ويجزاك ربي كل خير
وان شاء الله ما ترجع ,
وان شاء الله ما ترجع ,
- بادئ الموضوع boob77
- تاريخ البدء
aymantaiger
زيزوومى محترف
غير متصل
تسلم ايدك يا بوب يا غالي
توقيع : aymantaiger
عطل جميع برامج الحماية ,,
حمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
يجب ان تكون جميع النوافذ مغلقة تماما
لا تلمس الماوس نهائيا عند الاستخدام
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
______________________________________
deshesh
زيزوومي جديد
- إنضم
- 14 سبتمبر 2008
- المشاركات
- 19
- مستوى التفاعل
- 1
- النقاط
- 20
- الإقامة
- أم الدنيا مصر
- الموقع الالكتروني
- www.linkedin.com
غير متصل
ممكن اعرف فين الرد على مشكلتى
انا تعبت بحث بالمنتدى
ارجو الرد
انا تعبت بحث بالمنتدى
ارجو الرد
برجاء وضع التحديثه الخاصه بالسيرفر باك 3 لان المشكله هذه تواجهنى على SP3
وبتفصل الجهاز عن الشبكة كلها والصوت بيقفل هو كمان
ComboFix 08-11-16.05 - virus 11/17/2008 21:52:16.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.441 [GMT 2:00]
Running from: c:\documents and settings\virus\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Storm3.exe
c:\windows\system32\com\lsass.exe
c:\windows\system32\com\netcfg.000
c:\windows\system32\com\netcfg.dll
c:\windows\system32\com\smss.exe
c:\windows\system32\dnsq.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-11-17 15:05 193,776 ----a-w c:\documents and settings\virus\Application Data\GDIPFONTCACHEV1.DAT
2008-11-17 14:34 --------- d-----w c:\program files\Trend Micro
2008-11-16 14:31 --------- d-----w c:\documents and settings\virus\Application Data\ArcSoft
2008-11-16 11:27 --------- d-----w c:\program files\U.S. Robotics
2008-11-16 11:27 --------- d-----w c:\program files\Common Files\snp2std
2008-11-16 11:23 --------- d-----w c:\documents and settings\virus\Application Data\InstallShield
2008-11-16 08:37 --------- d-----w c:\program files\Easiestutils
2008-11-16 08:24 --------- d-----w c:\program files\Total Video Converter
2008-11-16 07:21 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-16 07:21 --------- d-----w c:\documents and settings\virus\Application Data\Media Player Classic
2008-11-16 07:13 --------- d-----w c:\program files\Real Alternative
2008-11-16 07:04 --------- d-----w c:\documents and settings\virus\Application Data\Ulead Systems
2008-11-16 07:02 --------- d-----w c:\program files\Windows Media Components
2008-11-16 06:59 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-16 06:59 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-16 06:54 --------- d-----w c:\program files\PowerISO
2008-11-15 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\channels
2008-11-15 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\10015
2008-11-15 14:32 --------- d-----w c:\program files\Ringz Studio
2008-11-15 14:05 --------- d-----w c:\program files\Lonely Cat Games
2008-11-15 13:23 --------- d-----w c:\documents and settings\virus\Application Data\AdobeUM
2008-11-14 20:13 --------- d-----w c:\program files\WinPcap
2008-11-14 20:13 --------- d-----w c:\program files\stopcut
2008-11-14 20:03 --------- d-----w c:\program files\ColorSoft
2008-11-14 13:20 --------- d-----w c:\documents and settings\virus\Application Data\skypePM
2008-11-13 20:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 20:27 --------- d-----w c:\program files\KYE
2008-11-13 20:27 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-13 15:23 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-13 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-11-13 12:33 --------- d-----w c:\program files\Nokia
2008-11-13 12:33 --------- d-----w c:\program files\MSXML 6.0
2008-11-13 12:33 --------- d-----w c:\program files\Common Files\Nokia
2008-11-13 12:32 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-12 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-12 19:40 --------- d-----w c:\program files\Microsoft
2008-11-12 19:39 --------- d-----w c:\program files\Windows Live
2008-11-12 19:39 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-12 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-12 15:57 63,088 ------w c:\windows\system32\drivers\HookNtos.sys
2008-11-12 15:57 39,024 ------w c:\windows\system32\drivers\HOOKREG.sys
2008-11-12 15:46 --------- d-----w c:\program files\HP
2008-11-12 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-11-12 15:44 --------- d--h--w c:\program files\Avago-HP
2008-11-12 13:57 499,712 ------w c:\windows\system32\msvcp71.dll
