الكويت حره
زيزوومي جديد
غير متصل
- بادئ الموضوع الكويت حره
- تاريخ البدء
- 1,983
:hh:
عندك فايروسات ... لاهنت حمل الاداة ذي
وشغلها في الوضع الآمن للويندوز .. عن طريق
الضغط المتكرر على المفتاح F8 عند بداية تشغيل الجهاز
عندها تظهر لك .. قائمه >> اختر الخيار الأول Safe Mode
كما بهذه الصوره
-------------------
وعند دخولك الجهاز .. قم بتشغيل الاداة ... سوف تظهر لك شاشة سوداء
انتظر حتى تختفي (( تستغرق حدود ساعه .. وتعتمد على سرعة جهازك وعدد الملفات الموجوده ))
بعدها اعد تشغيل جهازك
عندك فايروسات ... لاهنت حمل الاداة ذي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وشغلها في الوضع الآمن للويندوز .. عن طريق
الضغط المتكرر على المفتاح F8 عند بداية تشغيل الجهاز
عندها تظهر لك .. قائمه >> اختر الخيار الأول Safe Mode
كما بهذه الصوره
-------------------
وعند دخولك الجهاز .. قم بتشغيل الاداة ... سوف تظهر لك شاشة سوداء
انتظر حتى تختفي (( تستغرق حدود ساعه .. وتعتمد على سرعة جهازك وعدد الملفات الموجوده ))
بعدها اعد تشغيل جهازك
تأييد
0
اذا انتهيت من السابق .. اعمل التقارير التالية
( 1 )
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
الكويت حره
زيزوومي جديد
غير متصل
سوري اخوي على التأخير....بس الاداة الاولى استغرقت معاي 4 ساعات تقريباً
على العموم
تفضل تقرير combofix
ملاحظه:سويت الفحص ولما خلص ما اعاد التشغيل.....على طول طلعلي التقرير
ComboFix 08-05-01.1 - acer 2008-05-02 16:40:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.448 [GMT 3:00]
Running from: C:\Documents and Settings\TEMP.CCS\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.
2008-05-02 16:30 . 2008-05-02 16:30 <DIR> d-------- C:\Documents and Settings\TEMP.CCS\Application Data\PC Suite
2008-05-02 16:30 . 2008-05-02 16:30 <DIR> d-------- C:\Documents and Settings\TEMP.CCS
2008-05-02 16:30 . 2008-05-02 16:42 118,784 --ah----- C:\Documents and Settings\TEMP.CCS\NtUser.dat.LOG
2008-05-02 05:36 . 2008-05-02 05:36 <DIR> d-------- C:\My Downloads
2008-05-02 00:09 . 2008-05-02 00:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 07:48 . 2008-05-01 07:48 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2008-05-01 07:47 . 2008-05-01 07:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-01 06:08 . 2008-05-01 06:08 268 --ah----- C:\sqmdata10.sqm
2008-05-01 06:08 . 2008-05-01 06:08 244 --ah----- C:\sqmnoopt10.sqm
2008-05-01 04:48 . 2008-05-01 08:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 04:48 . 2008-05-01 04:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-01 04:47 . 2008-05-01 08:55 <DIR> d-------- C:\Program Files\iTunes
2008-05-01 04:46 . 2008-05-01 04:46 <DIR> d-------- C:\Program Files\Bonjour
2008-05-01 04:45 . 2008-05-01 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-01 04:44 . 2008-05-01 04:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-29 22:06 . 2008-04-29 22:06 268 --ah----- C:\sqmdata09.sqm
2008-04-29 22:06 . 2008-04-29 22:06 244 --ah----- C:\sqmnoopt09.sqm
2008-04-29 04:31 . 2008-04-29 04:32 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-04-19 21:22 . 2008-05-01 06:03 736,706,560 --a------ C:\WINDOWS\MEMORY.DMP
2008-04-19 21:01 . 2004-08-04 04:07 257,024 --a--c--- C:\WINDOWS\system32\dllcache\infocomm.dll
2008-04-19 21:00 . 2004-08-04 04:07 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-04-19 20:59 . 2004-08-04 04:07 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-19 20:57 . 2008-04-19 20:57 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-19 20:40 . 2004-08-04 04:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-04-19 20:40 . 2004-08-04 04:07 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-04-19 20:40 . 2004-08-04 04:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-04-19 20:40 . 2004-08-04 04:07 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-04-14 23:46 . 2008-04-28 00:47 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{8516D4AE-2288-4B82-B011-882A49F5BC34}
2008-04-14 17:58 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-04-14 17:58 . 2006-06-01 16:58 663,552 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-04-14 17:58 . 2006-05-05 11:14 237,568 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-04-14 17:58 . 2006-06-01 10:12 184,320 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-04-14 17:58 . 2006-04-07 14:40 184,320 --a------ C:\WINDOWS\system32\aIPH.dll
2008-04-14 17:58 . 2005-10-19 18:19 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-04-14 17:58 . 2005-10-27 08:55 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2008-04-14 17:58 . 2005-10-19 18:19 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-04-14 17:57 . 2008-04-14 17:57 <DIR> d-------- C:\Program Files\D-Link
2008-04-14 17:57 . 2008-04-14 17:58 <DIR> d-------- C:\Program Files\ANI
2008-04-14 17:57 . 2005-12-13 10:38 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2008-04-14 17:57 . 2005-10-21 15:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-04-14 17:57 . 2005-12-11 11:55 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2008-04-14 17:57 . 2004-10-14 10:29 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-04-14 17:57 . 2004-10-14 10:29 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-04-11 06:31 . 2008-04-14 17:46 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{6CACD22C-FE3B-4578-B4B4-29C0515512CB}
2008-04-10 02:32 . 2005-03-28 17:49 137 --------- C:\WINDOWS\system32\DWLAB.DAT
2008-04-10 02:19 . 2006-05-11 13:11 472,096 --a------ C:\WINDOWS\system32\drivers\A3AB.sys
2008-04-10 02:19 . 2004-09-06 08:56 24,576 --a------ C:\WINDOWS\system32\DWLInst.dll
2008-04-07 11:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-07 11:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-07 11:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-07 02:29 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-07 02:28 . 2008-04-07 02:28 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-07 01:57 . 2008-04-07 02:22 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 01:57 . 2008-04-07 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-05 17:00 . 2008-04-05 17:01 <DIR> d--hs---- C:\heap41a
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 09:05 --------- d-----w C:\Program Files\Circle Developement
2008-05-02 01:54 --------- d-----w C:\Program Files\mIRC
2008-05-01 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 20:34 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-01 20:21 --------- d-----w C:\Program Files\Windows Live
2008-05-01 04:47 --------- d-----w C:\Program Files\Common Files\Real
2008-04-27 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-19 19:20 --------- d-----w C:\Program Files\epson
2008-04-19 19:16 --------- d-----w C:\Program Files\Belltech Business Card Designer Pro
2008-04-19 19:15 --------- d-----w C:\Program Files\IslamicPlayer
2008-04-19 18:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 18:44 --------- d-----w C:\Program Files\AlThkir 3
2008-04-19 18:36 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-06 22:59 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 01:27 --------- d-----w C:\Program Files\16ThisLink
2008-03-30 01:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-27 23:23 --------- d-----w C:\Program Files\Video Convert Master
2008-03-27 23:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-15 03:32 --------- d-----w C:\Program Files\CCleaner
2008-03-11 13:22 --------- d-----w C:\Program Files\Real
.
