نادي الهلال السعودي - شبكة الزعيم - الموقع الرسمي

نادي الهلال السعودي - شبكة الزعيم - الموقع الرسمي (http://vb.alhilal.com/index.php)
-   منتدى المشاكل والحلول (http://vb.alhilal.com/forumdisplay.php?f=164)
-   -   هــل لديـك فيروسـات وجهـازك بطي ==> الحـل هنـا (http://vb.alhilal.com/showthread.php?t=647201)

F.Lamp8ard 04/10/2008 08:24 AM

إقتباس:

الرسالة الأصلية كتبت بواسطة قبيلي اصل وفصل (مشاركة 9766572)
اخوي والله اني أنلحست ألحين احدد القيم ثم وين احطها فيه

من البـرنامج نفسه اللي معطيكـياه حدد هذي القيم

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program
Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)


وهذا شـرح لحـذف هذي القيــم

http://www.snabelnet.net/uploadedfil...1223095055.png

http://www.snabelnet.net/uploadedfil...1223095055.png

هلالي وافتخر. 04/10/2008 08:33 AM

وآخر شي ياليــت تتطبق المـوجود بهـذا الموضـوع :)

شـرح لكيفيــة حـذف فيـروس Perlovga نهائيـاً .. [/QUOTE]



مشكور وطبقت الي بالموضوع الثاني يعطيك العافيه

عبدالله المطوع 04/10/2008 08:34 AM

هذا هو التقرير





ComboFix 08-10-03.05 - a 10/04/2008 8:11:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.593 [GMT 3:00]
Running from: C:\********s and Settings\a\??? ??????\2.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1u0o8bnq.cmd
C:\9yqusig.bat
C:\autorun.inf
C:\kk3.bat
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\x64
C:\xk2n.bat
D:\1u0o8bnq.cmd
D:\9yqusig.bat
D:\Autorun.inf
D:\b3b9u.com
D:\bwpncb6.com
D:\c9hehpa.bat
D:\kk3.bat
D:\n.com
D:\njibyekk.com
D:\rqq2v.bat
D:\rs.cmd
D:\tbm9.bat
D:\u9dyi.exe
D:\xk2n.bat
D:\yssjnngm.cmd
.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:37 --------- d-----w C:\Program Files\Google
2008-09-27 00:10 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-27 00:09 --------- d-----w C:\Program Files\CONEXANT
2008-09-26 22:47 --------- d-----w C:\Program Files\Avramovic Web Solutions
2008-09-25 00:39 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-25 00:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-25 00:36 --------- d-----w C:\********s and Settings\All Users\Application Data\Nokia
2008-09-25 00:35 --------- d-----w C:\Program Files\Nokia
2008-09-25 00:35 --------- d-----w C:\********s and Settings\All Users\Application Data\Installations
2008-09-25 00:33 --------- d-----w C:\Program Files\MSXML 6.0
2008-09-22 18:14 --------- d-----w C:\********s and Settings\a\Application Data\Datalayer
2008-09-18 17:08 --------- d-----w C:\********s and Settings\Administrator\Application Data\Yahoo!
2008-09-16 15:42 --------- d-----w C:\********s and Settings\a\Application Data\Nokia Multimedia Player
2008-09-14 17:59 --------- d-----w C:\********s and Settings\a\Application Data\Nokia
2008-09-10 22:05 96,047 --sh--r C:\39lpji.com
2008-09-06 09:33 70,656 ----a-w C:\WINDOWS\notepad.exe
2008-09-06 09:33 32,768 ----a-w C:\WINDOWS\hh.exe
2008-09-06 09:33 225,280 ----a-w C:\WINDOWS\regedit.exe
2008-09-06 09:33 1,655,296 ----a-w C:\WINDOWS\explorer.exe
2008-09-06 09:24 --------- d-----w C:\Program Files\Total Video Converter
2008-09-05 17:35 --------- d-----w C:\********s and Settings\a\Application Data\ACD Systems
2008-09-05 17:18 --------- d-----w C:\********s and Settings\a\Application Data\CyberLink
2008-09-01 18:40 --------- d-----w C:\********s and Settings\Administrator\Application Data\Media Player Classic
2008-09-01 18:39 --------- d-----w C:\********s and Settings\Administrator\Application Data\PC Suite
2008-09-01 18:39 --------- d-----w C:\********s and Settings\Administrator\Application Data\ESET
2008-09-01 14:42 --------- d-----w C:\********s and Settings\All Users\Application Data\Messenger Plus!
2008-09-01 12:30 --------- d-----w C:\********s and Settings\a\Application Data\Media Player Classic
2008-08-31 18:14 --------- d-----w C:\Program Files\dart type math
2008-08-31 18:14 --------- d-----w C:\********s and Settings\a\Application Data\dart type math
2008-08-31 18:13 --------- d-----w C:\Program Files\MSN Messenger
2008-08-31 18:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-31 18:13 --------- d-----w C:\Program Files\Circle Developement
2008-08-31 18:06 --------- d-----w C:\********s and Settings\All Users\Application Data\Yahoo! Companion
2008-08-31 18:06 --------- d-----w C:\********s and Settings\a\Application Data\Yahoo!
2008-08-31 16:06 --------- d-----w C:\Program Files\Unlocker
2008-08-31 16:05 --------- d-----w C:\********s and Settings\a\Application Data\ESET
2008-08-31 16:04 --------- d-----w C:\Program Files\ESET
2008-08-31 16:04 --------- d-----w C:\********s and Settings\All Users\Application Data\ESET
2008-08-31 16:03 --------- d-----w C:\********s and Settings\All Users\Application Data\CyberLink
2008-08-31 16:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 16:02 --------- d-----w C:\Program Files\CyberLink
2008-08-31 16:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-31 16:00 --------- d-----w C:\Program Files\Windows Live
2008-08-31 15:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-31 15:22 155,995 ----a-w C:\WINDOWS\****\Packages\WMXJZ7PB.ZIP
2008-08-31 15:22 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-31 15:21 --------- d-----w C:\Program Files\Paltalk Messenger
2008-08-31 15:21 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-31 15:21 --------- d-----w C:\********s and Settings\All Users\Application Data\PC Suite
2008-08-31 15:21 --------- d-----w C:\********s and Settings\a\Application Data\Paltalk
2008-08-31 15:20 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-31 15:20 --------- d-----w C:\Program Files\DIFX
2008-08-31 15:20 --------- d-----w C:\********s and Settings\a\Application Data\PC Suite
2008-08-31 15:17 --------- d-----w C:\Program Files\WIDCOMM
2008-08-31 14:52 --------- d-----w C:\********s and Settings\a\Application Data\Ahead
2008-08-31 14:50 --------- d-----w C:\Program Files\Real_SC
2008-08-31 14:50 --------- d-----w C:\Program Files\Real
2008-08-31 14:50 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-31 14:50 --------- d-----w C:\Program Files\Common Files\Real
2008-08-31 14:47 --------- d-----w C:\********s and Settings\All Users\Application Data\GRETECH
2008-08-31 14:47 --------- d-----w C:\********s and Settings\a\Application Data\GRETECH
2008-08-31 14:46 --------- d-----w C:\Program Files\GRETECH
2008-08-31 14:45 --------- d-----w C:\Program Files\Yahoo!
2008-08-31 14:45 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-31 14:45 --------- d-----w C:\Program Files\ACD Systems
2008-08-31 14:45 --------- d-----w C:\********s and Settings\All Users\Application Data\ACD Systems
2008-08-31 14:44 --------- d-----w C:\Program Files\Nero
2008-08-31 14:44 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-31 14:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-31 14:21 --------- d-----w C:\Program Files\Microsoft Works
2008-08-31 14:02 --------- d-----w C:\Program Files\microsoft frontpage
.
------- Sigcheck -------
09/06/2008 12:33 PM 1655296 2fd48aaeaec9c891f72277bbe701f5db C:\WINDOWS\explorer.exe
04/14/2008 06:59 PM 1031168 ca3445dce9eb70a2ca2504e0af5c543f C:\WINDOWS\SoftwareDistribution\Download\7d2cee6b1d58dd154a634d3211bdeac1\explorer.exe
09/06/2008 12:33 PM 1655296 2fd48aaeaec9c891f72277bbe701f5db C:\WINDOWS\system32\dllcache\explorer.exe
04/14/2008 07:00 PM 110592 9498cf0d334b282aa58d1dfc370738de C:\WINDOWS\SoftwareDistribution\Download\7d2cee6b1d58dd154a634d3211bdeac1\wuauclt.exe
09/06/2008 12:33 PM 80584 fdebe76dcbb058296c27f72daa6dc9ef C:\WINDOWS\system32\wuauclt.exe
09/06/2008 12:33 PM 80584 fdebe76dcbb058296c27f72daa6dc9ef C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 11:56 AM 15360]
"managertitle"="C:\DOCUME~1\a\APPLIC~1\DARTTY~1\refbias1.exe" [08/31/2008 09:14 PM 563200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/31/2008 05:49 PM 185896]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/14/2006 02:39 PM 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/14/2006 02:41 PM 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/14/2006 02:38 PM 94208]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/08/2006 01:27 PM 222208]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [02/20/2008 11:06 AM 1443072]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 08:19 PM 15872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 11:56 AM 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35032a86-7900-11dd-8737-0016d39870eb}]
\Shell\AutoRun\command - F:\1u0o8bnq.cmd
\Shell\explore\Command - F:\1u0o8bnq.cmd
\Shell\open\Command - F:\1u0o8bnq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e0301e-7774-11dd-872c-0016d39870eb}]
\Shell\AutoRun\command - F:\kk3.bat
\Shell\explore\Command - F:\kk3.bat
\Shell\open\Command - F:\kk3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e03033-7774-11dd-872c-0016d39870eb}]
\Shell\AutoRun\command - F:\kk3.bat
\Shell\explore\Command - F:\kk3.bat
\Shell\open\Command - F:\kk3.bat
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 -: Microsoft XML Parser for **** - file://C:\WINDOWS\****\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for ****.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 08:15:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\2\pv.cfexe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 10/04/2008 8:20:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-04 05:20:32
Pre-Run: 47,819,309,056 bytes free
Post-Run: 48,700,846,080 bytes free
220 --- E O F --- 2008-09-11 00:32:43

