warning ! spyware detected on your computer

[hosaam2006]

يا اخوان هلفيروس جنني ومو راضي ينحذف

جربت اكتر من برنامج ومافي فايدة



ياريت لو حدا عندو

اي فكره وبيقدر يساعدني اكون له من الشاكرين


جربت احمل الادة التي اسمها

SmitfraudFix


ولكن الانتي فايروس على طول عبيحذفها

في البدايه كان الكمبيوتر بطيئ جدا

ولكن الان الحمد لله اسرع

ولكن مازالت هذه الصورة تظهر

​

 

[mathlover]

عطل جميع برامج الحماية ,,

وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه

انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

الأخ ماكس هذا التقرير


ComboFix 08-10-02.04 - Geniuses 10/03/2008 19:25:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.65 [GMT 4:00]
Running from: C:\Documents and Settings\Geniuses\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp.htm
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\blphc1sej0e3a3.scr
C:\WINDOWS\system32\lphc1sej0e3a3.exe
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\phc1sej0e3a3.bmp
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\winsrc.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 15:31 3,108 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-03 15:31 286,752 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-03 15:31 15,484 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-03 15:31 1,709,600 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-26 11:57 3,430 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-26 05:54 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-26 05:54 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-26 05:03 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-26 04:43 --------- d-----w C:\Program Files\Google
2008-09-26 04:42 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-09-26 04:34 --------- d-----w C:\Program Files\Conduit
2008-09-26 04:34 --------- d-----w C:\Program Files\alwhyyn_site
2008-08-31 04:46 --------- d-----w C:\Program Files\Quranzu1
2008-08-30 18:52 45,056 ----a-w C:\WINDOWS\system32\Wnaspi32.dll
2008-08-30 18:52 16,877 ----a-w C:\WINDOWS\system32\drivers\Aspi32.sys
2008-08-14 12:28 79,364 ----a-w C:\WINDOWS\system32\msxml71.dll
2008-07-19 14:18 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
------- Sigcheck -------
08/04/2004 05:07 AM 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\svchost.exe
08/04/2004 05:07 AM 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
08/04/2004 05:07 AM 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe
08/04/2004 05:07 AM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\ws2_32.dll
08/04/2004 05:07 AM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
08/04/2004 05:07 AM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll
08/04/2004 05:07 AM 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\winlogon.exe
08/04/2004 05:07 AM 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
08/04/2004 05:07 AM 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe
08/04/2004 05:07 AM 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\ndis.sys
08/04/2004 05:07 AM 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
08/04/2004 05:07 AM 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
08/04/2004 05:07 AM 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\ip6fw.sys
08/04/2004 05:07 AM 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
08/04/2004 05:07 AM 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
08/04/2004 05:07 AM 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\services.exe
08/04/2004 05:07 AM 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
08/04/2004 05:07 AM 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe
08/04/2004 05:07 AM 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\lsass.exe
08/04/2004 05:07 AM 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
08/04/2004 05:07 AM 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe
08/04/2004 05:07 AM 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\ctfmon.exe
08/04/2004 05:07 AM 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
08/04/2004 05:07 AM 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
08/04/2004 05:07 AM 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\userinit.exe
08/04/2004 05:07 AM 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
08/04/2004 05:07 AM 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM 1241088]
"msnmsgr"="C:\Documents and Settings\Geniuses\Desktop\MSN Messenger\msnmsgr.exe" [08/13/2005 09:49 PM 7081984]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:07 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM 270648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM 271360]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/08/2005 08:55 AM 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [08/02/2007 06:30 PM 3096576]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/06/2008 08:17 PM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 05:07 AM 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM 1241088]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2007-07-05 368640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.speexacm"= speexw.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Server4PC.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Server4PC.lnk
backup=C:\WINDOWS\pss\Server4PC.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Geniuses^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\Geniuses\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 05:07 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 04/27/2007 09:41 AM 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 06/06/2008 08:17 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DVBViewerTE\\ts_winlirc.exe"=
"C:\\tc-recv\\tc-recv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Geniuses\\Desktop\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [07/19/2002 08:10 AM 6656]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM 24592]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [09/29/2005 02:28 PM 343040]
S3 gtermddo;gtermddo;C:\DOCUME~1\Geniuses\LOCALS~1\Temp\gtermddo.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0639b766-58bd-11dc-b930-000802216f68}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{347ca847-7df5-11dc-b8dd-000802216f68}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36a8557c-2b22-11dc-a2c8-000802216f68}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36a8558b-2b22-11dc-a2c8-000802216f68}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c7dded7-ba31-11dc-b8fe-000802216f68}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53fd35b1-e0a8-11dc-b918-000802216f68}]
\Shell\AutoRun\command - F:\xfoolavp.com
\Shell\explore\Command - F:\xfoolavp.com
\Shell\open\Command - F:\xfoolavp.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53fd371c-e0a8-11dc-b918-000802216f68}]
\Shell\AutoRun\command - G:\xpbkh.com
\Shell\explore\Command - G:\xpbkh.com
\Shell\open\Command - G:\xpbkh.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68bb5208-44c5-11dc-b90d-000802216f68}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{734cdf3a-8ecd-11dc-b8e7-000802216f68}]
\Shell\Auto\command - F:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7379da9a-67b8-11dc-b8cb-000802216f68}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8046c1fb-e2fa-11dc-b919-000802216f68}]
\Shell\AutoRun\command - F:\tyktjfww.exe
\Shell\explore\Command - F:\tyktjfww.exe
\Shell\open\Command - F:\tyktjfww.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{871e8edb-db52-11dc-b911-000802216f68}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f9276a-7b73-11dc-b8db-000802216f68}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e01da585-2861-11dc-a2ba-000802216f68}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb7c2b55-ebb8-11dc-b91b-000802216f68}]
\Shell\AutoRun\command - G:\adgiygu.exe
\Shell\explore\Command - G:\adgiygu.exe
\Shell\open\Command - G:\adgiygu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffa64a28-ef66-11dc-b91c-000802216f68}]
\Shell\AutoRun\command - G:\xpbkh.com
\Shell\explore\Command - G:\xpbkh.com
\Shell\open\Command - G:\xpbkh.com
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DLD.EXE - C:\Program Files\Download Direct\DLD.exe
HKCU-Run-50268003869737473784824824307258 - C:\Program Files\AV9\av2009.exe
HKLM-Run-Globe7 - C:\Program Files\Globe7\Globe7.exe
HKLM-Run-lphc1sej0e3a3 - C:\WINDOWS\system32\lphc1sej0e3a3.exe
MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyServer = http=127.0.0.1:9202;socks=127.0.0.1:9203
R1 -: HKCU-Internet Settings,ProxyOverride = customer.spectrumsat.net
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://voice5.emkanat.com/cp/files/talk08.cab
C:\WINDOWS\Downloaded Program Files\talk.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\Authenticatedll.dll
C:\WINDOWS\Downloaded Program Files\imcv1.dll
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-03 19:33:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 10/03/2008 19:43:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 15:43:08
Pre-Run: 854,925,312 bytes free
Post-Run: 2,697,883,648 bytes free
245 --- E O F --- 2008-09-26 23:04:06
أرجو الرد في أسرع وقت و كل عام و أنت بألف خير

 

[mathlover]

الأخ ماكس عند زميلي نفس المشكلة وقد حملت له نفس البرنامج وهذا تقريره
ComboFix 08-10-02.04 - BIT 10/04/2008 11:22:56.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.80 [GMT 4:00]
Running from: C:\Documents and Settings\BIT\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\968070
C:\WINDOWS\system32\968070\968070.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareExpert
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareExpert\AntiSpywareExpert.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareExpert\Uninstall AntiSpywareExpert.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\BIT\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\BIT\Application Data\rhcltfj0eabp
C:\Documents and Settings\BIT\s\bit@msahihalakhtaa[1].txt
C:\Documents and Settings\BIT\Desktop\AntiSpywareExpert.lnk
C:\Documents and Settings\BIT\My Documents\My Documents.url
C:\Documents and Settings\BIT\My Documents\My Music\My Music.url
C:\Documents and Settings\BIT\My Documents\My Pictures\My Pictures.url
C:\Documents and Settings\BIT\My Documents\My Videos\My Video.url
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Applications\myd.ico
C:\Program Files\Applications\mym.ico
C:\Program Files\Applications\myp.ico
C:\Program Files\Applications\myv.ico
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\rhcltfj0eabp
C:\Program Files\SAV
C:\Program Files\SAV\sav.cpl
C:\Program Files\SAV\sav.exe
C:\Program Files\SAV\sav0.dat
C:\Program Files\SAV\sav1.dat
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\BMf386ecfa.txt
C:\WINDOWS\s.ini
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\968070
C:\WINDOWS\system32\968070\968070.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\blphcgtfj0eabp.scr
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\jgpqkijy.ini
C:\WINDOWS\system32\JPrXFMoq.ini
C:\WINDOWS\system32\JPrXFMoq.ini2
C:\WINDOWS\system32\lphcgtfj0eabp.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mvbbrvof.dll
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\phcgtfj0eabp.bmp
C:\WINDOWS\system32\pphcgtfj0eabp.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\qoMFXrPJ.dll
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\tuvTJbCV.dll
C:\WINDOWS\system32\urqNEwXN.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\yjikqpgj.dll
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys
-------\Legacy_SYSREST.SYS

((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 07:13 31,938 ----a-w C:\Documents and Settings\BIT\base.dat
2008-10-04 05:32 106,496 ----a-w C:\WINDOWS\system32\1F.tmp
2008-10-03 20:28 --------- d-----w C:\Documents and Settings\BIT\Application Data\SecureExpertCleaner
2008-10-03 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SEC
2008-10-03 20:22 --------- d-----w C:\Program Files\SecureExpertCleaner
2008-10-03 20:09 106,496 ----a-w C:\WINDOWS\system32\10.tmp
2008-10-03 18:47 106,496 ----a-w C:\WINDOWS\system32\1C.tmp
2008-10-03 18:47 106,496 ----a-w C:\WINDOWS\system32\1A.tmp
2008-09-29 07:15 106,496 ----a-w C:\WINDOWS\system32\17.tmp
2008-09-20 02:22 --------- d-----w C:\Program Files\PC-Antispy
2008-09-14 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\efadmbgl
2008-09-14 04:36 113,668 ----a-w C:\WINDOWS\system32\msxml71.dll
2008-09-02 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 21:41 27,136 ----a-w C:\WINDOWS\system32\ubpr01.exe
2008-09-02 21:39 --------- d-----w C:\Program Files\Applications
2008-08-18 21:02 --------- d-----w C:\Documents and Settings\BIT\Application Data\AdobeUM
2008-07-18 18:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 18:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 18:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 18:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 18:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 18:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 18:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 18:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 18:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 18:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 18:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 18:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 18:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 18:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 18:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{157BEF24-1400-4E89-946A-F29F97D703D3}]
10/04/2008 11:26 AM 15360 --a------ C:\WINDOWS\system32\968070\968070.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:07 AM 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:54 PM 5674352]
"wblogon"="C:\WINDOWS\system32\ubpr01.exe" [09/03/2008 01:41 AM 27136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/16/2008 10:25 AM 180269]
"AtiPTA"="atiptaxx.exe" [09/15/2001 01:15 PM 245760 C:\WINDOWS\system32\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:07 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"IVqXkRWfCU"="C:\Documents and Settings\All Users\Application Data\efadmbgl\wvqjsvuh.exe" [09/14/2008 08:39 AM 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R3 WBMSA;Winbond Memory Stick Storage (MS) Device Driver - A;C:\WINDOWS\system32\Drivers\WBMSA.SYS [08/01/2001 01:29 AM 24493]
.
- - - - ORPHANS REMOVED - - - -
BHO-{3D762BE7-E11E-4C3C-8FD5-4D8E3D376917} - C:\WINDOWS\system32\qoMFXrPJ.dll
BHO-{4CAFAF0C-C38F-43C1-8080-390E776254DE} - C:\WINDOWS\system32\tuvTJbCV.dll
HKCU-Run-aspch - C:\Program Files\aspch\ASpCh.exe
HKCU-Run-SmartCfg - C:\WINDOWS\system32\polorozm.exe
HKCU-Run-QuickInstallPack - C:\Documents and Settings\BIT\Desktop\مضاد الفيروسات.exe
HKLM-Run-Antivirus - C:\Program Files\SAV\sav.exe
HKLM-Run-AntiSpywareExpert - C:\Program Files\AntiSpywareExpert\ase.exe
HKLM-Run-lphcgtfj0eabp - C:\WINDOWS\system32\lphcgtfj0eabp.exe
HKLM-Run-SMrhcltfj0eabp - C:\Program Files\rhcltfj0eabp\rhcltfj0eabp.exe
HKLM-Run-f0b5df66 - C:\WINDOWS\system32\yjikqpgj.dll
HKLM-Run-BMf386ecfa - C:\WINDOWS\system32\mvbbrvof.dll
HKLM-Explorer_Run-smile - C:\Program Files\Applications\wcs.exe
ShellExecuteHooks-{4CAFAF0C-C38F-43C1-8080-390E776254DE} - C:\WINDOWS\system32\tuvTJbCV.dll
Notify-tuvTJbCV - tuvTJbCV.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.pagesperview.com/?cm=811139&lt=1&it=2008-09-03%2001%3A39%3A44&dt=2008-09-13%2012%3A08%3A27&q=http://www.google.com.eg/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKCU-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-04 11:26:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SoftwareDistribution\Download\f3174104a45ae9b1276d8609df91dcb9\update\update.exe
.
**************************************************************************
.
Completion time: 10/04/2008 11:27:35 - machine was rebooted [BIT]
ComboFix-quarantined-files.txt 2008-10-04 07:27:26
Pre-Run: 6,333,423,616 bytes free
Post-Run: 6,277,693,440 bytes free
252 --- E O F --- 2008-09-08 04:09:55

 

[Al jNtEeL]

المعذره :d:

لاهنت اخوي ادخل الوضع الآمن <<< ضروري تعمل ذلك

ثم اعمل التالي :

عطل نقطة استعادة النظام

​

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انتظر تقرير اداة الكاسبر​

 

[MAAX]

المعذره :d:

لاهنت اخوي ادخل الوضع الآمن <<< ضروري تعمل ذلك

ثم اعمل التالي :

عطل نقطة استعادة النظام​

​

حمل اداة الكاسبر من الرابط التالي​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل​

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير​

ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انتظر تقرير اداة الكاسبر​

k:k:

انت وزميلك سوي هذي الخطوة
والافضل يكون زميلك موضوع لوحده