يااصحاب الخبرهـ جاني فايروس ماني عارف له حل !!مرفق صور له

[Dr k5]

السلام عليكم ورحمة الله وبركاته ​

اخواني ياليت تساعدوني لأن هذا الفايروس شكله عووويص وكل مافتح شي بصفحت الانترنت اكسبلور ​

يطلع لي مثل هذي الصورهـ ​

​

وإذا اخترت موافق يفتح لي موقع ويحمل على طول منه :no:​

ياليت اللي يعرف له حل يساعدني :er:​

ولكم جزيل الشكر ​

 

[boob77]

ياليت تعمل التالي على كل جهاز

( 1 )​

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

--------------------------------------------​

( 2 )​

واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[Dr k5]

هذا تقرير برنامج >> Hijackthi <<
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:59 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Moodysoft\SPX Instant Screen Capture\spx.exe
C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\Rar$EX01.422\omdanet-anit vuirs.exe
C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe
C:\Program Files\Trend Micro HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.11.191.11:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.254
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CInterceptor - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: IE - {616D534C-3CA8-43AB-B439-618F850F1D2B} - C:\WINDOWS\apdogy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [List Plus] C:\DOCUME~1\XPPRESP3\APPLIC~1\AMENMO~1\Five wipe sect.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-21-1645522239-1326574676-725345543-1001\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7086 bytes

 

[Dr k5]

وهذا تقرير البرنامج الاول ComboFix

ComboFix 08-05-21.3 - XPPRESP3 2008-05-25 12:31:40.1 - NTFSx86
Running from: C:\Documents and Settings\XPPRESP3\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.
2008-05-25 10:21 . 2008-05-25 10:21 <DIR> d-------- C:\Program Files\RegistryBooster 2
2008-05-25 10:21 . 2008-05-25 10:21 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Uniblue
2008-05-25 10:20 . 2008-05-25 10:20 <DIR> d-------- C:\WINDOWS\bronz
2008-05-25 10:20 . 2008-05-25 10:20 <DIR> d-------- C:\Program Files\BrOnZ Patch Pro
2008-05-25 09:40 . 2008-05-25 09:52 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-25 09:40 . 2008-05-25 09:52 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-25 09:39 . 2008-05-25 09:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-25 09:39 . 2008-05-25 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 09:39 . 2008-05-25 12:21 1,858,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-25 09:39 . 2008-05-25 12:20 16,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-25 09:39 . 2008-05-25 09:43 1,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-25 09:39 . 2008-05-25 09:43 1,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-25 09:38 . 2008-05-25 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-25 09:36 . 2008-05-25 09:36 254,464 --a------ C:\WINDOWS\apdogy.dll
2008-05-25 07:13 . 2008-05-25 07:13 <DIR> d-------- C:\Program Files\Hotspot Shield
2008-05-25 03:14 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-25 02:49 . 2006-10-04 17:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-05-25 02:49 . 2006-10-04 17:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-05-25 02:49 . 2006-10-04 17:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-05-24 23:04 . 2008-05-24 23:04 232 --a------ C:\WINDOWS\balot.ini
2008-05-22 01:44 . 2008-05-22 01:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-20 23:50 . 2008-05-20 23:50 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-20 15:31 . 2008-05-25 02:47 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-18 08:19 . 2008-05-18 08:19 <DIR> d-------- C:\Program Files\Ipswitch
2008-05-18 08:19 . 2008-05-18 08:19 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Ipswitch
2008-05-18 08:19 . 2008-05-18 08:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2008-05-18 08:19 . 2007-08-09 12:50 606,293 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-05-18 08:19 . 2007-08-09 12:50 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-05-18 07:08 . 2008-05-18 07:08 <DIR> d-------- C:\Program Files\SDMarks Real Status Viewer
2008-05-18 02:14 . 2008-05-25 02:19 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\MxBoost
2008-05-17 23:12 . 2008-05-18 02:14 <DIR> d-------- C:\Program Files\Maxthon2
2008-05-17 23:06 . 2008-05-17 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-17 23:05 . 2008-05-17 23:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-17 22:47 . 2008-05-17 22:47 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Thinstall
2008-05-16 16:20 . 2008-05-16 16:20 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-16 14:20 . 2008-05-16 14:20 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\skypePM
2008-05-16 14:20 . 2008-05-16 14:20 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-16 14:12 . 2008-05-25 03:49 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Skype
2008-05-16 14:10 . 2008-05-16 14:10 <DIR> d-------- C:\Program Files\Skype
2008-05-16 14:10 . 2008-05-16 14:10 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-16 14:09 . 2008-05-16 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-16 13:13 . 2002-08-16 15:15 65,536 --a------ C:\WINDOWS\unleap.exe
2008-05-16 13:12 . 2008-05-18 04:22 <DIR> d-------- C:\Program Files\LeapFTP
2008-05-16 10:49 . 2008-05-16 10:52 <DIR> d-------- C:\Program Files\Axialis
2008-05-16 09:41 . 2008-05-16 09:42 <DIR> d-------- C:\Program Files\LtUcx
2008-05-16 09:38 . 2008-05-18 04:11 <DIR> d-------- C:\Program Files\AV VCS 3.0
2008-05-16 09:37 . 2002-12-10 09:11 6,852 --a------ C:\WINDOWS\system32\drivers\Vcs.sys
2008-05-15 13:36 . 2008-05-15 13:37 <DIR> d-------- C:\Documents and Settings\الوالد\Application Data\IEPro
2008-05-15 04:41 . 2008-05-15 04:41 <DIR> d-------- C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-05-15 00:29 . 2008-05-16 18:46 558 --a------ C:\WINDOWS\cdplayer.ini
2008-05-14 14:53 . 2008-05-14 14:53 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-14 14:53 . 2007-09-28 17:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-14 14:53 . 2007-09-28 17:05 739,840 --a------ C:\WINDOWS\system32\divx.dll
2008-05-14 14:53 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-14 14:53 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-14 14:53 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-14 14:53 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-05-14 14:53 . 2007-09-28 17:05 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-14 14:53 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-14 14:53 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-14 11:54 . 2008-05-14 11:54 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Talkback
2008-05-14 11:50 . 2008-05-25 06:55 <DIR> d-------- C:\Program Files\123 Hidden Sender
2008-05-14 09:15 . 2008-05-25 03:49 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\IBP
2008-05-14 08:17 . 2008-05-20 23:49 <DIR> d-------- C:\Program Files\Microsoft Expression
2008-05-14 08:17 . 2008-05-21 01:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 03:52 . 2008-05-14 03:52 <DIR> d-------- C:\Program Files\Micro-Sys Software
2008-05-14 03:52 . 2008-05-14 03:52 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Micro-Sys
2008-05-14 01:18 . 2008-05-25 10:18 <DIR> d-------- C:\Program Files\Portable TuneUp Utilities 2007 6.0.2311
2008-05-14 01:18 . 2008-05-14 01:18 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\TuneUp Software
2008-05-14 00:41 . 2006-10-21 16:42 1,138,688 --a------ C:\WINDOWS\system32\SRESTART.EXE
2008-05-14 00:41 . 2006-11-24 02:32 175,932 --a------ C:\WINDOWS\system32\SRESTART.bmp
2008-05-14 00:41 . 2006-11-24 03:03 101,307 --a------ C:\WINDOWS\system32\z010.com
2008-05-14 00:41 . 2004-08-03 07:42 10,646 --a------ C:\WINDOWS\system32\CLICK.WAV
2008-05-14 00:41 . 2004-08-03 07:42 5,192 --a------ C:\WINDOWS\system32\HOVER.WAV
2008-05-14 00:41 . 2006-11-24 02:43 2,584 --a------ C:\WINDOWS\system32\SRE.EXTENSION.VIRUSSCAN.XMl
2008-05-14 00:41 . 2006-11-24 02:33 1,955 --a------ C:\WINDOWS\system32\SRE.EXTENSION.EXIT.XMl
2008-05-14 00:41 . 2004-08-03 07:42 575 --a------ C:\WINDOWS\system32\SRESTART.XML
2008-05-14 00:41 . 2006-11-24 03:03 480 --a------ C:\WINDOWS\system32\z010.cmd
2008-05-14 00:41 . 2006-11-24 02:47 446 --a------ C:\WINDOWS\system32\z010.reg
2008-05-14 00:35 . 2008-05-14 00:35 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-14 00:34 . 2008-05-14 00:34 <DIR> d-------- C:\Documents and Settings\XPPRESP3\WINDOWS
2008-05-13 23:39 . 2008-05-13 23:39 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-13 23:38 . 2008-05-14 03:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-13 23:38 . 2008-05-13 23:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-13 04:00 . 2007-07-06 15:46 660,992 -----c--- C:\WINDOWS\system32\dllcache\mqqm.dll
2008-05-13 04:00 . 2007-07-06 15:46 471,552 -----c--- C:\WINDOWS\system32\dllcache\mqutil.dll
2008-05-13 04:00 . 2007-07-06 15:46 177,152 -----c--- C:\WINDOWS\system32\dllcache\mqrt.dll
2008-05-13 04:00 . 2007-07-06 15:46 138,240 -----c--- C:\WINDOWS\system32\dllcache\mqad.dll
2008-05-13 04:00 . 2007-07-06 15:46 95,744 -----c--- C:\WINDOWS\system32\dllcache\mqsec.dll
2008-05-13 04:00 . 2007-07-06 13:05 72,960 -----c--- C:\WINDOWS\system32\dllcache\mqac.sys
2008-05-13 04:00 . 2007-07-06 15:46 48,640 -----c--- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-05-13 04:00 . 2007-07-06 15:46 47,104 -----c--- C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-05-13 04:00 . 2007-07-06 15:46 16,896 -----c--- C:\WINDOWS\system32\dllcache\mqise.dll
2008-05-13 03:59 . 2007-08-08 19:39 1,104,896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-05-13 03:59 . 2007-07-13 02:31 765,952 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-05-13 03:59 . 2008-02-20 08:19 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-05-13 03:59 . 2008-02-20 21:49 45,568 -----c--- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-05-13 03:58 . 2007-12-04 21:38 550,912 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-05-13 03:54 . 2008-05-13 03:54 <DIR> d-------- C:\Program Files\MSBuild
2008-05-13 03:50 . 2008-05-14 02:37 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-13 03:50 . 2008-05-13 03:50 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-13 03:49 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-13 03:49 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-13 01:06 . 2008-05-13 01:06 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-13 00:21 . 2008-05-13 00:21 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Ahead
2008-05-12 23:48 . 2008-05-12 23:48 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\FlashFXP
2008-05-12 23:47 . 2008-05-16 08:44 <DIR> d-------- C:\Program Files\FlashFXP
2008-05-12 22:58 . 2008-05-12 22:58 <DIR> d-------- C:\Program Files\IEPro
2008-05-12 22:58 . 2008-05-25 03:49 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\IEPro
2008-05-12 14:06 . 2008-05-25 01:20 8,390,144 --a------ C:\testcap.avi
2008-05-12 08:39 . 2008-05-25 12:08 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\XnView
2008-05-11 21:37 . 2008-05-11 21:37 <DIR> d-------- C:\Documents and Settings\الوالد\Application Data\Media Player Classic
2008-05-10 11:36 . 2008-05-10 11:36 <DIR> d-------- C:\Program Files\Ringz Studio
2008-05-09 09:45 . 2008-05-16 10:13 <DIR> d-------- C:\Program Files\Moodysoft
2008-05-08 04:14 . 2008-05-12 23:58 <DIR> d-------- C:\Program Files\Fake Webcam
2008-05-08 04:14 . 2005-08-23 11:35 344,064 --a------ C:\WINDOWS\system32\MSVCR70.DLL
2008-05-08 04:14 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-08 02:20 . 2008-05-08 02:20 <DIR> d-------- C:\Program Files\Real
2008-05-08 02:20 . 2008-05-08 02:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-08 02:20 . 2008-05-10 11:37 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-08 02:13 . 2008-05-08 02:13 <DIR> dr-h----- C:\MSOCache
2008-05-08 02:07 . 2008-05-08 02:07 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-05-08 02:06 . 2008-05-20 23:50 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-08 01:22 . 2008-05-08 01:22 <DIR> d-------- C:\Program Files\mohrj
2008-05-07 23:00 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 09:24 --------- d-----w C:\Program Files\Trend Micro HijackThis
2008-05-24 23:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-16 15:37 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-16 15:37 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-14 11:07 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-05-13 22:20 --------- d-----w C:\Program Files\RocketDock
2008-05-13 22:18 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-07 20:26 --------- d-----w C:\Program Files\Paint.NET
2008-05-03 01:58 --------- d-----w C:\Program Files\Nero
2008-05-03 01:58 --------- d-----w C:\Program Files\HWiNFO32
2008-05-03 01:58 --------- d-----w C:\Program Files\Foxit Software
2008-05-03 01:58 --------- d-----w C:\Program Files\FolderSize
2008-05-03 01:58 --------- d-----w C:\Program Files\Driver Genius Pro 2007
2008-05-03 01:58 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-03 01:57 --------- d-----w C:\Program Files\VMware
2008-05-03 01:57 --------- d-----w C:\Program Files\Mythicsoft
2008-05-03 01:57 --------- d-----w C:\Program Files\Eset
2008-05-03 01:57 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-03 01:57 --------- d-----w C:\Program Files\Copy Handler
2008-05-03 01:54 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-03 01:54 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-03 01:49 --------- d-----w C:\Program Files\DAMN NFO Viewer
2008-05-03 01:48 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-03 01:48 --------- d-----w C:\Program Files\Softland
2008-05-03 01:48 --------- d-----w C:\Program Files\CPU-Z
2008-05-03 01:45 --------- d-----w C:\Program Files\LClock
2008-05-03 01:45 --------- d-----w C:\Program Files\Desktop
2008-05-03 01:44 --------- d-----w C:\Program Files\SysInternals
2008-05-03 01:44 --------- d-----w C:\Program Files\Graphics
2008-05-03 01:43 --------- d-----w C:\Program Files\Utilities
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 07:20 219,936 -c--a-w C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:03 827,392 ----a-w C:\WINDOWS\system32\wininet.dll
2006-09-28 13:22 91,265 -c--a-w C:\Program Files\OCT2006_xinput_x64.cab
2006-09-28 13:22 49,149 -c--a-w C:\Program Files\OCT2006_xinput_x86.cab
2006-09-28 13:21 41,996 -c--a-w C:\Program Files\dxdllreg_x86.cab
2006-09-28 13:21 183,321 -c--a-w C:\Program Files\OCT2006_XACT_x64.cab
2006-09-28 13:21 138,977 -c--a-w C:\Program Files\OCT2006_XACT_x86.cab
2006-09-28 13:21 1,413,862 -c--a-w C:\Program Files\OCT2006_d3dx9_31_x64.cab
2006-09-28 13:21 1,128,177 -c--a-w C:\Program Files\OCT2006_d3dx9_31_x86.cab
.
------- Sigcheck -------
2007-06-13 13:23 950784 7dab450e1e61e9e9c1663e76f75ed911 C:\WINDOWS\explorer.exe
2007-06-13 14:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-08-08 19:40 950784 396acc64ecec61d7b2f8b53151b37028 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 13:23 950784 7dab450e1e61e9e9c1663e76f75ed911 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 13:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\XPize\Backup\explorer.exe
2004-08-04 17:00 30208 de8fa9cf18f95341079c7e6a215c226a C:\WINDOWS\system32\ctfmon.exe
2004-08-04 17:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{616D534C-3CA8-43AB-B439-618F850F1D2B}]
2008-05-25 09:36 254464 --a------ C:\WINDOWS\apdogy.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:00 30208]
"List Plus"="C:\DOCUME~1\XPPRESP3\APPLIC~1\AMENMO~1\Five wipe sect.exe" [2008-05-05 00:15 420864]
"Uniblue RegistryBooster 2"="C:\Program Files\RegistryBooster 2\RegistryBooster.exe" [2007-08-14 16:52 1877272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 17:00 30208]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-01 16:03 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Downloads\\Programs\\البالتوك والماسنجر\\Yahoo_Mess._9.0\\Yahoo Mess. 9.0_doruk101.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"D:\\Downloads\\Programs\\C?EC?E?? ?C??C????\\Yahoo_Mess._9.0\\Yahoo Mess. 9.0_doruk101.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
"2008-05-25 09:00:03 C:\WINDOWS\Tasks\A22E8D8F91A1010B.job"
- c:\docume~1\xppresp3\applic~1\amenmo~1\aimcoolpoke.exe
"2008-05-17 20:44:50 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-25 09:28:39 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe
"2008-05-25 08:07:29 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-05-25 12:33:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
.
Completion time: 2008-05-25 12:35:01
ComboFix-quarantined-files.txt 2008-05-25 09:34:50
Pre-Run: 33,131,438,080 bytes free
Post-Run: 33,238,286,336 bytes free
276 --- E O F --- 2008-05-20 22:19:02
​

 

[AbOdy]

العذر منك اخوي بوب

بالنسبة لتقرير الهايجاك

حدد القيم واحذفهم


O2 - BHO: IE - {616D534C-3CA8-43AB-B439-618F850F1D2B} - C:\WINDOWS\apdogy.dll




O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)




O4 - HKCU\..\Run:[List Plus] C:\DOCUME~1\XPPRESP3\APPLIC~1\AMENMO~1\Five wipe sect.exe

طريقة الحذف ​

​

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

وان شاء الله خير​

​