اعلان صينى غريب يظهر فى صفحات نت كثيره

  • بادئ الموضوع بادئ الموضوع Mr_Tornado
  • تاريخ البدء تاريخ البدء
  • المشاهدات 2,823
M

Mr_Tornado

زيزوومى مبدع
إنضم
15 أكتوبر 2007
المشاركات
1,589
مستوى التفاعل
24
النقاط
680
الإقامة
فى قلب حبيبى
غير متصل
السلام عليكم​

يظهر هذا من حين الى اخر فى صفحات الانترنت​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



اخوانى لا يظهر من اثار الفيرس الصينى لدى غير الاعلان

لا اختفاء الملفات المخفيه
لا مدير المهام
لا صفحات نت تتفتح بوحدها
لا تعارض مع تسطيب برامج الحمايه
لا شى من كل هذا

غيرهذا الاعلان
:f:​
 

توقيع : Mr_Tornado
ترتيب حسب التاريخ ترتيب حسب الأصوات
توقيع : Mr_Tornado
تأييد 0
Al jNtEeL قال:
الفايروس هذا مرة كان في جهاز احد الأقارب وشلت ابوه :bleh::bleh:



أنقر للتوسيع...

لالالالالالالالالالالالالالالالالالالالالالالالا

انا عاوز اشيل عائلته كلها واحد واحد


تقرير 1

ri0jwrauixffv0n3hsk9.png


كود: 
ComboFix 08-09-13.05 - BVX-Messi 09/14/2008 15:06:38.1 - NTFSx86
كود: 
Microsoft Windows XP Professional  5.1.2600.3.1256.1.1033.18.1119 [GMT 3:00]

Running from: C:\Documents and Settings\BVX-Messi\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=red][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
(((((((((((((((((((((((((   Files Created from 2008-08-14 to 2008-09-14  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 12:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-13 12:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 12:15 --------- d-----w C:\Program Files\ATI Technologies
2008-09-13 12:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-13 12:11 --------- d-----w C:\Program Files\D-Tools
2008-09-13 00:55 --------- d-----w C:\Program Files\Avant Browser
2008-09-13 00:55 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\Avant Profiles
2008-09-13 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-13 00:32 --------- d-----w C:\Program Files\Yahoo!
2008-09-13 00:31 --------- d-----w C:\Program Files\Vimicro
2008-09-12 23:32 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-12 23:32 --------- d-----w C:\Program Files\MSBuild
2008-09-12 13:08 16,376 ----a-w C:\WINDOWS\gdrv.sys
2008-09-12 13:08 --------- d-----w C:\Program Files\Realtek
2008-09-12 13:08 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\InstallShield
2008-09-12 13:06 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-12 13:02 --------- d-----w C:\Program Files\Intel
.
------- Sigcheck -------
05/05/2008 12:45 PM  665600  44aea5a47244ff2611f9b3926dea6fa2 C:\WINDOWS\system32\wininet.dll
05/30/2008 10:57 AM  2298880  434f783f70124a321c2fcba11f45d8ec C:\WINDOWS\system32\ntoskrnl.exe
01/27/2008 05:04 PM  1524224  e24cd37d23a71dbb9a484a50eb255462 C:\WINDOWS\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 08:42 PM 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/06/2007 07:51 PM 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [10/25/2005 12:56 PM 61440]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM 81920]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/24/2005 09:05 PM 344064]
"RTHDCPL"="RTHDCPL.EXE" [09/19/2007 01:14 PM 16844800 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 08:42 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"O:\\WORMS 4 MAYHEM\\WORMS 4 MAYHEM.EXE"=
"N:\\pes7\\PES2008.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-RunOnce-tscuninstall - C:\WINDOWS\system32\tscupgrd.exe

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2008-09-14 15:09:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 09/14/2008 15:10:28 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-14 12:10:25
Pre-Run: 16,755,093,504 bytes free
Post-Run: 16,817,262,592 bytes free
86

التقرير الثانى

kphzzpsh5mpfqbcw3yi9.png


كود: 
Logfile of Trend Micro HijackThis v2.0.2
كود: 
Scan saved at 03:19:13 م, on 14/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\BVX-Messi\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [URL]http://go.microsoft.com/fwlink/?LinkId=25040[/URL]
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 3342 bytes
 
