- بادئ الموضوع makoo
- تاريخ البدء
- 1,604
MAAX
عضوشرف
غير متصل
حمل هذا البرنامج
بعدها اغلق جميع البرامج وخصوصا الانترنت اكسبلورر والماسنجر
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعدها اغلق جميع البرامج وخصوصا الانترنت اكسبلورر والماسنجر
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
تأييد
0
تفضل التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:03 م, on 31/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Bra'a\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-21-746137067-152049171-839522115-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-746137067-152049171-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-746137067-152049171-839522115-1011\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 8343 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:03 م, on 31/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Bra'a\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-21-746137067-152049171-839522115-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-746137067-152049171-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-746137067-152049171-839522115-1011\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 8343 bytes
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
شرح تعطيل الكاسبر
طريقة تعطيل الكاسبر :: Pause Protection :: والتفعيل
الشرح مقدم من
طريقة تعطيل الكاسبر :: Pause Protection :: والتفعيل
الشرح مقدم من
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : Technology G!rl
تأييد
0
التقرير الجديد للاداة الي اعطيتيني اياها الاخت Technology G!rl تفضلي
ComboFix 10-01-31.01 - Bra'a 02/01/2010 0:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.962.1033.18.2039.1582 [GMT 2:00]
Running from: c:\documents and settings\Bra'a\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\EventSystem.log
c:\windows\jestertb.dll
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\Data
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.
2010-01-29 19:01 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 19:01 . 2010-01-29 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 19:01 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 15:12 . 2010-01-21 15:12 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-21 10:44 . 2010-01-21 15:53 -------- d-----w- c:\documents and settings\Bra'a\Application Data\DMCache
2010-01-21 10:44 . 2010-01-21 10:58 -------- d-----w- c:\documents and settings\Bra'a\Application Data\IDM
2010-01-21 10:44 . 2010-01-21 15:55 -------- d-----w- c:\program files\Internet Download Manager
2010-01-20 17:04 . 2010-01-20 17:04 -------- d-----w- c:\program files\Conduit
2010-01-20 17:04 . 2010-01-20 17:04 -------- d-----w- c:\documents and settings\Bra'a\Local Settings\Application Data\Conduit
2010-01-15 22:10 . 2010-01-15 22:10 -------- d-----w- c:\documents and settings\D.H\Application Data\Switchball
2010-01-15 20:00 . 2010-01-15 20:00 -------- d-----w- c:\program files\GoldWave
2010-01-13 00:25 . 2010-01-31 22:23 -------- d-----w- c:\windows\system32\CatRoot2
2010-01-13 00:17 . 2010-01-13 00:17 -------- d-----w- C:\backups
2010-01-11 00:05 . 2010-01-24 17:05 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-05 18:33 . 2010-01-05 18:33 -------- d-----w- c:\documents and settings\Bra'a\Application Data\RetouchPilot
2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\windows\system32\AGEIA
2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-03 20:20 . 2010-01-03 20:44 -------- d-----w- c:\documents and settings\Bra'a\Application Data\GetRightToGo
2010-01-03 20:06 . 2010-01-03 20:06 -------- d-----w- c:\documents and settings\Bra'a\Application Data\Switchball
2010-01-03 20:06 . 2010-01-03 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-03 16:35 . 2010-01-03 16:35 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-03 16:35 . 2010-01-03 16:35 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-03 16:35 . 2010-01-03 16:35 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-03 16:35 . 2010-01-03 16:35 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-03 16:35 . 2010-01-03 16:35 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-03 16:34 . 2010-01-03 16:34 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-03 16:34 . 2010-01-03 16:34 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-03 16:00 . 2010-01-03 16:00 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-03 16:00 . 2010-01-03 16:00 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-03 16:00 . 2010-01-31 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-03 14:51 . 2010-01-03 14:51 -------- d-----w- c:\program files\NextSecurity.NET
2010-01-03 14:51 . 2004-12-06 18:08 32768 ----a-w- c:\windows\system32\drivers\nspacket.sys
2010-01-02 15:33 . 2010-01-02 15:33 -------- d-----w- c:\documents and settings\D.H\Application Data\PC Suite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 16:24 . 2009-07-26 22:36 -------- d-----w- c:\documents and settings\Bra'a\Application Data\Any Video Converter
2010-01-25 00:09 . 2009-01-15 14:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-21 15:13 . 2008-12-22 12:54 -------- d-----w- c:\program files\Common Files\Real
2010-01-21 15:12 . 2008-12-22 12:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-20 16:13 . 2009-02-28 12:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 17:42 . 2008-12-22 09:38 33384 ----a-w- c:\documents and settings\Bra'a\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 10:00 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 16:00 . 2008-12-22 12:59 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-03 15:59 . 2008-12-22 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-03 14:51 . 2008-12-21 21:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 12:25 . 2009-12-24 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-25 10:52 . 2009-12-25 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-25 05:36 . 2008-12-22 12:54 -------- d-----w- c:\program files\Google
2009-12-24 20:27 . 2009-12-24 20:26 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2009-12-24 18:04 . 2009-12-24 18:04 8704 ----a-w- c:\documents and settings\D.H\Application Data\Thinstall\AppData\1000000a00002h\dplaysvr.exe
2009-12-12 15:48 . 2009-12-12 15:48 -------- d-----w- c:\program files\MSXML 4.0
2009-12-12 02:45 . 2009-12-12 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-12-12 02:44 . 2009-12-12 02:09 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-12 02:44 . 2009-12-12 02:08 -------- d-----w- c:\program files\Nokia
2009-12-12 02:43 . 2009-12-12 02:43 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-12-12 02:43 . 2009-12-12 02:43 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-12 02:43 . 2009-12-12 02:43 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-12 02:42 . 2009-12-11 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-12 02:42 . 2009-12-12 02:44 24462216 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_ar.exe
2009-12-12 02:18 . 2009-12-12 02:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-12 02:17 . 2009-12-12 02:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-12 02:17 . 2009-12-11 13:57 -------- d-----w- c:\documents and settings\Bra'a\Application Data\PC Suite
2009-12-12 02:17 . 2009-12-11 13:57 -------- d-----w- c:\documents and settings\Bra'a\Application Data\Nokia
2009-12-12 02:17 . 2009-12-11 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-12 02:17 . 2009-12-12 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-12 02:17 . 2009-12-12 02:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-12 02:09 . 2009-12-12 02:09 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-12 02:08 . 2009-12-12 02:08 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-12 02:08 . 2009-12-12 02:08 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-12 02:08 . 2009-12-12 02:08 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-12 02:08 . 2009-12-12 02:08 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-12 02:08 . 2009-12-12 02:08 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-12 02:06 . 2009-12-12 02:08 34691976 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ara_web.exe
2009-12-11 13:57 . 2009-12-11 13:57 -------- d-----w- c:\program files\DIFX
2009-12-11 13:56 . 2009-12-11 13:56 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-11 13:56 . 2009-12-11 13:56 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-11 13:56 . 2009-12-11 13:56 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-11-06 09:31 . 2009-06-04 16:10 397 ----a-w- c:\windows\AntiTrial.bin
2009-11-05 22:57 . 2008-12-21 23:20 1536 ----a-w- c:\windows\system32\TrueSoft.dat
2008-03-09 04:25 . 2009-07-27 12:29 236 ---ha-w- c:\program files\Common Files\dx.reg
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-21 198160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Counter\\hl2.exe"=
"c:\\kav\\kav7.0\\english\\setup.exe"=
"e:\\Counter\\srcds.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\العاب الريد اليرت\\Red Alert 2\\GAME.EXE"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"e:\\Generals\\game.dat"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 08:18 م 36880]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [28/02/2009 02:06 م 54752]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 01:42 م 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 06:39 م 19472]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 م 704864]
S3 NSPacket;NextSecurity Packet Driver;c:\windows\system32\drivers\nspacket.sys [03/01/2010 04:51 م 32768]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.SYS [05/05/2006 03:59 م 131200]
S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\MSI\DualCoreCenter\RushTop.sys --> c:\program files\MSI\DualCoreCenter\RushTop.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.jo/
IE: Google Sidewiki...
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\documents and settings\Bra'a\Desktop\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2010-02-01 00:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\Behest\SermonRecorder\XData*Awkward]
"XData_V2"=hex:7d,43,7c,47,06,42,97,0c,2e,ec,32,bc,53,68,63,61,a7,4a,dc,72,1f,
46,da,ef,52,98,56,0f,f0,11,b7,a3,14,c0,10,60,16,3b,67,d4,27,3b,b4,c3,4c,c4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\pctspk.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-01 00:33:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-31 22:33
Pre-Run: 24,085,016,576 bytes free
Post-Run: 26,065,092,608 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E109E19E6F63FD763DA6982794519C9F
Microsoft Windows XP Professional 5.1.2600.3.1256.962.1033.18.2039.1582 [GMT 2:00]
Running from: c:\documents and settings\Bra'a\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\EventSystem.log
c:\windows\jestertb.dll
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\Data
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.
2010-01-29 19:01 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 19:01 . 2010-01-29 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 19:01 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 15:12 . 2010-01-21 15:12 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-21 10:44 . 2010-01-21 15:53 -------- d-----w- c:\documents and settings\Bra'a\Application Data\DMCache
2010-01-21 10:44 . 2010-01-21 10:58 -------- d-----w- c:\documents and settings\Bra'a\Application Data\IDM
2010-01-21 10:44 . 2010-01-21 15:55 -------- d-----w- c:\program files\Internet Download Manager
2010-01-20 17:04 . 2010-01-20 17:04 -------- d-----w- c:\program files\Conduit
2010-01-20 17:04 . 2010-01-20 17:04 -------- d-----w- c:\documents and settings\Bra'a\Local Settings\Application Data\Conduit
2010-01-15 22:10 . 2010-01-15 22:10 -------- d-----w- c:\documents and settings\D.H\Application Data\Switchball
2010-01-15 20:00 . 2010-01-15 20:00 -------- d-----w- c:\program files\GoldWave
2010-01-13 00:25 . 2010-01-31 22:23 -------- d-----w- c:\windows\system32\CatRoot2
2010-01-13 00:17 . 2010-01-13 00:17 -------- d-----w- C:\backups
2010-01-11 00:05 . 2010-01-24 17:05 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-05 18:33 . 2010-01-05 18:33 -------- d-----w- c:\documents and settings\Bra'a\Application Data\RetouchPilot
2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\windows\system32\AGEIA
2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-03 20:20 . 2010-01-03 20:44 -------- d-----w- c:\documents and settings\Bra'a\Application Data\GetRightToGo
2010-01-03 20:06 . 2010-01-03 20:06 -------- d-----w- c:\documents and settings\Bra'a\Application Data\Switchball
2010-01-03 20:06 . 2010-01-03 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-03 16:35 . 2010-01-03 16:35 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-03 16:35 . 2010-01-03 16:35 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-03 16:35 . 2010-01-03 16:35 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-03 16:35 . 2010-01-03 16:35 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-03 16:35 . 2010-01-03 16:35 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-03 16:34 . 2010-01-03 16:34 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-03 16:34 . 2010-01-03 16:34 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-03 16:00 . 2010-01-03 16:00 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-03 16:00 . 2010-01-03 16:00 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-03 16:00 . 2010-01-31 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-03 14:51 . 2010-01-03 14:51 -------- d-----w- c:\program files\NextSecurity.NET
2010-01-03 14:51 . 2004-12-06 18:08 32768 ----a-w- c:\windows\system32\drivers\nspacket.sys
2010-01-02 15:33 . 2010-01-02 15:33 -------- d-----w- c:\documents and settings\D.H\Application Data\PC Suite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 16:24 . 2009-07-26 22:36 -------- d-----w- c:\documents and settings\Bra'a\Application Data\Any Video Converter
2010-01-25 00:09 . 2009-01-15 14:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-21 15:13 . 2008-12-22 12:54 -------- d-----w- c:\program files\Common Files\Real
2010-01-21 15:12 . 2008-12-22 12:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-20 16:13 . 2009-02-28 12:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 17:42 . 2008-12-22 09:38 33384 ----a-w- c:\documents and settings\Bra'a\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 10:00 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 16:00 . 2008-12-22 12:59 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-03 15:59 . 2008-12-22 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-03 14:51 . 2008-12-21 21:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 12:25 . 2009-12-24 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-25 10:52 . 2009-12-25 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-25 05:36 . 2008-12-22 12:54 -------- d-----w- c:\program files\Google
2009-12-24 20:27 . 2009-12-24 20:26 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2009-12-24 18:04 . 2009-12-24 18:04 8704 ----a-w- c:\documents and settings\D.H\Application Data\Thinstall\AppData\1000000a00002h\dplaysvr.exe
2009-12-12 15:48 . 2009-12-12 15:48 -------- d-----w- c:\program files\MSXML 4.0
2009-12-12 02:45 . 2009-12-12 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-12-12 02:44 . 2009-12-12 02:09 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-12 02:44 . 2009-12-12 02:08 -------- d-----w- c:\program files\Nokia
2009-12-12 02:43 . 2009-12-12 02:43 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-12-12 02:43 . 2009-12-12 02:43 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-12 02:43 . 2009-12-12 02:43 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-12 02:42 . 2009-12-11 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-12 02:42 . 2009-12-12 02:44 24462216 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_ar.exe
2009-12-12 02:18 . 2009-12-12 02:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-12 02:17 . 2009-12-12 02:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-12 02:17 . 2009-12-11 13:57 -------- d-----w- c:\documents and settings\Bra'a\Application Data\PC Suite
2009-12-12 02:17 . 2009-12-11 13:57 -------- d-----w- c:\documents and settings\Bra'a\Application Data\Nokia
2009-12-12 02:17 . 2009-12-11 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-12 02:17 . 2009-12-12 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-12 02:17 . 2009-12-12 02:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-12 02:09 . 2009-12-12 02:09 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-12 02:08 . 2009-12-12 02:08 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-12 02:08 . 2009-12-12 02:08 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-12 02:08 . 2009-12-12 02:08 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-12 02:08 . 2009-12-12 02:08 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-12 02:08 . 2009-12-12 02:08 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-12 02:06 . 2009-12-12 02:08 34691976 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ara_web.exe
2009-12-11 13:57 . 2009-12-11 13:57 -------- d-----w- c:\program files\DIFX
2009-12-11 13:56 . 2009-12-11 13:56 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-11 13:56 . 2009-12-11 13:56 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-11 13:56 . 2009-12-11 13:56 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-11-06 09:31 . 2009-06-04 16:10 397 ----a-w- c:\windows\AntiTrial.bin
2009-11-05 22:57 . 2008-12-21 23:20 1536 ----a-w- c:\windows\system32\TrueSoft.dat
2008-03-09 04:25 . 2009-07-27 12:29 236 ---ha-w- c:\program files\Common Files\dx.reg
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-21 198160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Counter\\hl2.exe"=
"c:\\kav\\kav7.0\\english\\setup.exe"=
"e:\\Counter\\srcds.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\العاب الريد اليرت\\Red Alert 2\\GAME.EXE"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"e:\\Generals\\game.dat"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 08:18 م 36880]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [28/02/2009 02:06 م 54752]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 01:42 م 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 06:39 م 19472]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 م 704864]
S3 NSPacket;NextSecurity Packet Driver;c:\windows\system32\drivers\nspacket.sys [03/01/2010 04:51 م 32768]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.SYS [05/05/2006 03:59 م 131200]
S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\MSI\DualCoreCenter\RushTop.sys --> c:\program files\MSI\DualCoreCenter\RushTop.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.jo/
IE: Google Sidewiki...
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\documents and settings\Bra'a\Desktop\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2010-02-01 00:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-746137067-152049171-839522115-1003\Software\Behest\SermonRecorder\XData*Awkward]
"XData_V2"=hex:7d,43,7c,47,06,42,97,0c,2e,ec,32,bc,53,68,63,61,a7,4a,dc,72,1f,
46,da,ef,52,98,56,0f,f0,11,b7,a3,14,c0,10,60,16,3b,67,d4,27,3b,b4,c3,4c,c4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\pctspk.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-01 00:33:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-31 22:33
Pre-Run: 24,085,016,576 bytes free
Post-Run: 26,065,092,608 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E109E19E6F63FD763DA6982794519C9F
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير
ثم انتظر حتى اكتمال الفحص وظهور هذه الرسالة
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
ثم انتظر حتى اكتمال الفحص وظهور هذه الرسالة
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
توقيع : Technology G!rl
تأييد
0
هذا تقرير المالور
Malwarebytes' Anti-Malware 1.44
Database version: 3658
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
01/02/2010 01:16:25 ص
mbam-log-2010-02-01 (01-16-25).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 228111
Time elapsed: 23 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{5985257A-B073-40C4-A844-A7706F5E60D8}\RP395\A0096472.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5985257A-B073-40C4-A844-A7706F5E60D8}\RP395\A0096499.com (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.44
Database version: 3658
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
01/02/2010 01:16:25 ص
mbam-log-2010-02-01 (01-16-25).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 228111
Time elapsed: 23 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{5985257A-B073-40C4-A844-A7706F5E60D8}\RP395\A0096472.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5985257A-B073-40C4-A844-A7706F5E60D8}\RP395\A0096499.com (Trojan.Agent) -> Quarantined and deleted successfully.
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
حمل الملف التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبالماوس دبل كلك على الملف ... بعدها راح يفتح لك واجهة الاداة
اعمل كما بالشرح ...
ثم
حمل الملف التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغلها بدبل كلك لمستخدمين الاكسبي
ومستخدمين الفيستا و 7 حسب الصورة
سيتم اعادة تشغيل الجهاز اجباريا ،، احفظ اي اعمال تقوم بها
اضغط start وانتظر حتى انتهاء التنظيف
واضغط موافق للموافقة على اعادة تشغيل الجهاز
التعديل الأخير بواسطة المشرف:
توقيع : Technology G!rl
تأييد
0
لما حملت البرنامج رن سكنر وعملت مثل ما قلتي بس ما طلع ملفات
طلع هيك
يعني ما في ملفات عشان اعالجها واضغط عليها fix !!
طيب بعد لما احمل الاداة الاخيرة الي بتنظف الجهاز شو اعمل ؟ يعني كيف اعرف اذا جهازي مخترق ولا لا ؟
طلع هيك
يعني ما في ملفات عشان اعالجها واضغط عليها fix !!
طيب بعد لما احمل الاداة الاخيرة الي بتنظف الجهاز شو اعمل ؟ يعني كيف اعرف اذا جهازي مخترق ولا لا ؟
تأييد
0
MAAX
عضوشرف
غير متصل
حمل الملف التالي
وطبق عليه هذا الشرح
ثم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وطبق عليه هذا الشرح
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
كخطوة اخيرة اعمل هذي الاداه
استخدم هذي الآداه
كيف جهازك الآن ؟
استخدم هذي الآداه
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
كيف جهازك الآن ؟
التعديل الأخير بواسطة المشرف:
توقيع : Technology G!rl
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
التقارير سليمة على حسب علمي
الان اعمل التالي ,,
للغة العربية
افتح الاكسبلورر
ادوات >>>> خيارات الانترنت >>>> ثم اعمل كما الصورة
للغة الانجليزية
tools >>>>internet options
الان اعمل التالي ,,
للغة العربية
افتح الاكسبلورر
ادوات >>>> خيارات الانترنت >>>> ثم اعمل كما الصورة
للغة الانجليزية
tools >>>>internet options
توقيع : Technology G!rl
تأييد
0