2008-11-12 13:57 30,704 ------w c:\windows\system32\drivers\HookHelp.sys
2008-11-12 13:57 237,168 ------w c:\windows\system32\bsmain.exe
2008-11-12 13:57 164,976 ------w c:\windows\system32\drivers\HookSys.sys
2008-11-12 13:57 13,808 ------w c:\windows\system32\drivers\HookCont.sys
2008-11-12 13:57 113,264 ------w c:\windows\system32\RavExt.dll
2008-11-12 13:57 10,736 ------w c:\windows\system32\drivers\RsNTGdi.sys
2008-11-12 13:57 1,060,864 ------w c:\windows\system32\mfc71.dll
2008-11-12 13:57 --------- d-----w c:\program files\Rising
2008-11-12 13:57 --------- d-----w c:\documents and settings\All Users\Application Data\Rising
2008-11-02 08:11 60,273 ----a-w c:\windows\system32\pthreadGC2.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-15 06:56 91,136 ----a-w c:\windows\system32\nmwcdcls.dll
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-08-19 16:06 410,976 ----a-w c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( snapshot@Mon 11-17-2008_16.55.49.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 15:32:54 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_1fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 12:00 PM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [07/14/2008 05:42 PM 2606512]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [11/05/2008 09:59 PM 4347120]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [09/09/2008 12:02 AM 3513344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [04/14/2008 12:00 PM 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [04/14/2008 12:00 PM 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [04/14/2008 12:00 PM 455168]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [12/10/2005 05:57 PM 133016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [04/01/2006 08:33 AM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [04/01/2006 08:33 AM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [04/01/2006 08:33 AM 114688]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [05/04/2007 01:14 PM 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [08/19/2008 06:06 PM 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [07/07/2008 09:35 AM 167936]
"tsnp2std"="c:\windows\tsnp2std.exe" [11/10/2006 02:21 PM 290816]
"snp2std"="c:\windows\vsnp2std.exe" [09/15/2006 01:21 PM 675840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 12:00 PM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM 29696]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "c:\windows\system32\RavExt.dll" [11/12/2008 03:57 PM 113264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 07/23/2008 02:11 PM 21738792 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 04/02/2003 05:20 AM 12288 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 11/05/2008 09:59 PM 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CafeSuite\\CafeStation.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 RsNTGDI;RsNTGDI;c:\windows\system32\Drivers\RsNTGd i.sys [11/12/2008 3:58:02 PM 10736]
R1 HookCont;HookCont;c:\windows\system32\drivers\Hook Cont.sys [11/12/2008 3:58:04 PM 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\Hook Ntos.sys [11/12/2008 3:58:04 PM 63088]
R1 HookReg;HookReg;c:\windows\system32\drivers\HookRe g.sys [11/12/2008 3:58:04 PM 39024]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSy s.sys [11/12/2008 3:58:04 PM 164976]
R2 AntiARPClientLoader;AntiARP Client Loader;"c:\program files\ColorSoft\AntiARP\AntiARPClientLoader.exe" [10/17/2007 4:25:52 PM 40960]
R2 AntiArpNdisProt;AntiARP NDIS Protocol Driver;c:\windows\system32\DRIVERS\AntiArpNdisProt .sys [10/17/2007 1:33:10 PM 21120]
R2 RsCCenter;Rising Process Communication Center;"c:\program files\Rising\Rav\CCenter.exe" [11/12/2008 3:58:00 PM 162416]
R3 xAntiArp;xAntiArpSpoof Service;c:\windows\system32\DRIVERS\xAntiArp.sys [12/6/2007 2:16:26 PM 375296]
S2 RsRavMon;Rising RealTime Monitor;"c:\program files\RISING\RAV\Ravmond.exe" [11/12/2008 3:58:04 PM 395888]
S2 Stormser;Stormser;c:\progra~1\RINGZS~1\STORMC~1\St ormser.exe []
S3 GNDHVF;Genius VideoCAM Smart300 V2;c:\windows\system32\DRIVERS\gndhvf.sys [11/13/2008 10:27:46 PM 225152]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 7:31:34 PM 42000]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [11/16/2008 1:27:05 PM 12007168]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0b2ea82c-6e0e-11dd-b7f1-806d6172696f}]
\Shell\AutoRun\command - h:\bootcd\wintools\files\autorun.bat
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1de22ffb-b482-11dd-8ea2-000ffe31d131}]
\SHell\AuTopLAy\COMMand - J:\bhatj.pif
\SHell\AutoRun\command - J:\bhatj.pif
\SHell\eXpLORE\COmmand - J:\bhatj.pif
\SHell\oPen\commAND - J:\bhatj.pif
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{33ae8f94-b0ce-11dd-8e52-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL P1000_P1500.exe
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\virus\Application Data\Mozilla\Firefox\Profiles\f10cjyc7.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-17 21:53:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 11/17/2008 21:54:38
ComboFix-quarantined-files.txt 2008-11-17 19:54:34
Pre-Run: 836,743,168 bytes free
Post-Run: 845,897,728 bytes free
189
وبتفصل الجهاز عن الشبكة كلها والصوت بيقفل هو كمان
اتفضل اول تقرير
ComboFix 08-11-16.05 - virus 11/17/2008 21:52:16.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.441 [GMT 2:00]
Running from: c:\documents and settings\virus\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Storm3.exe
c:\windows\system32\com\lsass.exe
c:\windows\system32\com\netcfg.000
c:\windows\system32\com\netcfg.dll
c:\windows\system32\com\smss.exe
c:\windows\system32\dnsq.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-11-17 15:05 193,776 ----a-w c:\documents and settings\virus\Application Data\GDIPFONTCACHEV1.DAT
2008-11-17 14:34 --------- d-----w c:\program files\Trend Micro
2008-11-16 14:31 --------- d-----w c:\documents and settings\virus\Application Data\ArcSoft
2008-11-16 11:27 --------- d-----w c:\program files\U.S. Robotics
2008-11-16 11:27 --------- d-----w c:\program files\Common Files\snp2std
2008-11-16 11:23 --------- d-----w c:\documents and settings\virus\Application Data\InstallShield
2008-11-16 08:37 --------- d-----w c:\program files\Easiestutils
2008-11-16 08:24 --------- d-----w c:\program files\Total Video Converter
2008-11-16 07:21 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-16 07:21 --------- d-----w c:\documents and settings\virus\Application Data\Media Player Classic
2008-11-16 07:13 --------- d-----w c:\program files\Real Alternative
2008-11-16 07:04 --------- d-----w c:\documents and settings\virus\Application Data\Ulead Systems
2008-11-16 07:02 --------- d-----w c:\program files\Windows Media Components
2008-11-16 06:59 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-16 06:59 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-16 06:54 --------- d-----w c:\program files\PowerISO
2008-11-15 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\channels
2008-11-15 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\10015
2008-11-15 14:32 --------- d-----w c:\program files\Ringz Studio
2008-11-15 14:05 --------- d-----w c:\program files\Lonely Cat Games
2008-11-15 13:23 --------- d-----w c:\documents and settings\virus\Application Data\AdobeUM
2008-11-14 20:13 --------- d-----w c:\program files\WinPcap
2008-11-14 20:13 --------- d-----w c:\program files\stopcut
2008-11-14 20:03 --------- d-----w c:\program files\ColorSoft
2008-11-14 13:20 --------- d-----w c:\documents and settings\virus\Application Data\skypePM
2008-11-13 20:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 20:27 --------- d-----w c:\program files\KYE
2008-11-13 20:27 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-13 15:23 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-13 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-11-13 12:33 --------- d-----w c:\program files\Nokia
2008-11-13 12:33 --------- d-----w c:\program files\MSXML 6.0
2008-11-13 12:33 --------- d-----w c:\program files\Common Files\Nokia
2008-11-13 12:32 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-12 20:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-12 19:40 --------- d-----w c:\program files\Microsoft
2008-11-12 19:39 --------- d-----w c:\program files\Windows Live
2008-11-12 19:39 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-12 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-12 15:57 63,088 ------w c:\windows\system32\drivers\HookNtos.sys
2008-11-12 15:57 39,024 ------w c:\windows\system32\drivers\HOOKREG.sys
2008-11-12 15:46 --------- d-----w c:\program files\HP
2008-11-12 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-11-12 15:44 --------- d--h--w c:\program files\Avago-HP
2008-11-12 13:57 499,712 ------w c:\windows\system32\msvcp71.dll
2008-11-12 13:57 30,704 ------w c:\windows\system32\drivers\HookHelp.sys
2008-11-12 13:57 237,168 ------w c:\windows\system32\bsmain.exe
2008-11-12 13:57 164,976 ------w c:\windows\system32\drivers\HookSys.sys
2008-11-12 13:57 13,808 ------w c:\windows\system32\drivers\HookCont.sys
2008-11-12 13:57 113,264 ------w c:\windows\system32\RavExt.dll
2008-11-12 13:57 10,736 ------w c:\windows\system32\drivers\RsNTGdi.sys
2008-11-12 13:57 1,060,864 ------w c:\windows\system32\mfc71.dll
2008-11-12 13:57 --------- d-----w c:\program files\Rising
2008-11-12 13:57 --------- d-----w c:\documents and settings\All Users\Application Data\Rising
2008-11-02 08:11 60,273 ----a-w c:\windows\system32\pthreadGC2.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-15 06:56 91,136 ----a-w c:\windows\system32\nmwcdcls.dll
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-08-19 16:06 410,976 ----a-w c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( snapshot@Mon 11-17-2008_16.55.49.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 15:32:54 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_1fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 12:00 PM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [07/14/2008 05:42 PM 2606512]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [11/05/2008 09:59 PM 4347120]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [09/09/2008 12:02 AM 3513344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [04/14/2008 12:00 PM 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [04/14/2008 12:00 PM 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [04/14/2008 12:00 PM 455168]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [12/10/2005 05:57 PM 133016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [04/01/2006 08:33 AM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [04/01/2006 08:33 AM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [04/01/2006 08:33 AM 114688]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [05/04/2007 01:14 PM 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [08/19/2008 06:06 PM 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [07/07/2008 09:35 AM 167936]
"tsnp2std"="c:\windows\tsnp2std.exe" [11/10/2006 02:21 PM 290816]
"snp2std"="c:\windows\vsnp2std.exe" [09/15/2006 01:21 PM 675840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 12:00 PM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM 29696]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "c:\windows\system32\RavExt.dll" [11/12/2008 03:57 PM 113264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 07/23/2008 02:11 PM 21738792 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 04/02/2003 05:20 AM 12288 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 11/05/2008 09:59 PM 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CafeSuite\\CafeStation.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 RsNTGDI;RsNTGDI;c:\windows\system32\Drivers\RsNTGd i.sys [11/12/2008 3:58:02 PM 10736]
R1 HookCont;HookCont;c:\windows\system32\drivers\Hook Cont.sys [11/12/2008 3:58:04 PM 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\Hook Ntos.sys [11/12/2008 3:58:04 PM 63088]
R1 HookReg;HookReg;c:\windows\system32\drivers\HookRe g.sys [11/12/2008 3:58:04 PM 39024]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSy s.sys [11/12/2008 3:58:04 PM 164976]
R2 AntiARPClientLoader;AntiARP Client Loader;"c:\program files\ColorSoft\AntiARP\AntiARPClientLoader.exe" [10/17/2007 4:25:52 PM 40960]
R2 AntiArpNdisProt;AntiARP NDIS Protocol Driver;c:\windows\system32\DRIVERS\AntiArpNdisProt .sys [10/17/2007 1:33:10 PM 21120]
R2 RsCCenter;Rising Process Communication Center;"c:\program files\Rising\Rav\CCenter.exe" [11/12/2008 3:58:00 PM 162416]
R3 xAntiArp;xAntiArpSpoof Service;c:\windows\system32\DRIVERS\xAntiArp.sys [12/6/2007 2:16:26 PM 375296]
S2 RsRavMon;Rising RealTime Monitor;"c:\program files\RISING\RAV\Ravmond.exe" [11/12/2008 3:58:04 PM 395888]
S2 Stormser;Stormser;c:\progra~1\RINGZS~1\STORMC~1\St ormser.exe []
S3 GNDHVF;Genius VideoCAM Smart300 V2;c:\windows\system32\DRIVERS\gndhvf.sys [11/13/2008 10:27:46 PM 225152]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 7:31:34 PM 42000]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [11/16/2008 1:27:05 PM 12007168]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0b2ea82c-6e0e-11dd-b7f1-806d6172696f}]
\Shell\AutoRun\command - h:\bootcd\wintools\files\autorun.bat
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1de22ffb-b482-11dd-8ea2-000ffe31d131}]
\SHell\AuTopLAy\COMMand - J:\bhatj.pif
\SHell\AutoRun\command - J:\bhatj.pif
\SHell\eXpLORE\COmmand - J:\bhatj.pif
\SHell\oPen\commAND - J:\bhatj.pif
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{33ae8f94-b0ce-11dd-8e52-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL P1000_P1500.exe
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\virus\Application Data\Mozilla\Firefox\Profiles\f10cjyc7.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-11-17 21:53:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 11/17/2008 21:54:38
ComboFix-quarantined-files.txt 2008-11-17 19:54:34
Pre-Run: 836,743,168 bytes free
Post-Run: 845,897,728 bytes free
189
اتفضل تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:27 م, on 17/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CafeSuite\CafeStation.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\virus\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{638C3C88-E245-4F3B-822A-3AB14A78B966}: NameServer = 163.121.128.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{638C3C88-E245-4F3B-822A-3AB14A78B966}: NameServer = 163.121.128.134
O17 - HKLM\System\CS3\Services\Tcpip\..\{638C3C88-E245-4F3B-822A-3AB14A78B966}: NameServer = 163.121.128.134
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
--
End of file - 6378 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:27 م, on 17/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CafeSuite\CafeStation.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\virus\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{638C3C88-E245-4F3B-822A-3AB14A78B966}: NameServer = 163.121.128.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{638C3C88-E245-4F3B-822A-3AB14A78B966}: NameServer = 163.121.128.134
O17 - HKLM\System\CS3\Services\Tcpip\..\{638C3C88-E245-4F3B-822A-3AB14A78B966}: NameServer = 163.121.128.134
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
--
End of file - 6378 bytes
هناك رساله الان بتظهر قبل حدوث المشكله
وبعدها اجد التاسك بار تحول الى ثيم ويندوز 98 ثم الى Xp
ثم اجد الشبكة تم فصل ربطها بجميع الاجهزة الاخرى ولكن النت يعمل والصوت قد تم تعطيله ولكن صوت الويندوز نفسه يعمل لكن عند تشغيل اى فيديو الصوت لا يعمل ولابد من عمل اعادة تشغيل للجهاز ثم تحدث المشكله مره ثانيه
مع العلم ان نسخة الويندوز لدى SP3 اصلية
ارجوكم من لديه اداة اوبرنامج حمايه يتصدى لهذا الفيرس لانى جربت معظم برامج الحمايه لا فائدة
وبعدها اجد التاسك بار تحول الى ثيم ويندوز 98 ثم الى Xp
ثم اجد الشبكة تم فصل ربطها بجميع الاجهزة الاخرى ولكن النت يعمل والصوت قد تم تعطيله ولكن صوت الويندوز نفسه يعمل لكن عند تشغيل اى فيديو الصوت لا يعمل ولابد من عمل اعادة تشغيل للجهاز ثم تحدث المشكله مره ثانيه
مع العلم ان نسخة الويندوز لدى SP3 اصلية
ارجوكم من لديه اداة اوبرنامج حمايه يتصدى لهذا الفيرس لانى جربت معظم برامج الحمايه لا فائدة
السلام عليكم ,, وممكن انا اعرف شو مشكلتك .؟!!
ويجزاك ربي كل خير
التقرير لاول حذف كم ملف الثاني سليم ان شاء الله
فقط نظف الجهاز بهالاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم من تشغيل اكتب cleanmgr ستظهر لك نافذة فيهاا القرص c
اضغط موافق ستظهر لك نافذة حط صح في كل المربعات واضغط موافق
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
انتظر حتى تخلص العملية تستغرق ربع ساعة او اكثر حسب الملفات
اعد التشغيل اذا لم تنتهي المشكلة , ان شاء الله اشوفلك حل اخر
ميدو ابو روز
زيزوومي جديد
- إنضم
- 4 نوفمبر 2008
- المشاركات
- 95
- مستوى التفاعل
- 6
- النقاط
- 110
- الإقامة
- مصر
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
الف شكر يا كبير
شمعة الأمل
زيزوومى مميز
- إنضم
- 30 أكتوبر 2007
- المشاركات
- 606
- مستوى التفاعل
- 9
- النقاط
- 520
غير متصل
جزيت خيرا، وبارك الله فيك، وجعله في ميزان حسناتك
عند استعمالي للتحديث الموجود تظهر رسالة بأني لا أحتاجه لأن النسخة التي لدي متقدمة عن التحديث الموجود ... بمعنى أن الرسالة لم يتم إزالتها :no:
عند استعمالي للتحديث الموجود تظهر رسالة بأني لا أحتاجه لأن النسخة التي لدي متقدمة عن التحديث الموجود ... بمعنى أن الرسالة لم يتم إزالتها :no:
شيبووون
زيزوومى متألق
- إنضم
- 29 يناير 2008
- المشاركات
- 459
- مستوى التفاعل
- 7
- النقاط
- 470
- الإقامة
- yemen
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
مشكور يا دكتوووووور بوووووووووب
والله انك عبقري
يعطيك العافية
والله انك عبقري
يعطيك العافية