((((((((((((((((((((((((((((( snapshot@2008-05-02_16.27.00.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 13:17:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 13:30:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-02 13:18:48 2,198 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{064476B1-B26B-492F-8946-C6FB2759798F}.bin
+ 2008-05-02 13:18:48 2,928 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{064476B1-B26B-492F-8946-C6FB2759798F}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:07 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 17:27 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 04:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:07 110592 C:\WINDOWS\system32\bthprops.cpl]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2006-06-16 10:24 1323008]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 16:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32 208952]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 12:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 07:46 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:07 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"status"= present
"winlogon"= C:\heap41a\svchost.exe C:\heap41a\std.txt
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-07-22 23:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Documents and Settings\\acer\\Desktop\\nOveL Script[1]\\nOveL Script\\mirc.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
S1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys [2003-04-28 20:31]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2006-05-11 13:11]
S3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys [2005-12-19 09:46]
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2005-12-19 09:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08c54eca-1313-11dd-99c7-00030d000001}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-05-02 16:42:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-02 16:43:28
ComboFix-quarantined-files.txt 2008-05-02 13:43:18
ComboFix2.txt 2008-05-02 13:27:17
Pre-Run: 6,407,352,320 bytes free
Post-Run: 6,397,239,296 bytes free
171 --- E O F --- 2008-05-02 01:48:25
----------------------
وتقرير الهايجاك
Logfile of HijackThis v1.99.1
Scan saved at 16:45:53, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTFMON.EXE
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\TEMP.CCS\LOCALS~1\Temp\Rar$EX00.532\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTP01621 Class - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
على فكره اخ زيزوم.....جهازي اذا سويت اعادة تشغيل ترجع ملفاتي مثل ما كانن
يعني حالياً احط اي شي بالديسكتوب.....واسوي ريستارت....يرجع كل شي مثل ما كان ولا جني مسوي شي
على العموم
تفضل تقرير combofix
ملاحظه:سويت الفحص ولما خلص ما اعاد التشغيل.....على طول طلعلي التقرير
ComboFix 08-05-01.1 - acer 2008-05-02 16:40:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.448 [GMT 3:00]
Running from: C:\Documents and Settings\TEMP.CCS\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.
2008-05-02 16:30 . 2008-05-02 16:30 <DIR> d-------- C:\Documents and Settings\TEMP.CCS\Application Data\PC Suite
2008-05-02 16:30 . 2008-05-02 16:30 <DIR> d-------- C:\Documents and Settings\TEMP.CCS
2008-05-02 16:30 . 2008-05-02 16:42 118,784 --ah----- C:\Documents and Settings\TEMP.CCS\NtUser.dat.LOG
2008-05-02 05:36 . 2008-05-02 05:36 <DIR> d-------- C:\My Downloads
2008-05-02 00:09 . 2008-05-02 00:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 07:48 . 2008-05-01 07:48 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2008-05-01 07:47 . 2008-05-01 07:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-01 06:08 . 2008-05-01 06:08 268 --ah----- C:\sqmdata10.sqm
2008-05-01 06:08 . 2008-05-01 06:08 244 --ah----- C:\sqmnoopt10.sqm
2008-05-01 04:48 . 2008-05-01 08:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 04:48 . 2008-05-01 04:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-01 04:47 . 2008-05-01 08:55 <DIR> d-------- C:\Program Files\iTunes
2008-05-01 04:46 . 2008-05-01 04:46 <DIR> d-------- C:\Program Files\Bonjour
2008-05-01 04:45 . 2008-05-01 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-01 04:44 . 2008-05-01 04:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-29 22:06 . 2008-04-29 22:06 268 --ah----- C:\sqmdata09.sqm
2008-04-29 22:06 . 2008-04-29 22:06 244 --ah----- C:\sqmnoopt09.sqm
2008-04-29 04:31 . 2008-04-29 04:32 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-04-19 21:22 . 2008-05-01 06:03 736,706,560 --a------ C:\WINDOWS\MEMORY.DMP
2008-04-19 21:01 . 2004-08-04 04:07 257,024 --a--c--- C:\WINDOWS\system32\dllcache\infocomm.dll
2008-04-19 21:00 . 2004-08-04 04:07 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-04-19 20:59 . 2004-08-04 04:07 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-19 20:57 . 2008-04-19 20:57 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-19 20:57 . 2008-04-19 20:57 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-19 20:40 . 2004-08-04 04:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-04-19 20:40 . 2004-08-04 04:07 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-04-19 20:40 . 2004-08-04 04:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-04-19 20:40 . 2004-08-04 04:07 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-04-14 23:46 . 2008-04-28 00:47 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{8516D4AE-2288-4B82-B011-882A49F5BC34}
2008-04-14 17:58 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-04-14 17:58 . 2006-06-01 16:58 663,552 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-04-14 17:58 . 2006-05-05 11:14 237,568 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-04-14 17:58 . 2006-06-01 10:12 184,320 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-04-14 17:58 . 2006-04-07 14:40 184,320 --a------ C:\WINDOWS\system32\aIPH.dll
2008-04-14 17:58 . 2005-10-19 18:19 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-04-14 17:58 . 2005-10-27 08:55 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2008-04-14 17:58 . 2005-10-19 18:19 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-04-14 17:57 . 2008-04-14 17:57 <DIR> d-------- C:\Program Files\D-Link
2008-04-14 17:57 . 2008-04-14 17:58 <DIR> d-------- C:\Program Files\ANI
2008-04-14 17:57 . 2005-12-13 10:38 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2008-04-14 17:57 . 2005-10-21 15:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-04-14 17:57 . 2005-12-11 11:55 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2008-04-14 17:57 . 2004-10-14 10:29 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-04-14 17:57 . 2004-10-14 10:29 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-04-11 06:31 . 2008-04-14 17:46 5 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{6CACD22C-FE3B-4578-B4B4-29C0515512CB}
2008-04-10 02:32 . 2005-03-28 17:49 137 --------- C:\WINDOWS\system32\DWLAB.DAT
2008-04-10 02:19 . 2006-05-11 13:11 472,096 --a------ C:\WINDOWS\system32\drivers\A3AB.sys
2008-04-10 02:19 . 2004-09-06 08:56 24,576 --a------ C:\WINDOWS\system32\DWLInst.dll
2008-04-07 11:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-07 11:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-07 11:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-07 02:29 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-04-07 02:28 . 2008-04-07 02:28 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-07 01:57 . 2008-04-07 02:22 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 01:57 . 2008-04-07 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-05 17:00 . 2008-04-05 17:01 <DIR> d--hs---- C:\heap41a
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 09:05 --------- d-----w C:\Program Files\Circle Developement
2008-05-02 01:54 --------- d-----w C:\Program Files\mIRC
2008-05-01 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 20:34 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-01 20:21 --------- d-----w C:\Program Files\Windows Live
2008-05-01 04:47 --------- d-----w C:\Program Files\Common Files\Real
2008-04-27 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-19 19:20 --------- d-----w C:\Program Files\epson
2008-04-19 19:16 --------- d-----w C:\Program Files\Belltech Business Card Designer Pro
2008-04-19 19:15 --------- d-----w C:\Program Files\IslamicPlayer
2008-04-19 18:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 18:44 --------- d-----w C:\Program Files\AlThkir 3
2008-04-19 18:36 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-06 22:59 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 01:27 --------- d-----w C:\Program Files\16ThisLink
2008-03-30 01:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-27 23:23 --------- d-----w C:\Program Files\Video Convert Master
2008-03-27 23:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-15 03:32 --------- d-----w C:\Program Files\CCleaner
2008-03-11 13:22 --------- d-----w C:\Program Files\Real
.
((((((((((((((((((((((((((((( snapshot@2008-05-02_16.27.00.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 13:17:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 13:30:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-02 13:18:48 2,198 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{064476B1-B26B-492F-8946-C6FB2759798F}.bin
+ 2008-05-02 13:18:48 2,928 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{064476B1-B26B-492F-8946-C6FB2759798F}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:07 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 17:27 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 04:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:07 110592 C:\WINDOWS\system32\bthprops.cpl]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2006-06-16 10:24 1323008]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 16:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32 208952]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 12:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 07:46 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:07 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"status"= present
"winlogon"= C:\heap41a\svchost.exe C:\heap41a\std.txt
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-07-22 23:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Documents and Settings\\acer\\Desktop\\nOveL Script[1]\\nOveL Script\\mirc.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009"1723:TCP"= 1723:TCP
xpsp2res.dll,-22015"1701:UDP"= 1701:UDP
xpsp2res.dll,-22016"500:UDP"= 500:UDP
xpsp2res.dll,-22017S1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys [2003-04-28 20:31]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2006-05-11 13:11]
S3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys [2005-12-19 09:46]
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2005-12-19 09:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08c54eca-1313-11dd-99c7-00030d000001}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-05-02 16:42:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-02 16:43:28
ComboFix-quarantined-files.txt 2008-05-02 13:43:18
ComboFix2.txt 2008-05-02 13:27:17
Pre-Run: 6,407,352,320 bytes free
Post-Run: 6,397,239,296 bytes free
171 --- E O F --- 2008-05-02 01:48:25
----------------------
وتقرير الهايجاك
Logfile of HijackThis v1.99.1
Scan saved at 16:45:53, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTFMON.EXE
C:\heap41a\svchost.exe
C:\heap41a\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\TEMP.CCS\LOCALS~1\Temp\Rar$EX00.532\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTP01621 Class - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
على فكره اخ زيزوم.....جهازي اذا سويت اعادة تشغيل ترجع ملفاتي مثل ما كانن
يعني حالياً احط اي شي بالديسكتوب.....واسوي ريستارت....يرجع كل شي مثل ما كان ولا جني مسوي شي
تأييد
0
هلااا فيك
شغل الملف هذا
بيعاد تشغيل جهازك تلقائيا
بيظهر لك تقرير .. انسخه والصقه بردك القادم
-------------------------
بعدها اعد تشغيل جهازك
واعمل تقرير جديد هايجاك
شغل الملف هذا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بيعاد تشغيل جهازك تلقائيا
بيظهر لك تقرير .. انسخه والصقه بردك القادم
-------------------------
بعدها اعد تشغيل جهازك
واعمل تقرير جديد هايجاك
تأييد
0
الكويت حره
زيزوومي جديد
غير متصل
تفضل طال عمرك
تقرير الاداه الاولى
Logfile of The Avenger Version 2.0, (c) by Swandog46
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File "C:\heap41a\svchost.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-------------------------
وتقرير الهايجاك
Logfile of HijackThis v1.99.1
Scan saved at 19:19:42, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\TEMP\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTP01621 Class - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
تقرير الاداه الاولى
Logfile of The Avenger Version 2.0, (c) by Swandog46
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File "C:\heap41a\svchost.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-------------------------
وتقرير الهايجاك
Logfile of HijackThis v1.99.1
Scan saved at 19:19:42, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\TEMP\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTP01621 Class - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
تأييد
0
الكويت حره
زيزوومي جديد
غير متصل
الله يعطيك العافيه
بس اعتقد انه في فايروس بعد
لأنه لما احط شي بسطح المكتب.....واسوي ريستارت.....يرجع كل شي مثل ما كان
ارجوا انك تحل مشكلتي واكون شاكرلك
بس اعتقد انه في فايروس بعد
لأنه لما احط شي بسطح المكتب.....واسوي ريستارت.....يرجع كل شي مثل ما كان
ارجوا انك تحل مشكلتي واكون شاكرلك
تأييد
0
الكويت حره
زيزوومي جديد
غير متصل
هلا والله اخوي
آسف على التأخير
عملت حساب جديد.....وحفظت ملفات على سطح المكتب....والحمدلله مافي شي كل شي تمام
بس حساب الادمن بالذات تختفي الملفات الجديده
حتى اني مااقدر اسوي ابديت للويندوز...اقدر انزل الابديت بس لما اثبته ما يصير....!!!
اعتقد إن الفايروس غير معروف
ارجوا المساعده
آسف على التأخير
عملت حساب جديد.....وحفظت ملفات على سطح المكتب....والحمدلله مافي شي كل شي تمام
بس حساب الادمن بالذات تختفي الملفات الجديده
حتى اني مااقدر اسوي ابديت للويندوز...اقدر انزل الابديت بس لما اثبته ما يصير....!!!
اعتقد إن الفايروس غير معروف
ارجوا المساعده
تأييد
0
الكويت حره
زيزوومي جديد
غير متصل
اثاريه البلا من الحساب الاول
على العموم
يعطيك العافيه اخوي وما قصرت
واتعبناك معانا
والله يرحم والديك يا رب
على العموم
يعطيك العافيه اخوي وما قصرت
واتعبناك معانا
والله يرحم والديك يا رب
تأييد
0
الكويت حره
زيزوومي جديد
غير متصل
اسف اخوي زيزوم على إزعاجك
بس مشكله الابديت للويندوز ما انحلت.....يطلعلي خطأ
ولما ابي اسوي كراك للويندوز يطلعلي.... تم تحديث مفتاح الويندوز مع وجود اخطاء
بس مشكله الابديت للويندوز ما انحلت.....يطلعلي خطأ
ولما ابي اسوي كراك للويندوز يطلعلي.... تم تحديث مفتاح الويندوز مع وجود اخطاء
تأييد
0
عليكم السلااام ورحمة الله
نحتاج تقرير عن النسخه
حمل هذه الاداة
وعند تشغيلها انتظر لحظات .. وراح تظهر لك شاشة الاداة
اضغط على Continue ثم اضغط على Copy
واعمل ==> لصق بمشاركتك القادمه
نحتاج تقرير عن النسخه
حمل هذه الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وعند تشغيلها انتظر لحظات .. وراح تظهر لك شاشة الاداة
اضغط على Continue ثم اضغط على Copy
واعمل ==> لصق بمشاركتك القادمه
تأييد
0
الكويت حره
زيزوومي جديد
غير متصل
اسف على التأخير
تفضل
Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-MK7YH-28RK6-7K6YY
Windows Product Key Hash: 7Gv1QEfZeYHVFPrZh5cvsJRZ5G8=
Windows Product ID: 55274-OEM-2259361-89672
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {986F81AE-C792-40C3-8AE3-55B1AD33BB15}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: 0
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{986F81AE-C792-40C3-8AE3-55B1AD33BB15}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7K6YY</PKey><PID>55274-OEM-2259361-89672</PID><PIDType>3</PIDType><SID>S-1-5-21-1292428093-1580818891-839522115</SID><SYSTEM><Manufacturer>Acer, inc.</Manufacturer><Model>Aspire 3000 </Model></SYSTEM><BIOS><Manufacturer>Acer </Manufacturer><Version>3A16</Version><SMBIOSVersion major="2" minor="31"/><Date>20050322000000.000000+000</Date></BIOS><HWID>DEFE3607018400EC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Arab Standard Time(GMT+03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90110401-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73939-640-0000106-57496</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>
تفضل
Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-MK7YH-28RK6-7K6YY
Windows Product Key Hash: 7Gv1QEfZeYHVFPrZh5cvsJRZ5G8=
Windows Product ID: 55274-OEM-2259361-89672
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {986F81AE-C792-40C3-8AE3-55B1AD33BB15}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: 0
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{986F81AE-C792-40C3-8AE3-55B1AD33BB15}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7K6YY</PKey><PID>55274-OEM-2259361-89672</PID><PIDType>3</PIDType><SID>S-1-5-21-1292428093-1580818891-839522115</SID><SYSTEM><Manufacturer>Acer, inc.</Manufacturer><Model>Aspire 3000 </Model></SYSTEM><BIOS><Manufacturer>Acer </Manufacturer><Version>3A16</Version><SMBIOSVersion major="2" minor="31"/><Date>20050322000000.000000+000</Date></BIOS><HWID>DEFE3607018400EC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Arab Standard Time(GMT+03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90110401-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73939-640-0000106-57496</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>
تأييد
0