- بادئ الموضوع anascoo
- تاريخ البدء
- 1,086
anascoo
زيزوومى مميز
غير متصل
تقرير الاداة mbam-log
Malwarebytes' Anti-Malware 1.28
Database version: 1267
Windows 5.1.2600 Service Pack 2
14/10/2008 11:48:10 ص
mbam-log-2005-10-14 (11-48-10).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|H:\|)
s scanned: 66023
Time elapsed: 5 minute(s), 7 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 5
Registry Keys Infected: 15
Registry Values Infected: 22
Registry Data Items Infected: 17
Folders Infected: 2
Files Infected: 53
Memory Processes Infected:
C:\Program Files\MicroAV\MicroAV.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\rwlfsdmk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\onfwbsak.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\peltodgx.dll (Adware.Adspy) -> Delete on reboot.
C:\WINDOWS\dfmlxbpkbkl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4ee38731-3970-4bc6-8ada-8930a2648703} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{224cf1bd-ecbc-4294-a86f-1dab14263ebb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{37fa5b93-7872-46cc-a9cb-cc257daff166} (Adware.Adspy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{987aa2ad-1205-4741-8b55-06d88ff98aaf} (Adware.Adspy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bab8f6dc-41b1-440f-a066-aac224906880} (Adware.Adspy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1f50ba4a-870f-4f5f-924b-e02aafb954bb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0f056d0d-2622-48b4-bba3-4f9bc38650da} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e7b37eaf-3ee8-4dd9-8acb-57a61da2aa95} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{129d532e-e2ec-4527-b4ba-4626830efe18} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper s\{129d532e-e2ec-4527-b4ba-4626830efe18} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.bqxp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceDelayLoad\rwlfsdmk (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceDelayLoad\onfwbsak (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bab8f6dc-41b1-440f-a066-aac224906880} (Adware.Adspy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-642-4311057-23553) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (hh:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\rwlfsdmk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\onfwbsak.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\MicroAV\MicroAV.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\peltodgx.dll (Adware.Adspy) -> Delete on reboot.
C:\WINDOWS\dfmlxbpkbkl.dll (Trojan.Vundo) -> Delete on reboot.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\fbxrqtwn.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\exwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MicroAV.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151754.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151755.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151756.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151757.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151758.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0152754.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0152755.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0152756.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0152757.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Application Data\TmpRecentIcons\Micro Antivirus 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\BEST ZOO PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\QUALITY PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\windfr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Database version: 1267
Windows 5.1.2600 Service Pack 2
14/10/2008 11:48:10 ص
mbam-log-2005-10-14 (11-48-10).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|H:\|)
s scanned: 66023
Time elapsed: 5 minute(s), 7 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 5
Registry Keys Infected: 15
Registry Values Infected: 22
Registry Data Items Infected: 17
Folders Infected: 2
Files Infected: 53
Memory Processes Infected:
C:\Program Files\MicroAV\MicroAV.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\rwlfsdmk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\onfwbsak.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\peltodgx.dll (Adware.Adspy) -> Delete on reboot.
C:\WINDOWS\dfmlxbpkbkl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4ee38731-3970-4bc6-8ada-8930a2648703} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{224cf1bd-ecbc-4294-a86f-1dab14263ebb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{37fa5b93-7872-46cc-a9cb-cc257daff166} (Adware.Adspy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{987aa2ad-1205-4741-8b55-06d88ff98aaf} (Adware.Adspy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bab8f6dc-41b1-440f-a066-aac224906880} (Adware.Adspy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1f50ba4a-870f-4f5f-924b-e02aafb954bb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0f056d0d-2622-48b4-bba3-4f9bc38650da} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e7b37eaf-3ee8-4dd9-8acb-57a61da2aa95} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{129d532e-e2ec-4527-b4ba-4626830efe18} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper s\{129d532e-e2ec-4527-b4ba-4626830efe18} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.bqxp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\peltodgx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceDelayLoad\rwlfsdmk (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceDelayLoad\onfwbsak (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bab8f6dc-41b1-440f-a066-aac224906880} (Adware.Adspy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
) Good: (
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-642-4311057-23553) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (hh:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\rwlfsdmk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\onfwbsak.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\MicroAV\MicroAV.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\peltodgx.dll (Adware.Adspy) -> Delete on reboot.
