الأكسبلور ينغلق لوحده

  • بادئ الموضوع بادئ الموضوع ALA39000
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,054
A

ALA39000

زيزوومى مميز
إنضم
28 يناير 2008
المشاركات
590
مستوى التفاعل
10
النقاط
530
الإقامة
الجزائر
الموقع الالكتروني
www.salemi-ala.tk
غير متصل
المتصفح يغلق لوحده وتطلع النافذة هاذه
zyzoom-01c7453ea9.bmp
[/IMG]
 

توقيع : ALA39000
ترتيب حسب التاريخ ترتيب حسب الأصوات

( 1 )

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------


( 2 )


واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
تأييد 0
مشكور علي سرعة الردوبعدتقرير كومبو ComboFix 08-05-25.4 - Administrator 05/26/2008 15:09:45.1 - FAT32x86Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.356 [GMT 2:00]Running from: C:\Documents and Settings\Administrator\Desktop\Celine Dion\ComboFix.exe * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datC:\Documents and Settings\All Users\Application Data\microsoft\pctoolsC:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dllC:\Program Files\Common Files\cpushC:\Program Files\deskbarC:\Program Files\deskbar\basis.xmlC:\Program Files\deskbar\but_close.gifC:\Program Files\deskbar\but_maximize.gifC:\Program Files\deskbar\but_next.gifC:\Program Files\deskbar\channel.tmplC:\Program Files\deskbar\.tmplC:\Program Files\deskbar\deskbar.crcC:\Program Files\deskbar\edit_rss.tmplC:\Program Files\deskbar\inv.gifC:\Program Files\deskbar\minibrowser.swfC:\Program Files\deskbar\null.swfC:\Program Files\deskbar\toolbar.htmlC:\Program Files\deskbar\uninst.exeC:\Program Files\deskbar\version.txtC:\Program Files\deskbar\yourlogo.gifC:\Program Files\instant accessC:\Program Files\instant access\Center\Sevenline.lnkC:\Program Files\instant access\Center\Sevenline.updC:\Program Files\instant access\Center\tray1.icoC:\Program Files\instant access\DesktopIcons\Sevenline.lnkC:\Program Files\instant access\Multi\20080418210452\Common\module.phpC:\Program Files\instant access\Multi\20080418210452\dialerexe.iniC:\Program Files\instant access\Multi\20080418210452\instant access.exeC:\Program Files\instant access\Multi\20080418210452\js\js_api_dialer.phpC:\Program Files\instant access\Multi\20080418210452\medias\4239_dialer.icoC:\Program Files\instant access\Multi\20080418210452\medias\button1.gifC:\Program Files\instant access\Multi\20080418210452\medias\button2.gifC:\Program Files\instant access\Multi\20080418210452\medias\button3.gifC:\Program Files\instant access\Multi\20080418210452\medias\button4.gifC:\Program Files\Internet Explorer\IEXPLORE32.jmpC:\Program Files\internet explorer\plugins\SysWin7s.JmpC:\Program Files\ZumieC:\Program Files\Zumie\home.jsC:\Program Files\Zumie\uninstall.exeC:\Program Files\Zumie\zumie.dllC:\Program Files\Zumie\zumie.exeC:\WINDOWS\dialerexe.iniC:\WINDOWS\system32\d3d1caps.srgC:\WINDOWS\system32\drivers\acpidisk.sysC:\WINDOWS\system32\drivers\downldC:\WINDOWS\system32\gmnait.cfgC:\WINDOWS\system32\hkunsxoi.datC:\WINDOWS\system32\hkunsxoi_nav.datC:\WINDOWS\system32\hkunsxoi_navps.datC:\WINDOWS\system32\lariytrz.cfgC:\WINDOWS\system32\mprmsgse.axzC:\WINDOWS\system32\mscpx32r.detC:\WINDOWS\system32\nsinet.exeC:\WINDOWS\system32\nvs2.infC:\WINDOWS\TEMP\~my1.tmp----- BITS: Possible infected sites -----hxxp://download.microsoft.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_ACPIDISK-------\Legacy_MSEQSY-------\Legacy_ZUMIE_SEARCH_SERVICE-------\Service_acpidisk-------\Service_Zumie Search Service((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-26 13:12 671,744 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat2008-05-26 13:12 60,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx2008-05-26 13:12 175,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx2008-05-26 13:12 11,096,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat2008-05-25 18:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield2008-05-24 14:00 12,288 ----a-w C:\WINDOWS\system32\impborl.dll2008-05-24 00:23 --------- d-----w C:\Program Files\Pinedanet2008-05-24 00:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TeraCopy2008-05-17 16:32 --------- d-----w C:\Program Files\RivaTuner v2.082008-05-17 12:40 774,144 ----a-w C:\Program Files\RngInterstitial.dll2008-05-17 12:40 --------- d-----w C:\Program Files\Real2008-05-17 12:40 --------- d-----w C:\Program Files\Common Files\Real2008-05-17 07:58 --------- d-----w C:\Program Files\Free Offers from Freeze.com2008-05-17 07:58 --------- d-----w C:\Program Files\Common Files\Winferno2008-05-15 00:30 --------- d-----w C:\Program Files\Dream Aquarium2008-05-14 23:28 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition2008-05-14 20:45 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller2008-05-14 20:44 --------- d-----w C:\Program Files\Windows Live2008-05-14 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller2008-05-13 20:07 --------- d-----w C:\Program Files\EMUpgrade2008-05-10 22:09 --------- d-----w C:\Program Files\Upgrade2008-05-10 13:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\phpDesigner 20082008-05-10 12:35 --------- d-----w C:\Program Files\Atmel2008-05-08 20:37 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys2008-05-08 20:37 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys2008-05-07 21:34 --------- d-----w C:\Program Files\VID_0E8F&PID_00122008-05-07 18:06 --------- d-----w C:\Program Files\Conduit2008-05-05 11:16 --------- d-----w C:\Program Files\Java2008-05-05 10:49 --------- d-----w C:\Program Files\Common Files\Java2008-05-04 12:00 --------- d-----w C:\Program Files\WinPcap2008-05-03 22:25 --------- d-----w C:\Program Files\Yahoo!2008-05-03 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA2008-05-02 19:55 --------- d-----w C:\Program Files\Moyea2008-05-02 19:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Moyea2008-05-02 11:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Avant Profiles2008-04-28 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee2008-04-28 13:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberScrub2008-04-28 13:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cleaner2008-04-27 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater2008-04-26 23:18 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys.original.orbit2008-04-26 20:00 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat2008-04-26 20:00 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat2008-04-21 17:19 --------- d-----w C:\Program Files\Bonjour2008-04-21 17:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer2008-04-21 17:18 --------- d-----w C:\Program Files\QuickTime2008-04-21 17:18 --------- d-----w C:\Program Files\Apple Software Update2008-04-21 17:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer2008-04-21 17:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple2008-04-16 11:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MobileAction2008-04-16 11:30 --------- d-----w C:\Program Files\Nokia2008-04-15 13:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Mobile Master2008-04-15 13:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard2008-04-13 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\This dog ping okay2008-04-13 18:48 --------- d-----w C:\Program Files\PhoneJugs2008-04-13 18:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PhoneJugs2008-04-13 14:28 --------- d-----w C:\Program Files\vPlug Files Center2008-04-13 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Auto Shutdown2008-04-13 02:56 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-04-13 02:56 --------- d-----w C:\Program Files\Formosoft2008-04-13 02:55 --------- d-----w C:\Program Files\Common Files\InstallShield2008-04-13 01:02 --------- d-----w C:\Program Files\MSXML 4.02008-04-12 21:15 --------- d-----w C:\Program Files\Sony Ericsson2008-04-12 20:21 --------- d-----w C:\Program Files\BitTorrent Fastest Tool2008-04-12 14:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent2008-04-11 20:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall2008-04-11 03:33 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat2008-04-11 03:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM2008-04-11 03:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype2008-04-11 03:29 --------- d-----w C:\Program Files\Skype2008-04-11 03:29 --------- d-----w C:\Program Files\Common Files\Skype2008-04-11 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype2008-04-10 17:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software2008-04-10 17:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ashampoo2008-04-10 16:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll2008-03-20 16:32 4,716 ----a-w C:\WINDOWS\gdrv.sys2008-03-20 15:46 155,995 ----a-w C:\WINDOWS\java\Packages\B31FDJR1.ZIP2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys2008-03-19 09:40 1,845,888 ------w C:\WINDOWS\system32\dllcache\win32k.sys2008-03-01 15:09 23,096 ----a-w C:\WINDOWS\system32\sremcon.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper s\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}] C:\Program Files\Winferno\PC Confidential\PCCBHO.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 12:00 PM 15360]"SpyEmergency"="C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe" [03/31/2008 11:13 AM 2071096]"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM 21898024]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/27/2008 08:56 PM 68856]"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]"eMuleAutoStart"="D:\Program Files\emule0.49\eMule\emule.exe" [05/13/2007 04:57 PM 5308416][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/11/2005 12:47 PM 7311360]"nwiz"="nwiz.exe" [11/11/2005 12:47 PM 1519616 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="NvMCTray.dll" [11/11/2005 12:47 PM 86016 C:\WINDOWS\system32\nvmctray.dll]"RTHDCPL"="RTHDCPL.EXE" [11/10/2005 10:14 AM 15473664 C:\WINDOWS\RTHDCPL.EXE]"LClock"="C:\Program Files\LClock\LClock.exe" [ ]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]"DriverCD"="J:\Run.exe" [ ]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM 413696]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM 227856][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 12:00 PM 15360]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk - D:\Program Files\Orbitdownloader\Orbitdownloader\orbitdm.exe [2008-04-29 14:16:09 1678536][hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}"= C:\WINDOWS\system32\wyrsdj.dll [ ][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="D:\\Program Files\\Orbitdownloader\\Orbitdownloader\\orbitdm.exe"="D:\\Program Files\\Orbitdownloader\\Orbitdownloader\\orbitnet.exe"="D:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\kav\\kis7.0\\english\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"="C:\\kav\\kav7.0\\english\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Italian\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\emule0.49\\eMule\\emule.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys [02/05/2008 12:10 PM]R1 tvtool;tvtool;D:\Program Files\TVTool\tvtool.sys [04/03/1996 08:33 PM]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [03/13/2006 05:22 PM]R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\WINDOWS\system32\Drivers\spyemrg_guard.sys [02/05/2008 12:10 PM]S1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\cinemsup.sys []S1 VFILT;Outpost Firewall Kernel Driver;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\FILTNT.SYS []S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\ADBLOCK.DLL []S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\ARP.DLL []S3 .DLL;Outpost Firewall PlugIn (.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\.DLL []S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\DNSCACHE.DLL []S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\FTPFILT.DLL []S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [03/20/2008 06:32 PM]S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\HTMLFILT.DLL []S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\HTTPFILT.DLL []S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\IMAPFILT.DLL []S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\MAILFILT.DLL []S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\NNTPFILT.DLL []S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [11/06/2007 10:22 PM]S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\POP3FILT.DLL []S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\PROTECT.DLL []S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\SECRET.DLL []S3 sys_ten;sys_ten;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~21.tmp []S3 VPNET;DTVNet Ethernet Controller;C:\WINDOWS\system32\DRIVERS\DTVNet.sys [03/13/2006 09:59 AM][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0789757c-071f-11dd-b9f4-00147f2ba1b7}]\Shell\AutoRun\command - wscript.exe .\.vbs\Shell\open\command - wscript.exe .\.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aff6c89-0a36-11dd-ba07-00147f2ba1b7}]\Shell\AutoRun\command - wscript.exe .\.vbs\Shell\open\command - wscript.exe .\.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9164eb97-1169-11dd-ba53-00147f2ba1b7}]\Shell\AutoRun\command - wscript.exe .\.vbs\Shell\open\command - wscript.exe .\.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba2ba50-0acc-11dd-ba09-00147f2ba1b7}]\Shell\AutoRun\command - wscript.exe .\.vbs\Shell\open\command - wscript.exe .\.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c421bbfb-0e2e-11dd-ba19-00147f2ba1b7}]\Shell\AutoRun\command - wscript.exe .\.vbs\Shell\open\command - wscript.exe .\.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f560202d-1f6f-11dd-a2dd-00147f2ba1b7}]\Shell\AutoRun\command - wscript.exe .\.vbs\Shell\open\command - wscript.exe .\.vbs.s of the 'Scheduled Tasks' folder"2008-05-26 13:00:02 C:\WINDOWS\Tasks\AF26B71B91D12E43.job"- c:\docume~1\admini~1\applic~1\phonej~1\SAVEONLINETHIS.exe"2008-04-21 17:18:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe"2008-05-17 07:43:52 C:\WINDOWS\Tasks\rpc.job"- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"2008-05-26 13:14:26 C:\WINDOWS\Tasks\PCConfidential.job"- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
scan 2008-05-26 15:14:45Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sys_ten]"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~21.tmp".--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\explorer.exe-> C:\WINDOWS\system32\nview.dll.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\scardsvr.exeC:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exeC:\WINDOWS\system32\wscntfy.exe.**************************************************************************.Completion time: 05/26/2008 15:17:05 - machine was rebootedComboFix-quarantined-files.txt 2008-05-26 13:16:56Pre-Run: 3,644,014,592 bytes freePost-Run: 3,583,115,264 bytes free304 --- E O F --- 2008-05-25 22:02:59 تقرير الهايجاكLogfile of Trend Micro HijackThis v2.0.2Scan saved at 15:26:50, on 26-05-2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\RunDLL32.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\explorer.exeD:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exeC:\Program Files\internet explorer\iexplore.exeD:\Program Files\emule0.49\eMule\emule.exeC:\WINDOWS\system32\DllHost.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeD:\Program Files\Orbitdownloader\Orbitdownloader\orbitdm.exeD:\Program Files\Orbitdownloader\Orbitdownloader\orbitnet.exeI:\ORBIT\Zyzoom_HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\Orbitdownloader\orbitcth.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\YouTube to 3GP Converter\MoyeaCth.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [DriverCD] J:\Run.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe"O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\emule0.49\eMule\emule.exe -AutoStartO4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\Orbitdownloader\orbitdm.exeO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\Orbitdownloader\orbitmxt.dll/201O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\Orbitdownloader\orbitmxt.dll/204O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\Orbitdownloader\orbitmxt.dll/203O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\Orbitdownloader\orbitmxt.dll/202O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\outpost.exe (file missing)O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe--End of file - 7622 bytes
 
توقيع : ALA39000
تأييد 0
( 1 )


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
أنقر للتوسيع...



اعمل هذا التقرير في رد


( 2 )


واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي





اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
أنقر للتوسيع...


وهذا في رد اخر​
 
توقيع : AbOdy
تأييد 0
تقرير الهايجاك

احفظ المستند كامل وبعدين ارفعه على موقع الرفع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



لاهنت ,,,
 
توقيع : AbOdy
تأييد 0
تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:50, on 26-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\internet explorer\iexplore.exe
D:\Program Files\emule0.49\eMule\emule.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Orbitdownloader\Orbitdownloader\orbitdm.exe
D:\Program Files\Orbitdownloader\Orbitdownloader\orbitnet.exe
I:\ORBIT\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\YouTube to 3GP Converter\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DriverCD] J:\Run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\emule0.49\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\outpost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
--
End of file - 7622 bytes
 
توقيع : ALA39000
تأييد 0
تقرير كومبو

ComboFix 08-05-25.4 - Administrator 05/26/2008 15:09:45.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.356 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\Celine Dion\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\microsoft\pctools
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Program Files\Common Files\cpush
C:\Program Files\deskbar
C:\Program Files\deskbar\basis.xml
C:\Program Files\deskbar\but_close.gif
C:\Program Files\deskbar\but_maximize.gif
C:\Program Files\deskbar\but_next.gif
C:\Program Files\deskbar\channel.tmpl
C:\Program Files\deskbar\.tmpl
C:\Program Files\deskbar\deskbar.crc
C:\Program Files\deskbar\edit_rss.tmpl
C:\Program Files\deskbar\inv.gif
C:\Program Files\deskbar\minibrowser.swf
C:\Program Files\deskbar\null.swf
C:\Program Files\deskbar\toolbar.html
C:\Program Files\deskbar\uninst.exe
C:\Program Files\deskbar\version.txt
C:\Program Files\deskbar\yourlogo.gif
C:\Program Files\instant access
C:\Program Files\instant access\Center\Sevenline.lnk
C:\Program Files\instant access\Center\Sevenline.upd
C:\Program Files\instant access\Center\tray1.ico
C:\Program Files\instant access\DesktopIcons\Sevenline.lnk
C:\Program Files\instant access\Multi\20080418210452\Common\module.php
C:\Program Files\instant access\Multi\20080418210452\dialerexe.ini
C:\Program Files\instant access\Multi\20080418210452\instant access.exe
C:\Program Files\instant access\Multi\20080418210452\js\js_api_dialer.php
C:\Program Files\instant access\Multi\20080418210452\medias\4239_dialer.ico
C:\Program Files\instant access\Multi\20080418210452\medias\button1.gif
C:\Program Files\instant access\Multi\20080418210452\medias\button2.gif
C:\Program Files\instant access\Multi\20080418210452\medias\button3.gif
C:\Program Files\instant access\Multi\20080418210452\medias\button4.gif
C:\Program Files\Internet Explorer\IEXPLORE32.jmp
C:\Program Files\internet explorer\plugins\SysWin7s.Jmp
C:\Program Files\Zumie
C:\Program Files\Zumie\home.js
C:\Program Files\Zumie\uninstall.exe
C:\Program Files\Zumie\zumie.dll
C:\Program Files\Zumie\zumie.exe
C:\WINDOWS\dialerexe.ini
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\gmnait.cfg
C:\WINDOWS\system32\hkunsxoi.dat
C:\WINDOWS\system32\hkunsxoi_nav.dat
C:\WINDOWS\system32\hkunsxoi_navps.dat
C:\WINDOWS\system32\lariytrz.cfg
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\nsinet.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\TEMP\~my1.tmp
----- BITS: Possible infected sites -----
hxxp://download.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPIDISK
-------\Legacy_MSEQSY
-------\Legacy_ZUMIE_SEARCH_SERVICE
-------\Service_acpidisk
-------\Service_Zumie Search Service

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 13:12 671,744 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-26 13:12 60,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-26 13:12 175,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-26 13:12 11,096,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-25 18:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-24 14:00 12,288 ----a-w C:\WINDOWS\system32\impborl.dll
2008-05-24 00:23 --------- d-----w C:\Program Files\Pinedanet
2008-05-24 00:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TeraCopy
2008-05-17 16:32 --------- d-----w C:\Program Files\RivaTuner v2.08
2008-05-17 12:40 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-05-17 12:40 --------- d-----w C:\Program Files\Real
2008-05-17 12:40 --------- d-----w C:\Program Files\Common Files\Real
2008-05-17 07:58 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-05-17 07:58 --------- d-----w C:\Program Files\Common Files\Winferno
2008-05-15 00:30 --------- d-----w C:\Program Files\Dream Aquarium
2008-05-14 23:28 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-14 20:45 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-14 20:44 --------- d-----w C:\Program Files\Windows Live
2008-05-14 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-13 20:07 --------- d-----w C:\Program Files\EMUpgrade
2008-05-10 22:09 --------- d-----w C:\Program Files\Upgrade
2008-05-10 13:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\phpDesigner 2008
2008-05-10 12:35 --------- d-----w C:\Program Files\Atmel
2008-05-08 20:37 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-05-08 20:37 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-05-07 21:34 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2008-05-07 18:06 --------- d-----w C:\Program Files\Conduit
2008-05-05 11:16 --------- d-----w C:\Program Files\Java
2008-05-05 10:49 --------- d-----w C:\Program Files\Common Files\Java
2008-05-04 12:00 --------- d-----w C:\Program Files\WinPcap
2008-05-03 22:25 --------- d-----w C:\Program Files\Yahoo!
2008-05-03 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-05-02 19:55 --------- d-----w C:\Program Files\Moyea
2008-05-02 19:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Moyea
2008-05-02 11:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Avant Profiles
2008-04-28 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-28 13:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberScrub
2008-04-28 13:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cleaner
2008-04-27 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-26 23:18 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys.original.orbit
2008-04-26 20:00 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-26 20:00 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-21 17:19 --------- d-----w C:\Program Files\Bonjour
2008-04-21 17:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-21 17:18 --------- d-----w C:\Program Files\QuickTime
2008-04-21 17:18 --------- d-----w C:\Program Files\Apple Software Update
2008-04-21 17:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-21 17:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-16 11:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MobileAction
2008-04-16 11:30 --------- d-----w C:\Program Files\Nokia
2008-04-15 13:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Mobile Master
2008-04-15 13:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\This dog ping okay
2008-04-13 18:48 --------- d-----w C:\Program Files\PhoneJugs
2008-04-13 18:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PhoneJugs
2008-04-13 14:28 --------- d-----w C:\Program Files\vPlug Files Center
2008-04-13 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Auto Shutdown
2008-04-13 02:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 02:56 --------- d-----w C:\Program Files\Formosoft
2008-04-13 02:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-13 01:02 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-12 21:15 --------- d-----w C:\Program Files\Sony Ericsson
2008-04-12 20:21 --------- d-----w C:\Program Files\BitTorrent Fastest Tool
2008-04-12 14:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-11 20:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-04-11 03:33 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-11 03:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-04-11 03:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-11 03:29 --------- d-----w C:\Program Files\Skype
2008-04-11 03:29 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-11 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-10 17:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-04-10 17:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ashampoo
2008-04-10 16:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-20 16:32 4,716 ----a-w C:\WINDOWS\gdrv.sys
2008-03-20 15:46 155,995 ----a-w C:\WINDOWS\java\Packages\B31FDJR1.ZIP
2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:40 1,845,888 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 15:09 23,096 ----a-w C:\WINDOWS\system32\sremcon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 12:00 PM 15360]
"SpyEmergency"="C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe" [03/31/2008 11:13 AM 2071096]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/27/2008 08:56 PM 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]
"eMuleAutoStart"="D:\Program Files\emule0.49\eMule\emule.exe" [05/13/2007 04:57 PM 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/11/2005 12:47 PM 7311360]
"nwiz"="nwiz.exe" [11/11/2005 12:47 PM 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [11/11/2005 12:47 PM 86016 C:\WINDOWS\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [11/10/2005 10:14 AM 15473664 C:\WINDOWS\RTHDCPL.EXE]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"DriverCD"="J:\Run.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 12:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - D:\Program Files\Orbitdownloader\Orbitdownloader\orbitdm.exe [2008-04-29 14:16:09 1678536]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}"= C:\WINDOWS\system32\wyrsdj.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Orbitdownloader\\Orbitdownloader\\orbitdm.exe"=
"D:\\Program Files\\Orbitdownloader\\Orbitdownloader\\orbitnet.exe"=
"D:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\kav\\kis7.0\\english\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Italian\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\emule0.49\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys [02/05/2008 12:10 PM]
R1 tvtool;tvtool;D:\Program Files\TVTool\tvtool.sys [04/03/1996 08:33 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [03/13/2006 05:22 PM]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\WINDOWS\system32\Drivers\spyemrg_guard.sys [02/05/2008 12:10 PM]
S1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\cinemsup.sys []
S1 VFILT;Outpost Firewall Kernel Driver;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\FILTNT.SYS []
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\ADBLOCK.DLL []
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\ARP.DLL []
S3 .DLL;Outpost Firewall PlugIn (.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\.DLL []
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\DNSCACHE.DLL []
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\FTPFILT.DLL []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [03/20/2008 06:32 PM]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\HTMLFILT.DLL []
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\HTTPFILT.DLL []
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\IMAPFILT.DLL []
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\MAILFILT.DLL []
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\NNTPFILT.DLL []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [11/06/2007 10:22 PM]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\POP3FILT.DLL []
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\PROTECT.DLL []
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.359\SECRET.DLL []
S3 sys_ten;sys_ten;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~21.tmp []
S3 VPNET;DTVNet Ethernet Controller;C:\WINDOWS\system32\DRIVERS\DTVNet.sys [03/13/2006 09:59 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0789757c-071f-11dd-b9f4-00147f2ba1b7}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aff6c89-0a36-11dd-ba07-00147f2ba1b7}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9164eb97-1169-11dd-ba53-00147f2ba1b7}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba2ba50-0acc-11dd-ba09-00147f2ba1b7}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c421bbfb-0e2e-11dd-ba19-00147f2ba1b7}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f560202d-1f6f-11dd-a2dd-00147f2ba1b7}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
s of the 'Scheduled Tasks' folder
"2008-05-26 13:00:02 C:\WINDOWS\Tasks\AF26B71B91D12E43.job"
- c:\docume~1\admini~1\applic~1\phonej~1\SAVEONLINETHIS.exe
"2008-04-21 17:18:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-17 07:43:52 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
"2008-05-26 13:14:26 C:\WINDOWS\Tasks\PCConfidential.job"
- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-05-26 15:14:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sys_ten]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 05/26/2008 15:17:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 13:16:56
Pre-Run: 3,644,014,592 bytes free
Post-Run: 3,583,115,264 bytes free
304 --- E O F --- 2008-05-25 22:02:59
 
توقيع : ALA39000
تأييد 0
وهذا تقرير الهايجاك علي zshare

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


اسف علي الازعاج
 
توقيع : ALA39000
تأييد 0
كذا انت عيني :king: الحين يقدر الواحد يحلل :hh:


بالنسبة لتقرير الهايجاك


حدد القيم واحذفها


O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (file missing)



O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll




O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)



O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)




O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)




طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png
 
توقيع : AbOdy
تأييد 0
اسف علي الازعاج
أنقر للتوسيع...


لا ازعاج ولا هم يحزنون عادي يا الغلاا نحن في الخدمة


الحين بعد تطبيق الشرح شوف لنا وضع المتصفح
 
توقيع : AbOdy
تأييد 0
يعطيك العافية يالغالي << اداة الكومبوو حاذفة من عندك ملفات كثيرة ^_^

تابع مع الذيب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
boob77 قال:
يعطيك العافية يالغالي << اداة الكومبوو حاذفة من عندك ملفات كثيرة ^_^

تابع مع الذيب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...

فديتك وفديت ردك بعد :king:

بس لا تنسى تطل على الموضوع :hh:
 
توقيع : AbOdy
تأييد 0
انا بين اثنين عباقرة و الله الوضع تمام ومشكورين
الله يديمكم منبع فائدة لنا بإذن الله
مشكككككوووووووووووووووووووووووررررررررررررريييييييييييييين
 
توقيع : ALA39000
تأييد 0
ALA39000 قال:
انا بين اثنين عباقرة و الله الوضع تمام ومشكورين
الله يديمكم منبع فائدة لنا بإذن الله
مشكككككوووووووووووووووووووووووررررررررررررريييييييييييييين
أنقر للتوسيع...

الحمدلله على انتهاء المشكلة :ok:

واي طلب نحن في الخدمة يا الغلااا


موفق عزيزي

:king:
 
توقيع : AbOdy
تأييد 0
فتى الشرقية قال:
فديتك وفديت ردك بعد :king:

بس لا تنسى تطل على الموضوع :hh:
أنقر للتوسيع...

ALA39000 قال:
انا بين اثنين عباقرة و الله الوضع تمام ومشكورين
الله يديمكم منبع فائدة لنا بإذن الله
مشكككككوووووووووووووووووووووووررررررررررررريييييييييييييين
أنقر للتوسيع...

فتى الشرقية قال:
الحمدلله على انتهاء المشكلة :ok:

واي طلب نحن في الخدمة يا الغلااا


موفق عزيزي

:king:
أنقر للتوسيع...

فديتكم كلكم يالغاليين :km-0y00001 (198):
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى