مالحل لخطا النظام؟

[بر KAKA نس]

ظهرت لي هذه الرسالة منذ فترة والخهاز صار ينطفي باستمرار ماذا افعل؟

 

[dяăģôŋ]

اول شئ استخدم هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

( 2 )
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[بر KAKA نس]

هذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:28:36 ص, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\user\winlogon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [is-OFPD5] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-OFPD5\is-OFPD5.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\user\winlogon.exe
O4 - HKLM\..\Run: [MFCD THAT BAIT BASH] C:\Documents and Settings\All Users\Application Data\Third Pure Mfcd That\Mp3 Flaw.exe
O4 - HKCU\..\Run: [junk list] C:\DOCUME~1\user\APPLIC~1\INTRAB~1\Livevcpart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: View Original Image - C:\PROGRAM FILES\ARTERA TURBO\DOCS\imageq.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: is-OFPD5 - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-OFPD5\is-OFPD5.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
--
End of file - 6163 bytes

 

[dяăģôŋ]

وووووووووووواو تقريرك رايح فيها

اذهب الى هذا الموضوع ونزل الاداة الى فيه وتبع شرح الاستخدام وفحص جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

نزلك برنامج حمايه ويفضل الكاسبر

فعل جدار الحمايه حق الوندو

وسولى تقرير ثانى لاخلصة

ماابى ابدا مسح القيم الا بعد تنفيذ ماسبق ذكره

بنتظارك​

 

[العرافة]

عفوا عالمداخلة شباب

اخوي راجع الحلول في هذه الصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يحللوا الشباب التقرير

انا اتوقع انه فايروس vendo

 

[بر KAKA نس]

هذا التقرير الي طلبت وا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يعينك عليه

 

[dяăģôŋ]

هلا اخوى

قم بايقاف استعادة النظام وقم بالاتى"

عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

بنتظارك مابقى الا القليل​

 

[بر KAKA نس]

اختي العرافة حاولت ادخل على الرابط لاكن مانفتحت الصفحه

 

[بر KAKA نس]

هذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:02 ص, on 18/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\user\winlogon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\user\winlogon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [is-OFPD5] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-OFPD5\is-OFPD5.exe"
O4 - HKLM\..\Run: [MFCD THAT BAIT BASH] C:\Documents and Settings\All Users\Application Data\Third Pure Mfcd That\Mp3 Flaw.exe
O4 - HKCU\..\Run: [junk list] C:\DOCUME~1\user\APPLIC~1\INTRAB~1\Livevcpart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: View Original Image - C:\PROGRAM FILES\ARTERA TURBO\DOCS\imageq.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: is-OFPD5 - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-OFPD5\is-OFPD5.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
--
End of file - 5949 bytes

 

[بر KAKA نس]

وهذا التقرير الثاني:

ComboFix 08-07-17.4 - user 07/17/2008 22:27:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.83 [GMT 3:00]
Running from: C:\Documents and Settings\user\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#Shareds\BYRGWSGQ\iforex.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#Shareds\BYRGWSGQ\iforex.com\Emerp\Events\flash_.swf\user_data.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\user\Application Data\PCPrivacyTool
C:\Documents and Settings\user\Application Data\PCPrivacyTool\Logs\update.log
C:\Program Files\Common Files\PCPrivacyTool
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\cursor
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\0373D068.bin
C:\Program Files\MyWebSearch\bar\Cache\0375DE88.bin
C:\Program Files\MyWebSearch\bar\Cache\0375E59C.bin
C:\Program Files\MyWebSearch\bar\Cache\0375E8E8.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\Fonts\-
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\system32\ali.exe
C:\WINDOWS\system32\mdm.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 19:36 --------- d-----w C:\Documents and Settings\user\Application Data\DMCache
2008-07-17 19:31 573,992 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-17 19:31 53,391,392 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-15 23:36 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-07-15 20:06 --------- d-----w C:\Documents and Settings\user\Application Data\IntraBody
2008-07-15 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Third Pure Mfcd That
2008-07-15 20:04 --------- d-----w C:\Program Files\IntraBody
2008-07-14 21:16 --------- d-----w C:\Program Files\Trymedia
2008-07-14 21:14 --------- d-----w C:\Program Files\Valusoft
2008-07-14 21:04 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-14 15:44 --------- d-----w C:\Documents and Settings\user\Application Data\IDM
2008-07-13 19:26 --------- d-----w C:\Program Files\Kuma Games
2008-07-10 11:09 118,342 ----a-w C:\WINDOWS\Fonts\x.zip
2008-07-06 10:21 --------- d-----w C:\Program Files\MSN Messenger
2008-06-30 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-30 00:01 --------- d-----w C:\Program Files\Adverts
2008-06-29 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-29 19:30 --------- d-----w C:\Documents and Settings\user\Application Data\BitDownload
2008-06-28 20:49 --------- d-----w C:\Program Files\BitDownload
2008-06-27 15:38 53,248 --sh--w C:\Documents and Settings\user\winlogon.exe
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 22:08 --------- d-----w C:\Documents and Settings\user\Application Data\Media Player Classic
2008-06-13 22:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 07:09 --------- d-----w C:\Program Files\Microsoft Works
2008-06-09 06:13 --------- d-----w C:\Program Files\Windows Live
2008-06-09 06:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-07 15:32 --------- d-----w C:\Documents and Settings\user\Application Data\.wyzo
2008-06-06 16:50 --------- d-----w C:\Program Files\Shareaza Applications
2008-06-06 16:10 --------- d-----w C:\Program Files\Sun
2008-06-06 16:09 --------- d-----w C:\Program Files\Java
2008-06-06 16:00 --------- d-----w C:\Program Files\Common Files\Java
2008-06-05 15:49 --------- d-----w C:\Program Files\GameTop.com
2008-06-05 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-06-03 21:23 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-03 21:22 --------- d-----w C:\Program Files\Autodesk Revit 7.0
2008-06-03 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-03 21:08 --------- d-----w C:\Program Files\Autodesk
2008-06-03 17:02 --------- d-----w C:\Program Files\Web Publish
2008-06-03 14:18 --------- d-----w C:\Program Files\TP-LINK
2008-06-02 21:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 21:03 --------- d-----w C:\Program Files\Smugglers 3
2008-05-29 21:28 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-29 21:28 --------- d-----w C:\Program Files\Common Files\Real
2008-05-28 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 19:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-28 19:09 --------- d-----w C:\Program Files\CyberLink
2008-05-28 19:08 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-28 19:08 --------- d-----w C:\Program Files\ACD Systems
2008-05-28 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"junk list"="C:\DOCUME~1\user\APPLIC~1\INTRAB~1\Livevcpart.exe" [07/15/2008 11:03 PM 694272]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [06/06/2006 12:38 PM 5322536]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 05:42 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Logon Applicationedc"="C:\Documents and Settings\user\winlogon.exe" [06/27/2008 06:38 PM 53248]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/30/2008 12:27 AM 185896]
"is-OFPD5"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-OFPD5\is-OFPD5.exe" [06/07/2008 03:26 PM 217088]
"MFCD THAT BAIT BASH"="C:\Documents and Settings\All Users\Application Data\Third Pure Mfcd That\Mp3 Flaw.exe" [07/17/2008 10:36 PM 770048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\user\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
--a------ 05/31/2005 01:13 PM 303104 C:\Program Files\TP-LINK\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 06/06/2005 11:46 PM 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDownload]
--a------ 04/04/2007 04:18 PM 1103360 C:\Program Files\BitDownload\BitDownload.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 10/15/2001 02:45 PM 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\junk list]
--a------ 07/15/2008 11:03 PM 694272 C:\DOCUME~1\user\APPLIC~1\INTRAB~1\Livevcpart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 06/06/2006 12:38 PM 5322536 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/25/2008 04:28 AM 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 05/30/2008 12:27 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
--a------ 03/15/2006 03:41 PM 348160 C:\Program Files\TP-LINK\TWCU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
--a------ 05/07/2002 07:45 PM 20480 C:\WINDOWS\wt\updater\wcmdmgrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 08/04/2004 10:56 AM 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942 Singleplayer Demo\\BF1942.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Realore\\Tiny Cars 2\\TinyCars2.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"D:\\limewire\\LimeWire.exe"=
"C:\\Program Files\\BitDownload\\BitDownload.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R1 is-OFPD5drv;is-OFPD5drv;C:\WINDOWS\system32\drivers\44359139.sys [03/05/2008 11:41 AM]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [01/11/2007 01:20 PM]
S2 is-OFPD5;is-OFPD5;C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-OFPD5\is-OFPD5.exe [06/07/2008 03:26 PM]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 K320bus;Sony Ericsson K320 driver (WDM);C:\WINDOWS\system32\DRIVERS\K320bus.sys [08/18/2006 12:10 PM]
.
s of the 'Scheduled Tasks' folder
"2008-07-17 19:00:01 C:\WINDOWS\Tasks\AFB7283E9188D9BE.job"
- c:\docume~1\user\applic~1\intrab~1\01SIGNBALM.exe
"2008-07-17 14:08:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\user\Templates\5292-NendangBro.com
"2008-07-17 08:03:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents and Settings\user\Templates\5292-NendangBro.com
"2008-07-17 18:58:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-mcagent_exe - C:\Program Files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-McRegWiz - C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
MSConfigStartUp-MFCD THAT BAIT BASH - C:\Documents and Settings\All Users\Application Data\Third Pure Mfcd That\Frag intra.exe
MSConfigStartUp-MSNShell - D:\((((((((((((((برامج)))))_))))\msnshell.exe
MSConfigStartUp-Salestart - C:\Program Files\Common Files\PCPrivacyTool\mc.exe
MSConfigStartUp-SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
MSConfigStartUp-Tok-Cirrhatus - C:\Documents and Settings\user\Local Settings\Application Data\br3555on.exe
MSConfigStartUp-Tok-Cirrhatus-1266 - C:\Documents and Settings\user\Local Settings\Application Data\br3555on.exe

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-07-17 22:36:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Documents and Settings\user\winlogon.exe
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 07/17/2008 22:42:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-17 19:42:42
Pre-Run: 5,792,600,064 bytes free
Post-Run: 7,573,073,920 bytes free
256 --- E O F --- 2008-07-10 20:16:01



وارجو منكم الرد في اقرب وقت وجزاكم الله كل خير

 

[فارس الملاك]

اعتذر عن الدخل

طبق هذه الخطوات

شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من الفيروسات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,

ولحفظ التقرير اعمل التالي ,,

بعدهاا ارفع التقرير على هذا الموقع ,, وارفق الرابط بردك القادم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم اعمل تقرير هايجاك جديد​

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم​