ستجدين ايقونة برنامج الكاسبر .. اسفل .. بجانب الساعه ، قومي بالضغط عليها بزر الفأره اليمين ومن ثم اختاري خروج أو Exit
Printable View
ستجدين ايقونة برنامج الكاسبر .. اسفل .. بجانب الساعه ، قومي بالضغط عليها بزر الفأره اليمين ومن ثم اختاري خروج أو Exit
ComboFix 08-04-14.2 - mama 04/15/2008 18:58:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.205 [GMT 3:00]
Running from: C:\??????????????????????????????????????????????? ?s and Settings\mama\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\??????????????????????????????????????????????? ?s and Settings\mama\Application Data\macromedia\Flash Player\#SharedObjects\G2NGQPAD\iforex.com
C:\??????????????????????????????????????????????? ?s and Settings\mama\Application Data\macromedia\Flash Player\#SharedObjects\G2NGQPAD\iforex.com\Emerp\Ev ents\flash_object.swf\user_data.sol
C:\??????????????????????????????????????????????? ?s and Settings\mama\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com
C:\??????????????????????????????????????????????? ?s and Settings\mama\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com\settings.sol
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-15 16:01 37,345,312 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-15 16:01 1,757,728 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-15 13:05 --------- d-----w C:\Program Files\Launch Manager
2008-04-15 03:15 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 03:14 501,200 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-15 03:14 166,496 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-15 00:03 --------- d-----w C:\Program Files\XoftSpySE
2008-04-12 20:51 --------- d-----w C:\Program Files\History Sweeper
2008-04-09 15:15 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\mama\Application Data\CyberScrub
2008-04-09 15:14 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\mama\Application Data\cleaner
2008-04-07 21:49 --------- d-----w C:\Program Files\MSNTools
2008-04-01 12:55 --------- d-----w C:\Program Files\Crystal Player
2008-03-29 22:34 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-24 03:44 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\mama\Application Data\MSN Pictures Displayer
2008-03-20 08:04 1,845,120 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 16:25 446,976 ----a-w C:\WINDOWS\system32\ShellMPD.dll
2008-03-12 16:25 --------- d-----w C:\Program Files\MSN Pictures Displayer
2008-03-07 22:19 --------- d-----w C:\Program Files\DVD X Studios
2008-03-07 22:19 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\DVD X Studios
2008-03-06 19:52 --------- d-----w C:\Program Files\Micro DVD Player
2008-03-03 20:13 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-03 20:12 --------- d-----w C:\Program Files\Common Files\Real
2008-03-03 20:11 --------- d-----w C:\Program Files\Google
2008-03-01 12:53 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 06:41 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\mama\Application Data\PLATFORM SHIM USER
2008-02-18 06:36 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB
2008-02-18 06:26 --------- d-----w C:\Program Files\PLATFORM SHIM USER
2005-08-07 16:53 2,487,827 ----a-w C:\WINDOWS\Fonts\Build Fonts XML.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]
"Move bias"="C:\DOCUME~1\mama\APPLIC~1\PLATFO~1\rect second.exe" [02/18/2008 09:26 AM 472576]
"Sweeper.exe"="C:\Program Files\History Sweeper\sweeper.exe" [03/27/2008 07:44 AM 176128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [11/24/2005 07:45 AM 589824]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 08:55 AM 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 08:52 AM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 08:55 AM 118784]
"RTHDCPL"="RTHDCPL.EXE" [12/19/2005 09:52 AM 15797248 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [12/21/2005 10:02 AM 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/20/2005 10:05 AM 729177]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 01:20 PM 227328]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [10/11/2007 11:17 PM 24576]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/03/2008 11:11 PM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/27/2007 03:58 PM 1744896]
C:\??????????????????????????????????????????????? ?s and Settings\mama\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-03-12 19:25:31 4576768]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Zone.com Deluxe Games\\Hexic Deluxe\\HexicDeluxe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 14:00:01 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-15 00:03:31 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 19:01:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 04/15/2008 19:02:53
ComboFix-quarantined-files.txt 2008-04-15 16:02:45
Pre-Run: 62,943,195,136 bytes free
Post-Run: 62,933,958,656 bytes free
.
2008-04-09 16:04:31 --- E O F ---
هذا اللي طلع معي ...
وماقصرت والله يعطيك العافيه ...
الله يعافيك ..
وجدت عندك اصابه سابقه واحتمال تكون قديمه ..
والافضل نتأكد أكثر ..
لي عوده إن شاء الله . إنتظريني
وجدت عندك اصابه سابقه واحتمال تكون قديمه ..
والافضل نتأكد أكثر ..
لي عوده إن شاء الله . إنتظريني
يعني تاثر على الجهاز هالاصابه ؟؟؟
ان شاء الله بنتظر ردك..
......
نجديه .. هلا فيك .. مانسيتك لكن تجهيز الشرح ياخذ شوية وقت ..
..أولاً ..
أبغاك تسوين فحص أون لاين بإستخدام الكاسبر أنتي فايروس ، اتبعي التالي :
.. ثانياً ..
الآن أبغاك تسوين فحص أون لاين بإستخدام AVG أنتي سباي وير ، اتبعي التالي :
اخوي خاص اذا وصلت لهذي المرحله يطفي جهازي :confused: سويتها 5 مرات وكله يطفي ..!
مادري وش اسوي ..؟
http://www.betosa.com/files/76/c77.jpg
أوكي .. جربي الخطوه الثانيه
فحص أون لاين بإستخدام AVG أنتي سباي وير
شي مو طبيعي نفس الشي اذا وصلت هنا يطفي علي ..!http://www.betosa.com/files/76/g5.jpg
:[]L