يا ليت تشوفون حل لفيروس اللي قتل جهااازي

س

سعودي دووم

زيزوومى متألق
إنضم
11 مايو 2008
المشاركات
445
مستوى التفاعل
1
النقاط
470
غير متصل
صباح الخير ..


اليوم جهازي جنني طلع فيروس يقول ان سببه تحديث للكاسبر المهم احاول ادخل على الجهاز

من الظهر ولا قدرت ادخل مو راضي يدخل على الجهاز الا من السيف مود وانا احاول احذف هالكاسبر

ولا رضى لانه ما ينحذف من السيف مود المهم بعد محااولات دخلت هنا وحذفت الكاسبر ...

والحين جاي اكتب هالموضوع سويت تقرير بالهايجاك طلع هالفيروس وغيره من ظمن المشاااكل


والمشكلة لما بغيت احذف الفيروسات ما رضى طلعت هالصووورة .....



هذا التقرير /



Logfile of HijackThis v1.99.1
Scan saved at 02:06:09, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Bosco\slave.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\update32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Startup Faster\sfAgent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\khaled\LOCALS~1\Temp\stf2.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\DOCUME~1\khaled\LOCALS~1\Temp\stfB.tmp
C:\WINDOWS\explorer.exe
C:\Documents and Settings\khaled\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.190:8082
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ccofgnt.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ccofgnt.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: xmoapxb - xmoapxb.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Task Scheduler (Schedule) - Apache Software Foundation - C:\WINDOWS\system32\drivers\services.exe
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - C:\Program Files\Bosco\slave.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE





وهذي الصوووورة بعد ما جيت بحذف المشااكل :


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




طبعا الجهاز طلع بطيئ لانه الحين بدون حااامي وانا والله ما ابي افرمته ....

اغلب القيروسات موجود بـSystem32


وهذا واحد من الفيروسات اللي اتكلم عنها : rs32net مررة جنني



ويا ليت تنصحوني باي برنامج حماااية



تحياتي
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اخوي اول شي يا ليت تعدل مشاركتك
وتشيل عرض الصوره
وتخليها برابط بس
عشان ما تخرب مقاسات الشاشه بسبب كبرها
عموما
طبق الي بقولك
كليك يمين على أيقونة جهاز الكمبيوتر => خصائص => استعادة النظام
حط علامة صح على ( تعطيل خاصية استعادة النظام ) => اقبل الحذف => ارجع وفعل خاصية الإستعاده
بعدين
عطل برنامج الحمايه عندك
بعدين حمل الأداة هذي وشغلها
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تطلع لك رسالتين اضغط على ( yes )

ComboFix1.png


ComboFix2.png



انتظر شوي لين ما تخلص من الفحص
واحتمال تسوي اعادة تشغيل لجهازك

ComboFix3.png



انتهى الفحص
وجاري اعداد التقرير

ComboFix4.png



هذا هو التقرير انسخه والصقه بردك الجاي
ويستحسن لو ترفعه على رابط

ComboFix5.png



*****************************


بعدين
عطني تقرير لا هنت
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل => شغل البرنامج
Do a system scan and save a log file

HJThis1.png



يطلع لك تقرير => انسخه والصقه بردك القادم
ويستحسن لو ترفعه على رابط

HJThis2.png
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
هلا بك :


هذا تقرير اادارة الكمبو وسوري ما قدرت احطها برابط لان الاتصال مررة ضعيف /

ComboFix 08-10-30.04 - khaled 10/30/2008 3:04:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.729 [GMT 3:00]
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\khaled\GLF37.tmp.exe
C:\Documents and Settings\khaled\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\khaled\Start Menu\Programs\Startup\userinit.exe
C:\Documents and Settings\khaled\svchost.exe
C:\Documents and Settings\LocalService\Application Data\1174749657.exe
C:\Documents and Settings\LocalService\Application Data\1274632617.exe
C:\Documents and Settings\LocalService\Application Data\1298292558.exe
C:\Documents and Settings\LocalService\Application Data\1393587716.exe
C:\Documents and Settings\LocalService\Application Data\1409776099.exe
C:\Documents and Settings\LocalService\svchost.exe
C:\userinit.exe
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\bb1.dat
C:\WINDOWS\system32\1.dat
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\dlds1.exe
C:\WINDOWS\system32\dlds2.exe
C:\WINDOWS\system32\dlds5.exe
C:\WINDOWS\system32\dlds6.exe
C:\WINDOWS\system32\dlds7.exe
C:\WINDOWS\system32\dlds8.exe
C:\WINDOWS\system32\drivers\ati2bixx.sys
C:\WINDOWS\system32\drivers\ati6jqxx.sys
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\lm.dat
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\psyche.exe
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\rs32net.exe
C:\WINDOWS\system32\tb.dr
C:\WINDOWS\system32\update32.exe
C:\WINDOWS\system32\vedxg3am1et3.exe
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\vedxga4me1.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\wpv1920.cpx
C:\WINDOWS\system32\wpv5619.cpx
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\xmoapxb.dll
C:\WINDOWS\wiaservv.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Psyche
-------\Legacy_Psyche
-------\Legacy_ATI6JQXX
-------\Legacy_TCPSR
-------\Service_ati6jqxx
-------\Service_tcpsr

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 00:05 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-10-29 22:58 9,342 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-29 22:50 63,488 ----a-w C:\WINDOWS\system32\ccofgnt.dll
2008-10-29 22:50 10,752 ----a-w C:\WINDOWS\system32\asdns.dll
2008-10-29 22:50 --------- d-----w C:\Documents and Settings\khaled\Application Data\Skype
2008-10-29 22:50 --------- d-----w C:\Documents and Settings\khaled\Application Data\DMCache
2008-10-29 22:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-29 22:45 --------- d-----w C:\Documents and Settings\khaled\Application Data\skypePM
2008-10-29 20:45 --------- d-----w C:\Program Files\Common Files\Real
2008-10-29 20:33 --------- d-----w C:\Program Files\Speed Startup
2008-10-29 16:50 --------- d-----w C:\Documents and Settings\khaled\Application Data\cleaner
2008-10-29 16:41 --------- d-----w C:\Program Files\إدارة التشغيل العربي
2008-10-29 16:01 0 ----a-w C:\WINDOWS\system32\drivers\c03837e5.sys
2008-10-29 12:01 53,248 ----a-w C:\WINDOWS\msbilltrust.exe
2008-10-29 12:01 122,880 ----a-w C:\WINDOWS\msbilltrust.dll
2008-10-28 22:56 17,920 ----a-w C:\xTlu.exe
2008-10-28 22:56 0 ----a-w C:\evG.exe
2008-10-27 17:20 --------- d-----w C:\Documents and Settings\khaled\Application Data\uTorrent
2008-10-24 11:35 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-24 11:34 --------- d-----w C:\Documents and Settings\khaled\Application Data\IDM
2008-10-23 18:02 --------- d-----w C:\Program Files\VoiceMaskPro
2008-10-23 18:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-23 17:35 --------- d-----w C:\Program Files\Skype
2008-10-23 17:35 --------- d-----w C:\Program Files\Common Files\Skype
2008-10-23 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-10-19 12:54 --------- d-----w C:\Program Files\Smart PC Solutions
2008-10-19 08:42 --------- d-----w C:\Program Files\Data Doctor Recovery iPod
2008-10-16 21:55 --------- d-----w C:\Program Files\Startup Faster
2008-10-16 21:32 --------- d-----w C:\Documents and Settings\khaled\Application Data\URSoft
2008-10-16 17:21 --------- d-----w C:\Program Files\Desktop Icon Toy
2008-10-16 16:30 --------- d-----w C:\Program Files\Flash-SWF to AVI-GIF
2008-10-15 17:08 --------- d-----w C:\Program Files\AV Vcs 6.0 GOLD
2008-10-15 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-10-15 12:46 --------- d-----w C:\Program Files\TechSmith
2008-10-15 12:46 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-10-13 21:06 --------- d-----w C:\Documents and Settings\khaled\Application Data\MakeUpPilot
2008-10-13 21:04 --------- d-----w C:\Program Files\Two Pilots
2008-10-13 21:04 --------- d-----w C:\Program Files\MakeUp Pilot
2008-10-13 17:53 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-10-13 17:53 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-11 23:59 --------- d-----w C:\Program Files\aMSN
2008-10-10 04:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 04:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-07 23:36 --------- d-----w C:\Documents and Settings\khaled\Application Data\CyberLink
2008-10-07 22:35 --------- d-----w C:\Program Files\TeraCopy Portable
2008-10-07 00:08 --------- d-----w C:\Program Files\Hotspot Shield
2008-10-07 00:07 --------- d-----w C:\Program Files\AnchorFree
2008-10-06 21:05 --------- d-----w C:\Program Files\X-Fonter
2008-10-06 20:56 --------- d-----w C:\Program Files\Easy GIF Animator
2008-10-06 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Watermark Factory
2008-10-06 20:34 --------- d-----w C:\Program Files\RealDRAW
2008-10-06 17:34 --------- d-----w C:\Program Files\Wondershare
2008-10-06 17:34 --------- d-----w C:\Documents and Settings\khaled\Application Data\DemoCreator
2008-10-06 16:30 --------- d-----w C:\Program Files\SWFText
2008-10-06 16:30 --------- d-----w C:\Documents and Settings\khaled\Application Data\AntsSoft
2008-10-06 13:14 --------- d-----w C:\Program Files\HardCopy Pro
2008-10-04 22:17 --------- d-----w C:\Program Files\Montre à heures variables
2008-10-04 22:17 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-10-02 01:58 --------- d-----w C:\Program Files\Paltalk Messenger
2008-10-02 01:58 --------- d-----w C:\Documents and Settings\khaled\Application Data\Paltalk
2008-10-02 01:57 --------- d-----w C:\Program Files\Watermark Factory 2
2008-10-02 00:23 --------- d-----w C:\Program Files\MessengerDiscovery
2008-10-01 11:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-30 07:00 --------- d-----w C:\Program Files\JufSoft
2008-09-30 02:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 02:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-30 02:15 --------- d-----w C:\Program Files\ArcSoft
2008-09-30 01:28 --------- d-----w C:\Documents and Settings\khaled\Application Data\CyberScrub
2008-09-27 13:41 --------- d-----w C:\Documents and Settings\khaled\Application Data\.SwarmPlayer
2008-09-27 13:40 --------- d-----w C:\Documents and Settings\khaled\Application Data\.Tribler
2008-09-27 12:14 --------- d-----w C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Pro
2008-09-27 03:07 --------- d-----w C:\Program Files\LightDriver2
2008-09-27 00:39 --------- d-----w C:\Program Files\Bosco
2008-09-26 07:51 2,288,128 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-09-25 00:43 --------- d-----w C:\Documents and Settings\khaled\Application Data\Blueberry
2008-09-25 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Blueberry
2008-09-25 00:33 4,608 ----a-w C:\WINDOWS\system32\bbchlp.dll
2008-09-25 00:33 27,776 ----a-w C:\WINDOWS\system32\bbcap.dll
2008-09-25 00:33 2,944 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys
2008-09-25 00:33 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{3A7FD077-F0B4-4276-BE42-175DEF23CA39}
2008-09-25 00:33 --------- d-----w C:\Program Files\Common Files\Blueberry Software
2008-09-25 00:33 --------- d-----w C:\Program Files\Blueberry Software
2008-09-25 00:33 --------- d-----w C:\Documents and Settings\khaled\Application Data\LogSys
2008-09-25 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogSys
2008-09-25 00:31 --------- d-----w C:\Program Files\uTorrent Turbo Booster
2008-09-23 09:57 --------- d-----w C:\Program Files\AnvSoft
2008-09-23 09:54 --------- d-----w C:\Program Files\!Easy ScreenSaver Station
2008-09-23 09:07 --------- d-----w C:\Program Files\Xilisoft
2008-09-22 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-22 00:21 --------- d-----w C:\Program Files\uTorrent
2008-09-20 08:35 --------- d-----w C:\Documents and Settings\khaled\Application Data\ArcSoft
2008-09-20 08:34 8,864 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-09-20 08:34 39,936 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-09-20 08:34 30,720 ---h--r C:\WINDOWS\CdaC13BA.EXE
2008-09-20 08:34 112,128 ---h--r C:\WINDOWS\CdaC14BA.DLL
2008-09-19 05:21 47,837 ----a-w C:\Documents and Settings\khaled\957123845.exe
2008-09-19 05:21 47,837 ----a-w C:\Documents and Settings\khaled\957123844.exe
2008-09-19 05:21 47,837 ----a-w C:\Documents and Settings\khaled\49986.exe
2008-09-19 05:21 47,837 ----a-w C:\Documents and Settings\khaled\41129.exe
2008-09-16 08:23 --------- d-----w C:\Program Files\SMPlayer
.
((((((((((((((((((((((((((((( snapshot@Sun 10-05-2008_ 2.34.15.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-04 17:16:46 1,887,080 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2008-10-15 12:47:22 246,784 ----a-r C:\WINDOWS\Installer\{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}\Icon16CBC2751.exe
+ 2008-10-15 12:47:22 30,720 ----a-r C:\WINDOWS\Installer\{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}\Icon16CBC2753.exe
+ 2008-10-15 12:47:22 2,237,952 ----a-r C:\WINDOWS\Installer\{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}\IconEF5C4888.exe
+ 2003-01-25 16:37:48 756,736 ----a-w C:\WINDOWS\Resources\Themes\AmberGlow\Shell\normalcolor\shellstyle.dll
+ 2008-08-18 08:19:03 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
+ 2008-09-08 19:38:55 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
- 2008-09-12 03:18:30 14,848 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2008-10-24 11:36:11 9,728 ----a-w C:\WINDOWS\system32\BASSMOD.dll
- 2008-09-21 23:13:17 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
+ 2008-10-30 00:05:35 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
- 2008-09-21 23:13:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-30 00:05:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-21 23:13:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-10-30 00:05:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-03-12 17:27:00 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
- 2004-08-03 22:56:58 14,336 -c--a-w C:\WINDOWS\system32\dllcache\svchost.exe
+ 2008-10-30 00:05:21 14,336 -c--a-w C:\WINDOWS\system32\dllcache\svchost.exe
+ 2004-07-31 14:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
- 2004-08-04 22:00:00 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
+ 2001-09-05 18:00:58 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
- 2007-06-19 13:22:09 202,424 ----a-w C:\WINDOWS\system32\idmmbc.dll
+ 2008-01-08 12:13:44 202,160 ----a-w C:\WINDOWS\system32\idmmbc.dll
+ 2008-05-18 17:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
+ 2008-10-05 03:16:26 235,936 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
+ 2008-08-07 02:20:32 3,664,800 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-08-07 02:20:38 235,424 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-09-12 06:07:32 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-10-20 22:29:00 89,102 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-10-22 23:47:19 84,508 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-05-11 12:18:46 15,267,800 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2004-08-03 22:56:38 10,752 --s-a-w C:\WINDOWS\system32\msupdt.exe
- 2008-10-04 21:22:57 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-29 22:53:57 41,170 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-04 21:22:57 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-29 22:53:57 314,842 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2003-06-05 17:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
+ 2006-12-16 20:37:50 27,136 ----a-w C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\tapvpn.sys
+ 2008-10-29 22:51:32 24,954 ----a-w C:\WINDOWS\system32\spool\printer.dat
+ 2006-04-27 13:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2006-01-09 06:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2008-03-11 23:37:00 107,864 ----a-w C:\WINDOWS\system32\tsccvid.dll
+ 2007-09-05 20:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2007-10-06 07:11:04 2,045 ---h--w C:\WINDOWS\system32\whlpd32e.dll
+ 2007-10-03 20:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
C:\Documents and Settings\khaled\Start Menu\Programs\Startup\StartupFaster
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
StartupFaster.ini [2008-10-30 646]
userinit.exe [2004-08-04 22016]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StartupFaster
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-18 568176]
StartupFaster.ini [2008-10-20 268]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMyDoc"= 0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6ekxx.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^khaled^Start Menu^Programs^Startup^uTorrent Turbo Booster.lnk]
path=C:\Documents and Settings\khaled\Start Menu\Programs\Startup\uTorrent Turbo Booster.lnk
backup=C:\WINDOWS\pss\uTorrent Turbo Booster.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\cmd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [09/25/2008 03:33 AM 2944]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [10/30/2008 03:05 AM 14336]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [05/05/2007 09:00 AM 105984]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM 27136]
S0 ati6ekxx;ati6ekxx;C:\WINDOWS\system32\Drivers\ati6ekxx.sys [ ]
S1 c03837e5;c03837e5;C:\WINDOWS\system32\drivers\c03837e5.sys [10/29/2008 07:01 PM 0]
S2 ICF;ICF;C:\WINDOWS\system32\svchost.exe:ext.exe [10/30/2008 03:05 AM 25088]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [10/13/2008 08:53 PM 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - ICF
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-SpeedStartup - C:\Program Files\Speed Startup\speedstartup.exe
HKU-Default-Run-[system] - C:\WINDOWS\system32\drivers\services.exe
HKU-Default-Run-winlogon - C:\Documents and Settings\LocalService\svchost.exe
SafeBoot-ati2bixx.sys
SafeBoot-ati6luxx.sys

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Settings,ProxyServer = 212.116.219.190:8082
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O18 -: Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ccofgnt.dll
O16 -: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-30 03:07:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\sccfg.sys 20 bytes
C:\WINDOWS\system32\svchost.exe:ext.exe 25088 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICF]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:ext.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ccofgnt.dll
-> ?:\WINDOWS\system32\PSAPI.DLL
-> ?:\WINDOWS\system32\PSAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Bosco\slave.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 10/30/2008 3:09:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-30 00:09:30
ComboFix2.txt 2008-10-04 23:35:27
Pre-Run: 9,202,880,512 bytes free
Post-Run: 9,198,010,368 bytes free
338



وهذا تقرير الهايجااك :


Logfile of HijackThis v1.99.1
Scan saved at 03:11:57, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Bosco\slave.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\khaled\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.190:8082
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ccofgnt.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - C:\Program Files\Bosco\slave.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
تأييد 0
حلو
انحذفت تقريبا كل الفيروسات الا شي بسيط منها
حدد على القيم هذي واحذفها

O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll

O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ccofgnt.dll


بعد الحذف
عطني تقرير جديد مثله
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
وهذا بعد التجربة بس ترى القيم رقم 10 ما انحذفن وطلعت نفس الرسالة اللي بالصوورة اللي باول الموضوع /




Logfile of HijackThis v1.99.1
Scan saved at 03:31:57, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Bosco\slave.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\khaled\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.190:8082
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - C:\Program Files\Bosco\slave.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
تأييد 0
تذكر يا عزيزي اني الى الحين ما ركبت برنامج حماااية .....
 
تأييد 0
سعودي دووم قال:
تذكر يا عزيزي اني الى الحين ما ركبت برنامج حماااية .....
أنقر للتوسيع...
عارف وانا اخوك
لا تشيل هم
نفس القيم ما رضت تنحذف
ابيك تنزل الاداة هذي عندك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد ما تشغلها
تحت على يمين مكتوب finish
اضغط عليها بعدين اضغط موافق
بعدين عطني تقرير هايجاك جديد
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
تفضل :


Logfile of HijackThis v1.99.1
Scan saved at 04:00:28, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Bosco\slave.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\khaled\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.190:8082
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\asdns.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - C:\Program Files\Bosco\slave.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
تأييد 0
للأسف ما رضت الملفات تنحذف
جرب تحذفهم يدويا
اتبع المسار هذا واحذف الملف الي باللون الاحمر
c:\windows\system32\asdns.dll
وعطني تقرير جديد
اذا ما فاد ,, نبي نتصرف معه تصرف ثاني
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
اها شفت اخوي التقرير اللي فوق سويت اللي انت تقوله بالاداة الاخيرة وباقي مثل ماهي واضحة القيم ...

بس رجعت مررة ثانية افتح الاداة زين بعدين طبعا انت قلت اظغط على فنيش قبل لا اظغط عليها حصلت القيمة اللي عليها المشكلة على اليمين خذته على اليسار اللي هي قائمة الريموف وبعدين سويت فنيش ... واعتقد اختفت طبعا سويت تقرير جديد بعد هالحركة /


Logfile of HijackThis v1.99.1
Scan saved at 04:05:31, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Bosco\slave.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\khaled\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.190:8082
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - C:\Program Files\Bosco\slave.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
تأييد 0
بدري ياخي :q:
الحين ابيك تحذف البرنامج هذا
Bosco
وبعد الحذف عطني تقرير
<= ماخذها حلا التقارير :q:
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
ماسكه على هالتقاارير /// حذفت البرنامج وهذا تقرير بس ركز على هذي O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exeO23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe



هذا التقرير .



Logfile of HijackThis v1.99.1
Scan saved at 04:19:06, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\rsvp.exe
C:\Documents and Settings\khaled\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.190:8082
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
تأييد 0
حلو
الحين شغل الأداة نفسها
واضغط على المحدد بالسهم

zyzoom-7f531db900.png




بعد نفس الشي
المحدد بالسهم

zyzoom-ebfc545481.png




الحين الصق القيمه هذي بالمستطيل
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
بعدين اضغط OK

zyzoom-d6c8929e4c.png




قفل الأداة
واعد تشغيل الجهاز
وتأكد ان القيمه نفسها الي حذفناها غير موجوده
بعدها ثبت الكاسبر انترنت سكيوريتي 2009
أو
الأفيرا
وافحص جهازك بواحد منهم
وان شاء الله يكون جهازك ممتاز :smile:
لا تنساني بالنتائج
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
لبى قلبك والله ...

تم تركيب الافيرا وتم التشيك وانحذف كل العلل الل راحت



الف شكر يالغالي
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى