ثقل في الجهاز + تقرير / خطأbdss.exe

ALA39000 · 21 أغسطس 2008

بالأمس ثبتت ونداوز جديد بعد ما عانيت من الثقل و التهنيج . وكان كل شيء تمام بس بعد ساعات يطلع هالمسج

ويصبح الجهاز ينفذ الأمر بعد يجي دقيقتين
وهذا تقريري و مشكورين

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:36 AM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Download Manager\bin\IDMan.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Download Manager\bin\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\XPPRESP3\Desktop\Zyzoom_HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\procexp.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\bin\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PPSMTPServer3] D:\Program Files\PackPal Bulk Email Server\PPSmtpServer3.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\bin\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\bin\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\bin\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\bin\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8230 bytes

ALA39000 · 21 أغسطس 2008

اسف هذا المسج اللي بيطلع

ALA39000 · 21 أغسطس 2008

AbOdy · 21 أغسطس 2008

حدد القيم واحذفها

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [PPSMTPServer3] D:\Program Files\PackPal Bulk Email Server\PPSmtpServer3.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

ثم قم بعمل التالي مرة اخرى

==============

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

بالأنتظار للتقريرين ؟؟

ALA39000 · 21 أغسطس 2008

الله يباركلك عالسرعة
حجرب واقلك

ALA39000 · 21 أغسطس 2008

عملت وش قلت وراح اعطيك النتائج اذا كل شيء تمام راح اثبت الديب فريز وش رايك
و الله يجازيك عني كل خير

ALA39000 · 21 أغسطس 2008

ComboFix 08-08-19.06 - XPPRESP3 2008-08-21 13:31:24.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.571 [GMT 3:00]
Running from: C:\Program Files\Internet Download Manager\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.
2008-08-21 13:15 . 2008-08-21 13:15 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\CyberScrub
2008-08-21 13:15 . 2008-08-21 13:15 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\cleaner
2008-08-21 04:18 . 2008-08-21 04:18 <DIR> d-------- C:\Program Files\Windows Live
2008-08-21 04:11 . 2008-08-21 04:11 376 --a------ C:\WINDOWS\ODBC.INI
2008-08-21 04:10 . 2008-08-21 04:10 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-21 03:03 . 2008-08-21 03:03 <DIR> d-------- C:\WINDOWS\Sun
2008-08-21 02:45 . 2008-08-21 02:45 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\DeskSoft
2008-08-21 02:45 . 2008-08-21 02:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskSoft
2008-08-21 02:12 . 2008-08-21 02:12 244 --ah----- C:\sqmnoopt01.sqm
2008-08-21 02:12 . 2008-08-21 02:12 232 --ah----- C:\sqmdata01.sqm
2008-08-21 02:05 . 2008-08-21 02:05 <DIR> d-------- C:\Program Files\zyzoom
2008-08-21 02:05 . 2008-08-21 02:05 <DIR> d-------- C:\Program Files\Conduit
2008-08-21 01:46 . 2008-08-21 01:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-21 00:04 . 2008-08-21 00:04 10 --a------ C:\WINDOWS\popcinfo.dat
2008-08-20 23:23 . 2008-08-20 23:23 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Yahoo!
2008-08-20 23:17 . 2008-08-20 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-20 21:46 . 2008-08-20 21:46 <DIR> d--hs---- C:\FOUND.000
2008-08-20 18:42 . 2008-08-21 12:44 29 --a------ C:\WINDOWS\system32\getfile.dat
2008-08-20 18:29 . 2008-08-20 18:29 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\BitDefender
2008-08-20 18:25 . 2008-08-20 18:25 <DIR> d---s---- C:\Documents and Settings\XPPRESP3\UserData
2008-08-20 18:20 . 2008-08-20 18:20 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-20 18:20 . 2008-08-20 18:20 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-20 18:17 . 2008-08-21 01:50 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-20 18:16 . 2008-08-20 18:16 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Media Player Classic
2008-08-20 18:13 . 2008-08-20 18:13 <DIR> d--hs---- C:\Recycled
2008-08-20 17:49 . 2008-08-20 17:49 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0012
2008-08-20 17:45 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-20 17:36 . 2008-08-20 17:36 67 --a------ C:\WINDOWS\IDMan.INI
2008-08-20 17:35 . 2008-08-20 17:35 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\DMCache
2008-08-20 17:22 . 2008-08-20 17:22 <DIR> d-------- C:\Program Files\Softwin
2008-08-20 17:21 . 2008-08-20 17:21 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-08-20 17:05 . 2008-08-20 17:05 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Contacts
2008-08-20 17:01 . 2008-08-20 17:01 268 --ah----- C:\sqmdata00.sqm
2008-08-20 17:01 . 2008-08-20 17:01 244 --ah----- C:\sqmnoopt00.sqm
2008-08-20 16:52 . 2008-03-20 19:35 418,832 -ra------ C:\WINDOWS\system32\drivers\SkyNET.sys
2008-08-20 16:49 . 2008-08-21 13:27 0 --a------ C:\WINDOWS\system32\NvApps.xml
2008-08-20 16:45 . 2008-08-20 16:45 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\skypePM
2008-08-20 16:45 . 2008-08-20 16:45 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-08-20 16:42 . 2008-08-20 16:42 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-08-20 16:35 . 2008-08-20 16:35 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-08-20 16:35 . 2008-08-20 16:35 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-08-20 16:35 . 2008-08-20 16:35 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-08-20 16:33 . 2008-08-20 16:33 4,716 --a------ C:\WINDOWS\gdrv.sys
2008-08-20 16:31 . 2008-08-20 16:31 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Thinstall
2008-08-20 16:29 . 2008-08-20 16:29 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-08-20 16:29 . 2006-08-01 10:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-08-20 16:28 . 2008-08-20 16:28 <DIR> d-------- C:\Program Files\Realtek
2008-08-20 16:28 . 2008-08-20 16:28 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\InstallShield
2008-08-20 16:27 . 2008-08-20 16:27 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-20 16:27 . 2008-08-20 16:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-20 16:27 . 2006-09-12 09:34 499,712 -r------- C:\WINDOWS\RtlExUpd.dll
2008-08-20 16:27 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-20 16:25 . 2008-08-20 16:25 <DIR> d-------- C:\Program Files\Intel
2008-08-20 16:21 . 2008-08-20 16:21 <DIR> d-------- C:\Program Files\Skype
2008-08-20 16:21 . 2008-08-20 16:21 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Skype
2008-08-20 16:20 . 2008-08-20 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-20 16:15 . 2004-08-04 19:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-20 16:12 . 2008-08-20 16:12 <DIR> d-------- C:\Program Files\TaskSwitchXP
2008-08-20 16:11 . 2008-08-20 16:11 <DIR> d--h----- C:\WINDOWS\XPize
2008-08-20 16:11 . 2004-08-04 16:00 130,560 --a------ C:\WINDOWS\system32\XPize_Logon.exe
2008-08-20 16:10 . 2008-08-20 16:11 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-08-20 16:10 . 2008-08-20 16:10 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-20 16:10 . 2008-08-20 16:10 <DIR> d-------- C:\Program Files\XoftSpySE
2008-08-20 16:10 . 2008-08-20 16:10 <DIR> d-------- C:\Program Files\Winamp
2008-08-20 16:10 . 2008-08-20 16:10 <DIR> d-------- C:\Program Files\win32pad_1_5_10
2008-08-20 16:10 . 2008-08-20 16:10 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Gena01
2008-08-20 16:10 . 2006-05-03 02:56 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-08-20 16:09 . 2008-08-20 16:09 <DIR> d-------- C:\Program Files\PhotoFiltre
2008-08-20 16:09 . 2008-08-20 16:09 <DIR> d-------- C:\Program Files\Java
2008-08-20 16:09 . 2008-08-20 16:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-20 16:07 . 2008-08-20 16:07 <DIR> d-------- C:\Program Files\Nero
2008-08-20 16:07 . 2008-08-20 16:07 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-08-20 16:07 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll
2008-08-20 16:07 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-08-20 16:07 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-08-20 16:07 . 2004-07-09 09:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-08-20 16:07 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-08-20 16:04 . 2008-08-20 16:04 <DIR> d-------- C:\Program Files\MSN Messenger
2008-08-20 16:04 . 2008-08-20 16:04 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-20 16:04 . 2008-08-20 16:04 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\bsplayer
2008-08-20 16:04 . 2008-08-20 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-20 16:03 . 2008-08-20 16:03 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-20 16:03 . 2008-08-20 16:03 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-20 16:03 . 2008-08-20 16:03 <DIR> d-------- C:\Program Files\Google
2008-08-20 16:03 . 2008-08-20 16:03 <DIR> d-------- C:\Program Files\FolderSize
2008-08-20 16:03 . 2008-08-20 16:03 <DIR> d-------- C:\Program Files\CCleaner
2008-08-20 16:03 . 2008-08-20 16:03 2,301 --a------ C:\WINDOWS\mozver.dat
2008-08-20 16:02 . 2008-08-20 16:02 <DIR> d-------- C:\Program Files\VMware
2008-08-20 16:02 . 2008-08-20 16:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-20 16:02 . 2008-08-20 16:02 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-08-20 16:02 . 2008-08-20 16:02 <DIR> d-------- C:\Program Files\ACD Systems
2008-08-20 16:02 . 2008-08-20 16:02 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\ACD Systems
2008-08-20 16:02 . 2008-08-20 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-29 17:03 . 2008-07-09 17:34 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 12:52 --------- d-----w C:\Program Files\DAMN NFO Viewer
2008-08-20 12:49 --------- d-----w C:\Program Files\Unlocker
2008-08-20 12:49 --------- d-----w C:\Program Files\Graphics
2008-08-20 12:49 --------- d-----w C:\Program Files\Desktop
.
------- Sigcheck -------
2006-06-17 20:43 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\system32\wininet.dll
2005-07-13 01:07 360448 0601f83f6784c220ee302f03f702316e C:\WINDOWS\system32\drivers\tcpip.sys
2006-07-06 11:50 2016768 f196becedb849a135260b758fa546618 C:\WINDOWS\system32\ntkrnlpa.exe
2006-06-17 20:43 2137088 7000146d1b17fe998ba56f244eacc37d C:\WINDOWS\system32\ntoskrnl.exe
2005-10-15 11:07 949760 17e3c975c6fe3e94cf760f10d91c2af3 C:\WINDOWS\explorer.exe
2005-10-15 11:07 1032192 45757077a47c68a603a79b03a1a836ab C:\WINDOWS\XPize\Backup\explorer.exe
2004-08-04 16:00 30208 de8fa9cf18f95341079c7e6a215c226a C:\WINDOWS\system32\ctfmon.exe
2004-08-04 16:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3aaa6ede-0f45-43da-8b81-608a1d8108a2}"= "C:\Program Files\zyzoom\tbzyzo.dll" [2008-06-24 23:17 1569304]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
2008-06-24 23:17 1569304 --a------ C:\Program Files\zyzoom\tbzyzo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3aaa6ede-0f45-43da-8b81-608a1d8108a2}"= "C:\Program Files\zyzoom\tbzyzo.dll" [2008-06-24 23:17 1569304]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3AAA6EDE-0F45-43DA-8B81-608A1D8108A2}"= "C:\Program Files\zyzoom\tbzyzo.dll" [2008-06-24 23:17 1569304]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 30208]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-02-04 20:16 62464]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-11 17:46 21741864]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 00:22 3739648]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 21:58 4269296]
"IDMan"="C:\Program Files\Internet Download Manager\bin\IDMan.exe" [2008-07-29 17:18 2610608]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="C:\Documents and Settings\XPPRESP3\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 14:19 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 13:47 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 13:47 86016]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-10-11 11:28 360448]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53 90112]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28 9728]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 13:09 33280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56 36975]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 12:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 30208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\PackPal Bulk Email Server\\PPSmtpServer3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 tvtool;tvtool;D:\Program Files\TVTool\tvtool.sys [1996-04-03 21:33]
R2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [2005-08-24 17:30]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2005-11-11 15:26]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-03-20 19:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-08-20 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2006-06-23 19:05]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - nwiz.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\6inopufc.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1654009&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-21 13:32:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\sockspy.dll
.
Completion time: 2008-08-21 13:32:44
ComboFix-quarantined-files.txt 2008-08-21 10:32:42
Pre-Run: 8,466,513,920 bytes free
Post-Run: 8,476,549,120 bytes free
248

ALA39000 · 21 أغسطس 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Download Manager\bin\IDMan.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\XPPRESP3\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\bin\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\bin\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\bin\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\bin\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\bin\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 7857 bytes

AbOdy · 21 أغسطس 2008

باقي عندك قيم لم تحذف

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)

طريقة الحذف

ثم استخدم هذه الأداة بالوضع الأمن (( سيف مود ))

شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

؟؟؟

ALA39000 · 21 أغسطس 2008

تقرير سميث

SmitFraudFix v2.338
Scan done at 15:07:11.71, Thu 08/21/2008
Run from C:\Program Files\Internet Download Manager\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
0.0.0.0 registeridm.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Thomson ST Remote NDIS Device - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
Description: TechniSat DVB-PC TV Star PCI - Packet Scheduler Miniport
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4EBA917D-E773-48AD-93B1-23840D4CEA3B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D9A5711-FC70-40FF-9D0B-79ED711B30A4}: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4EBA917D-E773-48AD-93B1-23840D4CEA3B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D9A5711-FC70-40FF-9D0B-79ED711B30A4}: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4EBA917D-E773-48AD-93B1-23840D4CEA3B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8D9A5711-FC70-40FF-9D0B-79ED711B30A4}: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=0.0.0.0

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

AbOdy · 21 أغسطس 2008

يعطيك العافية ... ارفع تقرير هايجاك

ALA39000 · 21 أغسطس 2008

تقرير الهايجاك وارجو تتذكر تجاوبني بخصوص الديب فريز ولا اذا ما يوجد احسن منه

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:28, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\bin\IDMan.exe
C:\Program Files\Internet Download Manager\bin\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\bin\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\bin\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome"
O4 - HKCU\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help"
O4 - HKCU\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst"
O4 - HKCU\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours"
O4 - HKCU\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\bin\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\bin\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\bin\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 6662 bytes

AbOdy · 21 أغسطس 2008

ادخل على الوضع الأمن واحذف هذه القيم

O4 - HKCU\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help"

O4 - HKCU\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst"

O4 - HKCU\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours"

O4 - HKCU\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp"

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)

طريقة الحذف

واخبرنا بوضع الرسالة الي تطلع لك وثقل الجهاز ؟؟

اما بخصوص برنامج الديب فريز فا انا لم اقوم بتجربته ولا مرة ولا عندي معلومات كافية عنه

ALA39000 · 21 أغسطس 2008

هالقيم مو راضية تنحذف
بس واضح ان المشكلة انحلت

مشكور يالغلا

ALA39000 · 21 أغسطس 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Download Manager\bin\IDMan.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Download Manager\bin\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\XPPRESP3\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\bin\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\bin\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\bin\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\bin\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\bin\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 7162 bytes

AbOdy · 21 أغسطس 2008

التقرير سليم الأن ..

كيف الوضع عندك ؟؟

ALA39000 · 21 أغسطس 2008

رائع الله يخليك لنا شمعة تنورنا يا استاذ
ومشكككككككككككككككككككككككككككككككككككوووووووووووور

AbOdy · 21 أغسطس 2008

تسلم على ردك الجميل

والحمدلله على انتهاء المشاكل

بالتوفيق ان شاء الله

زيزوومى مميز

توقيع : ALA39000

زيزوومى مميز

توقيع : ALA39000

زيزوومى مميز

توقيع : ALA39000

عضو شرف

توقيع : AbOdy

زيزوومى مميز

توقيع : ALA39000

زيزوومى مميز

توقيع : ALA39000

زيزوومى مميز

توقيع : ALA39000

زيزوومى مميز

توقيع : ALA39000

عضو شرف

توقيع : AbOdy

زيزوومى مميز

توقيع : ALA39000

عضو شرف

توقيع : AbOdy

زيزوومى مميز

توقيع : ALA39000

عضو شرف

توقيع : AbOdy

زيزوومى مميز

توقيع : ALA39000

زيزوومى مميز

توقيع : ALA39000

عضو شرف

توقيع : AbOdy

زيزوومى مميز

توقيع : ALA39000

عضو شرف

توقيع : AbOdy