:: تحليل لجهازي اتمنى افادتي ::

ا

الوليد المنصوري

زيزوومى فعال
إنضم
3 أبريل 2008
المشاركات
211
مستوى التفاعل
2
النقاط
280
الإقامة
السعودية
غير متصل
السلام عليكم

اخواني هذا تحليلي

أتمنى حد يفيدني

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:57:05 ص, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\الولـــيد\Desktop\برتش\هيجاك\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nac.net:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 6752 bytes

------------------------

أنا جربت وطلعت عندي قيمتين O4 + O16

بس ما عرفت حق وشو هذي

تحياتي​
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
عندك فيروس ايمفو
احذف القيم هذي

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



وعطني تقرير بعد الحذف
عشان اتأكد من حذف الفيروس
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
مشكوور اخوي على الرد

وهذا تحليلي بعد احذف

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:08 ص, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\الولـــيد\Desktop\برتش\هيجاك\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nac.net:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 6305 bytes


تحياتي​
 
تأييد 0
ابك جهازك الحين منتاااااااااااااااااز
بس الله الله بالكاسبر 2009 انترنت سكيوريتي
او أفيرا
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
بارك الله فيـك أخوي عزام على المتابعه :ok:

--------------------------------------------

أخوي صاحب الموضوع اعمل الآتي لاهــنت :


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


قم بتشغيلها واتبع الشرح :

ri0jwrauixffv0n3hsk9.png


ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :


ph5zm97asywocrv26o6n.png



تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :


vcugasz5fixcii0xz21f.png



بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار


q7nw2aekeox17qx62fkh.png



هذه هو التقرير قد خرج انسخه والصقه في ردك القادم


2uhlzh9hbxq4i16xu7do.png
 
توقيع : Al jNtEeL
تأييد 0
Juve Guard قال:
ابك جهازك الحين منتاااااااااااااااااز
بس الله الله بالكاسبر 2009 انترنت سكيوريتي
او أفيرا
أنقر للتوسيع...


مشكور اخوي
بس لو تقولي من افضل ي الكاسبر ولا افيرا

والصراحه ابي شي خفيف ع الجهاز :(

لأنه ثقيل مره

تحياتي لك

أخوك:
الوليد
 
تأييد 0
والله الكاسبر خفيف
بس احيانا ً تمسك معه يكون ثقيل على بعض الاجهزه
اما الافيرا خفيف 100%
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
Al jNtEeL قال:
بارك الله فيـك أخوي عزام على المتابعه :ok:

--------------------------------------------

أخوي صاحب الموضوع اعمل الآتي لاهــنت :


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


قم بتشغيلها واتبع الشرح :


ri0jwrauixffv0n3hsk9.png


ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :​


ph5zm97asywocrv26o6n.png


تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :​


vcugasz5fixcii0xz21f.png


بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار​


q7nw2aekeox17qx62fkh.png


هذه هو التقرير قد خرج انسخه والصقه في ردك القادم​



2uhlzh9hbxq4i16xu7do.png
أنقر للتوسيع...


اخوي شاكر لك ردك هذا تقريري
ComboFix 08-08-13.02 - الولـــيد 08/14/2008 10:24:37.1 - NTFSx86
Running from: C:\Documents and Settings\الولـــيد\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\DOCUME~1\150B~1\LOCALS~1\Temp\tru1.tmp
C:\WINDOWS\mg.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 07:19 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\Skype
2008-08-14 05:04 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\skypePM
2008-08-13 14:54 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\Thinstall
2008-08-11 18:13 --------- d-----w C:\Program Files\TeamViewer3
2008-08-11 18:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-10 18:55 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\AdobeUM
2008-08-10 11:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 21:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\TeamViewer
2008-08-09 08:48 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-08 10:43 --------- d-----w C:\Program Files\IMMonitor
2008-08-04 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 03:46 --------- d-----w C:\Program Files\Nokia
2008-08-04 03:46 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-04 03:41 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-03 17:40 88,762 ----a-w C:\WINDOWS\lmg.exe
2008-08-01 13:31 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\U3
2008-07-31 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 01:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-31 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-30 14:42 23,888 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 14:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 14:28 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-29 03:10 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-29 03:06 155,995 ----a-w C:\WINDOWS\java\Packages\I8488DBZ.ZIP
2008-07-27 10:50 --------- d-----w C:\Program Files\Skype
2008-07-27 10:50 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-27 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-21 01:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-18 16:41 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\CyberScrub
2008-07-18 16:38 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\cleaner
2008-07-18 15:34 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\TeamViewer
2008-07-17 18:25 --------- d-----w C:\Program Files\Conquer 2.0
2008-07-17 07:07 --------- d-----w C:\Program Files\AskPBar
2008-07-17 04:27 --------- d-----w C:\Program Files\Google
2008-07-17 04:11 --------- d-----w C:\Program Files\arbpool
2008-07-06 21:33 --------- d-----w C:\Program Files\SimpleCenter
2008-07-06 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-07-06 12:35 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\Nokia
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 23:50 --------- d-----w C:\Program Files\SplitCam
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 PM 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/22/2008 03:17 AM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo7"= STV680tg.dll
"VIDC.CLBR"= P1001Dex.ax
"msacm.speex32"= speex32.acm
"vidc.vp31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^الولـــيد^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\الولـــيد\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 01/09/2007 10:59 PM 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 04:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 10/08/2004 10:27 AM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 10/08/2004 10:31 AM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 12/05/2006 10:55 PM 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 04/19/2008 10:59 AM 249856 C:\Program Files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 12/09/2005 03:32 PM 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\N2PDialr]
--a------ 11/01/2004 10:22 AM 2895872 C:\PROGRA~1\NET2PH~1\N2PDialr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 09/05/2006 08:22 PM 26248 C:\Program Files\Norton AntiVirus\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 11/17/2004 01:56 PM 1077327 C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 06/09/2006 07:52 PM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 11/23/2006 03:10 PM 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 11/15/2004 12:14 PM 118784 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 02/07/2005 05:04 AM 94037 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 10/08/2004 04:43 PM 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 10/08/2004 04:44 PM 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 01/22/2008 03:17 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 09/05/2003 05:24 AM 65536 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
--a------ 12/10/2004 10:26 PM 1089536 C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 08/04/2004 04:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Net2Phone Dialer\\N2PDialr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\U.S. Robotics\\EasyConfigurator\\EasyConfigurator.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [08/17/2001 04:57 PM]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure Anti-Virus\fswsclds.exe [06/29/2006 09:04 AM]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [12/09/2005 03:37 PM]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [12/10/2004 09:12 PM]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [08/04/2004 02:07 AM]
S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [11/04/2004 09:29 PM]
S3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [01/29/2002 09:25 PM]
S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [08/18/2004 08:02 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39315bc0-5fc9-11dd-882f-00c09fcbc885}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537b34a1-4455-11d9-b92b-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aae7121-4b4c-11dd-87b2-0013ce4b69ea}]
\Shell\AutoRun\command - E:\a3g3.bat
\Shell\explore\Command - E:\a3g3.bat
\Shell\open\Command - E:\a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aae7127-4b4c-11dd-87b2-0013ce4b69ea}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2265a3-42cb-11d9-85f1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fee14d0-bcba-11db-84aa-00c09fcbc885}]
\Shell\AutoRun\command - E:\a3g3.bat
\Shell\explore\Command - E:\a3g3.bat
\Shell\open\Command - E:\a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fee14d1-bcba-11db-84aa-00c09fcbc885}]
\Shell\AutoRun\command - F:\a3g3.bat
\Shell\explore\Command - F:\a3g3.bat
\Shell\open\Command - F:\a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba791153-4395-11d9-8be1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a9faf0-41df-11d9-a140-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0899e0-6027-11dd-8830-00c09fcbc885}]
\Shell\AutoRun\command - E:\a3g3.bat
\Shell\explore\Command - E:\a3g3.bat
\Shell\open\Command - E:\a3g3.bat
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03EED084-E355-2368-0801-1C8E96C9690B}]
C:\Documents and Settings\الولـــيد\Desktop\meriem1.exe
.
s of the 'Scheduled Tasks' folder
2008-08-08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - الولـــيد.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [09/07/2006 12:38 AM]
2006-05-07 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [08/04/2004 04:00 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-amva - C:\WINDOWS\system32\amvo.exe
MSConfigStartUp-Internet Download Accelerator - C:\Program Files\IDA\ida.exe
MSConfigStartUp-NDSTray - NDSTray.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\الولـــيد\Application Data\Mozilla\Firefox\Profiles\ni0v68zx.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-14 10:29:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 08/14/2008 10:33:25
ComboFix-quarantined-files.txt 2008-08-14 07:32:37
Pre-Run: 40,602,411,008 bytes free
Post-Run: 40,939,884,544 bytes free
236 --- E O F --- 2008-07-29 17:00:36


تحياتي
 
تأييد 0
Juve Guard قال:
والله الكاسبر خفيف
بس احيانا ً تمسك معه يكون ثقيل على بعض الاجهزه
اما الافيرا خفيف 100%
أنقر للتوسيع...


انزين اخوي ياريت لو تعطيني رابط للأفيرا

تحياتي لك

اخوك:
الويد​
 
تأييد 0
الوليد المنصوري قال:
اخوي شاكر لك ردك هذا تقريري
ComboFix 08-08-13.02 - الولـــيد 08/14/2008 10:24:37.1 - NTFSx86
Running from: C:\Documents and Settings\الولـــيد\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\DOCUME~1\150B~1\LOCALS~1\Temp\tru1.tmp
C:\WINDOWS\mg.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 07:19 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\Skype
2008-08-14 05:04 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\skypePM
2008-08-13 14:54 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\Thinstall
2008-08-11 18:13 --------- d-----w C:\Program Files\TeamViewer3
2008-08-11 18:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-10 18:55 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\AdobeUM
2008-08-10 11:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 21:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\TeamViewer
2008-08-09 08:48 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-08 10:43 --------- d-----w C:\Program Files\IMMonitor
2008-08-04 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 03:46 --------- d-----w C:\Program Files\Nokia
2008-08-04 03:46 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-04 03:41 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-03 17:40 88,762 ----a-w C:\WINDOWS\lmg.exe
2008-08-01 13:31 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\U3
2008-07-31 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 01:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-31 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-30 14:42 23,888 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 14:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 14:28 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-29 03:10 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-29 03:06 155,995 ----a-w C:\WINDOWS\java\Packages\I8488DBZ.ZIP
2008-07-27 10:50 --------- d-----w C:\Program Files\Skype
2008-07-27 10:50 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-27 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-21 01:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-18 16:41 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\CyberScrub
2008-07-18 16:38 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\cleaner
2008-07-18 15:34 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\TeamViewer
2008-07-17 18:25 --------- d-----w C:\Program Files\Conquer 2.0
2008-07-17 07:07 --------- d-----w C:\Program Files\AskPBar
2008-07-17 04:27 --------- d-----w C:\Program Files\Google
2008-07-17 04:11 --------- d-----w C:\Program Files\arbpool
2008-07-06 21:33 --------- d-----w C:\Program Files\SimpleCenter
2008-07-06 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-07-06 12:35 --------- d-----w C:\Documents and Settings\الولـــيد\Application Data\Nokia
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 23:50 --------- d-----w C:\Program Files\SplitCam
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 PM 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/22/2008 03:17 AM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo7"= STV680tg.dll
"VIDC.CLBR"= P1001Dex.ax
"msacm.speex32"= speex32.acm
"vidc.vp31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^الولـــيد^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\الولـــيد\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 01/09/2007 10:59 PM 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 04:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 10/08/2004 10:27 AM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 10/08/2004 10:31 AM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 12/05/2006 10:55 PM 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 04/19/2008 10:59 AM 249856 C:\Program Files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 12/09/2005 03:32 PM 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\N2PDialr]
--a------ 11/01/2004 10:22 AM 2895872 C:\PROGRA~1\NET2PH~1\N2PDialr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 09/05/2006 08:22 PM 26248 C:\Program Files\Norton AntiVirus\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 11/17/2004 01:56 PM 1077327 C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 06/09/2006 07:52 PM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 11/23/2006 03:10 PM 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 11/15/2004 12:14 PM 118784 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 02/07/2005 05:04 AM 94037 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 10/08/2004 04:43 PM 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 10/08/2004 04:44 PM 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 01/22/2008 03:17 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 09/05/2003 05:24 AM 65536 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
--a------ 12/10/2004 10:26 PM 1089536 C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 08/04/2004 04:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Net2Phone Dialer\\N2PDialr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\U.S. Robotics\\EasyConfigurator\\EasyConfigurator.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [08/17/2001 04:57 PM]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure Anti-Virus\fswsclds.exe [06/29/2006 09:04 AM]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [12/09/2005 03:37 PM]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [12/10/2004 09:12 PM]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [08/04/2004 02:07 AM]
S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [11/04/2004 09:29 PM]
S3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [01/29/2002 09:25 PM]
S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [08/18/2004 08:02 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39315bc0-5fc9-11dd-882f-00c09fcbc885}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{537b34a1-4455-11d9-b92b-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aae7121-4b4c-11dd-87b2-0013ce4b69ea}]
\Shell\AutoRun\command - E:\a3g3.bat
\Shell\explore\Command - E:\a3g3.bat
\Shell\open\Command - E:\a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aae7127-4b4c-11dd-87b2-0013ce4b69ea}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2265a3-42cb-11d9-85f1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fee14d0-bcba-11db-84aa-00c09fcbc885}]
\Shell\AutoRun\command - E:\a3g3.bat
\Shell\explore\Command - E:\a3g3.bat
\Shell\open\Command - E:\a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fee14d1-bcba-11db-84aa-00c09fcbc885}]
\Shell\AutoRun\command - F:\a3g3.bat
\Shell\explore\Command - F:\a3g3.bat
\Shell\open\Command - F:\a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba791153-4395-11d9-8be1-806d6172696f}]
\Shell\AutoRun\command - E:\browser.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a9faf0-41df-11d9-a140-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0899e0-6027-11dd-8830-00c09fcbc885}]
\Shell\AutoRun\command - E:\a3g3.bat
\Shell\explore\Command - E:\a3g3.bat
\Shell\open\Command - E:\a3g3.bat
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03EED084-E355-2368-0801-1C8E96C9690B}]
C:\Documents and Settings\الولـــيد\Desktop\meriem1.exe
.
s of the 'Scheduled Tasks' folder
2008-08-08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - الولـــيد.job
- C:\PROGRA~1\NORTON~1\Navw32.exe [09/07/2006 12:38 AM]
2006-05-07 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [08/04/2004 04:00 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-amva - C:\WINDOWS\system32\amvo.exe
MSConfigStartUp-Internet Download Accelerator - C:\Program Files\IDA\ida.exe
MSConfigStartUp-NDSTray - NDSTray.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\الولـــيد\Application Data\Mozilla\Firefox\Profiles\ni0v68zx.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-14 10:29:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 08/14/2008 10:33:25
ComboFix-quarantined-files.txt 2008-08-14 07:32:37
Pre-Run: 40,602,411,008 bytes free
Post-Run: 40,939,884,544 bytes free
236 --- E O F --- 2008-07-29 17:00:36


تحياتي
أنقر للتوسيع...

الحمد لله تم حذف بعض الفايروسات وباقـي حذفها نهائيا قبل تثبيت الأفيرا



حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من الفيروسات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,


رابط الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,


000.png




ولحفظ التقرير اعمل التالي ,,


001.png





002.png





بعدهاا ارفع التقرير على هذا الموقع ,, وارفق الرابط بردك القادم
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




بنتظار التقرير ...
 
توقيع : Al jNtEeL
تأييد 0
Al jNtEeL قال:
الحمد لله تم حذف بعض الفايروسات وباقـي حذفها نهائيا قبل تثبيت الأفيرا



أنقر للتوسيع...


اخوي الحمدلله اخيرا خلص البحث بعد طول انتظار

وهذا الملف اللي طلبته

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


تحياتي لك
 
تأييد 0
مداخله بسيطه
اخوي طبق الي بالصور

عطل خاصية استعادة النظام
كليك يمين على جهاز الكمبيوتر => خصائص

zyzoom-9a990ca6f3.png



من قائمة استعادة النظام
قم بوضع علامة صح على المربع
ثم تطبيق

zyzoom-cde149ec5d.png



تظهر لك رسالة
اضغط نعم

zyzoom-db12c6498a.png



انتظر قليلا ً حتى ينتهي من مسح النقاط
ثم ارجع وفعل الخاصية بوضع علامة صح
ثم تطبيق ثم موافق

zyzoom-c04734a4ed.png



نهاية
حمل برنامج حمايه
وحدثه لآخر تحديث وافحص جهازك به
ويفضل برنامج انتي سبايوير
اما سبايوير دكتور أو أفج انتي سبايوير => مع الأفيرا
أو أفج انتي سبايوير فقط => مع الكاسبر
أو سوبر انتي سبايوير => مع الجميع يركب ولا يوجد تعارض
وحدثه لآخر شي بعدين افحص جهازك
والله الموفق
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
الوليد المنصوري قال:
اخوي الحمدلله اخيرا خلص البحث بعد طول انتظار

وهذا الملف اللي طلبته

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


تحياتي لك
أنقر للتوسيع...

الحمد لله تم حذف الكثـير جدا من الفايروسات :ok:

اعمل ماقاله الأخ العزيز عزام في المشاركه السابقه

وهنا تجد الأفيرا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


حمله وحدثه وسو أيضا فحص :ok: ... ولا تقم بإيقافه لأي سبب

وبالتوفيـق يارب
 
توقيع : Al jNtEeL
تأييد 0
شكرا لكما

جاري تحميل وتنصيب برنامج الفيروسات

تحياتي لكم​
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى