هل تم اختراق جهازي ؟؟ الرجاء المساعدة

[عضو2012]

تقرير هايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:19:52 م, on 29/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\docume~1\maxnet~1\locals~1\temp\drp\dp_sound_b_wnt5_x86-32_1105\drp\d\s\i19\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\MAX NET\Application Data\Zain e-GO\ouc.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Zain e-GO\Zain e-GO.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\MAX NET\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Zain e-GO] "C:\Program Files\Zain e-GO\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\docume~1\maxnet~1\locals~1\temp\drp\dp_sound_b_wnt5_x86-32_1105\drp\d\s\i19\STacSV.exe

--
End of file - 6005 bytes

 

[عضو2012]

تقرير runscanner

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[عضو2012]

البرامج المثبتة
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
AKVIS Coloriage
AKVIS MultiBrush
CCleaner
FormatFactory 2.60
GameSpy Arcade
Golden Al-Wafi Translator
GOM Player
Harry Potter and the Prisoner of Azkaban(TM)
HijackThis 2.0.2
Hot Wheels Stunt Track Challenge
Internet Download Manager
Java(TM) 6 Update 22
KGB Archiver 1.2.1.24
K-Lite Mega Codec Pack 6.5.0
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
Microsoft Office InfoPath MUI (Arabic) 2007
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 9.0.1 (x86 ar)
MSVCRT
RealPlayer
Recuva
Segoe UI
VLC media player 1.1.4
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
WinRAR 4.10 (32-بت)
Zain e-GO
أداة التحميل Windows Live Upload Tool
مساعد تسجيل الدخول إلى Windows Live

 

[Ali Ramadan]

اخي احذف القيم التاليه

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Zain e-GO] "C:\Program Files\Zain e-GO\UpdateDog\ouc.exe"

وارفع الملفين ذي لموقع
:\Documents and Settings\MAX NET\Application Data\Zain e-GO\ouc.exe
C:\Program Files\Zain e-GO\Zain e-GO.exe

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدها اعمل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[عضو2012]

يا الغالي Zain e-GO لاتصال بالانترنت؟

 

[MAAX]

اعمل الفحص التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[عضو2012]

تفضل

Malwarebytes' Anti-Malware 1.51.2.1300

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

30/01/2012 11:16:36 ص
mbam-log-2012-01-30 (11-16-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 196685
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\MAX NET\local settings\Temp\Rar$EXa0.049\port_killer.exe (RiskWare.Tool) -> Quarantined and deleted successfully.
c:\documents and settings\MAX NET\my documents\downloads\compressed\bifrost stub generator v1.0\bifrost stub generator v1.0.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\documents and settings\MAX NET\my documents\downloads\Programs\downloadsetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
d:\amuh.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\MSOCache\all users\90000401-6000-11d3-8cfe-0150048383c9\FILES\PFILES\COMMON\MSSHARED\DW\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\MSOCache\all users\90000401-6000-11d3-8cfe-0150048383c9\FILES\PFILES\MSOFFICE\OFFICE11\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\MSOCache\all users\90000401-6000-11d3-8cfe-0150048383c9\FILES\SETUP\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP12\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP13\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP14\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP16\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP19\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP24\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP25\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP26\A0048233.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP26\A0040075.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP26\A0040078.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP26\A0040079.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP26\A0040080.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP26\A0045190.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP26\A0046233.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP26\A0047233.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP26\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.
d:\system volume information\_restore{93741e30-ae15-4e6c-b634-c1b9dd82cc40}\RP28\lpk.dll (Backdoor.Agent.H) -> Quarantined and deleted successfully.

 

[format]

حمل احدث اصدار من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

نسخة محمولة محدثة لاخر اصدار دوما من موقع الشركة

ثم تابع شرح الفحص

متوفر اللغة العربية ضمن الخيارات لمن يرغب

اختر اعادة التشغيل لاحقا حتى تتمكن من حفظ التقرير وعرضه على قسم الصيانة كما الشرح التالي

تخرج لك مفكرة تحتوي على التقرير .. انسخها كاملة وضعها بمشاركتك بقسم الصيانة

=============

التالي هو شرح استعادة ما اتلفته الفيروسات بواسطة البرنامج

ثم اغلق البرنامج .. سيطلب منك اعادة تشغيل الجهاز
وافق للضرورة حتى يكمل الاصلاح وتنظيف الاصابات

.​