كيفية التخلـص من فايـروسـ tazebama.dl ؟

achour · 7 أكتوبر 2008

السلام عليكم

فيا ليت حل فعال لهذا الفايرووس اللعيـن :?:

جعلـة الله في موازيـن حسناتكم

تقرير Hijack كاملا

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:31, on 7/10/2551
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Documents and Settings\tazebama.dl_
D:\Documents and Settings\picard2\Local Settings\Temporary Internet Files\.IE5\RPUKGDUL\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - .DEFAULT User Startup: MyDocuments.rar (User 'Default user')
O4 - .DEFAULT User Startup: Startup .exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 3912 bytes

Demo-dash · 7 أكتوبر 2008

وعليكم السلام

1

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

2

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم

achour · 7 أكتوبر 2008

cambofix

ComboFix 08-10-06.05 - picard2 10/07/2008 9:12:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.1662 [GMT 7:00]
Running from: D:\Documents and Settings\picard2\My Documents\New Folder\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\autorun.inf
D:\Documents and Settings\picard2\Application Data\tazebama
D:\Documents and Settings\picard2\Application Data\tazebama\tazebama.log
D:\Documents and Settings\picard2\Application Data\tazebama\zPharaoh.dat
D:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 02:15 155,181 --sh--r D:\zPharaoh.exe
2008-10-07 02:15 --------- d-----w D:\Documents and Settings\picard2\Application Data\tazebama
2008-10-07 01:44 --------- d-----w D:\Program Files\Unlocker
2008-10-07 01:44 --------- d-----w D:\Documents and Settings\picard2\Application Data\Desktopicon
2008-10-07 01:23 --------- d-----w D:\Program Files\microsoft frontpage
2008-10-07 01:15 1,382,255 ----a-w D:\WINDOWS\explorer.exe
2008-10-06 06:16 --------- d-----w D:\Program Files\WolFBox
2008-10-06 05:07 155,691 ----a-w D:\Documents and Settings\picard2\Application Data\Application Data .exe
2008-10-06 05:07 155,601 ----a-w D:\Documents and Settings\picard2\Application Data\WindowsXp StartMenu Settings.exe
2008-10-06 05:07 155,331 ----a-w D:\Documents and Settings\NetworkService\Application Data\Application Data .exe
2008-10-06 05:07 155,091 ----a-w D:\Documents and Settings\NetworkService\Application Data\PanasonicDVD_DigitalCam.exe
2008-10-06 04:58 154,801 ----a-w D:\Program Files\Program Files .exe
2008-10-06 04:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth
2008-10-06 04:12 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-10-06 04:12 --------- d-----w D:\Program Files\IVT Corporation
2008-10-05 01:54 --------- d-----w D:\Program Files\RegistryFix
2008-10-05 01:49 --------- d-----w D:\Program Files\cardshare
2008-10-05 00:48 --------- d-----w D:\Documents and Settings\picard2\Application Data\Skype
2008-10-04 13:56 --------- d-----w D:\Program Files\No-IP
2008-10-04 13:16 --------- d-----w D:\Program Files\Uniblue
2008-10-04 13:16 --------- d-----w D:\Documents and Settings\picard2\Application Data\Uniblue
2008-10-04 13:06 --------- d-----w D:\Program Files\Ororea
2008-10-04 13:03 --------- d-----w D:\Program Files\HumaxSmartSuite
2008-10-04 04:58 --------- d-----w D:\Program Files\SkypeMate
2008-10-04 04:55 463,727 ----a-w D:\WINDOWS\vidcap32.Exe
2008-10-04 04:55 205,679 ----a-w D:\WINDOWS\amcap.exe
2008-10-04 04:42 --------- d-----w D:\Program Files\Skype
2008-10-04 04:32 --------- d-----w D:\Program Files\Vimicro
2008-10-04 04:32 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-10-02 12:27 --------- d-----w D:\Documents and Settings\picard2\Application Data\Thinstall
2008-10-01 02:08 --------- d-----w D:\Program Files\RelevantKnowledge
2008-09-30 15:59 --------- d-----w D:\Program Files\SoftwareClub.ws
2008-09-30 15:56 545,135 ----a-w D:\WINDOWS\system32\cmd.exe
2008-09-30 15:42 --------- d-----w D:\Program Files\CD Audio Reader Filter
2008-09-30 15:41 --------- d-----w D:\Program Files\RealMedia
2008-09-30 15:41 --------- d-----w D:\Program Files\OpenSource Flash Video Splitter
2008-09-30 15:41 --------- d-----w D:\Program Files\DScaler5
2008-09-30 15:37 --------- d-----w D:\Program Files\SHOUTcast Source
2008-09-30 15:37 --------- d-----w D:\Program Files\Haali
2008-09-30 15:36 --------- d-----w D:\Program Files\ffdshow
2008-09-30 15:36 --------- d-----w D:\Program Files\DSP-worx
2008-09-30 15:32 --------- d-----w D:\Program Files\Zoom Player
2008-09-30 15:32 --------- d-----w D:\Program Files\DirectVobSub
2008-09-30 13:35 --------- d-----w D:\Program Files\MSXML 6.0
2008-09-30 13:34 --------- d-----w D:\Program Files\MSXML 4.0
2008-09-30 12:49 --------- d-----w D:\Program Files\Windows Live
2008-09-30 10:02 315,392 ----a-w D:\WINDOWS\HideWin.exe
2008-09-30 10:02 --------- d-----w D:\Program Files\Realtek
2008-09-30 10:02 --------- d-----w D:\Program Files\Intel
2008-09-30 09:49 --------- d-----w D:\Program Files\LClock
2008-09-30 09:48 --------- d-----w D:\Program Files\Windows Media Connect 2
2008-09-30 09:48 --------- d-----w D:\Program Files\Microsoft PowerToys
2008-09-30 09:48 --------- d-----w D:\Program Files\HashTab Shell Extension
2008-09-05 16:30 241,704 ------w D:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-09-05 16:29 917,032 ------w D:\WINDOWS\system32\dllcache\WgaTray.exe
2008-07-18 15:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll
2008-07-18 15:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe
2008-07-18 15:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll
2008-07-18 15:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll
2008-07-18 15:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll
2008-07-18 15:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll
2008-07-18 15:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll
2008-07-18 15:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll
2008-07-18 15:07 270,880 ----a-w D:\WINDOWS\system32\mucltui.dll
2008-07-18 15:07 210,976 ----a-w D:\WINDOWS\system32\muweb.dll
2008-07-07 20:06 253,952 ----a-w D:\WINDOWS\system32\es.dll
2008-07-07 20:06 253,952 ------w D:\WINDOWS\system32\dllcache\es.dll
.

كود:

<pre>
----a-w           155,001 2008-10-06 04:58:58  D:\Documents and Settings\Documents and Settings .exe
----a-w           155,241 2008-10-06 04:59:00  D:\Documents and Settings\All Users\All Users .exe
----a-w           155,641 2008-10-06 04:59:00  D:\Documents and Settings\All Users\Application Data\Application Data .exe
----a-w           155,181 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft .exe
----a-w           155,101 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\Crypto .exe
----a-w           155,601 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\DSS .exe
----a-w           155,381 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\MachineKeys .exe
----a-w           155,341 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\RSA .exe
----a-w           155,231 2008-10-06 04:59:02  D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\MachineKeys .exe
----a-w           154,831 2008-10-06 04:59:02  D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\S-1-5-18 .exe
----a-w           155,351 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\HTML Help .exe
----a-w           154,811 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\IdentityCRL .exe
----a-w           155,041 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\production .exe
----a-w           155,731 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Media Index .exe
----a-w           155,011 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\Media Player .exe
----a-w           155,621 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Network .exe
----a-w           155,331 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Connections .exe
----a-w           155,381 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\Cm .exe
----a-w           155,391 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\Pbk .exe
----a-w           155,051 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\Downloader .exe
----a-w           155,261 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\User Account Pictures .exe
----a-w           155,141 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\Default Pictures .exe
----a-w           154,861 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Skype\Skype .exe
----a-w           155,331 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\Windows Genuine Advantage .exe
----a-w           155,011 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data\data .exe
----a-w           154,881 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Application Data\Zoom Player\Zoom Player .exe
----a-w           155,741 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Zoom Player\DVDAutoGraph\DVDAutoGraph .exe
----a-w           155,691 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Zoom Player\DVDGraph\DVDGraph .exe
----a-w           155,171 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Zoom Player\MediaAutoGraph\MediaAutoGraph .exe
----a-w           155,541 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Zoom Player\MediaGraph\MediaGraph .exe
----a-w           155,481 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Zoom Player\Skin\Skin .exe
----a-w           155,071 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Zoom Player\Skin\Drapes\Drapes .exe
----a-w           155,351 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\Zoom Player\Skin\Fusion\Fusion .exe
-c--a-w           155,171 2008-10-06 04:59:04  D:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\OFFLINE\OFFLINE .exe
----a-w           155,591 2008-10-06 04:59:00  D:\Documents and Settings\All Users\Desktop\Desktop .exe
----a-w           155,101 2008-10-06 04:59:00  D:\Documents and Settings\All Users\Documents\Documents .exe
----a-w           155,041 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Documents\My Music\My Music .exe
----a-w           155,611 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Documents\My Music\Playlists\Playlists .exe
----a-w           155,391 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sample Music .exe
----a-w           155,391 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\Sample Playlists .exe
----a-w           155,421 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\[u]0[/u]00E6201\[u]0[/u]00E6201 .exe
----a-w           154,961 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\Sync Playlists .exe
----a-w           155,471 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Documents\My Pictures\My Pictures .exe
----a-w           154,891 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sample Pictures .exe
----a-w           154,981 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Documents\My Videos\My Videos .exe
----a-w           154,931 2008-10-06 04:59:01  D:\Documents and Settings\All Users\DRM\DRM .exe
----a-w           155,721 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Start Menu\Start Menu .exe
----a-w           155,121 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Start Menu\Programs\Programs .exe
----a-w           154,871 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessories .exe
----a-w           154,861 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility .exe
----a-w           154,991 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Communications .exe
----a-w           155,161 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Entertainment .exe
----a-w           155,421 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Tools .exe
----a-w           155,101 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Administrative Tools .exe
----a-w           155,401 2008-10-06 04:59:05  D:\Documents and Settings\All Users\Start Menu\Programs\DScaler5\DScaler5 .exe
----a-w           155,451 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\ffdshow\ffdshow .exe
----a-w           155,141 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Games\Games .exe
----a-w           155,401 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\HumaxSmartSuite\HumaxSmartSuite .exe
----a-w           154,981 2008-10-06 04:59:07  D:\Documents and Settings\All Users\Start Menu\Programs\HumaxSmartSuite\CFGSmart\CFGSmart .exe
----a-w           154,971 2008-10-06 04:59:07  D:\Documents and Settings\All Users\Start Menu\Programs\HumaxSmartSuite\HDFSmart\HDFSmart .exe
----a-w           155,261 2008-10-06 04:59:07  D:\Documents and Settings\All Users\Start Menu\Programs\HumaxSmartSuite\HNFSmart\HNFSmart .exe
----a-w           154,911 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\LClock\LClock .exe
----a-w           155,661 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerToys\Microsoft PowerToys .exe
----a-w           155,011 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\RegistryFix\RegistryFix .exe
----a-w           154,811 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge .exe
----a-w           154,911 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Skype\Skype .exe
----a-w           154,881 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\SoftwareClub.ws\SoftwareClub.ws .exe
----a-w           154,881 2008-10-06 04:59:10  D:\Documents and Settings\All Users\Start Menu\Programs\SoftwareClub.ws\SC Video Cut and Split\SC Video Cut and Split .exe
----a-w           155,741 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Uniblue\Uniblue .exe
----a-w           155,101 2008-10-06 04:59:10  D:\Documents and Settings\All Users\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster .exe
----a-w           155,061 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Windows Live\Windows Live .exe
----a-w           155,731 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\WinRAR\WinRAR .exe
----a-w           155,681 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Zoom Player .exe
----a-w           154,761 2008-10-06 04:59:10  D:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Help .exe
----a-w           155,041 2008-10-06 04:59:06  D:\Documents and Settings\All Users\Start Menu\Programs\ZSMC USB PC Camera\ZSMC USB PC Camera .exe
----a-w           155,671 2008-10-06 04:59:01  D:\Documents and Settings\All Users\Templates\Templates .exe
----a-w           155,161 2008-10-06 04:59:00  D:\Documents and Settings\Default User\Default User .exe
----a-w           155,321 2008-10-06 04:59:10  D:\Documents and Settings\Default User\Application Data\Application Data .exe
----a-w           154,951 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Application Data\Microsoft\Microsoft .exe
----a-w           155,101 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Internet Explorer .exe
----a-w           155,691 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Application Data\Microsoft\Media Player\Media Player .exe
----a-w           154,841 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\SystemCertificates .exe
----a-w           155,591 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\My .exe
----a-w           155,081 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates .exe
----a-w           154,921 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs .exe
----a-w           155,411 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs .exe
----a-w           155,031 2008-10-06 04:59:10  D:\Documents and Settings\Default User\Desktop\Desktop .exe
----a-w           155,211 2008-10-06 04:59:10  D:\Documents and Settings\Default User\Favorites\Favorites .exe
----a-w           155,261 2008-10-06 04:59:10  D:\Documents and Settings\Default User\Local Settings\Local Settings .exe
----a-w           155,221 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Local Settings\Application Data\Application Data .exe
----a-w           155,171 2008-10-06 04:59:38  D:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Microsoft .exe
----a-w           155,351 2008-10-06 04:59:39  D:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\Media Player .exe
----a-w           154,791 2008-10-06 04:59:40  D:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\Windows Media .exe
----a-w           155,311 2008-10-06 04:59:40  D:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\11.0\11.0 .exe
----a-w           155,281 2008-10-06 04:59:11  D:\Documents and Settings\Default User\Local Settings\History\History .exe
----a-w           155,111 2008-10-06 04:59:41  D:\Documents and Settings\Default User\Local Settings\History\History.IE5\History.IE5 .exe
----a-w           155,491 2008-10-06 04:59:00  D:\Documents and Settings\NetworkService\NetworkService .exe
----a-w           155,331 2008-10-06 05:07:10  D:\Documents and Settings\NetworkService\Application Data\Application Data .exe
----a-w           155,751 2008-10-06 05:07:12  D:\Documents and Settings\NetworkService\Application Data\Microsoft\Microsoft .exe
----a-w           155,231 2008-10-06 05:07:12  D:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\Credentials .exe
----a-w           154,941 2008-10-06 05:07:14  D:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\S-1-5-20\S-1-5-20 .exe
----a-w           154,861 2008-10-06 05:07:13  D:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Internet Explorer .exe
----a-w           154,791 2008-10-06 05:07:13  D:\Documents and Settings\NetworkService\Application Data\Microsoft\Media Player\Media Player .exe
----a-w           155,501 2008-10-06 05:07:13  D:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\SystemCertificates .exe
----a-w           154,791 2008-10-06 05:07:15  D:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates .exe
----a-w           155,641 2008-10-06 05:07:15  D:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs .exe
----a-w           155,521 2008-10-06 05:07:16  D:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs .exe
----a-w           155,711 2008-10-06 05:07:11  D:\Documents and Settings\NetworkService\Local Settings\Local Settings .exe
----a-w           155,381 2008-10-06 05:07:17  D:\Documents and Settings\NetworkService\Local Settings\Application Data\Application Data .exe
----a-w           155,371 2008-10-06 05:07:21  D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Microsoft .exe
----a-w           155,591 2008-10-06 05:07:21  D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Credentials\Credentials .exe
----a-w           154,761 2008-10-06 05:07:23  D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-20\S-1-5-20 .exe
----a-w           155,261 2008-10-06 05:07:22  D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\Windows .exe
----a-w           155,431 2008-10-06 05:07:19  D:\Documents and Settings\NetworkService\Local Settings\History\History .exe
----a-w           155,111 2008-10-06 05:07:25  D:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\History.IE5 .exe
----a-w           155,001 2008-10-06 04:59:00  D:\Documents and Settings\picard2\picard2 .exe
----a-w           155,691 2008-10-06 05:07:30  D:\Documents and Settings\picard2\Application Data\Application Data .exe
----a-w           155,401 2008-10-06 05:07:52  D:\Documents and Settings\picard2\Application Data\Identities\Identities .exe
----a-w           155,281 2008-10-06 05:07:53  D:\Documents and Settings\picard2\Application Data\Macromedia\Macromedia .exe
----a-w           155,601 2008-10-06 05:08:01  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\Flash Player .exe
----a-w           154,901 2008-10-06 05:08:03  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\#Shareds\#Shareds .exe
----a-w           154,971 2008-10-06 05:08:05  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\#Shareds\XPXSXHTN\XPXSXHTN .exe
----a-w           154,841 2008-10-06 05:08:05  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\#Shareds\XPXSXHTN\skype.com\skype.com .exe
----a-w           155,181 2008-10-06 05:08:06  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\#Shareds\XPXSXHTN\skype.com\#ui\#ui .exe
----a-w           155,541 2008-10-06 05:08:07  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\#Shareds\XPXSXHTN\skype.com\#user\#user .exe
----a-w           155,301 2008-10-06 05:08:04  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\macromedia.com\macromedia.com .exe
----a-w           154,911 2008-10-06 05:08:07  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\macromedia.com\support\support .exe
----a-w           155,601 2008-10-06 05:08:08  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\flashplayer .exe
----a-w           155,661 2008-10-06 05:08:09  D:\Documents and Settings\picard2\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\sys .exe
----a-w           155,141 2008-10-06 05:07:53  D:\Documents and Settings\picard2\Application Data\Microsoft\Microsoft .exe
----a-w           155,481 2008-10-06 05:08:10  D:\Documents and Settings\picard2\Application Data\Microsoft\Credentials\Credentials .exe
----a-w           154,791 2008-10-06 05:08:12  D:\Documents and Settings\picard2\Application Data\Microsoft\CryptnetUrlCache\CryptnetUrlCache .exe
----a-w           154,811 2008-10-06 05:08:13  D:\Documents and Settings\picard2\Application Data\Microsoft\Crypto\Crypto .exe
----a-w           154,811 2008-10-06 05:07:55  D:\Documents and Settings\picard2\Application Data\Skype\Skype .exe
----a-w           154,941 2008-10-06 05:07:58  D:\Documents and Settings\picard2\Application Data\Thinstall\Thinstall .exe
----a-w           155,451 2008-10-06 05:07:59  D:\Documents and Settings\picard2\Application Data\Uniblue\Uniblue .exe
----a-w           154,781 2008-10-06 05:08:00  D:\Documents and Settings\picard2\Application Data\WinRAR\WinRAR .exe
----a-w           155,341 2008-10-06 05:07:33  D:\Documents and Settings\picard2\Desktop\Desktop .exe
----a-w           155,661 2008-10-06 05:07:36  D:\Documents and Settings\picard2\Local Settings\Local Settings .exe
----a-w           155,081 2008-10-06 05:07:39  D:\Documents and Settings\picard2\My Documents\My Documents .exe
----a-w           154,971 2008-10-06 05:07:40  D:\Documents and Settings\picard2\NetHood\NetHood .exe
----a-w           154,861 2008-10-06 05:07:41  D:\Documents and Settings\picard2\PrintHood\PrintHood .exe
----a-w           154,881 2008-10-06 05:07:42  D:\Documents and Settings\picard2\Recent\Recent .exe
----a-w           154,911 2008-10-06 05:07:44  D:\Documents and Settings\picard2\SendTo\SendTo .exe
----a-w           155,491 2008-10-06 05:07:45  D:\Documents and Settings\picard2\Start Menu\Start Menu .exe
----a-w           155,581 2008-10-06 05:07:46  D:\Documents and Settings\picard2\temp\temp .exe
----a-w           155,571 2008-10-06 05:07:48  D:\Documents and Settings\picard2\Templates\Templates .exe
----a-w           155,601 2008-10-06 05:07:50  D:\Documents and Settings\picard2\Tracing\Tracing .exe
----a-w           154,801 2008-10-06 04:58:59  D:\Program Files\Program Files                                                                                        .exe
----a-w           155,331 2008-10-06 04:59:00  D:\WINDOWS\WINDOWS                                                                                              .exe
</pre>

------- Sigcheck -------
10/07/2008 08:15 AM 1382255 5cd5ad95b6e2e17b06c543143626b928 D:\WINDOWS\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:56 AM 15360]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/05/2008 11:49 AM 3896199]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 07:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="rundll32 advpack.dll" [N/A]
"nltide2"="rundll32 advpack.dll" [N/A]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2551-10-06 1340271]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKLM\~\startupfolder\D:^Documents and Settings^picard2^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=D:\WINDOWS\pss\SkypeMate.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 07:56 AM 15360 D:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 10/05/2008 11:49 AM 222063 D:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/05/2008 11:49 AM 3896199 D:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
--a------ 10/05/2008 11:49 AM 1816943 D:\Program Files\RelevantKnowledge\rlvknlg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 10/04/2008 11:55 AM 20191127 D:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 10/04/2008 08:40 PM 2176151 D:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 10/05/2008 11:54 AM 172399 D:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
--a------ 07/30/2006 03:37 AM 121089 D:\WINDOWS\system32\vsdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 05/03/2005 06:43 PM 69632 D:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 10/16/2007 06:30 PM 16855552 D:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 10/11/2007 11:04 AM 1826816 D:\WINDOWS\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"D:\\Documents and Settings\\picard2\\Desktop\\dream\\dcc295\\dcc295\\DCC.exe"=
"D:\\Documents and Settings\\picard2\\Application Data\\Thinstall\\Solo Antivirus 7.0\\4000005200002i\\SOLOCFG.EXE"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Documents and Settings\\picard2\\Desktop\\new_sbcl_with_v_plug2.3.8_fit_to_humax\\reda\\new sbcl with v plug2.3.8 fit to humax\\NEW sbcl with v plug2.3.8 fit to humax FULL edited\\SBCL v1.0i.exe"=
"D:\\Program Files\\WolFBox\\WolFBox.exe"=
"d:\\program files\\relevantknowledge\\rlvknlg.exe"=
"D:\\Program Files\\cardshare\\gboxwell v1.4 by zorg\\gbox.exe"=
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
R1 BIOS;BIOS;D:\WINDOWS\system32\drivers\BIOS.sys [03/16/2005 01:23 PM 13696]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;D:\WINDOWS\system32\DRIVERS\l251x86.sys [07/03/2007 06:33 PM 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cea25dc-8f9c-11dd-be5c-00e04d6bb8fd}]
\Shell\AutoRun\command - E:\zPharaoh.exe
\Shell\explore\command - E:\zPharaoh.exe
\Shell\open\command - E:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5a8f152-92b5-11dd-be74-00e04d6bb8fd}]
\Shell\AutoRun\command - G:\zPharaoh.exe
\Shell\explore\command - G:\zPharaoh.exe
\Shell\open\command - G:\zPharaoh.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.tunisia-sat.com/vb/index.php
R1 -: HKCU-Internet Settings,ProxyOverride = local
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
D:\WINDOWS\Downloaded Program Files\oscan8.inf
D:\WINDOWS\bdoscandellang.ini
D:\WINDOWS\bdoscandel.exe
D:\WINDOWS\Downloaded Program Files\live.ini
D:\WINDOWS\Downloaded Program Files\scanoptions.tsi
D:\WINDOWS\Downloaded Program Files\lang.ini
D:\WINDOWS\Downloaded Program Files\ipsupd.dll
D:\WINDOWS\Downloaded Program Files\bdupd.dll
D:\WINDOWS\Downloaded Program Files\libfn.dll
D:\WINDOWS\Downloaded Program Files\bdcore.dll
D:\WINDOWS\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-07 09:15:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\Documents and Settings\tazebama.dl_
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 10/07/2008 9:17:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-07 02:17:22
ComboFix2.txt 2008-10-07 01:25:51
Pre-Run: 145,323,716,608 bytes free
Post-Run: 145,341,509,632 bytes free
375 --- E O F --- 2008-10-01 02:29:08

Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:49, on 7/10/2551
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Documents and Settings\tazebama.dl_
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\picard2\My Documents\New Folder\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - .DEFAULT User Startup: MyDocuments.rar (User 'Default user')
O4 - .DEFAULT User Startup: Startup .exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 4087 bytes

Demo-dash · 7 أكتوبر 2008

تمام

من تقرير الهاي جاك احذف

D:\Documents and Settings\tazebama.dl_

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - .DEFAULT User Startup: MyDocuments.rar (User 'Default user')

O4 - .DEFAULT User Startup: Startup .exe (User 'Default user')

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)

طريقة الحذف

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهذا ان شاء الله حل الفايروس , من كلام زيزوووم الله يغفر له ويرحم والديه

زيزوم قال:

بالاضافة لكلاام الاحبه

من تجربه شخصية مع هذا الفايروس بالذات .. استخدم هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أنقر للتوسيع...

^^
لو مانفع معك ,, نعطيك حلول اخرى

achour · 7 أكتوبر 2008

شكرا اخوي ماقصرت

k:

Demo-dash · 7 أكتوبر 2008

تسلم اخي ,, ان شاء الله يضبط معك الحل
واحنا في الخدمه عموما ,,
بالتوفيق

كيفية التخلـص من فايـروسـ tazebama.dl ؟

achour

زيزوومي جديد

Demo-dash

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dash

achour

زيزوومي جديد

Demo-dash

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dash

achour

زيزوومي جديد

Demo-dash

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dash

NTLite Business 2025.8.10552 X64

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash