فايرس spyware

  • بادئ الموضوع بادئ الموضوع pirlo9305
  • تاريخ البدء تاريخ البدء
  • المشاهدات 757
P

pirlo9305

زيزوومي جديد
إنضم
20 يونيو 2008
المشاركات
5
مستوى التفاعل
0
النقاط
0
غير متصل
يعافيك ربي اخوي
هذا التقرير
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\Program Files\rhcetlj0e3bv\rhcetlj0e3bv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\WINDOWS\system32\pphcatlj0e3bv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\khalid\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphcatlj0e3bv] C:\WINDOWS\system32\lphcatlj0e3bv.exe
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [SMrhcetlj0e3bv] C:\Program Files\rhcetlj0e3bv\rhcetlj0e3bv.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 7721 bytes
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
تحياتي لك
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
ماشاء الله عليك ياخوي

جهازك على مااظن صاير مأتم للفيروسات

على العموم طبق هالمشاركة


(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم


بعد تنفيذ الي فووق افتح الكاسبر وصور لي الواجهه حقته
 
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد 0
هذا تقرير البرنامج
ComboFix 08-08-21.02 - khalid 08/22/2008 8:02:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.146 [GMT 3:00]
Running from: C:\Documents and Settings\khalid\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\khalid\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\khalid\Application Data\rhcetlj0e3bv
C:\Program Files\Microsoft Security Adviser
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msctrl.log
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\Program Files\Microsoft Security Adviser\mssadv.log
C:\Program Files\Microsoft Security Adviser\mssadv_sp.exe
C:\Program Files\Microsoft Security Adviser\mssadv_sp.log
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\rhcetlj0e3bv
C:\syst.exe
C:\WINDOWS\system32\blphcatlj0e3bv.scr
C:\WINDOWS\system32\lphcatlj0e3bv.exe
C:\WINDOWS\system32\phcatlj0e3bv.bmp
C:\WINDOWS\system32\pphcatlj0e3bv.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 05:08 7,968 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-22 05:08 577,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-22 05:07 8,732 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-22 05:07 1,748 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-22 05:02 106,496 ----a-w C:\WINDOWS\system32\18.tmp
2008-08-22 04:33 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-22 04:12 106,496 ----a-w C:\WINDOWS\system32\17.tmp
2008-08-22 04:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-22 04:08 82,258 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-22 04:08 82,258 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-22 04:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-22 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-22 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-08-22 03:27 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-08-22 03:26 --------- d-----w C:\Program Files\iolo
2008-08-22 03:25 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-08-22 03:25 --------- d-----w C:\Documents and Settings\khalid\Application Data\iolo
2008-08-22 02:58 11,264 ----a-w C:\Documents and Settings\khalid\msscan.dll
2008-08-22 02:58 11,264 ----a-w C:\Documents and Settings\khalid\msiemon.dll
2008-08-22 02:58 11,264 ----a-w C:\Documents and Settings\khalid\msfw.dll
2008-08-22 02:58 11,264 ----a-w C:\Documents and Settings\khalid\msctrl.dll
2008-08-22 02:58 11,264 ----a-w C:\Documents and Settings\khalid\msavsc.dll
2008-08-22 02:57 46,080 ----a-w C:\Documents and Settings\khalid\mssadv.dll
2008-08-22 02:57 18,944 ----a-w C:\0xf9.exe
2008-08-22 02:03 --------- d-----w C:\Program Files\Sun
2008-08-22 02:02 --------- d-----w C:\Program Files\Java
2008-08-22 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 01:17 --------- d-----w C:\Program Files\JAP
2008-08-21 01:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 00:20 --------- d-----w C:\Documents and Settings\khalid\Application Data\DivX
2008-08-20 23:55 --------- d-----w C:\Program Files\DivX
2008-08-20 23:38 --------- d-----w C:\Documents and Settings\khalid\Application Data\oovooToolbar
2008-08-20 23:36 --------- d-----w C:\Program Files\oovooToolbar
2008-08-20 23:36 --------- d-----w C:\Program Files\ooVoo
2008-08-20 23:26 --------- d-----w C:\Documents and Settings\khalid\Application Data\ooVoo Details
2008-08-20 19:24 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-20 19:24 --------- d-----w C:\Program Files\Common Files\Real
2008-08-20 19:23 --------- d-----w C:\Program Files\Google
2008-08-19 22:29 --------- d-----w C:\Program Files\Yahoo!
2008-08-19 22:25 --------- d-----w C:\Documents and Settings\khalid\Application Data\Yahoo!
2008-08-19 22:22 --------- d-----w C:\Documents and Settings\khalid\Application Data\Media Player Classic
2008-08-19 22:18 --------- d-----w C:\Documents and Settings\khalid\Application Data\ACD Systems
2008-08-19 22:17 --------- d-----w C:\Program Files\Real
2008-08-19 22:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-19 22:13 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-19 22:13 --------- d-----w C:\Program Files\ACD Systems
2008-08-19 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-19 22:11 --------- d-----w C:\Program Files\Common Files\Java
2008-08-19 21:37 --------- d-----w C:\Program Files\Atheros
2008-08-19 21:31 --------- d-----w C:\Program Files\Intel
2008-08-19 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-08-19 21:30 --------- d-----w C:\Program Files\TOSHIBA
2008-08-19 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-08-19 21:28 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-19 21:26 --------- d-----w C:\Program Files\Synaptics
2008-08-19 21:23 --------- d-----w C:\Program Files\Realtek
2008-08-19 21:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-19 21:22 --------- d-----w C:\Documents and Settings\khalid\Application Data\toshiba
2008-08-19 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-19 21:19 --------- d-----w C:\Program Files\ATI Technologies
2008-08-17 10:59 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{A057A204-BACC-4D26-8087-36EE87E26986}]
07/29/2008 10:56 PM 1987544 --a------ C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL" [07/29/2008 10:56 PM 1987544]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL" [07/29/2008 10:56 PM 1987544]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/11/2005 09:05 PM 344064]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [05/25/2006 05:58 PM 1773568]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/07/2006 07:18 PM 761946]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [12/21/2005 01:52 PM 1077330]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [05/12/2005 10:31 AM 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/20/2008 10:24 PM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [02/08/2006 03:02 PM 266240 C:\WINDOWS\system32\TPSMain.exe]
"RTHDCPL"="RTHDCPL.EXE" [05/18/2006 04:57 PM 16207872 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [05/23/2004 03:00 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP المنفذ 443
"443:UDP"= 443:UDP:ooVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:ooVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:ooVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:ooVoo UDP المنفذ 37675
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [05/02/2008 12:31 PM]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [05/02/2008 12:31 PM]
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [06/11/2005 12:12 AM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [01/12/2006 04:21 PM]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [05/05/2005 02:27 PM]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [07/03/2007 07:46 PM]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lphcatlj0e3bv - C:\WINDOWS\system32\lphcatlj0e3bv.exe
HKLM-Run-SMrhcetlj0e3bv - C:\Program Files\rhcetlj0e3bv\rhcetlj0e3bv.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.facebook.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-22 08:08:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 08/22/2008 8:10:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-22 05:10:17
Pre-Run: 15,976,525,824 bytes free
Post-Run: 16,391,028,736 bytes free
212
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
وهذا تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:44 ص, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\khalid\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 6430 bytes
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
وهذي صورة الكاسبر
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
احذف هذه القيم

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL

O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL


==========
طريقة الحذف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




mg%20%284%29.png


=================================​

استخدم هذه الاداة للتنظيف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


wh_15149054.png



بعدها حمل مفتاح للكاسبر انتي فايروس من هالموقع​


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


zyzoom-778f486a26.gif


طريقة تركيب المفتاح الجديد للاصدار 7 مقدم من الاخ العزيز

زيزوووم ... جزاه الله كل خير ونفع به الاسلام و المسلمين

لحذف وتركيب مفتاح الرخصة ,,

اعمل كما هو مشروح هنا ,,

zyzoom-778f486a26.gif


000.png


001.png


002.png


003.png


004.png


005.png


006.png


007.png


zyzoom-778f486a26.gif


بعدها اعمل تحديث للكاسبر وافحص الجهاز بالكامل
 
توقيع : فارس الملاك
تأييد 0
ممكن نقضي عليه هذا الفايروس اللعين
 
توقيع : صلاحs
تأييد 0


في انتظار رد الاخ الكريم
 
توقيع : فارس الملاك
تأييد 0
عزيزي طبق هالمشاركة



اعدادات الكاسبر انتي فايروس ( 7 )
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

z1.gif


شرح التركيب

000.png



001.png



002.png



003.png





بعد تثبيتها اي رسالة تخرج نعمل لها سماح (allow )

 
توقيع : فارس الملاك
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى