جهاز زميلي مضروب أو سليم ؟

[ابو جوري]

تقرير جهاز زميلي مضروب وإلا سليم


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:02:46 ص, on 03/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\1\LOCALS~1\Temp\Rar$EX00.500\Zyzoom_Hi jackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\twext.exe,
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TBSB04916 - {E8D2C90E-C25C-4DFE-8681-F4DDF9190547} - C:\Program Files\IEToolbar\Maktoob ToolBar\maktoobToolBar_RC2.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Maktoob ToolBar - {2105CE2D-249D-4B0E-9619-CB91B00101F0} - C:\Program Files\IEToolbar\Maktoob ToolBar\maktoobToolBar_RC2.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] C:\Documents and Settings\All Users\Application Data\That Face Camp Shim\TRANS JOY.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Exit Heck] C:\DOCUME~1\1\APPLIC~1\LONGWE~1\Close Amok.exe
O4 - HKCU\..\Run: [vEmotion] C:\Program Files\freebird\vEmotion\vEmotion.exe /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: CabBuilder -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O24 - Desktop Component 1: (no name) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

--
End of file - 7378 bytes
​

 

[MAAX]

الجهاز ملغووم

اعمل التقارير التالية على التوالي

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، انسخه والصقه بردك القادم

-----------------------------------------------------------------------------------------

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اعد تشغيل الجهاز بالوضع الامن
شغل الاداة بدبل كلك وسيتم استخراج محتوياتها على القرص C

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد الاستخراج توجه للقرص C وستجد مجلد باسم SDFix افتحه وطبق الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انتظر حتى ينهي الفحص ،، ثم يظهر لك press any key to continue
اضغط اي مفتاح بلوحة المفاتيح ليعاد تشغيل الجهاز

سيعاد تشغيل الجهاز بالوضع العادي ليكمل الفحص والتنظيف
انتظر حتى ينهي الفحص ،، ثم يظهر لك press any key to continue
اضغط اي مفتاح بلوحة المفاتيح لانهاء الفحص

سيظهر لك تقرير ،، انسخ مافيه والصقه بمشاركتك القادمة​

​

 

[ابو جوري]

ComboFix 08-12-02.02 - 1 12/03/2008 23:29:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.139 [GMT 3:00]
Running from: c:\documents and settings\1\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\0w.com
C:\abk.bat
C:\Autorun.inf
C:\b.exe
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
C:\e.cmd
C:\i.bat
C:\ij.bat
C:\lky.exe
C:\m2nl.bat
C:\nq0cq.cmd
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\Cache\files.ini
c:\program files\IEToolbar
c:\program files\IEToolbar\Maktoob ToolBar\as7ab.ico
c:\program files\IEToolbar\Maktoob ToolBar\basis.xml
c:\program files\IEToolbar\Maktoob ToolBar\bent-el7alal.ico
c:\program files\IEToolbar\Maktoob ToolBar\blogs.ico
c:\program files\IEToolbar\Maktoob ToolBar\business.ico
c:\program files\IEToolbar\Maktoob ToolBar\cars.ico
c:\program files\IEToolbar\Maktoob ToolBar\chat.ico
c:\program files\IEToolbar\Maktoob ToolBar\clippat.ico
c:\program files\IEToolbar\Maktoob ToolBar\description.jpg
c:\program files\IEToolbar\Maktoob ToolBar\email.ico
c:\program files\IEToolbar\Maktoob ToolBar\favorites.ico
c:\program files\IEToolbar\Maktoob ToolBar\flash-games.ico
c:\program files\IEToolbar\Maktoob ToolBar\games-main.ico
c:\program files\IEToolbar\Maktoob ToolBar\girls-games.ico
c:\program files\IEToolbar\Maktoob ToolBar\icons.bmp
c:\program files\IEToolbar\Maktoob ToolBar\icons.bmp_16.bmp
c:\program files\IEToolbar\Maktoob ToolBar\icons.bmp_24.bmp
c:\program files\IEToolbar\Maktoob ToolBar\info.txt
c:\program files\IEToolbar\Maktoob ToolBar\jokes.ico
c:\program files\IEToolbar\Maktoob ToolBar\logo.bmp
c:\program files\IEToolbar\Maktoob ToolBar\Maktoob-channels.ico
c:\program files\IEToolbar\Maktoob ToolBar\Maktoob-logo.ico
c:\program files\IEToolbar\Maktoob ToolBar\maktoobToolBar_RC2.crc
c:\program files\IEToolbar\Maktoob ToolBar\maktoobToolBar_RC2.dll
c:\program files\IEToolbar\Maktoob ToolBar\Master.bmp
c:\program files\IEToolbar\Maktoob ToolBar\new-game.ico
c:\program files\IEToolbar\Maktoob ToolBar\news.ico
c:\program files\IEToolbar\Maktoob ToolBar\sports.ico
c:\program files\IEToolbar\Maktoob ToolBar\stub.xml
c:\program files\IEToolbar\Maktoob ToolBar\tbhelper.dll
c:\program files\IEToolbar\Maktoob ToolBar\tbs_include_script_001578.js
c:\program files\IEToolbar\Maktoob ToolBar\uninstall.exe
c:\program files\IEToolbar\Maktoob ToolBar\update.exe
c:\program files\IEToolbar\Maktoob ToolBar\version.txt
c:\program files\IEToolbar\Maktoob ToolBar\women.ico
c:\program files\IEToolbar\Maktoob ToolBar\your_logo.png
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\rcukd.cmd
c:\windows\system32\AutoRun.inf
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\ckvo1.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kakle.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\paso.el
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla
c:\windows\system32\twext.exe
C:\xih9.cmd
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 20:33 731,168 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-03 20:33 22,304 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-03 20:31 9,596 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-03 20:31 3,092 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-03 20:23 --------- d-----w c:\program files\SweetIM
2008-12-03 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2008-12-02 23:38 --------- d-----w c:\program files\Kaspersky Lab
2008-12-02 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-02 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-02 23:27 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-12-02 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\That Face Camp Shim
2008-12-02 16:45 --------- d-----w c:\documents and settings\1\Application Data\Longwebmedia
2008-12-02 16:44 --------- d-----w c:\program files\MSN Messenger
2008-12-02 16:44 --------- d-----w c:\program files\Longwebmedia
2008-12-02 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-12-02 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-02 16:28 --------- d-----w c:\program files\Windows Live
2008-12-02 16:27 --------- d-----w c:\documents and settings\1\Application Data\skypePM
2008-12-01 21:29 --------- d-----w c:\documents and settings\Guest\Application Data\Skype
2008-12-01 18:16 --------- d-----w c:\documents and settings\Guest\Application Data\Longwebmedia
2008-12-01 18:15 --------- d-----w c:\documents and settings\Guest\Application Data\MessengerPlus! 3
2008-12-01 18:15 --------- d-----w c:\documents and settings\Guest\Application Data\Adverts
2008-12-01 02:41 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-01 02:27 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-30 13:34 --------- d-----w c:\documents and settings\Guest\Application Data\Motive
2008-11-30 00:45 112,132 --sh--r C:\o1.com
2008-11-29 01:28 --------- d-----w c:\documents and settings\1\Application Data\Ahead
2008-11-29 01:26 --------- d-----w c:\program files\Adverts
2008-11-29 01:05 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-24 10:15 90,112 ----a-w c:\windows\DUMP37aa.tmp
2008-11-22 16:02 90,112 ----a-w c:\windows\DUMP32c8.tmp
2008-11-17 11:11 --------- d-----w c:\program files\AGI
2008-11-16 11:30 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-14 18:10 --------- d-----w c:\program files\3DWebButton
2008-11-11 14:34 --------- d-----w c:\program files\Google
2008-11-11 09:48 108,271 --sh--r C:\whi.com
2008-11-10 16:48 --------- d-----w c:\documents and settings\1\Application Data\MSN Pictures Displayer
2008-11-10 16:45 --------- d-----w c:\program files\freebird
2008-11-10 12:49 446,976 ----a-w c:\windows\system32\ShellMPD.dll
2008-11-10 12:49 --------- d-----w c:\program files\MSN Pictures Displayer
2008-11-10 12:33 --------- d-----w c:\program files\Circle Developement
2008-11-09 17:18 90,112 ----a-w c:\windows\DUMP374c.tmp
2008-11-09 09:45 110,013 --sh--r C:\sq.com
2008-11-05 17:18 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2008-11-05 09:43 90,112 ----a-w c:\windows\DUMP3ac6.tmp
2008-11-03 19:37 90,112 ----a-w c:\windows\DUMP3d09.tmp
2008-11-03 01:24 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-10-31 15:52 --------- d-----w c:\documents and settings\1\Application Data\Nokia
2008-10-31 15:37 --------- d-----w c:\documents and settings\1\Application Data\Nokia Multimedia Player
2008-10-31 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-10-31 15:07 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-10-29 22:18 --------- d-----w c:\documents and settings\1\Application Data\Media Player Classic
2008-10-29 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-29 17:52 --------- d-----w c:\program files\IVT Corporation
2008-10-29 14:41 --------- d-----w c:\documents and settings\1\Application Data\Motive
2008-10-29 01:42 --------- d-----w c:\program files\FAHESS
2008-10-29 01:42 --------- d-----w c:\program files\Common Files\Motive
2008-10-29 00:39 --------- d-----w c:\program files\Fahess_Activation
2008-10-20 23:53 --------- d-----w c:\program files\Common Files\Adobe
2008-10-19 23:59 --------- d-----w c:\documents and settings\1\Application Data\HP
2008-10-18 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2008-10-18 02:14 --------- d-----w c:\program files\HP
2008-10-18 02:13 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-10-18 02:13 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-18 02:12 --------- d-----w c:\program files\Common Files\HP
2008-10-18 02:07 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-18 02:00 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-18 02:00 172,032 ------w c:\windows\Setup1.exe
2008-10-18 02:00 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-18 01:59 --------- d-----w c:\program files\Nokia
2008-10-18 01:59 --------- d-----w c:\program files\DIFX
2008-10-18 01:59 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-18 01:59 --------- d-----w c:\program files\Common Files\Nokia
2008-10-18 01:58 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-18 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-18 01:58 --------- d-----w c:\documents and settings\1\Application Data\PC Suite
2008-10-18 01:57 90,112 ----a-w c:\windows\system32\agsaami.dll
2008-10-18 01:57 610,304 ----a-w c:\windows\system32\agsaamg.dll
2008-10-18 01:57 372,736 ----a-w c:\windows\system32\agsaamc.dll
2008-10-18 01:57 2,535,424 ----a-w c:\windows\system32\agsaamj.dll
2008-10-18 01:57 196,608 ----a-w c:\windows\system32\maag.dll
2008-10-18 01:57 1,986,560 ----a-w c:\windows\system32\akll.dll
2008-10-18 01:57 1,245,184 ----a-w c:\windows\system32\bkll.dll
2008-10-18 01:57 1,212,416 ----a-w c:\windows\system32\ckll.dll
2008-10-18 01:57 --------- d-----w c:\program files\Real_SC
2008-10-18 01:56 1,023,035 ----a-w c:\windows\system32\Setup.scr
2008-10-18 01:55 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-18 01:55 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-18 01:55 --------- d-----w c:\program files\Real
2008-10-18 01:55 --------- d-----w c:\program files\Common Files\xing shared
2008-10-18 01:55 --------- d-----w c:\program files\Common Files\Real
2008-10-18 01:51 --------- d-----w c:\program files\Common Files\Ahead
2008-10-18 01:49 --------- d-----w c:\program files\Nero
2008-10-18 01:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-18 01:41 --------- d-----w c:\program files\MSBuild
2008-10-18 01:41 --------- d-----w c:\program files\Microsoft Works
2008-10-18 01:29 --------- d-----w c:\program files\microsoft frontpage
2008-10-17 08:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-17 08:59 --------- d-----w c:\program files\Realtek
2008-10-17 08:58 315,392 ----a-w c:\windows\HideWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"Exit Heck"="c:\docume~1\1\APPLIC~1\LONGWE~1\Close Amok.exe" [12/02/2008 07:44 PM 596480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [11/11/2008 05:34 PM 171448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"Google Update"="c:\documents and settings\1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [12/02/2008 07:52 PM 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [12/10/2007 10:12 AM 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [10/18/2008 04:55 AM 185896]
"FAHESS_McciTrayApp"="c:\program files\FAHESS\McciTrayApp.exe" [04/16/2008 11:54 AM 1459200]
"CAMP SHIM EXIT HECK"="c:\documents and settings\All Users\Application Data\That Face Camp Shim\TRANS JOY.exe" [12/03/2008 11:34 PM 1930240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/07/2007 05:35 PM 1294336]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 10/28/2005 04:25 PM 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 10/27/2006 12:47 AM 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 12/10/2007 10:12 AM 695808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 10/18/2008 04:55 AM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 05/03/2005 01:43 PM 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 04/12/2007 12:33 PM 16132608 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
-ra------ 02/06/2007 02:30 AM 176128 c:\windows\system32\S3Trayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 09/21/2006 11:36 AM 53248 c:\windows\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 McciCMService;McciCMService;"c:\program files\Common Files\Motive\McciCMService.exe" [2008-10-29 303104]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-10-17 709632]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\265.tmp []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\b.exe
\Shell\explore\Command - C:\b.exe
\Shell\open\Command - C:\b.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b311b2d-a6cf-11dd-af9a-00030d000001}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c2b6874-9cb6-11dd-af41-0019dbc11c25}]
\Shell\AutoRun\command - F:\b.exe
\Shell\explore\Command - F:\b.exe
\Shell\open\Command - F:\b.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69fb0180-c0c9-11dd-b092-0019dbc11c25}]
\Shell\AutoRun\command - F:\e.cmd
\Shell\explore\Command - F:\e.cmd
\Shell\open\Command - F:\e.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2c22f6f-a748-11dd-afa1-00030d000001}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{819EB9A0-34D8-0E0E-45AA-8DC6077F8D06}]
c:\docume~1\1\LOCALS~1\Temp\Rar$EX03.672\.
s of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\AE7B573D9190C769.job
- c:\docume~1\1\applic~1\longwe~1\tray style blue.exe [12/02/2008 07:45 PM]
2008-12-02 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [12/02/2008 07:52 PM]
.
- - - - ORPHANS REMOVED - - - -
BHO-{E8D2C90E-C25C-4DFE-8681-F4DDF9190547} - c:\program files\IEToolbar\Maktoob ToolBar\maktoobToolBar_RC2.dll
Toolbar-{2105CE2D-249D-4B0E-9619-CB91B00101F0} - c:\program files\IEToolbar\Maktoob ToolBar\maktoobToolBar_RC2.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{2105CE2D-249D-4B0E-9619-CB91B00101F0} - c:\program files\IEToolbar\Maktoob ToolBar\maktoobToolBar_RC2.dll
HKCU-Run-vEmotion - c:\program files\freebird\vEmotion\vEmotion.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe​

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/webhp?sourceid=navclient&ie=UTF-8
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDC5.OSD
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-03 23:33:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\265.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\msiexec.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 12/03/2008 23:34:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 20:34:36
Pre-Run: 22,738,534,400 bytes free
Post-Run: 23,043,530,752 bytes free
336
ـــــــــــــــــــــــــــــــــــــــــ​

SDFix: Version 1.240
Run by 1 on Wed 12/03/2008 at 11:52 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
{DEF85C80-216A-43ab-AF70-1665EDBE2780}
Path :
\??\C:\WINDOWS\TEMP\265.tmp
{DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted​

Restoring Default Security Values
Restoring Default Hosts File
Rebooting​

Checking Files :
Trojan Files Found:
C:\Documents and Settings\Guest\Application Data\twext.exe - Deleted
C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted
Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

by Gmer​

Removing Temp Files
ADS Check :​

Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-04 00:00:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"E\6-\6H\6D\6 ?V?I?A? ?C?o?m?p?a?t?a?b?l?e? ?F?a?s?t? ?E?t?h?e?r?n?e?t?"=str(7):"1\0"
"E\6-\6H\6D\6 ?R?A?S? ?A?s?y?n?c?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6,\6/\6H\6D\6)\6 ?'\6D\6-\0062\6E\6"=str(7):"1\0002\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ? ?(?L?2?T?P?)?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ?(?P?P?P?O?E?)?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ?(?I?P?X?)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"E\6-\6H\6D\6 ?V?I?A? ?C?o?m?p?a?t?a?b?l?e? ?F?a?s?t? ?E?t?h?e?r?n?e?t?"=str(7):"1\0"
"E\6-\6H\6D\6 ?R?A?S? ?A?s?y?n?c?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6,\6/\6H\6D\6)\6 ?'\6D\6-\0062\6E\6"=str(7):"1\0002\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ? ?(?L?2?T?P?)?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ?(?P?P?P?O?E?)?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"E\6F\6A\0060\6 ?E\0065\6:\0061\6 ?D\6@\6 ?W?A?N? ?(?I?P?X?)?"=str(7):"1\0"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"4\69\6'\0061\6'\6*\6 ?W?i?n?d?o?w?s? ?'\6D\6E\6*\6-\0061\6C\6)\6"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"#\6(\6J\0066\6 ?+\6D\6'\6+\6J\6 ?'\6D\6#\6(\69\6'\6/\6"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
"#\6J\6/\6J\6 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"#\6J\6/\6J\6 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"/\6J\6F\0065\6H\0061\6"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"7\0061\6'\0062\6 ?B\6/\6J\6E\6"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"E\6H\0065\6D\6"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"E\6C\6(\0061\6"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"*\6A\6'\6H\6*\6'\6*\6"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"(\0061\6H\6F\0062\6 ?+\6D\6'\6+\6J\6 ?'\6D\6#\6(\69\6'\6/\6"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"*\0063\6'\6D\6J\6"="'D(1'E, 'DED-B)\*3'DJ"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Devices]
"%\0061\0063\6'\6D\6 ?%\6D\6I\6 ?O?n?e?N?o?t?e? ?2?0?0?7?"="winspool,Ne00:"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts]
"%\0061\0063\6'\6D\6 ?%\6D\6I\6 ?O?n?e?N?o?t?e? ?2?0?0?7?"="winspool,Ne00:,15,45"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0​

Remaining Services :​

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :​

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 30 Nov 2008 112,132 ..SHR --- "C:\o1.com"
Sun 9 Nov 2008 110,013 ..SHR --- "C:\sq.com"
Tue 11 Nov 2008 108,271 ..SHR --- "C:\whi.com"
Thu 30 Oct 2008 774,144 A..H. --- "C:\Program Files\IVT Corporation\BlueSoleil\dll.dll"
Mon 1 Dec 2008 10,097,168 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\99874123ba6e1d5c4561781a7123ff19\BIT1EF.tmp"
Thu 27 Nov 2008 25,757,256 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f59c09e53dc7ffa7a137753e626bd91f\BIT1C8.tmp"
Thu 27 Nov 2008 60,602,764 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\707694e8ac7180b5d8c67faef2c5e530\download\BIT1FA.tmp"
Finished!​

 

[MAAX]

اعمل تقرير هايجااك جديد الان

 

[ابو جوري]

اعمل تقرير هايجااك جديد الان

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:58 ص, on 04/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] C:\Documents and Settings\All Users\Application Data\That Face Camp Shim\TRANS JOY.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Exit Heck] C:\DOCUME~1\1\APPLIC~1\LONGWE~1\Close Amok.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: CabBuilder -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O24 - Desktop Component 1: (no name) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

--
End of file - 6018 bytes




** ما قلتي وش فيها التقارير اللي فوق !!!!!!!!!!!!!!!

 

[MAAX]

** ما قلتي وش فيها التقارير اللي فوق !!!!!!!!!!!!!!!

جميع انواع الفيروسات :q:

حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

 

[ابو جوري]

وهذا هو التقرير

SmitFraudFix v2.381
Scan done at 4:11:02.26, Thu 12/04/2008
Run from C:\Documents and Settings\1\«ل¥ ںéêè¢ \SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\autorun.inf Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: محول VIA Compatable Fast Ethernet
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E13DDA0-6492-4CCA-BB36-F4B23537CC74}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E13DDA0-6492-4CCA-BB36-F4B23537CC74}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E13DDA0-6492-4CCA-BB36-F4B23537CC74}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
​

 

[MAAX]

تماام
اعمل تقرير هايجاك جديد

 

[ابو جوري]

تماام
اعمل تقرير هايجاك جديد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:11, on 04/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: CabBuilder -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4767 bytes
​

 

[MAAX]

حدد القيم التالية واحذفها

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

O16 - DPF: CabBuilder -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

طريقة الحذف

​

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

موفق​

 

[ابو جوري]

أخي الكريم ماكس

نشكرك على جهودك وبارك الله فيك وجعل ذلك في موازين حسناتك

لقد قمت بفحص الجهاز ببرنامج كاسبر وظهر لي خمس فيروسات وبعد الحذف وتكرار الفحص تظهر الفيروسات مره اخرى

واليك تقرير كاسبر في الرابط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[MAAX]

الشكر لله وحده

عطل نقطة استعادة النظام حسب الشرح التالي ثم اعد تشغيلها مرة اخرى

بعدها تختفي هذه الاصابات ​

 

[ابو جوري]

روووووح يا شيخ الله يرحم والديك ويرزقك الجنة ،،،،،،،،،
:kmj-by0000 (40):
دمــت بــود k:​

 

[MAAX]

اللهم آآآمين واياك وكل مسلم

يغلق لانتهائه