رسالة تظهر لي عند تنصيب اي برنامج ؟

م

موران2002

زيزوومى فعال
إنضم
27 مايو 2008
المشاركات
207
مستوى التفاعل
0
النقاط
250
الإقامة
الحبيبة عُمان
غير متصل
مرحبا اخواني...
عندي مشكلة تظهر عندما اريد أن أنصب برامج...
تظهر لي هذه الرساله...
أتمنى أن تكون الصوره واضحة..
ارجو المساعده....مشكووووووووورين
هذي الصوره

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 

توقيع : موران2002
ترتيب حسب التاريخ ترتيب حسب الأصوات
يا هلاا بك عزيزي

معذرة على تعديل العنوان لينم عن محتواه

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


ودي وتقديري
 
توقيع : Al jNtEeL
تأييد 0
حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


ثبت البرنامج ثم
 شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> قم بحفظه
 
التعديل الأخير بواسطة المشرف:
توقيع : Al jNtEeL
تأييد 0
^

^

طبق الي ذكرت لك .. وان شاء الله ستجد الحل مع تطبيق ما اذكره لك
 
توقيع : Al jNtEeL
تأييد 0
هذا التقرير اخي الكريم....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:51 AM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

?
LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download
Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12
\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK
SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default
user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion
Webcam\HPWebcam.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download
Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program
Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02
\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program
Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12
\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1
\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C640CE43-7540-4F60-B967-774312ACADCB}: NameServer = 212.72.1.186
212.72.23.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick
Launch Buttons\AddFiltr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-
Packard\Shared\hpqwmiex.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc -
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc -
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32
\TuneUpDefragService.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,0
0,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,
75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 10665 bytes
 
توقيع : موران2002
تأييد 0
تقريرك سليم

حمل هالبرنامج .. لحذف اللبرامج من جذورهاا ( يعدم العربية ومجاني ولاا يحتاج لتثبيت )

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



ثم قم بحذف driver detective .. وخبرني عن النتيجة
 
توقيع : Al jNtEeL
تأييد 0
أخي العزيز...قمت بتثبيت البرنامج بس للاسف ما حصلت برنامج driver detective ؟
رفقت الصورة...

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



مع العلم ان هذي الملاحظة تظهر مع تنصيب الكثير من البرامج...هل يوجد ملف ناقص يساعد على تثبيت البرامج؟؟؟
 
توقيع : موران2002
تأييد 0
طيب سؤال متى اصبحت تظهر لك هذه الرسائل ..
هل بعد تثبيت ثيمات الويندوز .. اما ماذا ؟
 
توقيع : Al jNtEeL
تأييد 0
هذه الرسائل كانت تظهر بعد ما قمت بفرمتت اللاب توب...ونزلت ويندوز اكس بي...
يمكن الويندوز تنقصه بعض الملفات ام ماذا؟
 
توقيع : موران2002
تأييد 0

عطل برامج الحماية عن العمل
ثم

حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 
التعديل الأخير بواسطة المشرف:
توقيع : Al jNtEeL
تأييد 0
هذا التقرير...اخي العزيز

ComboFix 09-08-02.03 - XPPRESP3 08/03/2009 10:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2046.1590 [GMT 3:00]
Running from: c:\documents and settings\XPPRESP3\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\temp.temp
c:\windows\system32\msconfig.exe
c:\windows\system32\nvwrsfr.dll
c:\windows\system32\winio.vxd
.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.
2009-08-03 05:45 . 2009-08-03 05:45 -------- d-----w- c:\program files\Trend Micro
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Gearbox Software
2009-08-02 19:58 . 2009-08-02 19:58 -------- d-----w- c:\program files\Ubisoft
2009-08-02 19:40 . 2009-08-02 19:40 -------- d-----w- c:\program files\Ninja Turtles
2009-08-02 19:13 . 2009-08-02 19:15 442003 ----a-w- c:\documents and settings\XPPRESP3\Application Data\IDM\DwnlData\XPPRESP3\directx_oct2006_redist_20\directx_oct2006_redist.exe
2009-08-02 18:46 . 2009-08-02 18:46 -------- d-----w- c:\windows\Sun
2009-08-02 10:52 . 2009-08-02 10:52 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\MiniDm
2009-08-02 10:11 . 2009-08-02 10:11 -------- d-----w- c:\program files\IEPro
2009-08-02 10:10 . 2009-08-02 10:10 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\IEPro
2009-08-02 10:04 . 2009-08-02 10:10 2487552 ----a-w- c:\documents and settings\XPPRESP3\Application Data\IE7Pro\prosetup.exe
2009-07-31 06:02 . 2009-07-31 06:02 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\ICAClient
2009-07-30 07:24 . 2009-07-30 07:24 -------- d-sh--w- c:\windows\ftpcache
2009-07-29 17:03 . 2009-07-29 17:03 -------- d-----w- c:\documents and settings\XPPRESP3\Local Settings\Application Data\TechSmith
2009-07-29 17:02 . 2008-07-10 10:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-07-29 17:02 . 2009-07-29 17:02 -------- d-----w- c:\windows\system32\QuickTime
2009-07-29 17:02 . 2009-07-29 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-07-29 17:01 . 2009-07-29 17:01 -------- d-----w- c:\program files\TechSmith
2009-07-29 16:56 . 2009-07-29 16:56 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Nokia Multimedia Player
2009-07-27 19:10 . 2009-07-27 19:10 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\fltk.org
2009-07-27 17:53 . 2009-08-02 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-07-27 17:50 . 2007-12-29 17:22 27776592 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_ara.exe
2009-07-27 17:50 . 2009-07-27 17:50 733783 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Packages\Nokia_PC_Suite\CustomActions\NSU_Inst_fix.exe
2009-07-27 17:50 . 2009-07-27 17:50 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-27 17:50 . 2009-07-27 17:50 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-27 17:50 . 2009-07-27 17:50 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-27 17:50 . 2009-07-27 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-27 16:45 . 2009-07-27 16:45 -------- d-----w- c:\program files\VID_0E8F&PID_103F
2009-07-27 16:41 . 2001-08-17 10:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-27 16:41 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-27 16:23 . 2009-07-27 16:23 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\CyberLink
2009-07-27 16:21 . 2006-10-26 16:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-07-27 16:20 . 2009-07-27 16:20 -------- d-----w- c:\program files\Microsoft Works
2009-07-27 16:20 . 2009-07-27 16:20 -------- d-----w- c:\program files\MSBuild
2009-07-27 16:19 . 2009-07-27 16:19 -------- d-----w- c:\program files\Microsoft.NET
2009-07-27 16:16 . 2009-07-27 16:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-27 16:16 . 2009-07-27 16:16 -------- d-----w- c:\windows\SHELLNEW
2009-07-27 16:15 . 2009-07-27 16:15 -------- d-----w- c:\documents and settings\XPPRESP3\Local Settings\Application Data\Microsoft Help
2009-07-27 16:15 . 2009-07-27 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-27 16:15 . 2009-07-27 16:15 -------- d--h--r- C:\MSOCache
2009-07-27 14:20 . 2009-07-27 14:20 -------- d-----w- c:\program files\UltraUXThemePatcher
2009-07-27 14:17 . 2009-07-27 14:20 -------- d-----w- c:\windows\VistaMizer
2009-07-27 14:00 . 2008-05-29 06:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-27 14:00 . 2009-07-27 14:00 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 14:00 . 2009-07-27 14:00 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\TuneUp Software
2009-07-27 13:59 . 2009-07-27 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-27 13:59 . 2009-07-27 13:59 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-07-27 13:59 . 2009-07-27 13:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 13:52 . 2009-07-27 13:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-07-27 13:38 . 2009-07-27 13:38 198064 ----a-w- c:\documents and settings\XPPRESP3\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-27 13:38 . 2009-08-03 07:01 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\DMCache
2009-07-27 13:38 . 2009-07-27 13:39 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\IDM
2009-07-27 13:38 . 2009-07-27 13:39 -------- d-----w- c:\program files\Internet Download Manager
2009-07-27 13:34 . 2009-07-27 13:34 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Media Player Classic
2009-07-27 13:33 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-27 13:33 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-27 13:33 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-27 13:33 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-27 13:33 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-27 13:33 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-27 13:33 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-27 13:33 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-27 13:33 . 2009-07-27 13:33 -------- d-----w- c:\program files\K-Lite Codec Pack
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 10:11 . 2009-07-27 06:36 -------- d-----w- c:\program files\IE7Pro
2009-08-02 10:04 . 2009-07-27 06:36 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\IE7Pro
2009-08-02 10:02 . 2009-07-27 17:51 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\PC Suite
2009-07-27 17:53 . 2009-07-27 17:51 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Nokia
2009-07-27 17:51 . 2009-07-27 17:51 -------- d-----w- c:\program files\DIFX
2009-07-27 17:51 . 2009-07-27 17:51 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-27 17:51 . 2009-07-27 17:51 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-27 17:51 . 2009-07-27 17:51 -------- d-----w- c:\program files\Nokia
2009-07-27 17:51 . 2009-07-27 17:51 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-27 16:45 . 2009-07-27 07:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:37 . 2009-07-27 07:23 -------- d-----w- c:\program files\HPQ
2009-07-27 16:23 . 2009-07-27 06:40 78328 ----a-w- c:\documents and settings\XPPRESP3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 14:24 . 2007-08-08 17:39 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-27 08:17 . 2009-07-27 08:15 -------- d-----w- c:\program files\McAfee.com
2009-07-27 08:17 . 2009-07-27 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-07-27 08:11 . 2009-07-27 08:11 -------- d-----w- c:\program files\Citrix
2009-07-27 08:01 . 2009-07-27 08:01 -------- d-----w- c:\program files\CyberLink
2009-07-27 07:47 . 2009-07-27 07:10 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-27 07:42 . 2009-07-27 07:42 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-27 07:42 . 2009-07-27 07:42 -------- d-----w- c:\program files\Common Files\Real
2009-07-27 07:42 . 2009-07-27 07:42 -------- d-----w- c:\program files\Real
2009-07-27 07:31 . 2009-07-27 07:23 -------- d-----w- c:\program files\HP
2009-07-27 07:28 . 2009-07-27 07:26 1675 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv2000 (RR092EA#ABV)_YN_0Pavi_Q2CE6450X4Q_EU_46_I30B3_SWistron_V61.65_BF.39_T070827_WXP2_L409_M2047_J120_7Intel_8Core2 T7200_92_#090727_N80864222_(RR092EA#ABV)_XMOBILE_CN10_Z_2F.39.MRK
2009-07-27 07:24 . 2009-07-27 07:24 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\HP
2009-07-27 07:24 . 2009-07-27 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-07-27 07:24 . 2009-07-27 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-27 07:14 . 2009-07-27 07:14 -------- d-----w- c:\program files\Broadcom
2009-07-27 07:14 . 2009-07-27 07:14 -------- d-----w- c:\program files\Synaptics
2009-07-27 07:14 . 2009-07-27 07:11 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-27 07:07 . 2009-07-27 07:07 -------- d-----w- c:\program files\NetWaiting
2009-07-27 07:07 . 2009-07-27 07:07 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\InstallShield
2009-07-27 07:07 . 2009-07-27 07:07 -------- d-----w- c:\program files\CONEXANT
2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\program files\WIDCOMM
2009-07-27 06:55 . 2009-07-27 06:54 3866624 ----a-w- c:\windows\system32\SET12.tmp
2009-07-27 06:46 . 2009-07-27 06:25 -------- d-----w- c:\program files\Graphics
2009-07-27 06:45 . 2009-07-27 06:26 -------- d-----w- c:\program files\Desktop
2009-07-27 06:45 . 2009-07-27 06:26 -------- d-----w- c:\program files\RocketDock
2009-07-27 06:40 . 2009-07-27 06:40 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Gena01
2009-07-27 06:40 . 2009-07-27 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-27 06:39 . 2009-07-27 06:39 -------- d-----w- c:\program files\Yahoo!
2009-07-27 06:37 . 2009-07-27 06:37 -------- d-----w- c:\program files\MSN Messenger
2009-07-27 06:37 . 2009-07-27 06:37 -------- d-----w- c:\program files\Java
2009-07-27 06:37 . 2009-07-27 06:37 -------- d-----w- c:\program files\Common Files\Java
2009-07-27 06:37 . 2009-07-27 06:37 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-27 06:37 . 2009-07-27 06:37 -------- d-----w- c:\program files\Nero
2009-07-27 06:37 . 2009-07-27 06:37 -------- d-----w- c:\program files\ieSpell
2009-07-27 06:31 . 2009-07-27 06:31 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-07-27 06:30 . 2009-07-27 06:30 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-27 06:30 . 2009-07-27 06:30 -------- d-----w- c:\program files\CPU-Z
2009-07-27 06:27 . 2009-07-27 06:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-27 06:25 . 2009-07-27 06:25 -------- d-----w- c:\program files\Windows Media Connect 2
.
------- Sigcheck -------
[7] 2007-08-08 16:25 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2007-08-08 16:25 890368 6DF62B4F0EF432B874D4967E54072DFC c:\windows\system32\wininet.dll
[-] 2007-08-08 16:25 890368 6DF62B4F0EF432B874D4967E54072DFC c:\windows\VistaMizer\old\wininet.dll
[-] 2007-08-08 16:28 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-04 14:00 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\system32\winlogon.exe
[7] 2004-08-04 14:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\VistaMizer\old\winlogon.exe
[-] 2005-09-28 23:35 2057344 C60248DDE015B0A73871A16576B7A945 c:\windows\$NtUninstallKB909095$\ntkrnlpa.exe
[7] 2005-10-11 23:54 2057344 DDBFA4EAE9251712F20193DD47B361BD c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2007-08-08 16:34 2017280 2DFB215E291E3D9B1CF9A6739B3BF16C c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2007-08-08 16:34 2180096 CD1A2EB31F570A1C84A4F8976A298F04 c:\windows\system32\ntkrnlpa.exe
[-] 2007-08-08 16:34 2180096 CD1A2EB31F570A1C84A4F8976A298F04 c:\windows\VistaMizer\old\ntkrnlpa.exe
[-] 2005-09-29 00:04 2180096 B919A39ACAFF2188FA699E22DCB5F13F c:\windows\$NtUninstallKB909095$\ntoskrnl.exe
[7] 2005-10-12 00:20 2180096 7B69EA89C7B9966BF552A070D97C5013 c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2007-08-08 16:22 2137600 E6679C3023B17D8B78946BC5DF53FA20 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2007-08-08 16:22 2300416 288716AB5EE3766AF1A29AA61A793E58 c:\windows\system32\ntoskrnl.exe
[-] 2007-08-08 16:22 2300416 288716AB5EE3766AF1A29AA61A793E58 c:\windows\VistaMizer\old\ntoskrnl.exe
[-] 2007-08-08 16:40 1566208 20FE00E96A8B64F50037CB911F7292F7 c:\windows\explorer.exe
[-] 2007-08-08 16:40 950784 396ACC64ECEC61D7B2F8B53151B37028 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2007-08-08 16:40 1566208 20FE00E96A8B64F50037CB911F7292F7 c:\windows\VistaMizer\old\explorer.exe
[-] 2004-08-04 14:00 25088 5F1724D0E11EB88C95A3B73A6DD72779 c:\windows\system32\ctfmon.exe
[7] 2004-08-04 14:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\VistaMizer\old\ctfmon.exe
[7] 2007-05-07 23:25 3584000 1D4E3B86C601A2497C99790CC4D7DF26 c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2007-05-07 23:25 3912192 D45BE50210B5A247E2AE9E7AF437C3A3 c:\windows\system32\mshtml.dll
[-] 2007-05-07 23:25 3912192 D45BE50210B5A247E2AE9E7AF437C3A3 c:\windows\system32\dllcache\mshtml.dll
[-] 2007-05-07 23:25 3912192 D45BE50210B5A247E2AE9E7AF437C3A3 c:\windows\VistaMizer\old\mshtml.dll
[-] 2007-08-08 16:39 1390080 751CB8B1BC6F428DC37C0C4D8A97F47A c:\windows\system32\comres.dll
[-] 2007-08-08 16:39 801792 F182079054D242025C2AEEF56396D37A c:\windows\VistaMizer\old\comres.dll
[-] 2007-08-08 16:21 724992 76F31C563F9ADA37E5031E00C36ACD0B c:\windows\system32\comctl32.dll
[7] 2007-08-08 16:21 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-04 14:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2007-08-08 16:19 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2007-08-08 16:35 1580544 51C79052676267956DA3BEABADE3B328 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2007-08-08 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2009-7-27 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [7/27/2009 11:17 AM 23296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-08-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09]
2009-08-03 c:\windows\Tasks\McAfee.com Update Check (WW-XPPRESP3).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2009-07-27 15:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

files\ieSpell\wikipedia.HTM
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-08-03 10:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
Completion time: 2009-08-03 10:05
ComboFix-quarantined-files.txt 2009-08-03 07:05
Pre-Run: 46,107,291,648 bytes free
Post-Run: 46,159,224,832 bytes free
269
 
توقيع : موران2002
تأييد 0
وجدت الأداة إصابات متعددة وحذفتهااا

الآن للتأكد وتنظيف الجهاز كلياا من الفايروسات طبق التالي :

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



 
التعديل الأخير بواسطة المشرف:
توقيع : Al jNtEeL
تأييد 0
هذا التقرير أخي الكريم
Scan
----
Scanned: 4532
Detected: 0
Untreated: 0
Start time: 8/3/2009 10:58:42 AM
Duration: 00:01:33
Finish time: 8/3/2009 11:00:15 AM

Detected
--------
Status Object
------ ------

Events
------
Time Name Status Reason
---- ---- ------ ------
8/3/2009 10:58:48 AM Running module: smss.exe\smss.exe ok scanned

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Disinfect, delete if disinfection fails
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----
 
توقيع : موران2002
تأييد 0
أخي...عند تثبيت اداة الكاسبر ظهرت لي نفس الملاحظة ..ما ادري شو السبب؟؟؟؟
 
توقيع : موران2002
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

أخي الحبيب تأكد من تطبيق الشرح جيداً
وأيضاا عدم ايقاف الفحص حتى انتهاءه تماماا لتنظيف الجهاز

لأن فحصك هذا لم يستغرق إلاا دقيقة ونصف :q:
 
توقيع : Al jNtEeL
تأييد 0
توقيع : Al jNtEeL
تأييد 0
أخي الكريم للأسف الأداة لم تشتغل على السيف مود..
وظهرت لي ملاحظة جديدة..سأرسلها في الرد التالي
وبعد اعادة التشغيل ظهرت لي ملاحظة أخرى سأرسلها لك في الرد التالي..
 
توقيع : موران2002
تأييد 0
توقيع : موران2002
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى