تم حل المشكلة هل جهازي سليم من الفيروسات

Ksa22 · 4 أبريل 2011

السلام عليكم

كيف حالكم

ان شاء الله بخير

اخواني انا شاك ان جهازي فيه فيروسات وباتشات :er:

التقارير

(( الهيجاك ))

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:10 ?, on 17/02/11
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\eWIN7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eWIN7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eWIN7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\eWIN7\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Show all images in original quality - C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: Show image in original quality - C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: ??????????????ilCFPCFG
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: Realtek87B - Realtek - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe

--
End of file - 6725 bytes

(( تقرير رون سكينر ))

Runscanner logfile

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

* = signed file
- = file not found

General info
------------
Computer name : EWIN7-PC
Creation time : 04/04/11 05:42:42 م
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.7600.16385
OS : Windows 7 Ultimate
OS Build : 7600
OS SP :
RunScanner Version : 2.0.0.50
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
* C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
* C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\dllhost.exe (Microsoft Corporation)
C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

(

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

)
* C:\Windows\System32\dwm.exe (Microsoft Corporation)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\Windows\System32\hkcmd.exe (Intel Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\taskhost.exe (Microsoft Corporation)
* C:\Windows\System32\igfxtray.exe (Intel Corporation)
* C:\Program Files\Java\jre6\launch4j-tmp\frd.exe (Sun Microsystems, Inc.)
* C:\Windows\System32\lsass.exe (Microsoft Corporation)
* C:\Windows\System32\lsm.exe (Microsoft Corporation)
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
* C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
* C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
* C:\Windows\System32\igfxpers.exe (Intel Corporation)
* C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)
C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
* D:\msdownld.tmp\runscanner.exe (Runscanner.net)
* C:\Windows\System32\services.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
* C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
* C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Windows\System32\rundll32.exe (Microsoft Corporation)
* C:\Windows\System32\winlogon.exe (Microsoft Corporation)
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)

Unrated items
-------------
003 C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

(

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

)
005 C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
006 C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
010 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Machine Debug Manager)
010 C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (RtlService MFC Application)
042 C:\Windows\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66}
042 GUID / CLSID not found {CCA281CA-C863-46ef-9331-5C8D4460577F}
042 GUID / CLSID not found {0000036B-C524-4050-81A0-243669A86B9F}
042 GUID / CLSID not found {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
060 GUID / CLSID not found {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
100 ProxyOverride HKCU : 127.0.0.1;localhost;<local>
100 ProxyServer HKCU : http=127.0.0.1:3128;https=127.0.0.1:3128;socks=127.0.0.1:9000
100 Start Page HKCU :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

104 C:\Windows\DOWNLO~1\oscan82.ocx (BitDefender) {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
104 GUID / CLSID not found {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
105 ?&???? ??? Microsoft Excel :
105 ????? ??? ?????? ???????? :
105 Send image to &Bluetooth Device... : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
105 Send page to &Bluetooth Device... : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
105 Show all images in original quality : C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

105 Show image in original quality : C:\Program Files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

105 إضافة إلى مكافحة الشعارات : C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
105 ت&صدير إلى Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
122 C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL (Realtek)
170 {9794287b-d746-11df-a592-b8ac6f53e257} : H:\Setup.exe
170 {9794288a-d746-11df-a592-b8ac6f53e257} : I:\RunGame.exe
170 {9794288c-d746-11df-a592-b8ac6f53e257} : J:\RunGame.exe
170 {9794288e-d746-11df-a592-b8ac6f53e257} : K:\RunGame.exe
170 {c4e083e0-2c18-11e0-954a-b8ac6f53e257} : G:\AutoRun.exe
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
223 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
225 GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

البارون · 4 أبريل 2011

اعمل الفحص التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Ksa22 · 4 أبريل 2011

تفضل اخوي التقرير

************' Anti-Malware 1.50.1.1100

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Database version: 6267

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04/04/11 07:57:54 ?
mbam-log-2011-04-04 (19-57-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 275532
Time elapsed: 1 hour(s), 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

YHYA -KSA · 4 أبريل 2011

الحمدلله جهازك سليم يا غلا ...

Ksa22 · 4 أبريل 2011

اشكركم اخواني ( البارون ويحيا )

والله يجزاكم كل خير

alemalbyelaram · 5 أبريل 2011

يغلق للانتهاء

تم حل المشكلة هل جهازي سليم من الفيروسات

Ksa22

زيزوومي جديد

البارون

زيزوومى فضى

توقيع : البارون

Ksa22

زيزوومي جديد

YHYA -KSA

زيزوومى فضى

توقيع : YHYA -KSA

Ksa22

زيزوومي جديد

alemalbyelaram

عضو شرف

توقيع : alemalbyelaram