- بادئ الموضوع ma3jed
- تاريخ البدء
- 975
أسرار الليل
زيزوومي جديد
- إنضم
- 28 مارس 2008
- المشاركات
- 224
- مستوى التفاعل
- 1
- النقاط
- 0
غير متصل
اخوي الحل هو : ان تحدث الكاسبر وبعدين تسوي فحص كامل لجميع الاقراص
تأييد
0
جربتو ولانفع
تأييد
0
dяăģôŋ
ذيبان
غير متصل
هذا فيروس الاوتورن
اتبع الخطوات التاليه
عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
اتبع الخطوات التاليه
عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
delta_devil
زيزوومى مبدع
غير متصل
ملف اوتو رن وممكن تمسحه بايدك يدوي
بس هتمسحه من كل الفولدرات اللي علي الجهاز وتشيله من التاسك مانجر وتمسح القيم بتاعته من الريجستري
ودي الطريقه اللي بحذف بيها الاوتو رن من علي الجهاز يدوي بدون برامج ولا انتي فيروس
بس هتمسحه من كل الفولدرات اللي علي الجهاز وتشيله من التاسك مانجر وتمسح القيم بتاعته من الريجستري
ودي الطريقه اللي بحذف بيها الاوتو رن من علي الجهاز يدوي بدون برامج ولا انتي فيروس
توقيع : delta_devil
تأييد
0
ComboFix 08-11-14.01 - Administrator 11/16/2008 20:07:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.81 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\artools.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\dflgh8jkd2q8.exe
c:\windows\system32\kakle.dll
c:\windows\system32\vx.tll
c:\windows\system32\winitn.dll
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 22:28 --------- d-----w c:\program files\iVocalize Web Conference 4
2008-11-15 13:51 --------- d-----w c:\documents and settings\Administrator\Application Data\HP
2008-11-15 13:47 --------- d-----w c:\documents and settings\LocalService\Application Data\HP
2008-11-15 13:47 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-15 13:46 --------- d-----w c:\program files\HP
2008-11-15 13:46 --------- d-----w c:\program files\Common Files\HP
2008-11-15 13:45 --------- d-----w c:\program files\Hewlett-Packard
2008-11-15 13:44 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-11-13 23:00 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-13 15:48 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-11-10 17:21 --------- d-----w c:\program files\MSN Messenger
2008-11-10 15:00 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-10 14:23 --------- d-----w c:\program files\Acon Digital Media
2008-11-10 14:11 --------- d-----w c:\program files\GoldWave
2008-11-10 13:11 --------- d-----w c:\program files\Windows Live
2008-11-10 13:11 --------- d-----w c:\program files\Circle Developement
2008-11-09 20:08 117,786 ----a-w C:\CRYPTEDF.VIR
2008-11-08 20:37 --------- d-----w c:\program files\MakeUp Pilot
2008-11-08 20:11 --------- d-----w c:\program files\ImTOO
2008-11-08 19:58 1,060 ----a-w C:\3gp.dat
2008-11-07 13:54 --------- d-----w c:\documents and settings\Administrator\Application Data\MakeUpPilot
2008-11-07 13:48 --------- d-----w c:\program files\Two Pilots
2008-11-04 12:53 --------- d-----w c:\program files\Common Files\Adobe
2008-11-02 16:09 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-11-02 16:09 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-11-02 16:09 --------- d-----w c:\program files\Common Files\xing shared
2008-11-02 16:09 --------- d-----w c:\program files\Common Files\Real
2008-10-29 11:43 --------- d-----w c:\program files\BitComet
2008-10-27 18:29 --------- d-----w c:\documents and settings\Administrator\Application Data\Hide IP NG
2008-10-26 19:38 --------- d-----w c:\program files\Common Files\Vbox
2008-10-26 19:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 13:45 --------- d-----w c:\program files\MSI
2008-10-21 04:39 --------- d-----w c:\documents and settings\Administrator\Application Data\TigerPlayer
2008-10-21 04:37 --------- d-----w c:\program files\MpcStar
2008-10-16 12:04 --------- d-----w c:\program files\Common Files\SWF Studio
2008-10-14 13:40 --------- d-----w c:\program files\QuickTime
2008-10-14 12:59 --------- d-----w c:\program files\Nokia
2008-10-14 12:59 --------- d-----w c:\program files\Common Files\Nokia
2008-10-14 12:50 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-13 15:29 --------- d-----w c:\program files\Real
2008-10-13 14:35 --------- d-----w c:\program files\ElcomSoft
2008-10-09 13:25 --------- d-----w c:\program files\Google
2008-10-08 18:53 --------- d-----w c:\program files\Ashampoo
2008-10-06 09:19 --------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer
2008-10-06 06:14 --------- d-----w c:\program files\BitComet Acceleration Patch
2008-10-06 05:29 --------- d-----w c:\program files\Webteh
2008-10-06 05:28 --------- d-----w c:\program files\BS.Player ControlBar
2008-10-05 01:29 --------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer PRO
2008-10-05 01:06 --------- d-----w c:\program files\P2P_Torrent
2008-10-05 01:06 --------- d-----w c:\program files\Conduit
2008-10-04 19:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-10-04 16:12 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-04 16:11 --------- d-----w c:\program files\PDF Reader
2008-10-04 16:11 --------- d-----w c:\program files\قاموس صخر الجديد
2008-10-04 16:08 --------- d-----w c:\program files\250 MCS
2008-10-04 16:06 --------- d-----w c:\program files\Java
2008-10-04 16:05 --------- d-----w c:\program files\Common Files\Java
2008-10-04 16:05 --------- d-----w c:\program files\Common Files\Ahead
2008-10-04 16:05 --------- d-----w c:\program files\Ahead
2008-10-04 16:04 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-10-04 16:02 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-04 16:02 172,032 ------w c:\windows\Setup1.exe
2008-10-04 16:01 --------- d-----w c:\program files\Avira
2008-10-04 16:01 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-04 15:59 --------- d-----w c:\program files\VIA
2008-10-04 15:57 --------- d-----w c:\program files\S3
2008-10-04 15:57 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-04 15:55 --------- d-----w c:\program files\Yahoo!
2008-10-04 15:52 15,600 ----a-w c:\windows\gdrv.sys
2008-10-04 15:50 --------- d-----w c:\program files\CONEXANT
2008-10-04 15:09 --------- d-----w c:\program files\Microsoft.NET
2008-10-04 15:08 --------- d-----w c:\program files\Microsoft Works
2008-10-04 15:03 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [08/20/2008 11:03 PM 1780248]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
08/20/2008 11:03 PM 1780248 --a------ c:\program files\P2P_Torrent\tbP2P_.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [08/20/2008 11:03 PM 1780248]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "c:\program files\BS.Player ControlBar\BSToolbar.dll" [08/13/2008 11:25 AM 757192]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [08/20/2008 11:03 PM 1780248]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "c:\program files\BS.Player ControlBar\BSToolbar.dll" [08/13/2008 11:25 AM 757192]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"BitComet"="c:\program files\BitComet\BitComet.exe" [08/22/2008 09:07 AM 2567992]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/22/2008 12:02 PM 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [05/11/2007 10:47 AM 790528]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM 262401]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [06/14/2007 06:32 PM 132760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [05/11/2007 01:03 AM 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [05/11/2007 01:03 AM 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/02/2008 07:09 PM 185872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM 49152]
"VTTimer"="VTTimer.exe" [09/21/2006 11:36 AM 53248 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [02/06/2007 02:30 AM 176128 c:\windows\system32\S3Trayp.exe]
"nwiz"="nwiz.exe" [05/11/2007 01:03 AM 1626112 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-26 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-03-31 507965]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19811:TCP"= 19811:TCP:BitComet 19811 TCP
"19811:UDP"= 19811:UDP:BitComet 19811 UDP
"6881:TCP"= 6881:TCP:BitComet 6881 TCP
"6881:UDP"= 6881:UDP:BitComet 6881 UDP
R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-10-04 16896]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-10-04 9216]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-10-04 52224]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-10-04 709632]
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ares - c:\program files\Ares\Ares.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\23v5r9ke.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.atcomet.com/m/
FF -: plugin - c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-16 20:09:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/16/2008 20:11:40
ComboFix-quarantined-files.txt 2008-11-16 17:10:55
Pre-Run: 12,202,086,400 bytes free
Post-Run: 12,903,788,544 bytes free
206
طلعي هذا التقرير
البرنامج طلع مضبوط
وشكرااا ويعطيك ألف ألف ألف عافية
وش الطريقة للحماية منه وأحسن برنامج حماية من أشكال هذه الفيروسات
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.81 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\artools.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\dflgh8jkd2q8.exe
c:\windows\system32\kakle.dll
c:\windows\system32\vx.tll
c:\windows\system32\winitn.dll
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 22:28 --------- d-----w c:\program files\iVocalize Web Conference 4
2008-11-15 13:51 --------- d-----w c:\documents and settings\Administrator\Application Data\HP
2008-11-15 13:47 --------- d-----w c:\documents and settings\LocalService\Application Data\HP
2008-11-15 13:47 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-15 13:46 --------- d-----w c:\program files\HP
2008-11-15 13:46 --------- d-----w c:\program files\Common Files\HP
2008-11-15 13:45 --------- d-----w c:\program files\Hewlett-Packard
2008-11-15 13:44 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-11-13 23:00 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-13 15:48 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-11-10 17:21 --------- d-----w c:\program files\MSN Messenger
2008-11-10 15:00 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-10 14:23 --------- d-----w c:\program files\Acon Digital Media
2008-11-10 14:11 --------- d-----w c:\program files\GoldWave
2008-11-10 13:11 --------- d-----w c:\program files\Windows Live
2008-11-10 13:11 --------- d-----w c:\program files\Circle Developement
2008-11-09 20:08 117,786 ----a-w C:\CRYPTEDF.VIR
2008-11-08 20:37 --------- d-----w c:\program files\MakeUp Pilot
2008-11-08 20:11 --------- d-----w c:\program files\ImTOO
2008-11-08 19:58 1,060 ----a-w C:\3gp.dat
2008-11-07 13:54 --------- d-----w c:\documents and settings\Administrator\Application Data\MakeUpPilot
2008-11-07 13:48 --------- d-----w c:\program files\Two Pilots
2008-11-04 12:53 --------- d-----w c:\program files\Common Files\Adobe
2008-11-02 16:09 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-11-02 16:09 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-11-02 16:09 --------- d-----w c:\program files\Common Files\xing shared
2008-11-02 16:09 --------- d-----w c:\program files\Common Files\Real
2008-10-29 11:43 --------- d-----w c:\program files\BitComet
2008-10-27 18:29 --------- d-----w c:\documents and settings\Administrator\Application Data\Hide IP NG
2008-10-26 19:38 --------- d-----w c:\program files\Common Files\Vbox
2008-10-26 19:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 13:45 --------- d-----w c:\program files\MSI
2008-10-21 04:39 --------- d-----w c:\documents and settings\Administrator\Application Data\TigerPlayer
2008-10-21 04:37 --------- d-----w c:\program files\MpcStar
2008-10-16 12:04 --------- d-----w c:\program files\Common Files\SWF Studio
2008-10-14 13:40 --------- d-----w c:\program files\QuickTime
2008-10-14 12:59 --------- d-----w c:\program files\Nokia
2008-10-14 12:59 --------- d-----w c:\program files\Common Files\Nokia
2008-10-14 12:50 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-13 15:29 --------- d-----w c:\program files\Real
2008-10-13 14:35 --------- d-----w c:\program files\ElcomSoft
2008-10-09 13:25 --------- d-----w c:\program files\Google
2008-10-08 18:53 --------- d-----w c:\program files\Ashampoo
2008-10-06 09:19 --------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer
2008-10-06 06:14 --------- d-----w c:\program files\BitComet Acceleration Patch
2008-10-06 05:29 --------- d-----w c:\program files\Webteh
2008-10-06 05:28 --------- d-----w c:\program files\BS.Player ControlBar
2008-10-05 01:29 --------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer PRO
2008-10-05 01:06 --------- d-----w c:\program files\P2P_Torrent
2008-10-05 01:06 --------- d-----w c:\program files\Conduit
2008-10-04 19:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-10-04 16:12 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-04 16:11 --------- d-----w c:\program files\PDF Reader
2008-10-04 16:11 --------- d-----w c:\program files\قاموس صخر الجديد
2008-10-04 16:08 --------- d-----w c:\program files\250 MCS
2008-10-04 16:06 --------- d-----w c:\program files\Java
2008-10-04 16:05 --------- d-----w c:\program files\Common Files\Java
2008-10-04 16:05 --------- d-----w c:\program files\Common Files\Ahead
2008-10-04 16:05 --------- d-----w c:\program files\Ahead
2008-10-04 16:04 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-10-04 16:02 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-04 16:02 172,032 ------w c:\windows\Setup1.exe
2008-10-04 16:01 --------- d-----w c:\program files\Avira
2008-10-04 16:01 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-04 15:59 --------- d-----w c:\program files\VIA
2008-10-04 15:57 --------- d-----w c:\program files\S3
2008-10-04 15:57 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-04 15:55 --------- d-----w c:\program files\Yahoo!
2008-10-04 15:52 15,600 ----a-w c:\windows\gdrv.sys
2008-10-04 15:50 --------- d-----w c:\program files\CONEXANT
2008-10-04 15:09 --------- d-----w c:\program files\Microsoft.NET
2008-10-04 15:08 --------- d-----w c:\program files\Microsoft Works
2008-10-04 15:03 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [08/20/2008 11:03 PM 1780248]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
08/20/2008 11:03 PM 1780248 --a------ c:\program files\P2P_Torrent\tbP2P_.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [08/20/2008 11:03 PM 1780248]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "c:\program files\BS.Player ControlBar\BSToolbar.dll" [08/13/2008 11:25 AM 757192]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [08/20/2008 11:03 PM 1780248]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "c:\program files\BS.Player ControlBar\BSToolbar.dll" [08/13/2008 11:25 AM 757192]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"BitComet"="c:\program files\BitComet\BitComet.exe" [08/22/2008 09:07 AM 2567992]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/22/2008 12:02 PM 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [05/11/2007 10:47 AM 790528]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM 262401]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [06/14/2007 06:32 PM 132760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [05/11/2007 01:03 AM 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [05/11/2007 01:03 AM 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/02/2008 07:09 PM 185872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM 49152]
"VTTimer"="VTTimer.exe" [09/21/2006 11:36 AM 53248 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [02/06/2007 02:30 AM 176128 c:\windows\system32\S3Trayp.exe]
"nwiz"="nwiz.exe" [05/11/2007 01:03 AM 1626112 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-26 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-03-31 507965]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19811:TCP"= 19811:TCP:BitComet 19811 TCP
"19811:UDP"= 19811:UDP:BitComet 19811 UDP
"6881:TCP"= 6881:TCP:BitComet 6881 TCP
"6881:UDP"= 6881:UDP:BitComet 6881 UDP
R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-10-04 16896]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-10-04 9216]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-10-04 52224]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-10-04 709632]
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ares - c:\program files\Ares\Ares.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\23v5r9ke.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.atcomet.com/m/
FF -: plugin - c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-11-16 20:09:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/16/2008 20:11:40
ComboFix-quarantined-files.txt 2008-11-16 17:10:55
Pre-Run: 12,202,086,400 bytes free
Post-Run: 12,903,788,544 bytes free
206
طلعي هذا التقرير
البرنامج طلع مضبوط
وشكرااا ويعطيك ألف ألف ألف عافية
وش الطريقة للحماية منه وأحسن برنامج حماية من أشكال هذه الفيروسات
تأييد
0