فايروس ومشاكل اخرى + تقر

دوت · 5 يونيو 2011

الجهاز كان طبيعي ونزلته لمحل حاسب يفرمته وسوسه بس:cr:

جاني الجهاز اما مهكر اماعليه فايروس

هذه صور

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تقرير Hijack

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:20:47 م, on 04/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Motorola\Connection Manager\MotoCM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Motorola\Connection Manager\RcAppSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\aadrive32.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Motorola Connection Manager] "C:\Program Files\Motorola\Connection Manager\MotoCM.exe" -a
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\aadrive32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tnaww] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
O4 - HKCU\..\Run: [sdjwe] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe
O4 - HKCU\..\Run: [jaqq] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe
O4 - HKCU\..\Run: [jkqq] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143\jikd.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\aadrive32.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [YDZ1QVAGOJ] C:\WINDOWS\TEMP\Ubg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Motorola RcAppSvc (MOTOROLARcAppSvc) - SmithMicro Inc. - C:\Program Files\Motorola\Connection Manager\RcAppSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 7494 bytes

صورة من تحليل التقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دوت · 5 يونيو 2011

Runscanner logfile

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

* = signed file
- = file not found

General info
------------
Computer name : RA-SA
Creation time : 04/06/2011 08:06:12 م
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.6001.18702
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 2.0.0.50
User Language : العربية (السعودية)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
* C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
* C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
* C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
* C:\WINDOWS\system32\alg.exe (Microsoft Corporation)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\Documents and Settings\User\ddqj.exe
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
C:\WINDOWS\aadrive32.exe
C:\WINDOWS\aadrive32.exe
C:\Documents and Settings\User\Application Data\10C.tmp
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Motorola\Connection Manager\MotoCM.exe (MOTOROLA)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
* C:\Documents and Settings\User\My Documents\Downloads\runscanner (1).exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\WINDOWS\explorer.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)

Unrated items
-------------
002 C:\WINDOWS\aadrive32.exe
003 C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Microsoft Corporation)
003 C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Microsoft Corporation)
003 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe (Microsoft Corporation)
003 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143\jikd.exe (Microsoft Corporation)
003 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe (Microsoft Corporation)
003 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe (Microsoft Corporation)
008 C:\WINDOWS\TEMP\Ubg.exe (Simon Tatham)
011 * C:\WINDOWS\system32\DRIVERS\drxvi314.sys (Beceem Communications Inc. Tarang3)
011 * C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys (Beceem Devices' Enumerator Driver)
011 * C:\WINDOWS\system32\DRIVERS\l1c51x86.sys (NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller)
012 C:\WINDOWS\TEMP\Ubg.exe (Simon Tatham)
034 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143\jikd.exe (Microsoft Corporation)
034 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe (Microsoft Corporation)
034 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe (Microsoft Corporation)
034 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe (Microsoft Corporation)
038 c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
061 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
073 {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\WINDOWS\TEMP\Ubg.exe (Simon Tatham)
073 {810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job : C:\WINDOWS\TEMP\Ubf.exe (Simon Tatham)
105 Add to Google Photos Screensa&ver : res://C:\WINDOWS\system32\GPhotos.scr/200
105 ت&صدير إلى Microsoft Excel : res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
105 تحميل الكل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEGetAll.htm
105 تحميل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEExt.htm
105 تحميل محتوى FLV بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEGetVL.htm
167 C:\WINDOWS\aadrive32.exe
173 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll

حاولت ارفاق تقرير run ماعرفت

تقرير اخر

Runscanner logfile

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

* = signed file
- = file not found

General info
------------
Computer name : RA-SA
Creation time : 04/06/2011 08:26:56 م
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.6001.18702
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 2.0.0.50
User Language : العربية (السعودية)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
* C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
* C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
* C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
* C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
* C:\WINDOWS\system32\alg.exe (Microsoft Corporation)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Motorola\Connection Manager\MotoCM.exe (MOTOROLA)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
* C:\Documents and Settings\User\My Documents\Downloads\runscanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\WINDOWS\explorer.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\smss.exe (Microsoft Corporation)

Unrated items
-------------
002 C:\WINDOWS\aadrive32.exe
003 C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
003 C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
003 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe
003 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143\jikd.exe
003 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe
003 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
008 C:\WINDOWS\TEMP\Ubg.exe (Simon Tatham)
011 * C:\WINDOWS\system32\DRIVERS\drxvi314.sys (Beceem Communications Inc. Tarang3)
011 * C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys (Beceem Devices' Enumerator Driver)
011 * C:\WINDOWS\system32\DRIVERS\l1c51x86.sys (NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller)
012 C:\WINDOWS\TEMP\Ubg.exe (Simon Tatham)
034 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143\jikd.exe
034 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe
034 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe
034 C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
038 c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
061 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
073 {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\WINDOWS\TEMP\Ubg.exe (Simon Tatham)
073 {810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job : C:\WINDOWS\TEMP\Ubf.exe (Simon Tatham)
105 Add to Google Photos Screensa&ver : res://C:\WINDOWS\system32\GPhotos.scr/200
105 ت&صدير إلى Microsoft Excel : res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
105 تحميل الكل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEGetAll.htm
105 تحميل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEExt.htm
105 تحميل محتوى FLV بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEGetVL.htm
167 C:\WINDOWS\aadrive32.exe
173 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll

rd-19 · 5 يونيو 2011

احملي هذا الفحص

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دوت · 5 يونيو 2011

ايش به الجهاز مهكر ولانازل عليه فايروس ولاملف تجسس؟:er:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

KoNaMi · 5 يونيو 2011

والله ها الهنود مشكله .. تلقاه مسوي نسخه ويندوز من عامي يالي

لاهنتي اوخيتي اعملي الي قال عليه اخوي رد

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دوت · 5 يونيو 2011

************' Anti-Malware 1.51.0.1200

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Database version: 6705

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

05/06/2011 12:25:26 ص
mbam-log-2011-06-05 (00-25-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 178040
Time elapsed: 1 hour(s), 17 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 3
Files Infected: 34

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.AutoRun.Gen) -> Bad: (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe) Good: () -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143\jikd.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413 (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Delete on reboot.

Files Infected:
c:\documents and settings\User\mdix.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\mdswix.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\smdix.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\tt18.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\10D.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\110.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\2D.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\40.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\47.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\63.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\68.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\9A.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\9B.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\A7.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\A8.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\DC.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\EE.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\FC.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\FD.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\FF.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\temporary internet files\Content.IE5\03V2F8NY\t98[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\temporary internet files\Content.IE5\HBLAWBH6\mix[2].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\temporary internet files\Content.IE5\HBLAWBH6\t130[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\temporary internet files\Content.IE5\N95MGWDA\t122[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\temporary internet files\Content.IE5\N95MGWDA\t18[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\aadrive32.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\WINDOWS\mui\FALLBACK\0401\calc.exe.mui (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.

rd-19 · 5 يونيو 2011

تقرير هايجاك جديد

3zoz · 5 يونيو 2011

من بعد اذن اخوي رائد

بعد عمل الهايجاك اعملي كالتالي لتنظيف الجهاز أكثر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دوت · 5 يونيو 2011

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:44:52 ص, on 05/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\User\Local Settings\Temp\zxu3\files\mbam.exe
C:\Program Files\Motorola\Connection Manager\MotoCM.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [YDZ1QVAGOJ] C:\WINDOWS\TEMP\Ubg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - ************ Corporation - C:\Documents and Settings\User\Local Settings\Temp\zxu3\files\\mbamservice.exe
O23 - Service: Motorola RcAppSvc (MOTOROLARcAppSvc) - SmithMicro Inc. - C:\Program Files\Motorola\Connection Manager\RcAppSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6504 bytes

SeCuRiTy-DZ · 5 يونيو 2011

ايش به الجهاز مهكر ولانازل عليه فايروس ولاملف تجسس؟

أختــي هذا فايروس و ليس باتش اختــراق

هل عملتي تنظيف مخلفات مثل ما تفضلــو الإخوة؟؟

دوت · 6 يونيو 2011

من امس لليوم احاول بس احمله الجهاز يرفض تحميل برامج الحماية حملته علا جهاز اخوي واخذته بالفلاش علا جهازي ماشتغل رجعت الفلاش بجهاز اخوي عشان احمله ثاني انضرب جهازه بنفس المصيبه وصرت اصلح جهازين بدل واحد:hh:

المهم اشتغل نود ويتوقف هنا كما الصوره ايش السوات:i:

دوت · 6 يونيو 2011

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rd-19 · 6 يونيو 2011

عطيني تقرير هايجاك جديد

دوت · 6 يونيو 2011

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:06:25 ص, on 06/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\aadrive32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Motorola\Connection Manager\MotoCM.exe
C:\Program Files\Motorola\Connection Manager\RcAppSvc.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\aadrive32.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [YDZ1QVAGOJ] C:\WINDOWS\TEMP\Ubg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - ************ Corporation - C:\Documents and Settings\User\Local Settings\Temp\zxu3\files\\mbamservice.exe
O23 - Service: Motorola RcAppSvc (MOTOROLARcAppSvc) - SmithMicro Inc. - C:\Program Files\Motorola\Connection Manager\RcAppSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe (file missing)
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - C:\WINDOWS\system32\csrsc.exe (file missing)

--
End of file - 7077 bytes

رابط الموقع يوضح علامات استفهام جانب احد مسميات الفايروس واكس احمر جانب قيمه ماعرفها

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دوت · 6 يونيو 2011

وينكم

YHYA -KSA · 6 يونيو 2011

اختي سوي فحص ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دوت · 7 يونيو 2011

مو راضي يحمل اي برنامج حماية\

هذا برنامج علا الجهاز لكن بدون السيريال نمبر لو تعرفوا تجيبولي السيريال حقه اكون شاكره لكم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rd-19 · 7 يونيو 2011

اختي امم حمليه من جهاز اخوك :q: ثم انقليه لجهازك وافحصي جهازك كامل يا بااللي ذكره اخوي يحيى او جربي هذا للفحص كامل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دوت · 7 يونيو 2011

ابشركم خلاص جهازي مات ونتقبل العزاء على موقع ايسر للاب توبات الصينيه .
الويندوز طار كله كل مافتح الجهاز يجني الشاشة السوداء فحسب :hh:

الحين جهاز اخوي msi نفس الحاله بعد ماصابه الفايروس مايحمل اي ملف صيانه ..

الحمدلله بكل الاحوال بنزلهم للهندي اللي تحت ابي اشوف ايش جديده .. الله يستر

دوت · 7 يونيو 2011

هذا نفس الفايروس اللي عندي شكل الهندي اللي سوالي الجهاز هاكر خايس

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

زيزوومي نشيط

زيزوومى فضى

توقيع : KoNaMi

زيزوومي نشيط

زيزوومى فضى

زيزوومى ذهبى

زيزوومي نشيط

زيزوومى محترف

توقيع : SeCuRiTy-DZ

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : YHYA -KSA

زيزوومي نشيط

زيزوومى فضى

زيزوومي نشيط

زيزوومي نشيط