C:\WINDOWS\dfmlxbpkbkl.dll (Trojan.Vundo) -> Delete on reboot.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\fbxrqtwn.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\exwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MicroAV.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151754.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151755.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151756.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151757.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0151758.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0152754.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0152755.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0152756.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F94EEEED-3D03-47F4-82C6-57CDAC41793C}\RP58\A0152757.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\Application Data\TmpRecentIcons\Micro Antivirus 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\BEST ZOO PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\QUALITY PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\windfr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
تأييد
0
anascoo
زيزوومى مميز
غير متصل
هذا تقرير الاداة ComboFix
ComboFix 08-10-12.01 - User 10/14/2008 12:04:10.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.269 [GMT -7:00]
Running from: H:\New Folder\ComboFix1.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\ICON\_desktop.ini
C:\WINDOWS\system32\32C589CC.DLL
C:\WINDOWS\system32\E647C87C.EXE
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
H:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 08:43 103,337 --sh--r C:\xn1i9x.com
2008-10-14 19:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-14 19:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-14 19:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-14 19:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-10 07:07 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 07:07 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/12/2007 05:47 PM 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/12/2007 05:47 PM 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [01/12/2007 05:46 PM 135168]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [09/30/2006 12:25 AM 96984]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 02:30 AM 16855552 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [10/10/2007 07:04 PM 1826816 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Net Control 2\\ncserver.exe"=
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [07/13/2006 04:11 AM 472096]
R3 nckbdsup;nckbdsup;C:\WINDOWS\system32\drivers\nckbdsup.sys [04/05/2006 09:53 PM 3584]
S2 5CBC843C;5CBC843C;C:\WINDOWS\system32\E647C87C.EXE [ ]
S2 NetControl2Server;Net Control 2 Server;C:\Program Files\Net Control 2\ncserver.exe [10/26/2007 02:39 PM 365056]
S3 ncvhook;ncvhook;C:\WINDOWS\system32\DRIVERS\ncvhook.sys [09/30/2007 04:54 PM 3200]
S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE [11/22/1999 04:13 PM 101136]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\ZTEUsbser.sys [02/06/2007 10:21 AM 97920]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bc46790-ee6a-11dc-9d99-001b11158a6a}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{917a990a-4932-11dd-9ddc-001b11158a6a}]
\Shell\Auto\command - H:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96000d04-f429-11d9-9dfc-001b11158a6a}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e777bf2-ed7b-11d9-9ddf-001b11158a6a}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5fca416-1a56-11da-9e3d-001b11158a6a}]
\Shell\Auto\command - H:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - H:\g.com
\Shell\open\Command - H:\g.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8bea50c-26ea-11dd-9d9e-001b11158a6a}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba2d90b0-2ea9-11da-9e9d-001b11158a6a}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-14 12:07:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 10/14/2008 12:07:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 19:07:56
Pre-Run: 15,771,013,120 bytes free
Post-Run: 15,736,594,432 bytes free
137
ComboFix 08-10-12.01 - User 10/14/2008 12:04:10.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.269 [GMT -7:00]
Running from: H:\New Folder\ComboFix1.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\ICON\_desktop.ini
C:\WINDOWS\system32\32C589CC.DLL
C:\WINDOWS\system32\E647C87C.EXE
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
H:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 08:43 103,337 --sh--r C:\xn1i9x.com
2008-10-14 19:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-14 19:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-14 19:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-14 19:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-10 07:07 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 07:07 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/12/2007 05:47 PM 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/12/2007 05:47 PM 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [01/12/2007 05:46 PM 135168]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [09/30/2006 12:25 AM 96984]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 02:30 AM 16855552 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [10/10/2007 07:04 PM 1826816 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Net Control 2\\ncserver.exe"=
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [07/13/2006 04:11 AM 472096]
R3 nckbdsup;nckbdsup;C:\WINDOWS\system32\drivers\nckbdsup.sys [04/05/2006 09:53 PM 3584]
S2 5CBC843C;5CBC843C;C:\WINDOWS\system32\E647C87C.EXE [ ]
S2 NetControl2Server;Net Control 2 Server;C:\Program Files\Net Control 2\ncserver.exe [10/26/2007 02:39 PM 365056]
S3 ncvhook;ncvhook;C:\WINDOWS\system32\DRIVERS\ncvhook.sys [09/30/2007 04:54 PM 3200]
S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE [11/22/1999 04:13 PM 101136]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\ZTEUsbser.sys [02/06/2007 10:21 AM 97920]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bc46790-ee6a-11dc-9d99-001b11158a6a}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{917a990a-4932-11dd-9ddc-001b11158a6a}]
\Shell\Auto\command - H:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96000d04-f429-11d9-9dfc-001b11158a6a}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e777bf2-ed7b-11d9-9ddf-001b11158a6a}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5fca416-1a56-11da-9e3d-001b11158a6a}]
\Shell\Auto\command - H:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - H:\g.com
\Shell\open\Command - H:\g.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8bea50c-26ea-11dd-9d9e-001b11158a6a}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba2d90b0-2ea9-11da-9e9d-001b11158a6a}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-14 12:07:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 10/14/2008 12:07:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 19:07:56
Pre-Run: 15,771,013,120 bytes free
Post-Run: 15,736,594,432 bytes free
137
تأييد
0
anascoo
زيزوومى مميز
غير متصل
هذا تقرير HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:51 م, on 14/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
H:\New Folder\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: 5CBC843C - Unknown owner - C:\WINDOWS\system32\E647C87C.EXE (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Net Control 2 Server (NetControl2Server) - Net Software 2 - C:\Program Files\Net Control 2\ncserver.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
--
End of file - 3180 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:51 م, on 14/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
H:\New Folder\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: 5CBC843C - Unknown owner - C:\WINDOWS\system32\E647C87C.EXE (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Net Control 2 Server (NetControl2Server) - Net Software 2 - C:\Program Files\Net Control 2\ncserver.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
--
End of file - 3180 bytes
تأييد
0
غير متصل
أحييك على جهازك الخالي من الفيروسات :q:
عندك القيمه هذي احذفها
O23 - Service: 5CBC843C - Unknown owner - C:\WINDOWS\system32\E647C87C.EXE (file missing)
مع اني ما أظن الهايجاك تقدر تحذفها
لكن عطني تقرير بعد حذفها عشان نتأكد
ويا ليت تشيل الكاسبر 6 لأنه هو السبب في البلاوي هذي كلها
لا تقولي مرتاح وما مرتاح
شوف جهازك متروس فيروسات من اوله الى اخره
ثبت عند الكاسبر انترنت سكيوريتي 2009
وافحص جهازك وان شاء الله ما تلقى الا الي يسرك
عندك القيمه هذي احذفها
O23 - Service: 5CBC843C - Unknown owner - C:\WINDOWS\system32\E647C87C.EXE (file missing)
مع اني ما أظن الهايجاك تقدر تحذفها
لكن عطني تقرير بعد حذفها عشان نتأكد
ويا ليت تشيل الكاسبر 6 لأنه هو السبب في البلاوي هذي كلها
لا تقولي مرتاح وما مرتاح
شوف جهازك متروس فيروسات من اوله الى اخره
ثبت عند الكاسبر انترنت سكيوريتي 2009
وافحص جهازك وان شاء الله ما تلقى الا الي يسرك
توقيع : Juve Guard
تأييد
0
FireFox
زيزوومى مبدع
غير متصل
الاخ الفاضل ..
هل تم حذف برنامج الحمايه الوهمي الان او لا ؟
هذا الموضوع راح يفيدك عزيزي ..
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
===
ومثل ماتفضل الاخ
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
الافضل تركيب كاسبر 2009 << مو كأن الاخ
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تبع الافيرا شكلك نقلت الى الكاسبر :d:
توقيع : FireFox
تأييد
0
ashalshaikh
زيزوومى فضى
غير متصل
المعذرة أخي
===========================
شوف إذا كان الفيروس هو xp antivirus
فقد صادفتني نفس المشكلة عند واحد من الأقارب .. والحل :ـ
أداة :ـ
SmitFraudFix
وانحلت المشكلة ...
وزيادة للتأكيد:ـ
دخلت صفحة الأداة في النت ومكتوب تعالج كل هذا :ـ
AdwarePunisher, AdwareSheriff, AlphaCleaner, AntiSpyCheck, AntiSpyware Expert, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntiVirGear, Antivirus 2009, Antivirus 2010, AntiVirus Lab 2009, Antivirus Master, Antivirus XP 2008, AntivirusGolden, AVGold, Awola, BraveSentry, IE Defender, Internet Antivirus, MalwareCrush, MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro, MalwareWiper, Micro Antivirus 2009, MS Antivirus, PestCapture, PestTrap, Power Antivirus, Power-Antivirus-2009, PSGuard, quicknavigate.com, Registry Cleaner, Security iGuard, Smart Antivirus 2009, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareLocked, SpywareQuake, SpywareKnight, SpywareRemover, SpywareSheriff, SpywareStrike, Startsearches.net, System Antivirus 2008, TheSpyBot, TitanShield Antispyware, Total Secure 2009, Trust Cleaner, Ultimate Antivirus 2008, UpdateSearches.com, Virtual Maid, Virus Heat, Virus Protect, Virus Protect Pro, VirusBlast, VirusBurst, VirusRay, VirusResponse Lab 2009, Win32.puper, WinHound, Vista Antivirus 2008, XP Security Center, XPert Antivirus, Brain Codec, ChristmasPorn, DirectAccess, DirectVideo, EliteCodec, eMedia Codec, EZVideo, FreeVideo, Gold Codec, HQ Codec, iCodecPack, IECodec, iMediaCodec, Image ActiveX , Image Add-on, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, LookForPorn, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, NetProject, Online Image Add-on, Online Video Add-on, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SearchPorn, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX , Video ActiveX , Video Add-on, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...
+++++++++++++++++++++++++++++++++++
================================
ولا تنسى أيضا أن تستخدم الأداة في الوضع الآآآآآآآآآآآآآآآآمن .. بارك الله فيك
================================
والمعذرة مرة أخرى من الأخوان.. لأني أعرف الحل (وجربته) ... ولم أستطع ألا أضع الرد ... [/B]
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وأخي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
..... لأني داخل عرض .. ===========================
شوف إذا كان الفيروس هو xp antivirus
فقد صادفتني نفس المشكلة عند واحد من الأقارب .. والحل :ـ
أداة :ـ
SmitFraudFix
وانحلت المشكلة ...
وزيادة للتأكيد:ـ
دخلت صفحة الأداة في النت ومكتوب تعالج كل هذا :ـ
AdwarePunisher, AdwareSheriff, AlphaCleaner, AntiSpyCheck, AntiSpyware Expert, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntiVirGear, Antivirus 2009, Antivirus 2010, AntiVirus Lab 2009, Antivirus Master, Antivirus XP 2008, AntivirusGolden, AVGold, Awola, BraveSentry, IE Defender, Internet Antivirus, MalwareCrush, MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro, MalwareWiper, Micro Antivirus 2009, MS Antivirus, PestCapture, PestTrap, Power Antivirus, Power-Antivirus-2009, PSGuard, quicknavigate.com, Registry Cleaner, Security iGuard, Smart Antivirus 2009, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareLocked, SpywareQuake, SpywareKnight, SpywareRemover, SpywareSheriff, SpywareStrike, Startsearches.net, System Antivirus 2008, TheSpyBot, TitanShield Antispyware, Total Secure 2009, Trust Cleaner, Ultimate Antivirus 2008, UpdateSearches.com, Virtual Maid, Virus Heat, Virus Protect, Virus Protect Pro, VirusBlast, VirusBurst, VirusRay, VirusResponse Lab 2009, Win32.puper, WinHound, Vista Antivirus 2008, XP Security Center, XPert Antivirus, Brain Codec, ChristmasPorn, DirectAccess, DirectVideo, EliteCodec, eMedia Codec, EZVideo, FreeVideo, Gold Codec, HQ Codec, iCodecPack, IECodec, iMediaCodec, Image ActiveX , Image Add-on, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, LookForPorn, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, NetProject, Online Image Add-on, Online Video Add-on, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SearchPorn, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX , Video ActiveX , Video Add-on, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...
+++++++++++++++++++++++++++++++++++
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
================================
ولا تنسى أيضا أن تستخدم الأداة في الوضع الآآآآآآآآآآآآآآآآمن .. بارك الله فيك
================================
والمعذرة مرة أخرى من الأخوان.. لأني أعرف الحل (وجربته) ... ولم أستطع ألا أضع الرد ... [/B]
التعديل الأخير بواسطة المشرف:
توقيع : ashalshaikh
تأييد
0
anascoo
زيزوومى مميز
غير متصل
Logfile of Trend Micro HijackThis v2.0.2أحييك على جهازك الخالي من الفيروسات :q:
عندك القيمه هذي احذفها
O23 - Service: 5CBC843C - Unknown owner - C:\WINDOWS\system32\E647C87C.EXE (file missing)
مع اني ما أظن الهايجاك تقدر تحذفها
لكن عطني تقرير بعد حذفها عشان نتأكد
ويا ليت تشيل الكاسبر 6 لأنه هو السبب في البلاوي هذي كلها
لا تقولي مرتاح وما مرتاح
شوف جهازك متروس فيروسات من اوله الى اخره
ثبت عند الكاسبر انترنت سكيوريتي 2009
وافحص جهازك وان شاء الله ما تلقى الا الي يسرك
Scan saved at 02:03:24 م, on 14/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{54495268-F710-47E2-B474-35CB5E5282B6}: NameServer = 192.168.1.90
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Net Control 2 Server (NetControl2Server) - Net Software 2 - C:\Program Files\Net Control 2\ncserver.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
--
End of file - 3625 bytes
تأييد
0
anascoo
زيزوومى مميز
غير متصل
SmitFraudFix v2.360
Scan done at 14:04:19.43, Tue 10/14/2008
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B)
DNS Server Search Order: 192.168.1.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{54495268-F710-47E2-B474-35CB5E5282B6}: NameServer=192.168.1.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{54495268-F710-47E2-B474-35CB5E5282B6}: NameServer=192.168.1.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{54495268-F710-47E2-B474-35CB5E5282B6}: NameServer=192.168.1.90
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F88FCF9D-BDED-4BC4-8D7E-B94B682BFCE5}: NameServer=212.0.138.10 212.0.138.11
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning not selected.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
عزيزي ركب الكاسبر من قسم برامج الحماية
وهل توجد مشاكل حاليا ؟؟
توقيع : فارس الملاك
تأييد
0