أرجوا منكم طريقة حذف فايروس الماسنجر

[amjedb]

بسم الله الرحمن الرحيم

بس حبيت اطرح مشكلتي وانشاء الله بتقولولي الحل

شكله عندي فايروس يخلي الماسنجر عندي يرسل رسائل ملفات مضغوطه من لحاله
ولجميع الموجودين عندي , وأي أحد يستقبل الملف يصير عنده نفس المشكله

وهذي الصيغة الي بتنكتب ومعها الملف المضغوط:

this is my dream house. look at the pool. WOW

ترى ما بقي احد الكل حاطلي بلوووك :er:
أرجوا منكم الحل

وجزاكم الله خيرا

 

[Juve GuardJuve Guard is verified member.]

طبق الي بقولك
كليك يمين على أيقونة جهاز الكمبيوتر => خصائص => استعادة النظام
حط علامة صح على ( تعطيل خاصية استعادة النظام ) => اقبل الحذف => ارجع وفعل خاصية الإستعاده
بعدين
عطل برنامج الحمايه عندك
بعدين حمل الأداة هذي وشغلها

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تطلع لك رسالتين اضغط على ( yes )

انتظر شوي لين ما تخلص من الفحص
واحتمال تسوي اعادة تشغيل لجهازك

انتهى الفحص
وجاري اعداد التقرير

هذا هو التقرير انسخه والصقه بردك الجاي
ويستحسن لو ترفعه على رابط

*****************************


بعدين
عطني تقرير لا هنت

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل => شغل البرنامج
Do a system scan and save a log file

يطلع لك تقرير => انسخه والصقه بردك القادم
ويستحسن لو ترفعه على رابط

 

[amjedb]

شكراااا

جزاك الله خير اخوي وماقصرت
بس اخر شيء جاني اختيارات يدوية
باختيار وهو fix checked

والتقريرين مع صورة مرفقة بالرابط
وبالنسبة للفايروس ,, جربت وفتحت الماسنجر ومني ملاحظ انه بيرسل لاي
احد زي اول ,,, مدري بس شكله راح

ومشكووووور ,,, وشوف الصورة واعطيني رايك ,,, لو تكرمت

 

[amjedb]

ما ادري بس التقارير ماهي راضيه تنزل كرابط
وتفضل انزلها هنا الاول وبعدها الثاني

ComboFix 08-07-26.1 - wsw 07/27/2008 18:19:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.135 [GMT 3:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\f.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 15:16 --------- d-----w C:\Documents and Settings\wsw\Application Data\Orbit
2008-07-20 21:44 143,872 ----a-w C:\WINDOWS\system32\pove.exe
2008-07-20 21:44 143,872 ----a-w C:\WINDOWS\system32\dumegyv.exe
2008-07-17 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-17 15:50 --------- d-----w C:\Program Files\SweetIM
2008-07-17 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM
2008-07-04 04:43 --------- d-----w C:\Program Files\ittihadfans
2008-07-02 21:36 0 ----a-w C:\savelist.dat
2008-07-02 21:34 50 ----a-w C:\savelist1.dat
2008-06-27 22:12 --------- d-----w C:\Documents and Settings\wsw\Application Data\Yahoo!
2008-06-27 21:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-27 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-27 21:44 --------- d-----w C:\Program Files\Yahoo!
2008-06-25 17:12 --------- d-----w C:\Program Files\Netlog Music Tool
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:55 --------- d-----w C:\Program Files\AMUST
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 13:57 107,149 --sh--r C:\olb1iimw.bat
2008-06-07 23:00 107,736 --sh--r C:\iefqwp.cmd
2008-06-05 03:50 108,512 --sh--r C:\jjcx.com
2008-06-02 04:37 108,400 --sh--r C:\invwft2h.com
2008-05-30 15:21 108,535 --sh--r C:\jdwx.exe
2008-05-28 18:36 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-28 18:36 --------- d-----w C:\Program Files\Common Files\Real
2008-05-28 18:35 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-28 18:35 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-28 22:10 104,269 --sh--r C:\jfvkcsy.bat
2008-04-28 07:44 105,128 --sh--r C:\oq.cmd
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e0714924-db50-4254-96df-0d4cc2d15948}"= "C:\Program Files\ittihadfans\tbitt0.dll" [07/04/2008 07:44 AM 1569304]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [03/27/2008 02:12 PM 173368]
[HKEY_CLASSES_ROOT\clsid\{e0714924-db50-4254-96df-0d4cc2d15948}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{e0714924-db50-4254-96df-0d4cc2d15948}]
07/04/2008 07:44 AM 1569304 --a------ C:\Program Files\ittihadfans\tbitt0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{EEE6C35C-6118-11DC-9C72-001320C79847}]
03/27/2008 02:12 PM 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e0714924-db50-4254-96df-0d4cc2d15948}"= "C:\Program Files\ittihadfans\tbitt0.dll" [07/04/2008 07:44 AM 1569304]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CLASSES_ROOT\clsid\{e0714924-db50-4254-96df-0d4cc2d15948}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E0714924-DB50-4254-96DF-0D4CC2D15948}"= "C:\Program Files\ittihadfans\tbitt0.dll" [07/04/2008 07:44 AM 1569304]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CLASSES_ROOT\clsid\{e0714924-db50-4254-96df-0d4cc2d15948}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [12/16/2005 01:57 PM 94208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/08/2008 03:36 PM 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DialerDetect"="C:\PROGRA~1\Nesma\Nesma.exe" [05/03/2005 05:06 PM 860160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 11:52 PM 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/14/2007 03:05 PM 1410304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/28/2008 09:35 PM 185896]
"zaguriz"="C:\WINDOWS\system32\pove.exe" [07/21/2008 12:44 AM 143872]
"RTHDCPL"="RTHDCPL.EXE" [12/10/2005 01:49 AM 15691264 C:\WINDOWS\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-11-17 22:17:06 1678536]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-11-27 02:24:37 10227712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact]
04/16/2008 02:24 PM 165368 C:\WINDOWS\system32\RegCompact.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\aMSN\\bin\\wish.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [11/14/2007 03:06 PM]
S2 mv8ziau5yimi;BeTwin Terminal Services;C:\WINDOWS\system32\dumegyv.exe [07/21/2008 12:44 AM]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [03/24/2004 05:12 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\jjcx.com
\Shell\explore\Command - H:\jjcx.com
\Shell\open\Command - H:\jjcx.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37853335-a63a-11dc-b433-0016d42dc369}]
\Shell\AutoRun\command - F:\olb1iimw.bat
\Shell\explore\Command - F:\olb1iimw.bat
\Shell\open\Command - F:\olb1iimw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47c3221f-fb16-11dc-aeb3-0016d42dc369}]
\Shell\AutoRun\command - F:\b.com
\Shell\explore\Command - F:\b.com
\Shell\open\Command - F:\b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{508d3e9e-a4ef-11dc-b430-0016d42dc369}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69c1bae3-a9cb-11dc-b43a-0016d42dc369}]
\Shell\AutoRun\command - F:\jjcx.com
\Shell\explore\Command - F:\jjcx.com
\Shell\open\Command - F:\jjcx.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69c1bae4-a9cb-11dc-b43a-0016d42dc369}]
\Shell\AutoRun\command - H:\jjcx.com
\Shell\explore\Command - H:\jjcx.com
\Shell\open\Command - H:\jjcx.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda17f25-9530-11dc-b8d9-91b9a16d87fd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0bbb414-1dbf-11dd-af27-0016d42dc369}]
\Shell\AutoRun\command - F:\jfvkcsy.bat
\Shell\explore\Command - F:\jfvkcsy.bat
\Shell\open\Command - F:\jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e107c8-301a-11dd-af5b-0016d42dc369}]
\Shell\AutoRun\command - F:\invwft2h.com
\Shell\explore\Command - F:\invwft2h.com
\Shell\open\Command - F:\invwft2h.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4dfa852-99c1-11dc-b408-0016d42dc369}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc6c80b3-9558-11dc-8e59-0016d42dc369}]
\Shell\AutoRun\command - F:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-07-27 C:\WINDOWS\Tasks\wsw backup.job - C:\WINDOWS\system32\winlogon.exe [08/04/2004 12:56 AM]
2008-07-27 C:\WINDOWS\Tasks\wsw scan and fix.job - C:\WINDOWS\system32\winlogon.exe [08/04/2004 12:56 AM]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O16 -: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://66.186.63.170/talk.cab
C:\WINDOWS\Downloaded Program Files\talk.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\Program Files\LtUcx\1003\imcv1.dll
O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://66.186.33.218/ReadUid.CAB
C:\WINDOWS\Downloaded Program Files\ReadUid.INF
C:\WINDOWS\Downloaded Program Files\ReadUid.ocx
O16 -: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://voice4.saudi4voice.com/imscp/talks.cab
C:\WINDOWS\Downloaded Program Files\talks.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\imcv1.dll
C:\WINDOWS\Downloaded Program Files\IMCSec.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-07-27 18:25:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 07/27/2008 18:28:23
ComboFix-quarantined-files.txt 2008-07-27 15:28:06
Pre-Run: 28,086,878,208 bytes free
Post-Run: 29,411,164,160 bytes free
225 --- E O F --- 2008-07-11 00:02:36
ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ
الثاني

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:35:49 م, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\Nesma\Nesma.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\pove.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ittihadfans Toolbar - {e0714924-db50-4254-96df-0d4cc2d15948} - C:\Program Files\ittihadfans\tbitt0.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ittihadfans Toolbar - {e0714924-db50-4254-96df-0d4cc2d15948} - C:\Program Files\ittihadfans\tbitt0.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ittihadfans Toolbar - {e0714924-db50-4254-96df-0d4cc2d15948} - C:\Program Files\ittihadfans\tbitt0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [DialerDetect] C:\PROGRA~1\Nesma\Nesma.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zaguriz] C:\WINDOWS\system32\pove.exe
O4 - HKLM\..\RunServices: [zaguriz] C:\WINDOWS\system32\pove.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BeTwin Terminal Services (mv8ziau5yimi) - Unknown owner - C:\WINDOWS\system32\dumegyv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 10331 bytes

 

[amjedb]

اخووووي الفاضل ,,,, سويت الي قولته وليسا باقي الفايروس عندي
ويرسل ملفات على الي عندي في الماسنجر

ارجووووووو الرد
شكراااااا

 

[MAAX]

تفضل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[هاوي النت]

اخوي واضح من التقرير لايوجد لديك برنامح حمايه ولا جدار ناري,, او غير مفعل
انصحك بتركيب الكاسبر سيكورتي الاصدار الاخير
شوف الموضوع هذا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[amjedb]

الف شكر اخوي ماكس واخوي هاوي
والحمدلله تم بحمد الله استئصال الفايروس