توقيع : Mr_Tornado
تأييد 0
:u::er:
Mr_Tornado قال:
لالالالالالالالالالالالالالالالالالالالالالالالا

انا عاوز اشيل عائلته كلها واحد واحد:d:


تقرير 1

ri0jwrauixffv0n3hsk9.png
[/center]


كود: 
ComboFix 08-09-13.05 - BVX-Messi 09/14/2008 15:06:38.1 - NTFSx86
كود: 
[CENTER]Microsoft Windows XP Professional  5.1.2600.3.1256.1.1033.18.1119 [GMT 3:00][/CENTER]
 
[CENTER]Running from: C:\Documents and Settings\BVX-Messi\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=red][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
(((((((((((((((((((((((((   Files Created from 2008-08-14 to 2008-09-14  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 12:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-13 12:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 12:15 --------- d-----w C:\Program Files\ATI Technologies
2008-09-13 12:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-13 12:11 --------- d-----w C:\Program Files\D-Tools
2008-09-13 00:55 --------- d-----w C:\Program Files\Avant Browser
2008-09-13 00:55 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\Avant Profiles
2008-09-13 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-13 00:32 --------- d-----w C:\Program Files\Yahoo!
2008-09-13 00:31 --------- d-----w C:\Program Files\Vimicro
2008-09-12 23:32 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-12 23:32 --------- d-----w C:\Program Files\MSBuild
2008-09-12 13:08 16,376 ----a-w C:\WINDOWS\gdrv.sys
2008-09-12 13:08 --------- d-----w C:\Program Files\Realtek
2008-09-12 13:08 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\InstallShield
2008-09-12 13:06 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-12 13:02 --------- d-----w C:\Program Files\Intel
.
------- Sigcheck -------
05/05/2008 12:45 PM  665600  44aea5a47244ff2611f9b3926dea6fa2 C:\WINDOWS\system32\wininet.dll
05/30/2008 10:57 AM  2298880  434f783f70124a321c2fcba11f45d8ec C:\WINDOWS\system32\ntoskrnl.exe
01/27/2008 05:04 PM  1524224  e24cd37d23a71dbb9a484a50eb255462 C:\WINDOWS\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 08:42 PM 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/06/2007 07:51 PM 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [10/25/2005 12:56 PM 61440]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM 81920]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/24/2005 09:05 PM 344064]
"RTHDCPL"="RTHDCPL.EXE" [09/19/2007 01:14 PM 16844800 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 08:42 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"O:\\WORMS 4 MAYHEM\\WORMS 4 MAYHEM.EXE"=
"N:\\pes7\\PES2008.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-RunOnce-tscuninstall - C:\WINDOWS\system32\tscupgrd.exe[/CENTER]
 
[CENTER]**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2008-09-14 15:09:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 09/14/2008 15:10:28 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-14 12:10:25
Pre-Run: 16,755,093,504 bytes free
Post-Run: 16,817,262,592 bytes free
86[/CENTER]

التقرير الثانى​

kphzzpsh5mpfqbcw3yi9.png


كود: 
Logfile of Trend Micro HijackThis v2.0.2
كود: 
[CENTER]Scan saved at 03:19:13 م, on 14/09/2008[/CENTER]
 
[CENTER]Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\BVX-Messi\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [URL]http://go.microsoft.com/fwlink/?LinkId=25040[/URL]
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 3342 bytes[/CENTER]
أنقر للتوسيع...
 
توقيع : Mr_Tornado
تأييد 0
;]

انتظر خبير الهايجاك

آما انا انتظر تقرير


spyware terminator


خخخ

****

للرفع,,
 
تأييد 0
يا غالي ليتك تنسخ تقرير الهايجاك بدون اضافته في اي كود
 
توقيع : Al jNtEeL
تأييد 0
اخوانى انا سطبت​

ESET Smart Security Business Edition v3.0.672​

والصراحه برنامج رائع شال الفيرس خالص وجاب اسمه الى كان مذكور فى موضوع اخى زيزووم
ولم يظهر الاعلان مره اخرى​

لكن:mad:


كل ما اقفل النود من هنا
الاقى الفيرس طلعلى فى خلال خمس دقائق​


ارجع اعمل اسكان تانى يجبه ويمسحه​


تقرير
kphzzpsh5mpfqbcw3yi9.png



Logfile of Trend Micro HijackThis v2.0.2
أنقر للتوسيع...
Scan saved at 03:20:31 م, on 17/09/2008​

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Documents and Settings\BVX-Messi\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 4191 bytes​
أنقر للتوسيع...
 
توقيع : Mr_Tornado
تأييد 0
تقرير
ri0jwrauixffv0n3hsk9.png


ComboFix 08-09-16.05 - BVX-Messi 09/17/2008 15:40:59.2 - NTFSx86
أنقر للتوسيع...
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.947 [GMT 3:00]​

Running from: C:\Documents and Settings\BVX-Messi\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active​

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\BVX-Messi\s\bvx-messi@adsrevenue[1].txt
C:\WINDOWS\system32\actskn43.ocx
.
((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 11:44 --------- d-----w C:\Program Files\MPEG2_Decoders
2008-09-17 11:43 --------- d-----w C:\Program Files\PC-TV
2008-09-17 11:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 11:33 --------- d-----w C:\Program Files\WinPcap
2008-09-17 11:32 --------- d-----w C:\Program Files\netcut
2008-09-17 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-09-16 13:41 --------- d-----w C:\Program Files\ESET
2008-09-16 12:08 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\ESET
2008-09-16 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-09-15 18:47 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-15 18:47 --------- d-----w C:\Program Files\Common Files\Real
2008-09-15 18:45 --------- d-----w C:\Program Files\Real
2008-09-14 12:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-13 12:15 --------- d-----w C:\Program Files\ATI Technologies
2008-09-13 12:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-13 12:11 --------- d-----w C:\Program Files\D-Tools
2008-09-13 00:55 --------- d-----w C:\Program Files\Avant Browser
2008-09-13 00:55 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\Avant Profiles
2008-09-13 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-13 00:32 --------- d-----w C:\Program Files\Yahoo!
2008-09-13 00:31 --------- d-----w C:\Program Files\Vimicro
2008-09-12 23:32 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-12 23:32 --------- d-----w C:\Program Files\MSBuild
2008-09-12 13:08 16,376 ----a-w C:\WINDOWS\gdrv.sys
2008-09-12 13:08 --------- d-----w C:\Program Files\Realtek
2008-09-12 13:08 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\InstallShield
2008-09-12 13:06 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-12 13:02 --------- d-----w C:\Program Files\Intel
2008-08-18 10:27 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-08-18 10:27 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-08-18 10:27 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-08-18 10:19 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 10:18 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.
------- Sigcheck -------
05/05/2008 12:45 PM 665600 44aea5a47244ff2611f9b3926dea6fa2 C:\WINDOWS\system32\wininet.dll
05/30/2008 10:57 AM 2298880 434f783f70124a321c2fcba11f45d8ec C:\WINDOWS\system32\ntoskrnl.exe
01/27/2008 05:04 PM 1524224 e24cd37d23a71dbb9a484a50eb255462 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@Sun 09-14-2008_15.10.10.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-24 16:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-09-16 13:42:17 10,134 ----a-r C:\WINDOWS\Installer\{55FFA15B-4B16-4E17-AD8B-95EC3C793DE3}\callmsi.exe
+ 2008-09-16 13:42:17 140,544 ----a-r C:\WINDOWS\Installer\{55FFA15B-4B16-4E17-AD8B-95EC3C793DE3}\egui.exe
+ 2008-09-16 23:39:48 90,112 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
+ 2007-03-12 13:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-05-16 13:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-07-19 15:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
+ 2007-10-12 12:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
+ 2008-03-05 12:56:58 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
+ 2008-05-30 11:11:46 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
+ 2008-07-12 05:18:52 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
+ 2007-03-15 13:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
+ 2007-05-16 13:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
+ 2007-07-19 15:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
+ 2007-10-02 06:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
+ 2008-02-05 20:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
+ 2008-05-30 11:11:46 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
+ 2008-07-12 05:18:52 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
+ 2006-09-28 13:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 10:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
+ 2007-03-12 13:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
+ 2007-05-16 13:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
+ 2007-07-19 15:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
+ 2007-10-12 12:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
+ 2008-03-05 12:56:58 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
+ 2008-05-30 11:11:46 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
+ 2008-07-12 05:18:52 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
+ 2008-07-25 08:34:36 683,520 ----a-w C:\WINDOWS\system32\divx.dll
+ 2004-07-09 01:26:38 11,392 -c--a-w C:\WINDOWS\system32\dllcache\bdasup.sys
+ 2008-04-14 02:41:56 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2008-04-14 02:41:56 47,616 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll
+ 2008-04-13 21:09:50 14,592 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2004-07-09 01:26:38 16,896 -c--a-w C:\WINDOWS\system32\dllcache\msyuv.dll
+ 2004-07-09 01:26:40 354,816 -c--a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
+ 2001-08-17 19:36:34 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll
+ 2008-04-14 02:42:10 53,760 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2008-07-25 08:34:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2007-01-18 09:57:16 169,344 ----a-r C:\WINDOWS\system32\drivers\88xAStream.sys
+ 2007-01-18 09:51:12 11,136 ----a-r C:\WINDOWS\system32\drivers\88XAxbar.sys
+ 2007-01-18 09:42:10 22,784 ----a-r C:\WINDOWS\system32\drivers\88xBDACap.sys
+ 2007-01-18 09:39:08 17,408 ----a-r C:\WINDOWS\system32\drivers\88XBDAIR.sys
+ 2007-04-18 13:52:16 39,296 ----a-r C:\WINDOWS\system32\drivers\88xBDATune.sys
+ 2008-04-13 21:09:50 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
+ 2005-08-02 21:10:13 32,512 ----a-w C:\WINDOWS\system32\drivers\npf.sys
+ 2008-04-14 02:42:10 53,760 ----a-w C:\WINDOWS\system32\drivers\vfwwdm32.dll
+ 2008-06-12 18:36:38 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
+ 2008-04-14 02:41:56 21,504 ----a-w C:\WINDOWS\system32\hidserv.dll
+ 2004-05-18 18:16:42 39,936 ----a-w C:\WINDOWS\system32\huffyuv.dll
+ 1997-04-07 17:19:00 391,680 ----a-w C:\WINDOWS\system32\I263_32.drv
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-09-14 12:42:27 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2003-03-19 03:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2002-01-05 02:37:26 344,064 ----a-w C:\WINDOWS\system32\MSVCR70.DLL
+ 2004-01-11 22:00:00 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
- 2008-04-14 02:42:02 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2004-07-09 01:26:38 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2005-08-02 21:08:09 81,920 ----a-w C:\WINDOWS\system32\Packet.dll
+ 2008-08-17 03:00:00 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-08-17 03:00:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-08-17 03:00:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2005-08-02 21:24:01 53,299 ----a-w C:\WINDOWS\system32\pthreadVC.dll
+ 2008-07-23 16:50:52 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2007-01-18 09:39:08 17,408 ----a-r C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\88XBDAIR.sys
+ 2008-08-17 03:00:00 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-09-16 23:39:48 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
+ 2007-09-04 16:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2004-12-10 08:03:02 438,272 ----a-w C:\WINDOWS\system32\vp6vfw.dll
+ 2006-04-02 12:47:06 630,784 ----a-w C:\WINDOWS\system32\vp7vfw.dll
+ 2005-08-02 21:08:06 61,440 ----a-w C:\WINDOWS\system32\WanPacket.dll
+ 2005-08-02 21:18:45 233,472 ----a-w C:\WINDOWS\system32\wpcap.dll
+ 2008-07-16 18:51:00 2,041,363 ----a-w C:\WINDOWS\system32\x264vfw.dll
+ 2007-03-05 09:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-10-22 00:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
+ 2008-03-05 13:00:06 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
+ 2008-05-30 11:17:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
+ 2007-10-22 00:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
+ 2006-09-28 13:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 09:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2007-01-24 12:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2007-04-04 15:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-20 17:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-07-19 21:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
+ 2008-03-05 13:03:20 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
+ 2008-05-30 11:18:52 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
+ 2008-07-31 07:41:54 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
+ 2008-05-30 11:17:30 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
+ 2008-07-31 07:41:52 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
+ 2008-03-05 13:03:54 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
+ 2008-05-30 11:19:18 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
+ 2008-07-31 07:40:32 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
+ 2007-04-04 15:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2008-01-10 12:15:30 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2008-01-10 12:16:20 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
+ 2004-01-25 16:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 08:42 PM 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/06/2007 07:51 PM 3810544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [10/25/2005 12:56 PM 61440]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM 81920]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/24/2005 09:05 PM 344064]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [08/18/2008 01:23 PM 1447168]
"RTHDCPL"="RTHDCPL.EXE" [09/19/2007 01:14 PM 16844800 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 08:42 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinManager.lnk - C:\Program Files\PC-TV\WinManager\WinManager.exe [9/17/2008 2:43:01 PM 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"O:\\WORMS 4 MAYHEM\\WORMS 4 MAYHEM.EXE"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"N:\\pse\\PES2008.exe"=
R2 CX88IR;DTV_DVB 1027 IR Decoder;C:\WINDOWS\system32\drivers\88XBDAIR.sys [01/18/2007 12:39 PM 17408]
R3 AVXBAR;DTV-DVB 1027 Analog AVStream Crossbar;C:\WINDOWS\system32\drivers\88XAxbar.sys [01/18/2007 12:51 PM 11136]
R3 BDATUNE;DTV-DVB 1027 DVBS BDA Tuner;C:\WINDOWS\system32\drivers\88xBDATune.sys [04/18/2007 04:52 PM 39296]
R3 CXAVSTS;DTV-DVB 1027 DVBS BDA Capture;C:\WINDOWS\system32\drivers\88xBDACap.sys [01/18/2007 12:42 PM 22784]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [08/03/2005 12:10 AM 32512]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-17 15:44:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 09/17/2008 15:45:28 - machine was rebooted [BVX-Messi]
ComboFix-quarantined-files.txt 2008-09-17 12:45:24
ComboFix2.txt 2008-09-14 12:10:28
Pre-Run: 16,168,038,400 bytes free
Post-Run: 16,216,489,984 bytes free
225​
أنقر للتوسيع...
 
توقيع : Mr_Tornado
تأييد 0
توقيع : Mr_Tornado
تأييد 0
السلام عليكم
أخي العزيز جرب هذه الأداة اذا كنت مش مجربها من قبل
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واذا ما نفعت فأنا أنصحك ان تجرب Bitdefender total security
لأنه و حسب موقع الشركه الفايروس مكتشف من قبلهم في 23/05/2008
و هذه الصفحة من موقع الشركة للتأكيد
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أتمنى لك التوفيق​
 
توقيع : ahmad17
تأييد 0
ahmad17
مو مسئله كشف او لا

المهم انه يحذفه !!

اخوي انا لا زلت في البحث

صح انت شفت موضوع زيزوم عن الفيروس؟

اذا لا بعطيك الرابط لان فيه ملف ممكن يصلح اللفايروس
 
تأييد 0
Mr_Tornado قال:
اخوتى اخى زيزووم بارك الله فيه موضح الحل فى انه يتم تثبيت الاداه تبعه ومن ثم اسكان كامل للجهاز​



تم تحميل اداة اخى زيزووم وتشغيلها
ومن ثم تحديث للكاسبر وعمل اسكان
كامل ووجد بعض منه​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


لكنه ظل كما هو:no:​
[/center]
أنقر للتوسيع...

أخي القبطان الصغير الملف تم تثبيته و لكن حسب المشاركة 12 الفايروس ظل كما هو
و أنا قرأت طبعا موضوع الغالي زيزوم
وبعدين شو بدهم فيه يكتشفوه و ما يسوولو شي يبدو أنك ما قرأت مليح اللي مكتوب في صفحة ال Bitdefender

zyzoom-e52b755ce1.JPG


و في النهاية أنا طرحت مشاركتي للتجربه و الله يجعل الي فيه الخير
 
توقيع : ahmad17
تأييد 0
هلا و غلا

خخ قريته و بالذات الي سويت له تميز

ترى السباي تورنميتر يقول نفس الكلام بس حذف و رجع!!

زين جرب الديفندر ترى ما راح تخسر
 
تأييد 0
توقيع : ahmad17
تأييد 0
لم أجد removal tool الى الآن

شوف موقع مكافي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


تقول تقدر تنظف !!
 
تأييد 0
شاكر لكم جميعا اخوتى وجارى تجريب Bitdefender
 
توقيع : Mr_Tornado
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى