شيل مشفر لاختبار برامج الحمايه

[ALmehob]

بارك الله فيك أخي
المشكلة أن الشل لا يتصل إذا لم يكن هناك اتصال بالإنترنت لأنه لن يجد عنوان الأي بي الشبكي
و أنا كنت قاطع النت
وبالإتصال بالشبكة تم رصد هذا الإتصال وواضح هنا وجود الاي بي الشبكي
واتضح أن التراست بورت لم يكن يشيش
مشاهدة المرفق 79187

قمت بفحص الريجستري ب regshot ومقارنة القيم ,
وهذة هي القيم المضافة \\

مفاتيح ريجستري مضافة :/

المحتوى مخفي عن الزوار رجاء سجل لتتمكن من رؤية المحتوى
[hide]

[LEFT]HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell

[/LEFT]
[/hide]


قيم ريجستري مضافة:/

[hide]

HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{ED9D80B9-D157-457B-9192-0E7280313BF0} {00000122-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 C5 0E 92 FB 8B 5A D0 01[/COLOR][/LEFT][/COLOR][/LEFT][/COLOR][/LEFT]
[COLOR=#ff0000]
[LEFT][COLOR=#ff0000]
[LEFT][COLOR=#ff0000]
[LEFT]HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 85 A9 9B FB 8B 5A D0 01
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\medo\Desktop\REGSHELL.exe:  53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 CE D3 1D 00 43 9E 01 00 01 00 00 00 00 00 00 00 00 00 01 06 00 01 00 00 2E F6 C8 A3 A5 6A CD 01 00 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 96 57 00 00 00 00 00 00 01 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3:  4A 00 31 00 00 00 00 00 69 46 27 89 10 00 44 61 74 61 00 00 36 00 08 00 04 00 EF BE 69 46 24 89 69 46 27 89 2A 00 00 00 64 FC 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 00 61 00 74 00 61 00 00 00 14 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot: 0x00000016
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx:  FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000006
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000002
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000030
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 A0 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 0B 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell\SniffedFolderType: "Generic"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3:  4A 00 31 00 00 00 00 00 69 46 27 89 10 00 44 61 74 61 00 00 36 00 08 00 04 00 EF BE 69 46 24 89 69 46 27 89 2A 00 00 00 64 FC 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 00 61 00 74 00 61 00 00 00 14 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot: 0x00000016
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx:  FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000006
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000002
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000030
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 A0 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 0B 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell\SniffedFolderType: "Generic"[/LEFT]

​

​

[/hide]

​

قيم ريجستري معدلة :/​

[hide]

HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02[/COLOR][/LEFT][/COLOR][/LEFT][/COLOR][/LEFT]
[COLOR=#ff0000]
[LEFT][COLOR=#ff0000]
[LEFT][COLOR=#ff0000]
[LEFT]HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\MRUListEx:  05 00 00 00 03 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\MRUListEx:  03 00 00 00 05 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags: 0x00000002
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\MRUListEx:  05 00 00 00 03 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\MRUListEx:  03 00 00 00 05 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags: 0x00000002
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags: 0x00000000[/LEFT]

[/hide]​

[hide]

​

[/hide]

​

[hide]

​

[/hide]

​

بيانات برفكت مضافة :/

C:\Windows\Prefetch\REGSHELL.EXE-59AE0126.pf
​

​

يابخيل يا ميدو عندك كل ده وما تعملش لنا عينات

 

[SkY MaRvEL]

اوت بوست


[hide]

وبعدها اختفاء شاشة الدوس
[/hide]

 

[SkY MaRvEL]

افاست


[hide]

[/hide]

 

[elmasry2006elmasry2006 is verified member.]

اوت بوست


[hide]مشاهدة المرفق 79199

مشاهدة المرفق 79195

مشاهدة المرفق 79196

مشاهدة المرفق 79200

مشاهدة المرفق 79201

مشاهدة المرفق 79197

مشاهدة المرفق 79198

وبعدها اختفاء شاشة الدوس
[/hide]

روووووعة...........برنامج جبار لايستهان به

 

[m0d!s@r7@n]

[hide]

[/hide]

نفس النتيجه التي قمت بتجربتها

 

[m0d!s@r7@n]

بارك الله فيك أخي
المشكلة أن الشل لا يتصل إذا لم يكن هناك اتصال بالإنترنت لأنه لن يجد عنوان الأي بي الشبكي
و أنا كنت قاطع النت
وبالإتصال بالشبكة تم رصد هذا الإتصال وواضح هنا وجود الاي بي الشبكي
واتضح أن التراست بورت لم يكن يشيش
مشاهدة المرفق 79187

قمت بفحص الريجستري ب regshot ومقارنة القيم ,
وهذة هي القيم المضافة \\

مفاتيح ريجستري مضافة :/

المحتوى مخفي عن الزوار رجاء سجل لتتمكن من رؤية المحتوى
[hide]

[LEFT]HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell

[/LEFT]
[/hide]


قيم ريجستري مضافة:/

[hide]

HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{ED9D80B9-D157-457B-9192-0E7280313BF0} {00000122-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 C5 0E 92 FB 8B 5A D0 01[/COLOR][/LEFT][/COLOR][/LEFT][/COLOR][/LEFT]
[COLOR=#ff0000]
[LEFT][COLOR=#ff0000]
[LEFT][COLOR=#ff0000]
[LEFT]HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 85 A9 9B FB 8B 5A D0 01
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\medo\Desktop\REGSHELL.exe:  53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 CE D3 1D 00 43 9E 01 00 01 00 00 00 00 00 00 00 00 00 01 06 00 01 00 00 2E F6 C8 A3 A5 6A CD 01 00 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 96 57 00 00 00 00 00 00 01 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3:  4A 00 31 00 00 00 00 00 69 46 27 89 10 00 44 61 74 61 00 00 36 00 08 00 04 00 EF BE 69 46 24 89 69 46 27 89 2A 00 00 00 64 FC 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 00 61 00 74 00 61 00 00 00 14 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot: 0x00000016
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx:  FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000006
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000002
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000030
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 A0 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 0B 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell\SniffedFolderType: "Generic"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3:  4A 00 31 00 00 00 00 00 69 46 27 89 10 00 44 61 74 61 00 00 36 00 08 00 04 00 EF BE 69 46 24 89 69 46 27 89 2A 00 00 00 64 FC 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 00 61 00 74 00 61 00 00 00 14 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot: 0x00000016
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx:  FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000006
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000002
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000030
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 A0 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 0B 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell\SniffedFolderType: "Generic"[/LEFT]

​

​

[/hide]

​

قيم ريجستري معدلة :/​

[hide]

HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02[/COLOR][/LEFT][/COLOR][/LEFT][/COLOR][/LEFT]
[COLOR=#ff0000]
[LEFT][COLOR=#ff0000]
[LEFT][COLOR=#ff0000]
[LEFT]HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\MRUListEx:  05 00 00 00 03 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\MRUListEx:  03 00 00 00 05 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags: 0x00000002
HKU\S-1-5-21-84665942-3725767665-1243070004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags: 0x00000000
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\MRUListEx:  05 00 00 00 03 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\MRUListEx:  03 00 00 00 05 00 00 00 04 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags: 0x00000002
HKU\S-1-5-21-84665942-3725767665-1243070004-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags: 0x00000000[/LEFT]

[/hide]​

[hide]

​

[/hide]

​

[hide]

​

[/hide]

​

بيانات برفكت مضافة :/

C:\Windows\Prefetch\REGSHELL.EXE-59AE0126.pf
​

​

ولكن الاداه ايضا لم ترصد القيمه المضافه للرجستري (الا لو هي اساسا كانت موجوده قبل التجربه)

 

[m0d!s@r7@n]

اوت بوست


[hide]مشاهدة المرفق 79199

مشاهدة المرفق 79195

مشاهدة المرفق 79196

مشاهدة المرفق 79200

مشاهدة المرفق 79201

مشاهدة المرفق 79197

مشاهدة المرفق 79198

وبعدها اختفاء شاشة الدوس
[/hide]

روووووعة...........برنامج جبار لايستهان به

لكنه لم يرصد التعديل علي الرجستري مثل privatefirewall

 

[m0d!s@r7@n]

افاست


[hide]مشاهدة المرفق 79202 مشاهدة المرفق 79203 مشاهدة المرفق 79204 [/hide]

اكيد ان الافاست لن يكون احسن حالا من بقيه البرامج

 

[MagicianMiDo32]

ولكن الاداه ايضا لم ترصد القيمه المضافه للرجستري (الا لو هي اساسا كانت موجوده قبل التجربه)

مشاهدة المرفق 79298

نعم انا قمت بالتجربة سابقا ثم اعدتها وشغلت الاداة
يمكن القيمة كانت موجودة اصلا
ساقوم بحذفها ومحاولة رصدها من جديد ان شاء الله

 

[elmasry2006elmasry2006 is verified member.]

لكنه لم يرصد التعديل علي الرجستري مثل privatefirewall

ازاي وهو فيه حماية لملفات الريجستري والقيم الخاص به
وبه حماية المتصفح

 

[m0d!s@r7@n]

ازاي وهو فيه حماية لملفات الريجستري والقيم الخاص به
وبه حماية المتصفح

عامه اي برنامج به هيبس المفروض يرصد التعديل علي الرجستري فما بالك ببرامج الحمايه ولكن واضح ان ثمه هفوه من برامج الحمايه في رصد هذا السلوك بالملف او ان الاخوه جربوا تشغيل الملف مسبقا

 

[elmasry2006elmasry2006 is verified member.]

عامه اي برنامج به هيبس المفروض يرصد التعديل علي الرجستري فما بالك ببرامج الحمايه ولكن واضح ان ثمه هفوه من برامج الحمايه في رصد هذا السلوك بالملف او ان الاخوه جربوا تشغيل الملف مسبقا

انتم اهل خبرة واعلم بذلك

 

[m0d!s@r7@n]

انتم اهل خبرة واعلم بذلك

العفو يا غالي

كلنا نتعلم ونتبادل المعرفه

 

[الخفـوق]

[hide]SpyShelter Firewall النسخه التجريبيه الكامله (14 يوم)

[/hide]

 

[الخفـوق]

[hide]

و عند التشغيل بالوضع " المحصور " بالبرنامج :

( يعني البرنامج من نفسه يحجب السلوك الضار ويكمل التشغيل ان كان يسمح بالاكمال )

بمراجعة تقارير البرنامج

[/hide]

 

[m0d!s@r7@n]

[hide]SpyShelter Firewall النسخه التجريبيه الكامله (14 يوم)
مشاهدة المرفق 79320

مشاهدة المرفق 79321

مشاهدة المرفق 79322

مشاهدة المرفق 79323

مشاهدة المرفق 79324

مشاهدة المرفق 79325

[/hide]

[hide]

و عند التشغيل بالوضع " المحصور " بالبرنامج :

( يعني البرنامج من نفسه يحجب السلوك الضار ويكمل التشغيل ان كان يسمح بالاكمال )



مشاهدة المرفق 79326



مشاهدة المرفق 79327



بمراجعة تقارير البرنامج

مشاهدة المرفق 79328 [/hide]

مشكور استاذنا الغالي احمد علي التحربه المميزه هذه

البرنامج بالفعل من اروع ما يكون

حبذا يتوفر له تفعيل

 

[الخفـوق]

العفو , ربي يبارك فيك يادكتور

نعم البرنامج جميل ويستحق انه يكون عند المستخدم خاصة انه بالتشغيل المحصور يقوم بحجب كامل السلوكيات + المامه بالرجستري + التعديل ع الملفات

فمثلا برنامج اضفنا لمجلده ملف كراك او قمنا بتحديثه البرنامج يررصد ( التعديلات على الملفات اللي تم مسبقا ً عمل سماح لها ) ويعرض نافذه يقترح فيها ثلاث خيارات

الوثوق بالمكونات >> ويعرض عرض كامل للمكونات ( بروسس / فايلز )
الرفع لفايروس توتال
التراجع ...

لم اتمكن من تصوير النافذه لاني كنت اشتغل ع الوهمي لبرنامج تم تفعيله بكراك ...

 

[MagicianMiDo32]

بصراحة السباي شيلتر هذا هو افضل رفيق للفاحص
عيبه هو التفعيل