فيروس alman مرفق التقرير

miss.fci · 26 يونيو 2008

السلام عليكم ورحمه الله وبركاته

ارجو مساعدتكم لازالة فيروس win32/alman.nad لانه بدا يصيب ملفات الـ .exe

ومرفق تقرير hijackthis

ياريت تساعدونى بسرعة قبل ما الجهاز يتدمر وجزاكم الله خيرا

-------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:18 م, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\HM\Desktop\1rmalman.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - C:\WINDOWS\system32\tisqatyu.dll
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - C:\WINDOWS\system32\ijdyapaw.dll
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - C:\WINDOWS\system32\erxybloe.dll
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - C:\WINDOWS\system32\lassaplo.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - C:\WINDOWS\system32\lijzclit.dll
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll
O2 - BHO: akjsdkaq.dll - {4A908760-8000-4000-A000-9000322145A4} - C:\WINDOWS\system32\akjsdkaq.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - C:\WINDOWS\system32\tysqbkol.dll
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - C:\WINDOWS\system32\pqzfajke.dll
O2 - BHO: arjreler.dll - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - C:\WINDOWS\system32\arjreler.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: s2da2f323.dll - {A629FF4F-ACDB-5C90-A098-FACB3456A26A} - C:\WINDOWS\system32\s2da2f323.dll
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - .DEFAULT Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'Default user')
O4 - .DEFAULT User Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O20 - AppInit_DLLs: jkjkll.dll,ghjyer.dll,ilkyu.dll,yukevg.dll,ghkrg.dll,tuker.dll,ujkwet.dll,asfjthj.dll,hmsdvf.dll,jrhhh.dll,sdrfh.dll,vhsdfg.dll,dger.dll,losdf.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fgthde.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,rthkyuk.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,,tisqatyu.dll,arjreler.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 7144 bytes

moustakhdem · 26 يونيو 2008

هذه كلها ملفات فيروسات
حددي قيمها واحذفيها كالعادي والله أعلم

O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - C:\WINDOWS\system32\tisqatyu.dll
O2 - BHO: ijdyapaw.dll - {1A698452-C5D8-C584-C256-C264C987C5A1} - C:\WINDOWS\system32\ijdyapaw.dll
O2 - BHO: erxybloe.dll - {20909876-4567-3908-4056-909834565102} - C:\WINDOWS\system32\erxybloe.dll
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - C:\WINDOWS\system32\lassaplo.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - C:\WINDOWS\system32\lijzclit.dll
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll
O2 - BHO: akjsdkaq.dll - {4A908760-8000-4000-A000-9000322145A4} - C:\WINDOWS\system32\akjsdkaq.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: tysqbkol.dll - {5D098345-6785-1098-5413-678067AE03D5} - C:\WINDOWS\system32\tysqbkol.dll
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - C:\WINDOWS\system32\pqzfajke.dll
O2 - BHO: arjreler.dll - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - C:\WINDOWS\system32\arjreler.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: s2da2f323.dll - {A629FF4F-ACDB-5C90-A098-FACB3456A26A} - C:\WINDOWS\system32\s2da2f323.dll
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

والطريقة

بعدها نزلي هالاداة لتنظيف الجهاز ATF Cleaner

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وعسى هالموضوع يفيدك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الليث الضارب · 26 يونيو 2008

اصلح هذه القيم
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - C:\WINDOWS\system32\lassaplo.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

وادخل هذا الموضوع وحمل الافيرا واعمل تنضيف كامل للجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تحايتي

moustakhdem · 26 يونيو 2008

كذلك اذهبي إلى Start (بدء)

ثم Run
ثم اكتبي regedit واضغطي OK
وفي النافذة الجديدة اذهبي إلى

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

هنا تجدين على اليمين
AppInit_DLLs

اضغطي عليه بنقرتين لتفتحيه واحذفي كل ما فيه
ثم OK

مع العلم بأنه في بعض الأحيان تحتاجين فعل كل هذا في safe mode
كل هذا بالإضافة إلى كلام الإخوة هنا
وموفقة

miss.fci · 27 يونيو 2008

السلام عليكم ورحمه الله وبركاته

جزاكم الله خيرا جميعا على سرعه الرد

وانا عملت كل اللى حضراتكم طلبتوه ودى التقارير الاخيرة

تقرير الافيرا

Avira AntiVir Premium
Report file date: 27 يونيو, 2008 03:35
Scanning for 1218459 virus strains and unwanted programs.
Licensed to: zyzoom turky
Serial number: 1101673682-PEPWE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode with network
Username: Administrator
Computer name: HOME-EE284B3757
Version information:
BUILD.DAT : 8.1.00.331 19215 Bytes 09/04/2008 16:10:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 08:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 07:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 07:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 07:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 12:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 14:04:54
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 03:13:52
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 08:58:22
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 18/04/2008 13:16:58
AESCN.DLL : 8.1.0.14 119156 Bytes 18/04/2008 13:16:58
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 14:34:46
AEPACK.DLL : 8.1.1.2 364917 Bytes 18/04/2008 13:16:56
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 13:16:54
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 17/04/2008 14:05:08
AEHELP.DLL : 8.1.0.14 115063 Bytes 18/04/2008 13:16:50
AEGEN.DLL : 8.1.0.17 299380 Bytes 18/04/2008 13:16:50
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 14:34:44
AECORE.DLL : 8.1.0.27 168310 Bytes 18/04/2008 13:16:46
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 16:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 09:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 16:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 07:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 07:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 16:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 16:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 11:05:12
RCIMAGE.DLL : 8.0.0.31 2564353 Bytes 28/02/2008 08:19:52
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 10:45:46
Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\c4e69491.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: low
Start of the scan: 27 يونيو, 2008 03:35
Starting the file scan:
Begin scan in 'C:\WINDOWS\system32'

End of the scan: 27 يونيو, 2008 03:39
Used time: 03:25 min
The scan has been done completely.
180 Scanning directories
5715 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
5715 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes

---------------------------------------

تقرير hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:39:43, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator.HOME-EE284B3757\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst"
O4 - HKCU\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours"
O4 - HKCU\..\RunOnce: [nlpo_06] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp"
O4 - HKCU\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
O4 - HKCU\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg
O4 - HKCU\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - .DEFAULT Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'Default user')
O4 - .DEFAULT User Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe
O4 - Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe
O4 - Global Startup: run.com
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 4262 bytes

************************

هل تم ازالة الفيروسات ؟؟؟

وجزاكم الله خيرا

المانسي · 27 يونيو 2008

وعليكم السلام

احذفي برنامج النود وحملي بدلا عنه كاسبر نسخة 7

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

حدثي البرنامج واعملي فحص كامل لجهاز الكمبيوتر ثم اعملي تقرير اخر باداة هايجيك

بالتوفيق

هاوي النت · 27 يونيو 2008

مداخله بسيطه وشلون اقدر اسوي تقرير للافيرا ؟ وكيف اقدر احلله ؟

العرافة · 27 يونيو 2008

اخوي هاوي النت تقرير الافيرا يطلع بروحه بعد ما نسوا فل سكان للجهاز

و تقدر تحلله بأنك تشوف الملفات اللي عليها warning

او مصابة مثال من تقرير الاخ

180 Scanning directories
5715 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
5715 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes

يعني جهازه سليم من الفيروسات ,, و انا اليوم بدلت للافيرا

فارس الملاك · 27 يونيو 2008

يعطيكم العافية شبااب

العرافة · 27 يونيو 2008

تقدر بعد اذا ما طلع التقرير مباشرة تضغط على report

و يطلع

هذا تقريري مع بعض التعديلات لملفات خاصة ب*******

ياعيني 11 فيروس خخخخخ

تقريري يقول البوت مال الويندوز اللي تشتغل عالفلاش مال زيزوم فيها سبايوير

بعلمها لكم باللون الاحمر

Avira AntiVir Premium
Report file date: 2008年6月27日 04:52

Scanning for 1362314 virus strains and unwanted programs.

Licensed to: hiphop anonymous
Serial number: *********
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ******

Version information:
BUILD.DAT : 8.1.0.344 19214 Bytes 28/05/2008 17:00:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 07:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 06:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 06:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 06:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 08:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 10:55:20
ANTIVIR2.VDF : 7.0.5.2 2048 Bytes 24/06/2008 10:55:21
ANTIVIR3.VDF : 7.0.5.11 61440 Bytes 26/06/2008 10:55:24
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 07:58:21
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 26/06/2008 10:56:47
AESCN.DLL : 8.1.0.22 119157 Bytes 26/06/2008 10:56:41
AERDL.DLL : 8.1.0.20 418165 Bytes 26/06/2008 10:56:38
AEPACK.DLL : 8.1.1.6 364918 Bytes 26/06/2008 10:56:29
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 26/06/2008 10:56:20
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 26/06/2008 10:56:11
AEHELP.DLL : 8.1.0.15 115063 Bytes 26/06/2008 10:55:47
AEGEN.DLL : 8.1.0.29 307573 Bytes 26/06/2008 10:55:44
AEEMU.DLL : 8.1.0.6 430451 Bytes 26/06/2008 10:55:37
AECORE.DLL : 8.1.0.31 168310 Bytes 26/06/2008 10:55:30
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 15:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 08:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 11:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 15:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 06:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 06:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 15:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 15:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 10:05:10
RCIMAGE.DLL : 8.0.0.31 2564353 Bytes 28/02/2008 07:19:50
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 09:45:45

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition premium\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008年6月27日 04:52

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'sistray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
Scan process 'AirPlusCFG.exe' - '1' Module(s) have been scanned
Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'openvpnas.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'avesvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '21' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\******\Desktop\New Folder\Yahoo tools AIO_samra.zip
[0] Archive type: ZIP
--> Yahoo tools AIO_samra/AIO_By_Djsharawy/KrazyZ-ToolsV-1/KrazyZ-ToolsV-1/KewlButtonz.ocx
[DETECTION] Contains detection pattern of a probably damaged sample CC/Agent
--> Yahoo tools AIO_samra/AIO_By_Djsharawy/Yahoo PRO/Y!PRO INVITE/KewlButtonz.ocx
[DETECTION] Contains detection pattern of a probably damaged sample CC/Agent
--> Yahoo tools AIO_samra/AIO_By_Djsharawy/Yahoo-World v1/KewlButtonz.ocx
[DETECTION] Contains detection pattern of a probably damaged sample CC/Agent
--> Yahoo tools AIO_samra/AIO_By_Djsharawy/YDazePCv2/KewlButtonz.ocx
[DETECTION] Contains detection pattern of a probably damaged sample CC/Agent
[NOTE] The file was moved to '48cc3e4b.qua'!
C:\Downloads\**********.rar
[0] Archive type: RAR
--> ****.exe
[DETECTION] Is the Trojan horse TR/Drop.Delf.Bam.6
[NOTE] The file was moved to '48d25492.qua'!
C:\Downloads\microsoft office 2003\Microsoft Office 2003 Professional FINAL English (ISO).rar
[0] Archive type: RAR
--> Microsoft Office Pre-Installer.exe
[DETECTION] Is the Trojan horse TR/Agent.141606.B
[NOTE] The file was moved to '48c7550e.qua'!
C:\Program Files\exeqrn\SETUP.EXE
[WARNING] The file could not be opened!
C:\Program Files\HideWindowPlus\hwsys.dll
[DETECTION] Contains detection pattern of the worm WORM/Quin.F
[NOTE] The file was deleted!
C:\Program Files\PowerISO\PWRISOSH.DLL
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{368D7DC9-3AF8-4ADF-902F-B11CE6FEE428}\RP558\A0150498.exe
[DETECTION] Is the Trojan horse TR/PSW.LdPinch.rlf
[NOTE] The file was deleted!
C:\System Volume Information\_restore{368D7DC9-3AF8-4ADF-902F-B11CE6FEE428}\RP558\A0150582.dll
[DETECTION] Contains detection pattern of the worm WORM/Quin.F
[NOTE] The file was deleted!
C:\Zyzoom_flash_boot\run.exe
[DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/Shopper.Z.4
[NOTE] The file was deleted!
Begin scan in 'F:\'
F:\Documents and Settings\*****\Desktop\product key explorer v1[1].9.7.rar
[0] Archive type: RAR
--> Product Key Explorer v1.9.7\Crack\SND.exe
[DETECTION] Is the Trojan horse TR/Zlob.1667
[NOTE] The file was deleted!

End of the scan: 2008年6月27日 08:07
Used time: 3:14:55 min

The scan has been done completely.

15489 Scanning directories
625302 Files were scanned
11 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
625291 Files not concerned
4978 Archives were scanned
3 Warnings
8 Notes

miss.fci · 28 يونيو 2008

المانسي قال:
وعليكم السلام

احذفي برنامج النود وحملي بدلا عنه كاسبر نسخة 7

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

حدثي البرنامج واعملي فحص كامل لجهاز الكمبيوتر ثم اعملي تقرير اخر باداة هايجيك

بالتوفيق

السلام عليكم ورحمه الله وبركاته

التقرير بعد الفحص

------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:35 م, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst"
O4 - HKCU\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours"
O4 - HKCU\..\RunOnce: [nlpo_06] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp"
O4 - HKCU\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
O4 - HKCU\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg
O4 - HKCU\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - .DEFAULT Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'Default user')
O4 - .DEFAULT User Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe
O4 - Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe
O4 - Global Startup: run.com
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: إحصائيات مضاد فيروسات المواقع - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F1F50CB-4F04-44B2-BECB-CABCEEC1E97D}: NameServer = 163.121.128.134,163.121.128.135
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
--
End of file - 5299 bytes

miss.fci · 29 يونيو 2008

السلام عليكم ورحمه الله وبركاته

أرجو فحص التقرير وجزاكم الله خيرا

LINEZERO · 29 يونيو 2008

اعمل التالي لااهنت

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

miss.fci · 4 يوليو 2008

تقرير ComboFix

ComboFix 08-07-03.5 - HM 07/04/2008 19:18:14.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.16 [GMT 3:00]
Running from: C:\Documents and Settings\HM\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\linkinfo.dll
C:\WINDOWS\system32\aitlasys.exe
C:\WINDOWS\system32\axmsawin.exe
C:\WINDOWS\system32\azcbaime.exe
C:\WINDOWS\system32\azwlaime.exe
C:\WINDOWS\system32\azwmaime.exe
C:\WINDOWS\system32\azzxaime.exe
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\drivers\cdralw.sys
C:\WINDOWS\system32\dsdyapaw.exe
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fxcbbime.sys
C:\WINDOWS\system32\fxwlbime.sys
C:\WINDOWS\system32\fxwmbime.sys
C:\WINDOWS\system32\fxzxbime.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\gsdhadwd.sys
C:\WINDOWS\system32\hdf453d.dll
C:\WINDOWS\system32\ijdybpaw.dll
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\isdsasrv.exe
C:\WINDOWS\system32\ismhasrv.exe
C:\WINDOWS\system32\jbhxabyt.exe
C:\WINDOWS\system32\lpsgajba.exe
C:\WINDOWS\system32\mkjsakaq.exe
C:\WINDOWS\system32\mnmhgsrv.dll
C:\WINDOWS\system32\mpwdeapi.dll
C:\WINDOWS\system32\oohxebyt.dll
C:\WINDOWS\system32\ozfyebyt.dll
C:\WINDOWS\system32\pldhadwd.exe
C:\WINDOWS\system32\pmjhbhlp.sys
C:\WINDOWS\system32\ptjhehlp.dll
C:\WINDOWS\system32\pzdyapaw.sys
C:\WINDOWS\system32\pzwlaime.sys
C:\WINDOWS\system32\pzwmaime.sys
C:\WINDOWS\system32\sdjsakaq.sys
C:\WINDOWS\system32\simyaapi.exe
C:\WINDOWS\system32\siwdaapi.exe
C:\WINDOWS\system32\smhxbbyt.sys
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spjhahlp.exe
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\sqjsakaq.sys
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\ypcqghlp.dll
C:\WINDOWS\system32\yxcschlp.dll
C:\WINDOWS\system32\zaztamsn.exe
C:\WINDOWS\system32\zptlcsys.dll
C:\WINDOWS\system32\zxcsahlp.exe
C:\WINDOWS\system32\zycbdime.dll
C:\WINDOWS\system32\zywlcime.dll
C:\WINDOWS\system32\zyzxjime.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CDRALW
-------\Service_cdralw

((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 16:21 9,728 ----a-w C:\WINDOWS\AppPatch\AcSpecf.dll
2008-07-04 16:21 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-04 16:08 18,048 ----a-w C:\WINDOWS\system32\drivers\eth8023.sys
2008-07-03 00:10 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-07-03 00:00 14,336 ----a-w C:\WINDOWS\AppPatch\DesktopWin.dll
2008-07-02 16:57 --------- d-----w C:\Documents and Settings\HM\Application Data\Media Player Classic
2008-07-02 16:53 --------- d-----w C:\Program Files\Silicon Integrated Systems
2008-07-02 16:52 --------- d-----w C:\Program Files\SiSLan
2008-07-02 16:52 --------- d-----w C:\Program Files\sisagp
2008-07-02 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-02 16:45 --------- d-----w C:\Program Files\SiS VGA Utilities V3.69
2008-07-02 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-02 16:44 --------- d-----w C:\Program Files\Analog Devices
2008-07-02 16:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-02 16:41 --------- d-----w C:\Program Files\Yahoo!
2008-07-02 16:40 --------- d-----w C:\Program Files\DFX
2008-07-02 16:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 16:37 --------- d-----w C:\Program Files\Ringz Studio
2008-07-02 16:37 --------- d-----w C:\Program Files\Common Files\Real
2008-07-02 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-02 16:36 --------- d-----w C:\Program Files\FlashGet
2008-07-02 16:29 --------- d-----w C:\Program Files\Windows Live
2008-07-02 16:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-02 16:17 --------- d-----w C:\Program Files\Windows Update Download
2008-07-02 16:17 --------- d-----w C:\Program Files\VistaPack
2008-07-02 16:17 --------- d-----w C:\Program Files\Unlocker
2008-07-02 16:17 --------- d-----w C:\Program Files\System Tools
2008-07-02 16:17 --------- d-----w C:\Program Files\Msn Explorer7
2008-07-02 16:17 --------- d-----w C:\Program Files\LClock
2008-07-02 16:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 07:04 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-21 07:04 615,936 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-21 07:04 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2008-04-21 07:04 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-04-21 07:04 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-04-21 07:04 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-04-21 07:04 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-21 07:04 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2008-04-21 07:04 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-04-21 07:03 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2008-04-21 07:03 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-04-21 07:03 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-04-21 07:03 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-04-21 07:03 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-04-21 07:03 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-04-21 07:03 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-04-21 07:03 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-04-21 07:03 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2004-08-08 13:30 536,584 --sh--w C:\WINDOWS\system32\zxmsewin.dll
2004-08-08 13:31 20,049 --sh--w C:\WINDOWS\system32\zscqahlp.exe
2004-08-08 13:31 16,100 --sh--w C:\WINDOWS\system32\fdtxaiua.exe
2004-08-08 13:32 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 13:32 533,512 --sh--w C:\WINDOWS\system32\mndshsrv.dll
2004-08-08 00:03 537,608 --sh--w C:\WINDOWS\system32\apsggjba.dll
2004-08-08 13:32 535,560 --sh--w C:\WINDOWS\system32\akjsfkaq.dll
2004-08-08 13:31 1,040 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
2004-08-08 13:32 520 --sh--w C:\WINDOWS\system32\gpzhatde.sys
2004-08-08 13:32 538,120 --sh--w C:\WINDOWS\system32\apzhctde.dll
2004-08-08 13:32 17,252 --sh--w C:\WINDOWS\system32\lpzhatde.exe
2004-08-08 13:32 520 --sh--w C:\WINDOWS\system32\dtzfajke.sys
2004-08-08 00:04 537,096 --sh--w C:\WINDOWS\system32\mndhfdwd.dll
2004-08-08 13:32 536,584 --sh--w C:\WINDOWS\system32\pqzfajke.dll
2004-08-08 13:31 1,040 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 00:04 535,048 --sh--w C:\WINDOWS\system32\detxbiua.dll
2004-08-08 13:32 16,567 --sh--w C:\WINDOWS\system32\dazfajke.exe
2004-08-08 13:32 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 13:32 16,386 --sh--w C:\WINDOWS\system32\tjfyabyt.exe
2004-08-08 00:05 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 00:05 535,048 --sh--w C:\WINDOWS\system32\skqnebib.dll
2004-08-08 00:05 15,789 --sh--w C:\WINDOWS\system32\dfqnabib.exe
2004-08-08 00:05 538,632 --sh--w C:\WINDOWS\system32\zywmgime.dll
2004-08-08 00:05 536,584 --sh--w C:\WINDOWS\system32\yzztlmsn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{20618412-C528-C784-C056-C164D1F7C502}]
08/08/2004 03:04 AM 535048 ---hs---- C:\WINDOWS\system32\detxbiua.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{3D698451-2015-6358-9871-2015987452D3}]
08/08/2004 04:32 PM 538120 ---hs---- C:\WINDOWS\system32\apzhctde.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{52023698-6984-8541-9654-698745012525}]
08/08/2004 03:05 AM 535048 ---hs---- C:\WINDOWS\system32\skqnebib.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}]
08/08/2004 04:32 PM 536584 ---hs---- C:\WINDOWS\system32\pqzfajke.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{6C648541-1025-9650-9057-6541258720C6}]
08/08/2004 03:04 AM 537096 ---hs---- C:\WINDOWS\system32\mndhfdwd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{7319A1F1-9410-9654-3201-345FFA349137}]
08/08/2004 03:05 AM 538632 ---hs---- C:\WINDOWS\system32\zywmgime.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{7FD45A54-9875-698F-E56E-65102358FDF7}]
08/08/2004 03:03 AM 537608 ---hs---- C:\WINDOWS\system32\apsggjba.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
07/03/2008 03:05 AM 45056 --a------ C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{B490415F-65F8-B5C5-D8BA-9405FB12054B}]
08/08/2004 03:05 AM 536584 ---hs---- C:\WINDOWS\system32\yzztlmsn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{C490415F-65F8-B5C5-D8BA-9405FB12054C}]
08/08/2004 03:05 AM 536584 ---hs---- C:\WINDOWS\system32\yzztlmsn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [08/24/2006 08:32 PM 408064]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [11/07/2007 03:34 PM 3739672]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07/02/2008 07:41 PM 4617720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [09/09/2006 12:00 PM 15360]
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
YzToolbar.lnk - C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe [2008-07-02 19:17:12 90112]
Dock.lnk - C:\Program Files\VistaPack\Dock\Dock.exe [2008-07-02 19:17:11 1826885]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7FD45A54-9875-698F-E56E-65102358FDF7}"= "C:\WINDOWS\system32\apsggjba.dll" [08/08/2004 03:03 AM 537608]
"{6C648541-1025-9650-9057-6541258720C6}"= "C:\WINDOWS\system32\mndhfdwd.dll" [08/08/2004 03:04 AM 537096]
"{20618412-C528-C784-C056-C164D1F7C502}"= "C:\WINDOWS\system32\detxbiua.dll" [08/08/2004 03:04 AM 535048]
"{52023698-6984-8541-9654-698745012525}"= "C:\WINDOWS\system32\skqnebib.dll" [08/08/2004 03:05 AM 535048]
"{7319A1F1-9410-9654-3201-345FFA349137}"= "C:\WINDOWS\system32\zywmgime.dll" [08/08/2004 03:05 AM 538632]
"{C490415F-65F8-B5C5-D8BA-9405FB12054C}"= "C:\WINDOWS\system32\yzztlmsn.dll" [08/08/2004 03:05 AM 536584]
"{B490415F-65F8-B5C5-D8BA-9405FB12054B}"= "C:\WINDOWS\system32\yzztlmsn.dll" [08/08/2004 03:05 AM 536584]
"{8A041F13-A111-12A3-B0CF-F99818AA68A8}"= "C:\WINDOWS\system32\zxmsewin.dll" [08/08/2004 04:30 PM 536584]
"{87FD640A-158F-48AC-FD14-1597F14A9778}"= "C:\WINDOWS\system32\mndshsrv.dll" [08/08/2004 04:32 PM 533512]
"{6A908760-8000-4000-A000-9000322145A6}"= "C:\WINDOWS\system32\akjsfkaq.dll" [08/08/2004 04:32 PM 535560]
"{3D698451-2015-6358-9871-2015987452D3}"= "C:\WINDOWS\system32\apzhctde.dll" [08/08/2004 04:32 PM 538120]
"{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}"= "C:\WINDOWS\system32\pqzfajke.dll" [08/08/2004 04:32 PM 536584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [07/03/2008 03:00 AM 14336]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [07/03/2008 03:05 AM 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=skqnebib.dll,yzztlmsn.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HM^Start Menu^Programs^Startup^Dock.lnk]
path=C:\Documents and Settings\HM\Start Menu\Programs\Startup\Dock.lnk
backup=C:\WINDOWS\pss\Dock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HM^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\HM\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HM^Start Menu^Programs^Startup^YzToolbar.lnk]
path=C:\Documents and Settings\HM\Start Menu\Programs\Startup\YzToolbar.lnk
backup=C:\WINDOWS\pss\YzToolbar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 09/09/2006 12:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 09/25/2007 11:10 AM 2007088 C:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 09/20/2004 01:27 AM 65536 C:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 11/07/2007 03:34 PM 3739672 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 05/18/2005 02:44 PM 905216 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 09/23/2004 12:41 PM 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 10/14/2004 09:11 AM 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 09/30/2006 10:25 AM 96984 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 08/20/2006 01:48 PM 6656 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 07/02/2008 07:41 PM 4617720 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
-ra------ 08/25/2005 02:05 PM 49152 C:\WINDOWS\system32\SiSPower.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R0 SiSRaid1;SiSRaid1;C:\WINDOWS\system32\DRIVERS\SiSRaid1.sys [09/03/2004 08:48 AM]
R2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [06/20/2008 12:35 PM]
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys [07/04/2008 07:08 PM]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-07-04 19:21:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 07/04/2008 19:23:12 - machine was rebooted [HM]
ComboFix-quarantined-files.txt 2008-07-04 16:23:08
Pre-Run: 11,665,506,304 bytes free
Post-Run: 11,807,424,512 bytes free
284 --- E O F --- 2008-07-04 00:01:12

-------------------------------------------

تقرير hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:29:38 م, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HM\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: detxbiua.dll - {20618412-C528-C784-C056-C164D1F7C502} - C:\WINDOWS\system32\detxbiua.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll
O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll
O2 - BHO: pqzfajke.dll - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - C:\WINDOWS\system32\pqzfajke.dll
O2 - BHO: mndhfdwd.dll - {6C648541-1025-9650-9057-6541258720C6} - C:\WINDOWS\system32\mndhfdwd.dll
O2 - BHO: zywmgime.dll - {7319A1F1-9410-9654-3201-345FFA349137} - C:\WINDOWS\system32\zywmgime.dll
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: yzztlmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztlmsn.dll
O2 - BHO: yzztlmsn.dll - {C490415F-65F8-B5C5-D8BA-9405FB12054C} - C:\WINDOWS\system32\yzztlmsn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - .DEFAULT Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dock.lnk = C:\Program Files\VistaPack\Dock\Dock.exe (User 'Default user')
O4 - .DEFAULT User Startup: YzToolbar.lnk = C:\Program Files\VistaPack\YzToolbar\YzToolBar.exe (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B610BCBC-9D5D-4D39-B958-E3681C137143}: NameServer = 163.121.128.134,163.121.128.135
O20 - AppInit_DLLs: skqnebib.dll,yzztlmsn.dll
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
--
End of file - 6074 bytes

LINEZERO · 4 يوليو 2008

جهازك رايح فيها .. :cr:

ادخل الموضوع هذا وطبق مابداخله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

‏(

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

)

واذا خلصت ارجع لي ابيك بسالفه
:q:

تفاحه · 4 يوليو 2008

يعطيك العاافيه

k:

الله يعينك على مشكلتك وتنحل يارب :b:

ياااربي كيف تعرفوون اذا القيم فيروووسااات او مو كويسه ؟؟ :q: :?:

MA222 · 4 يوليو 2008

تفاحه قال:
يعطيك العاافيه k:

الله يعينك على مشكلتك وتنحل يارب :b:

ياااربي كيف تعرفوون اذا القيم فيروووسااات او مو كويسه ؟؟ :q: :?:

ادخلي هذا الموضوع وانشاء الله يفيدك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

miss.fci · 7 يوليو 2008

LINEZERO قال:
جهازك رايح فيها .. :cr:

ادخل الموضوع هذا وطبق مابداخله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
‏(

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
)

واذا خلصت ارجع لي ابيك بسالفه

:q:

السلام عليكم

انا عملت الاسطوانة ودخلت عليها لكن بتظهر صورة وتفضل وقت طويل ومفيش حاجة بتظهر بعد كده من الموجود فى الشرح

اذا كان ممكن طريقة افرمت بيها الجهاز لان الفيروسات موجوده على system32
وكل ما افرمت السى وانزل نسخه ويندوز جديدة تفضل الفيروسات موجوده
فهل ممكن افرمت الهارد وكانه جاى جديد ؟
وجزاكم الله خيرا

miss.fci · 8 يوليو 2008

أفيدونا افادكم الله

زيزوومي جديد

زيزوومي نشيط

توقيع : moustakhdem

زيزوومى مبدع

توقيع : الليث الضارب

زيزوومي نشيط

توقيع : moustakhdem

زيزوومي جديد

عضو شرف

زيزوومى فضى

زيزوومى مبدع

توقيع : العرافة

زيزوومى محترف

توقيع : فارس الملاك

زيزوومى مبدع

توقيع : العرافة

زيزوومي جديد

زيزوومي جديد

زيزوومى محترف

توقيع : LINEZERO

زيزوومي جديد

زيزوومى محترف

توقيع : LINEZERO

زيزوومى مبدع

زيزوومى مبدع

توقيع : MA222

زيزوومي جديد

زيزوومي جديد