فايروس يمنع تشغيل الانتي فايورس

  • بادئ الموضوع بادئ الموضوع help4x
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,086
H

help4x

زيزوومي جديد
إنضم
26 أغسطس 2008
المشاركات
3
مستوى التفاعل
0
النقاط
0
غير متصل
السلام عليكم

عندي فايروس اعاني منه صار لي يومين

المشلكة ان الفايروس كل ما افتح أي فولدر يجتوي على برنامج أنتي فايروس أو أنتي سبايوير الفولدر على طول يتسكر

و لول حاولت اني ادخل على اي موقع انتي فايروس عشان اعمل اونلاين سكان
الأكسبلورر يتسكر

و جربت الفايرفوكس نفي الحالة

هل هناك طريقة للتخلص منه

؟؟؟؟
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
عذرا أخي الحبيب بنقل الموضوع لقسمه المناسب بالتوفيق
 
توقيع : techno
تأييد 0
اعمل التالي


==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم


بالأنتظار للتقارير​
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
السلام عليكم


شكرا أخوي عبودي على الرد

الخطوة رقم 1 قمت بها و سأدرج التقرير

كود: 
ComboFix 08-08-26.02 - ahmed.alhajri 2008-08-27  8:49:43.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1256.968.1033.18.439 [GMT 4:00]
Running from: C:\Documents and Settings\ahmed.alhajri\Desktop\kill Virus\ComboFix.exe
 * Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
 /wow section - STAGE 45
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
 /wow section - STAGE 46
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\hamouda\s\hamoud@mybrandcentral[1].txt
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\x64
----- BITS: Possible infected sites -----
 
.
(((((((((((((((((((((((((   Files Created from 2008-07-27 to 2008-08-27  )))))))))))))))))))))))))))))))
.
2008-08-27 07:26 . 2008-08-27 07:26 17,494,063 --a------ C:\Zyzoom_winpe2.1_cd_Live_Vista.rar
2008-08-25 13:49 . 2008-08-25 13:49 <DIR> d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2008-08-24 14:54 . 2007-06-13 14:23 61,952 -rahs---- C:\WINDOWS\mywork.exe
2008-08-24 14:54 . 2007-06-13 14:23 61,952 -r-hs---- C:\auto2.pif
2008-08-24 14:54 . 2008-08-27 06:57 28,160 --a------ C:\WINDOWS\system32\msvcrt.ax
2008-08-24 08:38 . 2008-08-24 08:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 08:38 . 2008-08-24 08:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 08:38 . 2008-08-24 08:38 <DIR> d-------- C:\Documents and Settings\ahmed.alhajri\Application Data\Malwarebytes
2008-08-24 08:38 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-24 08:38 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-24 07:22 . 2008-08-24 07:22 172 --ah----- C:\sqmnoopt19.sqm
2008-08-24 07:22 . 2008-08-24 07:22 172 --ah----- C:\sqmdata19.sqm
2008-08-24 07:13 . 2008-08-24 07:13 268 --ah----- C:\sqmdata18.sqm
2008-08-24 07:13 . 2008-08-24 07:13 244 --ah----- C:\sqmnoopt18.sqm
2008-08-23 19:45 . 2008-08-23 19:45 <DIR> d-------- C:\Documents and Settings\hamouda\Application Data\Apple Computer
2008-08-21 13:15 . 2008-08-21 13:15 268 --ah----- C:\sqmdata17.sqm
2008-08-21 13:15 . 2008-08-21 13:15 244 --ah----- C:\sqmnoopt17.sqm
2008-08-11 16:40 . 2008-08-11 16:40 244 --ah----- C:\sqmnoopt16.sqm
2008-08-11 16:40 . 2008-08-11 16:40 232 --ah----- C:\sqmdata16.sqm
2008-08-11 16:36 . 2008-08-11 16:36 <DIR> d-------- C:\Documents and Settings\Administrator.oas_dom1\Application Data\VMware
2008-08-11 16:35 . 2008-08-11 16:35 <DIR> d-------- C:\Documents and Settings\Administrator.oas_dom1\Application Data\SiteAdvisor
2008-08-11 16:35 . 2008-08-11 16:35 <DIR> d-------- C:\Documents and Settings\Administrator.oas_dom1\Application Data\PC Suite
2008-08-11 11:55 . 2008-08-11 12:04 <DIR> d-------- C:\Abdulljabaar
2008-08-10 07:42 . 2008-08-10 07:42 <DIR> d-------- C:\Program Files\Live Mesh
2008-08-10 07:42 . 2008-08-10 07:42 121,984 --a------ C:\WINDOWS\system32\rdpdispd.dll
2008-08-10 07:42 . 2008-08-10 07:42 22,656 --a------ C:\WINDOWS\system32\drivers\rdpvmp.sys
2008-08-10 07:42 . 2008-08-10 07:42 18,944 --a------ C:\WINDOWS\system32\rdpvdd.dll
2008-08-10 07:42 . 2008-08-10 07:42 12,288 --a------ C:\WINDOWS\system32\drivers\rdpdispm.sys
2008-08-09 12:01 . 2008-08-09 12:01 <DIR> d-------- C:\Documents and Settings\icopts\Application Data\Apple Computer
2008-08-09 11:19 . 2008-08-09 11:19 <DIR> d-------- C:\Documents and Settings\icopts\Application Data\VMware
2008-08-09 11:19 . 2008-08-09 11:19 <DIR> d-------- C:\Documents and Settings\icopts\Application Data\SiteAdvisor
2008-08-09 11:19 . 2008-08-09 11:19 <DIR> d-------- C:\Documents and Settings\icopts
2008-08-07 12:40 . 2008-08-07 12:40 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-08-07 10:48 . 2008-08-07 10:48 128,336 --a------ C:\Download_snm-2.67_swpl.exe
2008-08-04 10:41 . 2008-08-04 10:41 <DIR> d-------- C:\Program Files\ErstenWare
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 04:56 --------- d-----w C:\Documents and Settings\ahmed.alhajri\Application Data\VMware
2008-08-27 04:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-08-27 04:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-08-27 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-26 22:37 --------- d-----w C:\Program Files\LogMeIn
2008-08-26 13:54 --------- d-----w C:\Documents and Settings\hamouda\Application Data\VMware
2008-08-26 10:00 --------- d-----w C:\Program Files\Recover Data for Microsoft Outlook (Trial Version)
2008-08-26 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-25 09:47 --------- d-----w C:\Program Files\McAfee
2008-08-25 09:39 3,821,553 ----a-w C:\WINDOWS\FramePkg.exe
2008-08-25 08:05 --------- d-----w C:\Program Files\Paint Shop Pro 5
2008-08-12 08:01 --------- d-----w C:\Program Files\Google
2008-08-12 04:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-04 05:24 --------- d-----w C:\Program Files\DAP
2008-07-26 18:03 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-17 07:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-16 03:27 --------- d-----w C:\Documents and Settings\ahmed.alhajri\Application Data\Apple Computer
2008-07-14 09:24 --------- d-----w C:\Program Files\QuickTime
2008-07-14 09:10 --------- d-----w C:\Program Files\iTunes
2008-07-14 09:09 --------- d-----w C:\Program Files\iPod
2008-07-14 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-14 09:08 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-14 08:57 --------- d-----w C:\Program Files\Windows Desktop Search
2008-07-14 08:42 --------- d-----w C:\Program Files\Apple

2008-07-13 08:17 --------- d-----w C:\Program Files\nLite
2008-07-13 08:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 05:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-10 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-07 03:19 --------- d-----w C:\Program Files\Bonjour
2008-07-07 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-06-13 10:23 61,952 --sha-r C:\WINDOWS\mywork.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 04:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"MoeMonitor.exe"="C:\Documents and Settings\ahmed.alhajri\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.3103.9\MoeMonitor.exe" [2008-08-10 07:39 1188864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-07 22:22 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-07 22:22 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-07 22:22 137752]
"VerbAce"="C:\Program Files\VerbAce\VerbAce.exe" [2008-01-08 10:49 139264]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 20:50 111952]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6170\SiteAdv.exe" [2007-07-27 05:57 36640]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-04-10 09:02 69632]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 22:52 68400]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 22:52 56112]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2008-08-25 12:41 136512]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-01 04:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\hamouda\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\ahmed.alhajri\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-12-13 11:14:51 157008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-03-17 11:16:16 49254]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 17:33:36 626176]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-10 11:39:57 125624]
igfxtray.exe [2007-06-13 14:23:08 61952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2008-08-10 07:42 23552 C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\A2FREE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\A2SERVICE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACAAS.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACAEGMGR.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACAIS.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACALS.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACASP.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AHNSD.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AHNSDSV.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ALUSCHEDULERSVC.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTI-VIRUS&TROJAN.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASHSIMPL.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVENGINE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVENGINE.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGAMSVR.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGAS.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCC.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGEMC.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGINET.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGNT.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGUPSVC.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGWB.DAT.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSCAN.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdagent.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdss.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Bkav2006.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CASECURITYCENTER.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCAPP.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCPROVSP.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCSVCHST.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\COUNTERSPY.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEBSCD.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEBUPW.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGUI.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EKRN.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EKRN.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMLPROUI.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMLPROXY.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\far.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FCH32.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FireTray.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVSERVER.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROTTRAY.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWIN.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSAUA.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSAV32.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSDFWD.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSGK32.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSGK32ST.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSGUIDLL.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSM32.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMB32.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSQH.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSSM32.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSUS.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GUARD.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEProt.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPLUS.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KpopMon.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter.kxp.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXp_1.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\livesrv.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCAGENT.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCMSCSVC.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCNASVC.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCPROXY.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCSHIELD.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCSYSMON.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCUIMGR.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSESCN.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSRV.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSKAGENT.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSPROXY.AHN.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvsvc32.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ONLINENT.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ONLNSVC.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVFNSVR.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVFNSVR.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVPRSRV.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVSRV51.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVSRV51.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCTAV.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCTAVSVC.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSCTRLS.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSCTRLS.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSHOST.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSIMSVC.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSIMSVC.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSKMSSVC.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHFW.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QOELOADER.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QUHLPSVC.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavService.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RRfwMain.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rtvscan.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SASERVICE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SBCSSVC.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SBCSTRAY.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANMSG.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANNER.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANWSCS.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SFCTLCOM.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SHSTAT.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPIDERUI.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SRVLOAD.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBMon.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCM.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFSERVICE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFTRAY.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TISSPWIZ.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TMBMSRV.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TPSRV.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TROJAN GUARDER.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.kxp.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UfNavi.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UFSEAGNT.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpdaterUI.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UPSCHD.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsserv.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBPROXY.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WMIADAP.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\worm2007.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WUAUCLT.EXE.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xcommsvr.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\&shy;?¾×çW†Œô‚s.exe]
"Debugger"=system.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-190662608-158813679-1640847306-1252\Scripts\Logon\0\0]
"Script"=oas_login.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-190662608-158813679-1640847306-1657\Scripts\Logon\0\0]
"Script"=oas_login.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-190662608-158813679-1640847306-4675\Scripts\Logon\0\0]
"Script"=oas_login.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-190662608-158813679-1640847306-4825\Scripts\Logon\0\0]
"Script"=oas_login.vbs
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2004-10-25 06:15]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 SabrePrint;Sabre Print;C:\Program Files\The Sabre Group\Print32\OADP.EXE [2001-09-24 10:44]
R2 wlcrasvc;Live Mesh Remote Desktop;C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe [2008-08-10 07:42]
R3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2004-06-27 02:50]
R3 RDPDISPM;RDPDISPM;C:\WINDOWS\system32\DRIVERS\rdpdispm.sys [2008-08-10 07:42]
R3 RDPVDD;RDPVDD;C:\WINDOWS\system32\DRIVERS\rdpvmp.sys [2008-08-10 07:42]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c19dfbe-edbe-11dc-a9ff-111111111111}]
\Shell\AutoRun\command - Open
\Shell\open\Command - F:\sysrun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2a7f72b-3abe-11dd-a732-111111111111}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -
Notify-dimsntfy - (no file)
 
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ahmed.alhajri\Application Data\Mozilla\Firefox\Profiles\fwhoab1f.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2008-08-27 08:56:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Documents and Settings\ahmed.alhajri\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-08-27  9:00:11 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-27 05:00:09
Pre-Run: 1,768,079,360 bytes free
Post-Run: 2,848,657,408 bytes free
500


الخطوة رقم 2
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:15, on 2008-08-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\The Sabre Group\Print32\OADP.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VerbAce\VerbAce.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\ahmed.alhajri\Desktop\kill Virus\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.pimpmysearch.com/home.html?gname=ahmed%20alhajri[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VerbAce] C:\Program Files\VerbAce\VerbAce.exe -AutoRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6170\SiteAdv.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Documents and Settings\ahmed.alhajri\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.3103.9\MoeMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: igfxtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: [URL]http://www.adobe.com[/URL]
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - [URL]https://128.1.1.18:4343/officescan/console/html/root/AtxEnc.cab[/URL]
O16 - DPF: {4F3DCE50-E8E7-40AC-AB8D-99F87F1F89BD} (Trend Micro OfficeScan Management Console) - [URL]https://128.1.1.18:4343/officescan/console/html/root/AtxConsole.cab[/URL]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [URL]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197539059721[/URL]
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - [URL]http://localhost/NmConsole/CoreNm/Tools/msrdp.cab[/URL]
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - [URL]https://128.1.1.18:4343/officescan/console/html/root/AtxPie.cab[/URL]
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - [URL]https://www.mesh.com/0.9.3103.9/TSWeb.cab[/URL]
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - [URL]https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - [URL]http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab[/URL]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [URL]https://secure.logmein.com/activex/ractrl.cab?lmi=100[/URL]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: wlcrdplauncher - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sabre Print (SabrePrint) - Sabre Inc. - C:\Program Files\The Sabre Group\Print32\OADP.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6170\SAService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 11846 bytes


الحمد لله قدرت اشغل الأنتي فايروس


شكرا و جزاك الله خير
 
تأييد 0
احذف القيمة هذي

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Documents and Settings\ahmed.alhajri\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.3103.9\MoeMonitor.exe"


بعدين ادخل على موضوعي هذا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وابحث عن الخدمة الي اسمها SabrePrint
واحذفها بعدين ريستارت
بعدين حمل الأداة هذي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عطل برنامج الحمايه قبل ما تشغلها
ويستحسن تشغيلها بالوضع الآمن
واضغط على رقم 2 بعدين انتر

Fix01b.png



اذا وصلت للنص هذا
اضغط حرف y بعدين انتر
وخلها تفحص

Fix02b.png



بعد ما تنتهي بيطلع لك تقرير
ريستارت لجهازك وعطني تقريرها
بالإنتظار
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
Juve Guard قال:
احذف القيمة هذي

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Documents and Settings\ahmed.alhajri\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.3103.9\MoeMonitor.exe"


بعدين ادخل على موضوعي هذا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وابحث عن الخدمة الي اسمها SabrePrint
واحذفها بعدين ريستارت
بعدين حمل الأداة هذي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عطل برنامج الحمايه قبل ما تشغلها
ويستحسن تشغيلها بالوضع الآمن
واضغط على رقم 2 بعدين انتر

Fix01b.png



اذا وصلت للنص هذا
اضغط حرف y بعدين انتر
وخلها تفحص

Fix02b.png



بعد ما تنتهي بيطلع لك تقرير
ريستارت لجهازك وعطني تقريرها
بالإنتظار
أنقر للتوسيع...


السلام عليكم أخوي

بخصوص القيمة الأول فهو لجوجل تول بار و راح احذفة انشاء الله
أما الثانية فهي لبرنامج Mesh من موقع مايكروسوفت وهي خدمة احتاجها و استخدمها
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بخصوص SabrePrint فهو برنامج خاص بشركات الطيران و انا استخدمه ...

هل استمر في عمل الخطوة الثانية أو لأ
 
تأييد 0
عذرا من الغوالي

عزيزي تاكد من اغلاق كل البرامج والمتصفحات

ثم طبق هالمشاركة

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم


بعد هالخطوة طبق هالمشاركة

===========
شوف ياغالي ,,, حمل هذه الاداة ,,


واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات


و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,


قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور



000.png



001.png




002.png




003.png




004.png




005.png
 
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى