![]() |
إقتباس:
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) وهذا شـرح لحـذف هذي القيــم http://www.snabelnet.net/uploadedfil...1223095055.png http://www.snabelnet.net/uploadedfil...1223095055.png |
وآخر شي ياليــت تتطبق المـوجود بهـذا الموضـوع :) شـرح لكيفيــة حـذف فيـروس Perlovga نهائيـاً .. [/QUOTE] مشكور وطبقت الي بالموضوع الثاني يعطيك العافيه |
هذا هو التقرير ComboFix 08-10-03.05 - a 10/04/2008 8:11:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.593 [GMT 3:00] Running from: C:\********s and Settings\a\??? ??????\2.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1u0o8bnq.cmd C:\9yqusig.bat C:\autorun.inf C:\kk3.bat C:\WINDOWS\system32\ckvo.exe C:\WINDOWS\system32\ckvo0.dll C:\WINDOWS\system32\ckvo1.dll C:\WINDOWS\system32\kakle.dll C:\WINDOWS\system32\x64 C:\xk2n.bat D:\1u0o8bnq.cmd D:\9yqusig.bat D:\Autorun.inf D:\b3b9u.com D:\bwpncb6.com D:\c9hehpa.bat D:\kk3.bat D:\n.com D:\njibyekk.com D:\rqq2v.bat D:\rs.cmd D:\tbm9.bat D:\u9dyi.exe D:\xk2n.bat D:\yssjnngm.cmd . ((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-03 18:37 --------- d-----w C:\Program Files\Google 2008-09-27 00:10 --------- d-----w C:\Program Files\Common Files\Nokia 2008-09-27 00:09 --------- d-----w C:\Program Files\CONEXANT 2008-09-26 22:47 --------- d-----w C:\Program Files\Avramovic Web Solutions 2008-09-25 00:39 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-25 00:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-09-25 00:36 --------- d-----w C:\********s and Settings\All Users\Application Data\Nokia 2008-09-25 00:35 --------- d-----w C:\Program Files\Nokia 2008-09-25 00:35 --------- d-----w C:\********s and Settings\All Users\Application Data\Installations 2008-09-25 00:33 --------- d-----w C:\Program Files\MSXML 6.0 2008-09-22 18:14 --------- d-----w C:\********s and Settings\a\Application Data\Datalayer 2008-09-18 17:08 --------- d-----w C:\********s and Settings\Administrator\Application Data\Yahoo! 2008-09-16 15:42 --------- d-----w C:\********s and Settings\a\Application Data\Nokia Multimedia Player 2008-09-14 17:59 --------- d-----w C:\********s and Settings\a\Application Data\Nokia 2008-09-10 22:05 96,047 --sh--r C:\39lpji.com 2008-09-06 09:33 70,656 ----a-w C:\WINDOWS\notepad.exe 2008-09-06 09:33 32,768 ----a-w C:\WINDOWS\hh.exe 2008-09-06 09:33 225,280 ----a-w C:\WINDOWS\regedit.exe 2008-09-06 09:33 1,655,296 ----a-w C:\WINDOWS\explorer.exe 2008-09-06 09:24 --------- d-----w C:\Program Files\Total Video Converter 2008-09-05 17:35 --------- d-----w C:\********s and Settings\a\Application Data\ACD Systems 2008-09-05 17:18 --------- d-----w C:\********s and Settings\a\Application Data\CyberLink 2008-09-01 18:40 --------- d-----w C:\********s and Settings\Administrator\Application Data\Media Player Classic 2008-09-01 18:39 --------- d-----w C:\********s and Settings\Administrator\Application Data\PC Suite 2008-09-01 18:39 --------- d-----w C:\********s and Settings\Administrator\Application Data\ESET 2008-09-01 14:42 --------- d-----w C:\********s and Settings\All Users\Application Data\Messenger Plus! 2008-09-01 12:30 --------- d-----w C:\********s and Settings\a\Application Data\Media Player Classic 2008-08-31 18:14 --------- d-----w C:\Program Files\dart type math 2008-08-31 18:14 --------- d-----w C:\********s and Settings\a\Application Data\dart type math 2008-08-31 18:13 --------- d-----w C:\Program Files\MSN Messenger 2008-08-31 18:13 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-31 18:13 --------- d-----w C:\Program Files\Circle Developement 2008-08-31 18:06 --------- d-----w C:\********s and Settings\All Users\Application Data\Yahoo! Companion 2008-08-31 18:06 --------- d-----w C:\********s and Settings\a\Application Data\Yahoo! 2008-08-31 16:06 --------- d-----w C:\Program Files\Unlocker 2008-08-31 16:05 --------- d-----w C:\********s and Settings\a\Application Data\ESET 2008-08-31 16:04 --------- d-----w C:\Program Files\ESET 2008-08-31 16:04 --------- d-----w C:\********s and Settings\All Users\Application Data\ESET 2008-08-31 16:03 --------- d-----w C:\********s and Settings\All Users\Application Data\CyberLink 2008-08-31 16:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-31 16:02 --------- d-----w C:\Program Files\CyberLink 2008-08-31 16:02 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-31 16:00 --------- d-----w C:\Program Files\Windows Live 2008-08-31 15:52 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-31 15:22 155,995 ----a-w C:\WINDOWS\****\Packages\WMXJZ7PB.ZIP 2008-08-31 15:22 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-31 15:21 --------- d-----w C:\Program Files\Paltalk Messenger 2008-08-31 15:21 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-08-31 15:21 --------- d-----w C:\********s and Settings\All Users\Application Data\PC Suite 2008-08-31 15:21 --------- d-----w C:\********s and Settings\a\Application Data\Paltalk 2008-08-31 15:20 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-08-31 15:20 --------- d-----w C:\Program Files\DIFX 2008-08-31 15:20 --------- d-----w C:\********s and Settings\a\Application Data\PC Suite 2008-08-31 15:17 --------- d-----w C:\Program Files\WIDCOMM 2008-08-31 14:52 --------- d-----w C:\********s and Settings\a\Application Data\Ahead 2008-08-31 14:50 --------- d-----w C:\Program Files\Real_SC 2008-08-31 14:50 --------- d-----w C:\Program Files\Real 2008-08-31 14:50 --------- d-----w C:\Program Files\Common Files\xing shared 2008-08-31 14:50 --------- d-----w C:\Program Files\Common Files\Real 2008-08-31 14:47 --------- d-----w C:\********s and Settings\All Users\Application Data\GRETECH 2008-08-31 14:47 --------- d-----w C:\********s and Settings\a\Application Data\GRETECH 2008-08-31 14:46 --------- d-----w C:\Program Files\GRETECH 2008-08-31 14:45 --------- d-----w C:\Program Files\Yahoo! 2008-08-31 14:45 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-08-31 14:45 --------- d-----w C:\Program Files\ACD Systems 2008-08-31 14:45 --------- d-----w C:\********s and Settings\All Users\Application Data\ACD Systems 2008-08-31 14:44 --------- d-----w C:\Program Files\Nero 2008-08-31 14:44 --------- d-----w C:\Program Files\Common Files\Ahead 2008-08-31 14:22 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-31 14:21 --------- d-----w C:\Program Files\Microsoft Works 2008-08-31 14:02 --------- d-----w C:\Program Files\microsoft frontpage . ------- Sigcheck ------- 09/06/2008 12:33 PM 1655296 2fd48aaeaec9c891f72277bbe701f5db C:\WINDOWS\explorer.exe 04/14/2008 06:59 PM 1031168 ca3445dce9eb70a2ca2504e0af5c543f C:\WINDOWS\SoftwareDistribution\Download\7d2cee6b1d58dd154a634d3211bdeac1\explorer.exe 09/06/2008 12:33 PM 1655296 2fd48aaeaec9c891f72277bbe701f5db C:\WINDOWS\system32\dllcache\explorer.exe 04/14/2008 07:00 PM 110592 9498cf0d334b282aa58d1dfc370738de C:\WINDOWS\SoftwareDistribution\Download\7d2cee6b1d58dd154a634d3211bdeac1\wuauclt.exe 09/06/2008 12:33 PM 80584 fdebe76dcbb058296c27f72daa6dc9ef C:\WINDOWS\system32\wuauclt.exe 09/06/2008 12:33 PM 80584 fdebe76dcbb058296c27f72daa6dc9ef C:\WINDOWS\system32\dllcache\wuauclt.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 11:56 AM 15360] "managertitle"="C:\DOCUME~1\a\APPLIC~1\DARTTY~1\refbias1.exe" [08/31/2008 09:14 PM 563200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/31/2008 05:49 PM 185896] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/14/2006 02:39 PM 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/14/2006 02:41 PM 114688] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/14/2006 02:38 PM 94208] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/08/2006 01:27 PM 222208] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [02/20/2008 11:06 AM 1443072] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 08:19 PM 15872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 11:56 AM 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1634304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL "VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll "VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll "VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll "VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll "VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll "VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll "msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm "msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35032a86-7900-11dd-8737-0016d39870eb}] \Shell\AutoRun\command - F:\1u0o8bnq.cmd \Shell\explore\Command - F:\1u0o8bnq.cmd \Shell\open\Command - F:\1u0o8bnq.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e0301e-7774-11dd-872c-0016d39870eb}] \Shell\AutoRun\command - F:\kk3.bat \Shell\explore\Command - F:\kk3.bat \Shell\open\Command - F:\kk3.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e03033-7774-11dd-872c-0016d39870eb}] \Shell\AutoRun\command - F:\kk3.bat \Shell\explore\Command - F:\kk3.bat \Shell\open\Command - F:\kk3.bat . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/ O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O16 -: Microsoft XML Parser for **** - file://C:\WINDOWS\****\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for ****.osd . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-04 08:15:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Unlocker\UnlockerHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Paltalk Messenger\palstart.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\2\pv.cfexe C:\WINDOWS\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 10/04/2008 8:20:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-04 05:20:32 Pre-Run: 47,819,309,056 bytes free Post-Run: 48,700,846,080 bytes free 220 --- E O F --- 2008-09-11 00:32:43 |
المرفقات 1 هذا الملف ورفعناه ياكينغ |
اخوي هذا هو التقرير ComboFix 08-10-03.05 - cpu 10/04/2008 8:30:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1473 [GMT 3:00] Running from: C:\********s and Settings\cpu\??? ??????\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\********s and Settings\cpu\******s\[email protected][1].txt C:\WINDOWS\system32\agsaame.dll C:\WINDOWS\system32\ALOAudioFile2.dll C:\WINDOWS\system32\ALOAVIFile.dll C:\WINDOWS\system32\ALOQuickTimeFile.dll C:\WINDOWS\system32\ALOVideoCoreM.dll C:\WINDOWS\system32\ALOWMAFile2.dll C:\WINDOWS\system32\kakle.dll C:\WINDOWS\system32\winitn.dll . ((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-04 03:26 --------- d-----w C:\********s and Settings\cpu\Application Data\FairStars Audio Converter 2008-10-04 03:23 --------- d-----w C:\Program Files\FairStars Audio Converter 2008-10-03 16:09 --------- d-----w C:\Program Files\FaceOnBody 2008-10-03 16:09 --------- d-----w C:\********s and Settings\All Users\Application Data\FaceOnBody 2008-09-29 04:45 --------- d-----w C:\********s and Settings\cpu\Application Data\ESET 2008-09-29 04:36 --------- d-----w C:\********s and Settings\All Users\Application Data\ESET 2008-09-29 03:24 --------- d-----w C:\********s and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-09-29 01:17 --------- d-----w C:\Program Files\Paltalk Messenger 2008-09-29 01:17 --------- d-----w C:\********s and Settings\cpu\Application Data\Paltalk 2008-09-29 01:02 --------- d-----w C:\Program Files\AskPBar 2008-09-28 17:42 81,920 ----a-w C:\********s and Settings\cpu\Application Data\ezpinst.exe 2008-09-28 17:42 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-09-28 17:42 47,360 ----a-w C:\********s and Settings\cpu\Application Data\pcouffin.sys 2008-09-28 17:42 --------- d-----w C:\Program Files\Video Convert Master 2008-09-28 17:42 --------- d-----w C:\********s and Settings\cpu\Application Data\Vso 2008-09-28 06:03 --------- d-----w C:\Program Files\Registry Compressor 2008-09-28 05:59 --------- d-----w C:\Program Files\Registry Fast 2008-09-26 20:22 --------- d-----w C:\********s and Settings\cpu\Application Data\Spam16junk 2008-09-26 20:22 --------- d-----w C:\********s and Settings\All Users\Application Data\Mfcd upload army browse 2008-09-26 20:21 --------- d-----w C:\Program Files\Spam16junk 2008-09-26 20:20 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-09-26 00:15 --------- d-----w C:\Program Files\Circle Developement 2008-09-24 12:08 --------- d-----w C:\Program Files\Online TV Player 4 2008-09-23 01:06 --------- d-----w C:\Program Files\Google 2008-09-19 20:31 --------- d-----w C:\Program Files\Video Watermark Factory 2008-08-31 22:36 --------- d-----w C:\Program Files\Kaspersky Lab 2008-08-30 01:09 --------- d-----w C:\Program Files\Photo To Sketch 2008-08-29 23:50 --------- d-----w C:\********s and Settings\cpu\Application Data\ACD Systems 2008-08-29 23:49 --------- d-----w C:\Program Files\Windows Live 2008-08-29 23:28 --------- d-----w C:\Program Files\Ela-Salaty 2008-08-29 20:26 --------- d-----w C:\********s and Settings\All Users\Application Data\Messenger Plus! 2008-08-29 20:13 --------- d-----w C:\********s and Settings\cpu\Application Data\CyberLink 2008-08-27 17:59 --------- d-----w C:\Program Files\Macromedia 2008-08-27 16:20 --------- d-----w C:\********s and Settings\All Users\Application Data\WinZip 2008-08-27 14:30 155,995 ----a-w C:\WINDOWS\****\Packages\YIXRJJLB.ZIP 2008-08-27 14:27 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-08-27 14:27 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-08-27 14:27 --------- d-----w C:\Program Files\Real 2008-08-27 14:27 --------- d-----w C:\Program Files\Common Files\xing shared 2008-08-27 14:27 --------- d-----w C:\Program Files\Common Files\Real 2008-08-27 14:27 --------- d-----w C:\********s and Settings\cpu\Application Data\vlc 2008-08-27 14:26 47,104 ------w C:\WINDOWS\AKDeInstall.exe 2008-08-27 14:26 --------- d-----w C:\Program Files\VideoLAN 2008-08-27 14:26 --------- d-----w C:\Program Files\mpegable 2008-08-27 14:26 --------- d-----w C:\********s and Settings\cpu\Application Data\GRETECH 2008-08-27 14:26 --------- d-----w C:\********s and Settings\All Users\Application Data\GRETECH 2008-08-27 14:25 --------- d-----w C:\Program Files\GRETECH 2008-08-27 14:25 --------- d-----w C:\Program Files\3GP Player 2008-08-27 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-27 14:24 --------- d-----w C:\Program Files\CyberLink 2008-08-27 14:24 --------- d-----w C:\********s and Settings\All Users\Application Data\CyberLink 2008-08-27 14:23 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2008-08-27 14:23 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-08-27 14:23 --------- d-----w C:\Program Files\ACD Systems 2008-08-27 14:23 --------- d-----w C:\********s and Settings\All Users\Application Data\ACD Systems 2008-08-27 14:20 --------- d-----w C:\Program Files\Alwil Software 2008-08-27 14:12 --------- d-----w C:\Program Files\Dell 2008-08-27 14:11 --------- d-----w C:\********s and Settings\cpu\Application Data\InstallShield 2008-08-27 14:10 --------- d-----w C:\Program Files\WIDCOMM 2008-08-27 14:06 --------- d-----w C:\Program Files\DIFX 2008-08-27 14:02 --------- d-----w C:\Program Files\Sigmatel 2008-08-27 14:00 --------- d-----w C:\Program Files\Marvell 2008-08-27 14:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-27 14:00 --------- d-----w C:\********s and Settings\cpu\Application Data\TMP 2008-08-27 13:59 --------- d-----w C:\Program Files\Synaptics 2008-08-27 13:57 --------- d-----w C:\Program Files\CONEXANT 2008-08-27 13:46 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-27 13:21 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/21/2008 12:27 AM 68856] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184] "eachcity"="C:\DOCUME~1\cpu\APPLIC~1\SPAM16~1\Okay Dead.exe" [09/26/2008 11:21 PM 487936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [02/02/2007 01:00 AM 36864] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/27/2007 04:10 PM 851968] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [09/07/2007 05:49 PM 1236992] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/20/2007 08:57 AM 142104] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/20/2007 08:57 AM 162584] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/20/2007 08:57 AM 138008] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 05:38 PM 78008] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/27/2008 05:27 PM 185896] "Army browse cdrom vga"="C:\********s and Settings\All Users\Application Data\Mfcd upload army browse\bin roam.exe" [10/03/2008 01:27 PM 519168] "CheckRegDefragService"="C:\PROGRA~1\REGIST~2\rbcs.exe" [09/22/2004 11:18 PM 299520] "SigmatelSysTrayApp"="stsystra.exe" [05/06/2007 05:10 PM 405504 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\********s and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [07/19/2008 05:35 PM 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [07/19/2008 05:37 PM 20560] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [12/06/2006 05:40 AM 108032] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [03/20/2007 01:00 AM 234496] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [03/05/2007 06:45 PM 7424] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-CheckRegDefragService - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/ R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com.sa/ R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O16 -: Microsoft XML Parser for **** - file://C:\WINDOWS\****\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for ****.osd . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-04 08:33:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 10/04/2008 8:34:01 ComboFix-quarantined-files.txt 2008-10-04 05:33:56 Pre-Run: 70,993,346,560 bytes free Post-Run: 74,014,408,704 bytes free 171 |
المرفقات 1 الله لايهينك تعبناك معنا في المرفقات |
المرفقات 1 الله يعطيك العافيه ون شألله يظبط |
إقتباس:
إقتباس:
فيـه ملفـات كثيـرة بالنـظام تابعـة لـ برنامج الكويك تايــم وكلـها فيروسـات ,, أتوقـع فيروس مـدمج نفسه مع البــرنـامج ,, انـت إحذفـه وركبـه مـن جديـد :) إقتباس:
حــدد هـذي القيـم :- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [Seek Shim] C:\DOCUME~1\admin\APPLIC~1\AMOKEQ~1\Hide Mfcd Fast.exe شـرح طريقـة حذف القيـم بآخـر الرد .. 2) حمل هـذا الملف هنــا شــرح الإستحدام: http://www.snabelnet.net/uploadedfil...1220830468.png http://www.snabelnet.net/uploadedfil...1220830468.png إقتباس:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe شـرح طريقـة الحـذف بآخـر الـرد إقتباس:
حــدد هـذي القيـم : O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe شـرح طريقـة حـذف القيـم بآخـر الـرد 2) وآخر شــيء يبقى تحـمل هذا الملف هـنا عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,, وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم شــرح طريقـة حـذف القيــم :- http://www.snabelnet.net/uploadedfil...1223095055.png http://www.snabelnet.net/uploadedfil...1223095055.png |
إقتباس:
|
إبـدا >> لوحة التحكم >> إضافة او إزالة البرامج >> دور برنـامج إسمه quicktime وإحـذفه |
|
إضغط على آخر وحـده وإضغـط على نيكست الين ماينتهي التثبيــت :) |
اخوي حذفت البرنامج ثم طفى الجهاز ثم اشتغل مره ثانية اول ما اشتغل جتني زي كذا http://www.l5s.net/upbmp/a2384382.bmp |
إضغط إكس وخـلاص :) . . |
طيب ضغطت ألحين وش باقي |
الوقت المعتمد في المنتدى بتوقيت جرينتش +3.
الوقت الان » 10:56 AM. |
Powered by: vBulletin Version 3.8.7
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd