(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
بارك الله فيك
جارى التحميل والعمل
هناك ملاحظة ايضا عند الدخول على جهاز الكمبيوتر
والضغط على بارتشن الدى مثلا لا يفتح فى نفس الصفحة
ولكن اجدة اشتغل فى صفحة اخرى
ولى عووودة
بعـــــــــــد العــــــــــــــودة
اليك التقاريـــــــــــــر
ComboFix 08-08-13.05 - m 08/14/2008 22:48:32.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.119 [GMT 2:00]
Running from: C:\Documents and Settings\m\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\b3b9u.com
C:\DOCUME~1\m\LOCALS~1\Temp\tru1.tmp
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\.IE5
C:\rqq2v.bat
C:\tbm9.bat
C:\tpfbusg.cmd
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
D:\Autorun.inf
D:\b3b9u.com
D:\rqq2v.bat
D:\tbm9.bat
D:\tpfbusg.cmd
E:\Autorun.inf
E:\b3b9u.com
E:\rqq2v.bat
E:\tbm9.bat
E:\tpfbusg.cmd
F:\Autorun.inf
F:\b3b9u.com
F:\rqq2v.bat
F:\tbm9.bat
.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 20:23 155,995 ----a-w C:\WINDOWS\java\Packages\2RNFFZRH.ZIP
2008-08-14 19:52 --------- d-----w C:\Program Files\MSN Messenger
2008-08-14 18:38 --------- d-----w C:\Program Files\Webteh
2008-08-14 18:38 --------- d-----w C:\Documents and Settings\m\Application Data\BSplayer Pro
2008-08-14 18:38 --------- d-----w C:\Documents and Settings\m\Application Data\BSplayer
2008-08-14 17:55 --------- d-----w C:\Documents and Settings\m\Application Data\Grisoft
2008-08-14 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-14 16:09 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5735792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 11:25 AM 6800944]
"AdVantage Setup"="C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe" [08/14/2008 08:38 PM 182272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 10:56 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\MM_KE_v4.2_AR\\MM_KE_v4.2_AR.exe"=
"C:\\WINDOWS\\system32\\ctfmon.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe"=
"C:\\DOCUME~1\\m\\LOCALS~1\\Temp\\wincxilh.exe"=
"C:\\DOCUME~1\\m\\LOCALS~1\\Temp\\winfuik.exe"=
R3 aic32p;aic32p;C:\WINDOWS\system32\drivers\mhieln.sys []
*Newly Created Service* - AVGASCLN
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Settings,ProxyOverride = local
O17 -: HKLM\CCS\Interface\{66AC29E4-5D93-4477-AFCB-A3B96663E7E9}: NameServer = 10.0.0.138
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-14 22:56:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\DOCUME~1\m\LOCALS~1\Temp\wincxilh.exe
C:\DOCUME~1\m\LOCALS~1\Temp\winfuik.exe
C:\Program Files\AdVantage\AdVantage.exe
.
**************************************************************************
.
Completion time: 08/14/2008 23:01:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 21:01:36
Pre-Run: 2,259,472,384 bytes free
Post-Run: 2,197,893,120 bytes free
118
000000000000000000000000000
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:50 م, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\m\LOCALS~1\Temp\wincxilh.exe
C:\DOCUME~1\m\LOCALS~1\Temp\winfuik.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Zyzoom_HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{66AC29E4-5D93-4477-AFCB-A3B96663E7E9}: NameServer = 10.0.0.138
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--
End of file - 2860 bytes
وجزاك الله تعالى كل خيــــــر مقدما
بانتظاركـــ
k: .. باقـي آخر خطوه واهم خطوه 
