComboFix-quarantined-files.txt 2009-05-08 21:21
Pre-Run: 26,239,004,672 bytes free
Post-Run: 28,222,046,208 bytes free
130 --- E O F --- 2009-05-03 11:56
تأييد
0
عــزوز
زيزوومي نشيط
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:20 م, on 09/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Documents and Settings\so cute\سطح المكتب\فرش باكسوليه1(\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A7511AC-9A42-4356-B340-45864DE803E9}: NameServer = 84.23.102.172 84.23.101.84
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 4953 bytes
Scan saved at 08:35:20 م, on 09/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Documents and Settings\so cute\سطح المكتب\فرش باكسوليه1(\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A7511AC-9A42-4356-B340-45864DE803E9}: NameServer = 84.23.102.172 84.23.101.84
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 4953 bytes
تأييد
0
عــزوز
زيزوومي نشيط
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:20 م, on 09/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Documents and Settings\so cute\سطح المكتب\فرش باكسوليه1(\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A7511AC-9A42-4356-B340-45864DE803E9}: NameServer = 84.23.102.172 84.23.101.84
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 4953 bytes
Scan saved at 08:35:20 م, on 09/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Documents and Settings\so cute\سطح المكتب\فرش باكسوليه1(\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A7511AC-9A42-4356-B340-45864DE803E9}: NameServer = 84.23.102.172 84.23.101.84
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 4953 bytes
تأييد
0
أعمل التالي
حمل الاداة التالية
وأغلق جميع البرامج
قم بتعطيل استعادة النظام كما في الشرح
شغلها فتظهر لك واجهة الاداة
اختر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة
وبعدها شوف كيف الأوضااع
بالتوفيق
حمل الاداة التالية
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وأغلق جميع البرامج
قم بتعطيل استعادة النظام كما في الشرح
شغلها فتظهر لك واجهة الاداة
اختر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة
وبعدها شوف كيف الأوضااع
بالتوفيق
توقيع : أعتز بك
تأييد
0
عــزوز
زيزوومي نشيط
غير متصل
Engine Version : 5300.2777
Engine Load Time : 22187 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections
Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\so cute\ntuser.dat : Scan Failed
c:\Documents and Settings\so cute\NtUser.dat.LOG : Scan Failed
c:\Documents and Settings\so cute\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\so cute\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\so cute\Local Settings\temp\Perflib_Perfdata_71c.dat : Scan Failed
File : c:\Documents and Settings\so cute\سطح المكتب\ألعاب\zuma\Zuma_kg.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Documents and Settings\so cute\سطح المكتب\ألعاب\zuma\Zuma_kg.exe : Deleted
File : c:\Documents and Settings\so cute\سطح المكتب\ثيمآت\خمسون ثيما جديدا لعام 2009 لويندوز اكس بى بخلفياتهم ذاتية التشغيل\thams2009.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Documents and Settings\so cute\سطح المكتب\ثيمآت\خمسون ثيما جديدا لعام 2009 لويندوز اكس بى بخلفياتهم ذاتية التشغيل\thams2009.exe : Deleted
File : c:\Program Files\Ozone\Audio Converter\opt.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
c:\Program Files\Ozone\Audio Converter\opt.exe : Deleted
File : c:\Program Files\Xara\Xara Xtreme 4\Patch.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Program Files\Xara\Xara Xtreme 4\Patch.exe : Deleted
File : c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044225.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044225.exe : Deleted
File : c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044226.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044226.exe : Deleted
File : c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044227.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044227.exe : Deleted
File : c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044228.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044228.exe : Deleted
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\Temp\Perflib_Perfdata_7ec.dat : Scan Failed
Scanning the registry
Registry : Clean
Summary :-
FilesFound : 47782
FilesScanned : 29041
FilesNotScanned : 18741
ObjectsFound : 91367
ObjectsInfected : 8
ObjectsCleaned : 0
ObjectsDeleted : 8
FilesInfected : 8
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 8
Started at : 08:08:01 م 18 جمادى الأولى, 1430
Ended at : 08:42:58 م 18 جمادى الأولى, 1430
Duration : 34 minutes 57 seconds
3864 MB scanned in 2097 seconds = 1887 KB/s
Engine Version : 5300.2777
Engine Load Time : 62875 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections
Summary :-
FilesFound : 21238
FilesScanned : 8334
FilesNotScanned : 12904
ObjectsFound : 22481
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0
FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0
Started at : 08:44:03 م 18 جمادى الأولى, 1430
Ended at : 08:50:08 م 18 جمادى الأولى, 1430
Duration : 6 minutes 5 seconds
765 MB scanned in 365 seconds = 2 MB/s
Engine Version : 5300.2777
Engine Load Time : 62375 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections
f:\readme_english.txt : Scan Failed
f:\Signal.ico : Scan Failed
f:\Driver\Install.log : Scan Failed
f:\Driver\ReadMe(en).txt : Scan Failed
f:\Driver\release notes.txt : Scan Failed
f:\Driver\Win2K\ewdcsc.cat : Scan Failed
f:\Driver\Win2K\ewmdm2k.cat : Scan Failed
f:\Driver\Win2K\ewser2k.cat : Scan Failed
f:\Driver\WinVista\ewdcsc.cat : Scan Failed
f:\Driver\WinVista\ewmdm2k.cat : Scan Failed
f:\Driver\WinVista\ewser2k.cat : Scan Failed
f:\Driver\WinVista64\ewdcsc.cat : Scan Failed
f:\Driver\WinVista64\ewmdm2k.cat : Scan Failed
f:\Driver\WinVista64\ewser2k.cat : Scan Failed
f:\Driver\WinXP\ewdcsc.cat : Scan Failed
f:\Driver\WinXP\ewmdm2k.cat : Scan Failed
f:\Driver\WinXP\ewser2k.cat : Scan Failed
Summary :-
FilesFound : 58
FilesScanned : 40
FilesNotScanned : 18
ObjectsFound : 61
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0
FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0
Started at : 08:51:13 م 18 جمادى الأولى, 1430
Ended at : 08:51:49 م 18 جمادى الأولى, 1430
Duration : 36 seconds
18 MB scanned in 36 seconds = 530 KB/s
Engine Load Time : 22187 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections
Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\so cute\ntuser.dat : Scan Failed
c:\Documents and Settings\so cute\NtUser.dat.LOG : Scan Failed
c:\Documents and Settings\so cute\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\so cute\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\so cute\Local Settings\temp\Perflib_Perfdata_71c.dat : Scan Failed
File : c:\Documents and Settings\so cute\سطح المكتب\ألعاب\zuma\Zuma_kg.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Documents and Settings\so cute\سطح المكتب\ألعاب\zuma\Zuma_kg.exe : Deleted
File : c:\Documents and Settings\so cute\سطح المكتب\ثيمآت\خمسون ثيما جديدا لعام 2009 لويندوز اكس بى بخلفياتهم ذاتية التشغيل\thams2009.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Documents and Settings\so cute\سطح المكتب\ثيمآت\خمسون ثيما جديدا لعام 2009 لويندوز اكس بى بخلفياتهم ذاتية التشغيل\thams2009.exe : Deleted
File : c:\Program Files\Ozone\Audio Converter\opt.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
c:\Program Files\Ozone\Audio Converter\opt.exe : Deleted
File : c:\Program Files\Xara\Xara Xtreme 4\Patch.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Program Files\Xara\Xara Xtreme 4\Patch.exe : Deleted
File : c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044225.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044225.exe : Deleted
File : c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044226.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044226.exe : Deleted
File : c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044227.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044227.exe : Deleted
File : c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044228.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\System Volume Information\_restore{6BC6A6FA-1627-4380-813B-6E3E6A04836E}\RP29\A0044228.exe : Deleted
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\Temp\Perflib_Perfdata_7ec.dat : Scan Failed
Scanning the registry
Registry : Clean
Summary :-
FilesFound : 47782
FilesScanned : 29041
FilesNotScanned : 18741
ObjectsFound : 91367
ObjectsInfected : 8
ObjectsCleaned : 0
ObjectsDeleted : 8
FilesInfected : 8
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 8
Started at : 08:08:01 م 18 جمادى الأولى, 1430
Ended at : 08:42:58 م 18 جمادى الأولى, 1430
Duration : 34 minutes 57 seconds
3864 MB scanned in 2097 seconds = 1887 KB/s
Engine Version : 5300.2777
Engine Load Time : 62875 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections
Summary :-
FilesFound : 21238
FilesScanned : 8334
FilesNotScanned : 12904
ObjectsFound : 22481
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0
FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0
Started at : 08:44:03 م 18 جمادى الأولى, 1430
Ended at : 08:50:08 م 18 جمادى الأولى, 1430
Duration : 6 minutes 5 seconds
765 MB scanned in 365 seconds = 2 MB/s
Engine Version : 5300.2777
Engine Load Time : 62375 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections
f:\readme_english.txt : Scan Failed
f:\Signal.ico : Scan Failed
f:\Driver\Install.log : Scan Failed
f:\Driver\ReadMe(en).txt : Scan Failed
f:\Driver\release notes.txt : Scan Failed
f:\Driver\Win2K\ewdcsc.cat : Scan Failed
f:\Driver\Win2K\ewmdm2k.cat : Scan Failed
f:\Driver\Win2K\ewser2k.cat : Scan Failed
f:\Driver\WinVista\ewdcsc.cat : Scan Failed
f:\Driver\WinVista\ewmdm2k.cat : Scan Failed
f:\Driver\WinVista\ewser2k.cat : Scan Failed
f:\Driver\WinVista64\ewdcsc.cat : Scan Failed
f:\Driver\WinVista64\ewmdm2k.cat : Scan Failed
f:\Driver\WinVista64\ewser2k.cat : Scan Failed
f:\Driver\WinXP\ewdcsc.cat : Scan Failed
f:\Driver\WinXP\ewmdm2k.cat : Scan Failed
f:\Driver\WinXP\ewser2k.cat : Scan Failed
Summary :-
FilesFound : 58
FilesScanned : 40
FilesNotScanned : 18
ObjectsFound : 61
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0
FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0
Started at : 08:51:13 م 18 جمادى الأولى, 1430
Ended at : 08:51:49 م 18 جمادى الأولى, 1430
Duration : 36 seconds
18 MB scanned in 36 seconds = 530 KB/s
تأييد
0
عــزوز
زيزوومي نشيط
غير متصل
الحمدلله ماعلق امس واليوم
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:56:30 م, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\so cute\سطح المكتب\فرش باكسوليه1(\MSN Messenger\msnmsgr.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\so cute\سطح المكتب\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A7511AC-9A42-4356-B340-45864DE803E9}: NameServer = 84.23.102.172 84.23.101.84
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 4800 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:56:30 م, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\so cute\سطح المكتب\فرش باكسوليه1(\MSN Messenger\msnmsgr.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\so cute\سطح المكتب\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A7511AC-9A42-4356-B340-45864DE803E9}: NameServer = 84.23.102.172 84.23.101.84
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 4800 bytes
تأييد
0
قم بحذف التالي
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
او
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وأن شاء الله كل شي تمام
بالتوفيق
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وأن شاء الله كل شي تمام
بالتوفيق
توقيع : أعتز بك
تأييد
0