السبيعي911 04/10/2008 08:35 AM

المرفقات 1
هذا الملف ورفعناه ياكينغ

قبيلي اصل وفصل 04/10/2008 08:38 AM

اخوي هذا هو التقرير


ComboFix 08-10-03.05 - cpu 10/04/2008 8:30:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1473 [GMT 3:00]
Running from: C:\********s and Settings\cpu\??? ??????\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\********s and Settings\cpu\******s\[email protected][1].txt
C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\ALOAudioFile2.dll
C:\WINDOWS\system32\ALOAVIFile.dll
C:\WINDOWS\system32\ALOQuickTimeFile.dll
C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOWMAFile2.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 03:26 --------- d-----w C:\********s and Settings\cpu\Application Data\FairStars Audio Converter
2008-10-04 03:23 --------- d-----w C:\Program Files\FairStars Audio Converter
2008-10-03 16:09 --------- d-----w C:\Program Files\FaceOnBody
2008-10-03 16:09 --------- d-----w C:\********s and Settings\All Users\Application Data\FaceOnBody
2008-09-29 04:45 --------- d-----w C:\********s and Settings\cpu\Application Data\ESET
2008-09-29 04:36 --------- d-----w C:\********s and Settings\All Users\Application Data\ESET
2008-09-29 03:24 --------- d-----w C:\********s and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-29 01:17 --------- d-----w C:\Program Files\Paltalk Messenger
2008-09-29 01:17 --------- d-----w C:\********s and Settings\cpu\Application Data\Paltalk
2008-09-29 01:02 --------- d-----w C:\Program Files\AskPBar
2008-09-28 17:42 81,920 ----a-w C:\********s and Settings\cpu\Application Data\ezpinst.exe
2008-09-28 17:42 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-28 17:42 47,360 ----a-w C:\********s and Settings\cpu\Application Data\pcouffin.sys
2008-09-28 17:42 --------- d-----w C:\Program Files\Video Convert Master
2008-09-28 17:42 --------- d-----w C:\********s and Settings\cpu\Application Data\Vso
2008-09-28 06:03 --------- d-----w C:\Program Files\Registry Compressor
2008-09-28 05:59 --------- d-----w C:\Program Files\Registry Fast
2008-09-26 20:22 --------- d-----w C:\********s and Settings\cpu\Application Data\Spam16junk
2008-09-26 20:22 --------- d-----w C:\********s and Settings\All Users\Application Data\Mfcd upload army browse
2008-09-26 20:21 --------- d-----w C:\Program Files\Spam16junk
2008-09-26 20:20 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-26 00:15 --------- d-----w C:\Program Files\Circle Developement
2008-09-24 12:08 --------- d-----w C:\Program Files\Online TV Player 4
2008-09-23 01:06 --------- d-----w C:\Program Files\Google
2008-09-19 20:31 --------- d-----w C:\Program Files\Video Watermark Factory
2008-08-31 22:36 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-30 01:09 --------- d-----w C:\Program Files\Photo To Sketch
2008-08-29 23:50 --------- d-----w C:\********s and Settings\cpu\Application Data\ACD Systems
2008-08-29 23:49 --------- d-----w C:\Program Files\Windows Live
2008-08-29 23:28 --------- d-----w C:\Program Files\Ela-Salaty
2008-08-29 20:26 --------- d-----w C:\********s and Settings\All Users\Application Data\Messenger Plus!
2008-08-29 20:13 --------- d-----w C:\********s and Settings\cpu\Application Data\CyberLink
2008-08-27 17:59 --------- d-----w C:\Program Files\Macromedia
2008-08-27 16:20 --------- d-----w C:\********s and Settings\All Users\Application Data\WinZip
2008-08-27 14:30 155,995 ----a-w C:\WINDOWS\****\Packages\YIXRJJLB.ZIP
2008-08-27 14:27 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-27 14:27 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-27 14:27 --------- d-----w C:\Program Files\Real
2008-08-27 14:27 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-27 14:27 --------- d-----w C:\Program Files\Common Files\Real
2008-08-27 14:27 --------- d-----w C:\********s and Settings\cpu\Application Data\vlc
2008-08-27 14:26 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-08-27 14:26 --------- d-----w C:\Program Files\VideoLAN
2008-08-27 14:26 --------- d-----w C:\Program Files\mpegable
2008-08-27 14:26 --------- d-----w C:\********s and Settings\cpu\Application Data\GRETECH
2008-08-27 14:26 --------- d-----w C:\********s and Settings\All Users\Application Data\GRETECH
2008-08-27 14:25 --------- d-----w C:\Program Files\GRETECH
2008-08-27 14:25 --------- d-----w C:\Program Files\3GP Player
2008-08-27 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 14:24 --------- d-----w C:\Program Files\CyberLink
2008-08-27 14:24 --------- d-----w C:\********s and Settings\All Users\Application Data\CyberLink
2008-08-27 14:23 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-08-27 14:23 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-27 14:23 --------- d-----w C:\Program Files\ACD Systems
2008-08-27 14:23 --------- d-----w C:\********s and Settings\All Users\Application Data\ACD Systems
2008-08-27 14:20 --------- d-----w C:\Program Files\Alwil Software
2008-08-27 14:12 --------- d-----w C:\Program Files\Dell
2008-08-27 14:11 --------- d-----w C:\********s and Settings\cpu\Application Data\InstallShield
2008-08-27 14:10 --------- d-----w C:\Program Files\WIDCOMM
2008-08-27 14:06 --------- d-----w C:\Program Files\DIFX
2008-08-27 14:02 --------- d-----w C:\Program Files\Sigmatel
2008-08-27 14:00 --------- d-----w C:\Program Files\Marvell
2008-08-27 14:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-27 14:00 --------- d-----w C:\********s and Settings\cpu\Application Data\TMP
2008-08-27 13:59 --------- d-----w C:\Program Files\Synaptics
2008-08-27 13:57 --------- d-----w C:\Program Files\CONEXANT
2008-08-27 13:46 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-27 13:21 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/21/2008 12:27 AM 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"eachcity"="C:\DOCUME~1\cpu\APPLIC~1\SPAM16~1\Okay Dead.exe" [09/26/2008 11:21 PM 487936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [02/02/2007 01:00 AM 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/27/2007 04:10 PM 851968]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [09/07/2007 05:49 PM 1236992]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/20/2007 08:57 AM 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/20/2007 08:57 AM 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/20/2007 08:57 AM 138008]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 05:38 PM 78008]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/27/2008 05:27 PM 185896]
"Army browse cdrom vga"="C:\********s and Settings\All Users\Application Data\Mfcd upload army browse\bin roam.exe" [10/03/2008 01:27 PM 519168]
"CheckRegDefragService"="C:\PROGRA~1\REGIST~2\rbcs.exe" [09/22/2004 11:18 PM 299520]
"SigmatelSysTrayApp"="stsystra.exe" [05/06/2007 05:10 PM 405504 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\********s and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [07/19/2008 05:35 PM 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [07/19/2008 05:37 PM 20560]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [12/06/2006 05:40 AM 108032]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [03/20/2007 01:00 AM 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [03/05/2007 06:45 PM 7424]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-CheckRegDefragService - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com.sa/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 -: Microsoft XML Parser for **** - file://C:\WINDOWS\****\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for ****.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 08:33:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/04/2008 8:34:01
ComboFix-quarantined-files.txt 2008-10-04 05:33:56
Pre-Run: 70,993,346,560 bytes free
Post-Run: 74,014,408,704 bytes free
171

هلالي & برشلونـــي 04/10/2008 09:27 AM

المرفقات 1
الله لايهينك تعبناك معنا

في المرفقات

مــعــآذ 04/10/2008 09:52 AM

المرفقات 1
الله يعطيك العافيه

ون شألله

يظبط

F.Lamp8ard 05/10/2008 07:59 AM

إقتباس:

فــهومي :
جهـازك رايـح بخرايــطها .. لازم تستـخدم برنـامج لحذف الفـيروسات فـي الجهـاز :d

إقتباس:

قبيلي اصل وفصل :
تستـخدم برنـامج الكـويك تايـم ؟

فيـه ملفـات كثيـرة بالنـظام تابعـة لـ برنامج الكويك تايــم وكلـها فيروسـات ,, أتوقـع فيروس مـدمج نفسه مع البــرنـامج ,, انـت إحذفـه وركبـه مـن جديـد :)

إقتباس:

السبيعي911
1)

حــدد هـذي القيـم :-

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [Seek Shim] C:\DOCUME~1\admin\APPLIC~1\AMOKEQ~1\Hide Mfcd Fast.exe

شـرح طريقـة حذف القيـم بآخـر الرد ..

2)

حمل هـذا الملف

هنــا

شــرح الإستحدام:

http://www.snabelnet.net/uploadedfil...1220830468.png

http://www.snabelnet.net/uploadedfil...1220830468.png

إقتباس:

هلالي & برشلونـــي
حــدد هـذي القيـم :-

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

شـرح طريقـة الحـذف بآخـر الـرد

إقتباس:

فتى الولايه
1)

حــدد هـذي القيـم :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

شـرح طريقـة حـذف القيـم بآخـر الـرد

2)


وآخر شــيء يبقى تحـمل هذا الملف

هـنا


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

شــرح طريقـة حـذف القيــم :-

http://www.snabelnet.net/uploadedfil...1223095055.png

http://www.snabelnet.net/uploadedfil...1223095055.png

قبيلي اصل وفصل 05/10/2008 08:05 AM

إقتباس:

تستـخدم برنـامج الكـويك تايـم ؟

فيـه ملفـات كثيـرة بالنـظام تابعـة لـ برنامج الكويك تايــم وكلـها فيروسـات ,, أتوقـع فيروس مـدمج نفسه مع البــرنـامج ,, انـت إحذفـه وركبـه مـن جديـد :)
اخوي بحذف البرنامج بس لو توريني شكل البرنامج علشان اعرفه واحذفه من لوحة التحكم

F.Lamp8ard 05/10/2008 08:08 AM

إبـدا >> لوحة التحكم >> إضافة او إزالة البرامج >> دور برنـامج إسمه quicktime وإحـذفه

قبيلي اصل وفصل 05/10/2008 08:16 AM

اخوي ضغطة عليه إزالة جتني زي كذا

http://img407.imageshack.us/img407/3561/73612788ah1.png

F.Lamp8ard 05/10/2008 08:17 AM

إضغط على آخر وحـده وإضغـط على نيكست الين ماينتهي التثبيــت :)

قبيلي اصل وفصل 05/10/2008 08:28 AM

اخوي حذفت البرنامج ثم طفى الجهاز ثم اشتغل مره ثانية اول ما اشتغل جتني زي كذا

http://www.l5s.net/upbmp/a2384382.bmp

F.Lamp8ard 05/10/2008 08:44 AM

إضغط إكس وخـلاص :)

.
.

قبيلي اصل وفصل 05/10/2008 08:48 AM

طيب ضغطت ألحين وش باقي


الوقت المعتمد في المنتدى بتوقيت جرينتش +3.
الوقت الان » 10:56 AM.

Powered by: vBulletin Version 3.8.7
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd