- بادئ الموضوع roro23
- تاريخ البدء
- 1,575
:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:58:58 ص, on 22/01/12
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\0C5D0E\A9146F.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [A9146F] C:\Windows\system32\0C5D0E\A9146F.EXE
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.38.1042\Badoo.Desktop.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: A9146F.lnk = C:\Windows\System32\0C5D0E\A9146F.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DFServ - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8339 bytes
Scan saved at 01:58:58 ص, on 22/01/12
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\0C5D0E\A9146F.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [A9146F] C:\Windows\system32\0C5D0E\A9146F.EXE
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.38.1042\Badoo.Desktop.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: A9146F.lnk = C:\Windows\System32\0C5D0E\A9146F.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DFServ - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8339 bytes
تأييد
0
Malwarebytes' Anti-Malware 1.51.2.1300
Database version: 7622
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22/01/12 04:12:25 ص
mbam-log-2012-01-22 (04-12-25).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 290458
Time elapsed: 50 minute(s), 15 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 10
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 18
Memory Processes Infected:
c:\Windows\System32\F459DE\V3K9B503.EXE (Trojan.Agent) -> 4824 -> Unloaded process successfully.
Memory Modules Infected:
c:\Users\Haseeb\AppData\Local\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\internet.fne (HackTool.Patcher) -> Delete on reboot.
c:\Windows\System32\F459DE\krnln.fnr (Trojan.Agent) -> Delete on reboot.
c:\Windows\System32\F459DE\eAPI.fne (Worm.Autorun) -> Delete on reboot.
c:\Windows\System32\F459DE\dp1.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\shell.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\spec.fne (Worm.Autorun) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Users\Haseeb\AppData\Local\Temp\E_N4 (Worm.Autorun) -> Delete on reboot.
Files Infected:
c:\Users\Haseeb\AppData\Local\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\internet.fne (HackTool.Patcher) -> Delete on reboot.
c:\Windows\System32\F459DE\V3K9B503.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\ZW6L.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
e:\كتآب فوتو سكول\photo school.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\shell.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\spec.fne (Worm.Autorun) -> Delete on reboot.
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Database version: 7622
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22/01/12 04:12:25 ص
mbam-log-2012-01-22 (04-12-25).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 290458
Time elapsed: 50 minute(s), 15 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 10
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 18
Memory Processes Infected:
c:\Windows\System32\F459DE\V3K9B503.EXE (Trojan.Agent) -> 4824 -> Unloaded process successfully.
Memory Modules Infected:
c:\Users\Haseeb\AppData\Local\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\internet.fne (HackTool.Patcher) -> Delete on reboot.
c:\Windows\System32\F459DE\krnln.fnr (Trojan.Agent) -> Delete on reboot.
c:\Windows\System32\F459DE\eAPI.fne (Worm.Autorun) -> Delete on reboot.
c:\Windows\System32\F459DE\dp1.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\shell.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\spec.fne (Worm.Autorun) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Users\Haseeb\AppData\Local\Temp\E_N4 (Worm.Autorun) -> Delete on reboot.
Files Infected:
c:\Users\Haseeb\AppData\Local\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\internet.fne (HackTool.Patcher) -> Delete on reboot.
c:\Windows\System32\F459DE\V3K9B503.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\Windows\System32\F459DE\ZW6L.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
e:\كتآب فوتو سكول\photo school.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\shell.fne (Worm.Autorun) -> Delete on reboot.
c:\Users\Haseeb\AppData\Local\Temp\E_N4\spec.fne (Worm.Autorun) -> Delete on reboot.
تأييد
0
format
زيزوومي ماسى
غير متصل
حمل الاداة التالية واتبع الشرح لعمل تقرير ورفعه
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اعمل كما الصورة لبدء الفحص
ثم اعمل التالي لحفظ ملف التقريرر
هذا هو التقرير المطلوب
توقيع : format
تأييد
0
format
زيزوومي ماسى
غير متصل
حمل الملف التالي
وبالماوس دبل كلك على الملف ... بعدها راح يفتح لك واجهة الاداة
اعمل كما بالشرح ...
ثم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبالماوس دبل كلك على الملف ... بعدها راح يفتح لك واجهة الاداة
اعمل كما بالشرح ...
ثم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : format
تأييد
0
format
زيزوومي ماسى
غير متصل
احدف عن طريق رابط
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : format
تأييد
0