فيروس خبيث في جهازي

  • بادئ الموضوع بادئ الموضوع Mourinho
  • تاريخ البدء تاريخ البدء
  • المشاهدات 846
M

Mourinho

زيزوومي جديد
إنضم
2 فبراير 2008
المشاركات
19
مستوى التفاعل
0
النقاط
20
الإقامة
With Mourinho
غير متصل
السلام عليكم و رحمة الله و بركاته..

تعودت على إيجاد الحلول من الأخ العزيز زيزووم "تركي" رحم الله والديه في منتديات أخرى غير منتديادته..

اليوم عندي مشكلة تواجد فيروس حاولت بشتى الطرق و لم تفلح المحاولات..

هنا صورة لـ برنامج الـ avira و هو يصطاد الفيروس إلا أنه لا يستطيع التخلص منه

24460008we4.png

33hq3.jpg


و هنا الـ Task Manager

20632749do9.png


و هنا تقرير الهايجاك و طبعاً أن الآن منزل برنامج الـ Avast كـ أنتي فيروس

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:45, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\PeerNet\svchost.exe
C:\WINDOWS\msapps\csrss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Crystal\smss.exe
C:\WINDOWS\Cursors\lsass.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NgrabLite\NGrabLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\aboal7roof\aboal7roof.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEMonitor.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.138;192.168.0.50;<local>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NGrabLite] C:\Program Files\NgrabLite\NGrabLite.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: aboal7roof.lnk = C:\Program Files\aboal7roof\aboal7roof.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ANB Direct - file:///C:/ebank/classes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (ANB Direct) - file:///C:/ebank/anb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Transaction Coordinator (htoad) - Unknown owner - svshost.exe (file missing)
O23 - Service: Transaction Coordinator (htuad) - Update - C:\WINDOWS\msapps\csrss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Transaction Coordinator (stuad) - ACME - C:\WINDOWS\Crystal\smss.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Transaction Coordinator (ztuad) - Mat's WAREZ - C:\WINDOWS\Cursors\lsass.exe

--
End of file - 8661 bytes
أنقر للتوسيع...

و شكراً لكم
 

توقيع : Mourinho
ترتيب حسب التاريخ ترتيب حسب الأصوات
هذا فعلا فايروس خطير من نوع باك دور اخي اعمل التالي


(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم





(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
مشكور أخي العزيز على التفاعل السريع..

تقرير الـ combofix على فكرة.. هو طلع لي التقرير و لكن لم يعيد تشغيل الجهاز!

ComboFix 08-10-14.07 - psce 2008-10-15 19:17:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.542 [GMT 0:00]
Running from: C:\Documents and Settings\psce\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.

2008-10-15 04:18 . 2008-10-15 04:18 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-15 02:52 . 2008-10-15 02:52 <DIR> d-------- C:\Sandbox
2008-10-15 02:52 . 2008-10-15 02:52 <DIR> d-------- C:\Program Files\Sandboxie
2008-10-15 02:52 . 2008-10-15 04:04 1,422 --a------ C:\WINDOWS\Sandboxie.ini
2008-10-14 08:34 . 2008-10-14 08:34 <DIR> d-------- C:\Program Files\CCleaner
2008-10-14 03:12 . 2008-10-14 03:18 <DIR> d-------- C:\Documents and Settings\psce\.housecall6.6
2008-10-14 01:38 . 2008-10-14 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-14 01:36 . 2008-10-15 04:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-14 01:36 . 2008-10-15 04:00 <DIR> d-------- C:\Documents and Settings\psce\Application Data\SUPERAntiSpyware.com
2008-10-14 01:23 . 2008-10-14 01:23 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-09 07:15 . 2008-10-09 07:19 <DIR> d-------- C:\Program Files\Any Video Converter Professional
2008-10-09 07:08 . 2008-10-09 07:08 0 --a------ C:\WINDOWS\MovieEdit.INI
2008-10-09 07:04 . 2008-10-09 07:04 <DIR> d-------- C:\movies
2008-10-09 06:45 . 2008-10-09 06:45 <DIR> d-------- C:\Program Files\OJOsoft
2008-10-09 06:45 . 2008-10-09 06:45 <DIR> d-------- C:\Program Files\Common Files\Common Share
2008-10-09 06:36 . 2008-10-09 06:36 <DIR> d-------- C:\videooutput
2008-10-09 06:36 . 2008-10-09 06:36 <DIR> d-------- C:\Program Files\Smallvideosoft
2008-10-09 06:36 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-10-06 02:52 . 2008-10-06 02:52 109,248 --a------ C:\WINDOWS\system32\BB
2008-10-06 02:51 . 2008-10-14 03:40 <DIR> d--hs---- C:\WINDOWS\Crystal
2008-10-06 02:51 . 2008-10-06 02:52 536,540 --a------ C:\WINDOWS\V-DCW-v-sids.db-v-key.db-Softcam.key-MCT-Privatespice-FILMNET-POLSAT_Rai_Fix_Cyfra_Fix_Polsat_Fix_DreamTV-07-10-2008.exe
2008-10-04 06:08 . 2008-10-08 06:30 <DIR> d-------- C:\Program Files\KeyUpdater
2008-09-30 05:06 . 2008-09-30 05:06 79 --a------ C:\WINDOWS\Serial.ini
2008-09-23 03:25 . 2008-09-23 03:33 <DIR> d-------- C:\Documents and Settings\psce\Application Data\mIRC
2008-09-22 02:35 . 2008-10-08 06:22 <DIR> d-------- C:\Program Files\DNA
2008-09-21 03:49 . 2008-09-21 03:49 100 --a------ C:\WINDOWS\SwLoader.INI
2008-09-18 08:44 . 2008-10-14 02:24 <DIR> d-------- C:\QUARANTINE
2008-09-15 03:00 . 2008-09-15 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 19:18 --------- d-----w C:\Documents and Settings\psce\Application Data\DMCache
2008-10-15 19:17 --------- d-----w C:\Documents and Settings\psce\Application Data\uTorrent
2008-10-15 14:51 --------- d-----w C:\Documents and Settings\psce\Application Data\TeraCopy
2008-10-15 14:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 12:01 --------- d-----w C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)
2008-10-15 04:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 03:05 102,400 ------w C:\WINDOWS\msapps\csrss.exe
2008-10-14 08:32 2,444 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-14 03:40 --------- d-----w C:\Documents and Settings\psce\Application Data\License32Support
2008-10-14 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-14 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-13 22:22 --------- d-----w C:\Program Files\Opera
2008-10-11 00:33 --------- d-----w C:\Documents and Settings\psce\Application Data\Skype
2008-10-09 07:03 --------- d-----w C:\Program Files\Total Video Converter
2008-10-08 15:02 --------- d-----w C:\Program Files\Google
2008-10-08 07:11 --------- d-----w C:\Program Files\Deskshare
2008-10-08 07:08 --------- d-----w C:\Program Files\RM-to-MP3-Converter
2008-10-08 06:57 --------- d-----w C:\Documents and Settings\psce\Application Data\MakeUpPilot
2008-10-08 06:46 --------- d-----w C:\Program Files\MathType
2008-10-08 06:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 06:32 --------- d-----w C:\Documents and Settings\psce\Application Data\COWON
2008-10-08 06:19 --------- d-----w C:\Program Files\Common Files\BitCtrl
2008-10-08 06:18 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-10-08 06:10 --------- d-----w C:\Program Files\3D-FTP
2008-10-08 05:47 --------- d-----w C:\Documents and Settings\psce\Application Data\IDM
2008-10-08 05:37 114,688 ----a-w C:\WINDOWS\system32\wmatimer.dll
2008-10-08 04:51 --------- d-----w C:\Documents and Settings\psce\Application Data\Thinstall
2008-10-06 02:52 20,480 ----a-w C:\WINDOWS\Cursors\lsass.exe
2008-09-21 19:51 --------- d-----w C:\Program Files\Circle Developement
2008-09-17 00:29 --------- d-----w C:\Program Files\Universal Teacher
2008-09-16 03:17 --------- d-----w C:\Program Files\CyberLink
2008-09-16 03:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-16 03:15 --------- d-----w C:\Program Files\eMule
2008-09-16 03:14 --------- d-----w C:\Program Files\Ease123 Video Watermarker
2008-09-14 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-09-14 03:50 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-09-14 03:49 --------- d-----w C:\Program Files\MAGIX
2008-09-14 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-09-14 02:15 --------- d-----w C:\Documents and Settings\psce\Application Data\AVSMedia
2008-09-14 01:51 --------- d-----w C:\Program Files\AVSMedia
2008-09-13 21:37 --------- d-----w C:\Program Files\Power Video Converter
2008-09-09 21:43 --------- d-----w C:\Program Files\QuickTime
2008-09-06 02:19 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-05 05:15 --------- d-----w C:\Program Files\LeapFTP
2008-09-02 21:27 --------- d-----w C:\Program Files\MozBackup
2008-08-27 15:30 --------- d-----w C:\Program Files\RM to MP3 Converter
2008-08-21 11:43 --------- d-----w C:\Documents and Settings\psce\Application Data\CyberLink
2008-08-19 03:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-08 19:06 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-07-18 22:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 22:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-14_ 4.08.48.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-15 02:52:16 439,775 ----a-w C:\WINDOWS\Installer\SandboxieInstall.exe
+ 2008-10-15 04:02:38 65,536 ----a-w C:\WINDOWS\PeerNet\svchost.exe
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 17:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-10-15 04:58:51 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMan.exe" [2008-11-05 2561456]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"NGrabLite"="C:\Program Files\NgrabLite\NGrabLite.exe" [2006-03-21 118784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-06 219952]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-09-02 716800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-09 413696]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
aboal7roof.lnk - C:\Program Files\aboal7roof\aboal7roof.exe [2008-08-10 776704]
SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe [2008-05-15 6822728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Relook PCEditor\\PCEditor.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\NgrabLite\\NGrabLite.exe"=
"C:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\WINDOWS\\Crystal\\smss.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\msapps\\csrss.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:UDP"= 21:UDP:p
"443:TCP"= 443:TCP:ooVoo TCP المنفذ 443
"443:UDP"= 443:UDP:ooVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:ooVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:ooVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:ooVoo UDP المنفذ 37675
"1034:TCP"= 1034:TCP:f

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-09-02 100352]
S2 htuad;Transaction Coordinator;C:\WINDOWS\msapps\csrss.exe [2008-10-15 102400]
S2 stuad;Transaction Coordinator;C:\WINDOWS\Crystal\smss.exe [2008-10-14 77824]
S2 ztuad;Transaction Coordinator;C:\WINDOWS\Cursors\lsass.exe [2008-10-06 20480]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-13 355584]
S4 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [2008-06-20 991232]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\b.com
\Shell\explore\Command - J:\b.com
\Shell\open\Command - J:\b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - taqhptr.bat
\Shell\explore\Command - taqhptr.bat
\Shell\open\Command - taqhptr.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{829153db-7512-11dd-a852-001d7d37bcc1}]
\Shell\AutoRun\command - M:\System\DriveGuard\DriveProtect.exe -run
\Shell\Explore\Command - M:\System\DriveGuard\DriveProtect.exe -run
\Shell\Open\Command - M:\System\DriveGuard\DriveProtect.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{829153f2-7512-11dd-a852-001d7d37bcc1}]
\Shell\AutoRun\command - M:\qxbx9blb.com
\Shell\explore\Command - M:\qxbx9blb.com
\Shell\open\Command - M:\qxbx9blb.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{960114da-2900-11dd-a825-001d7d37bcc1}]
\Shell\AutoRun\command - taqhptr.bat
\Shell\explore\Command - taqhptr.bat
\Shell\open\Command - taqhptr.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df40e2f2-84e1-11dd-a858-001d7d37bcc1}]
\Shell\AutoRun\command - M:\uis.com
\Shell\explore\Command - M:\uis.com
\Shell\open\Command - M:\uis.com

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWSP
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
.
s of the 'Scheduled Tasks' folder

2008-10-15 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\psce\Application Data\Mozilla\Firefox\Profiles\plmhcdnb.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
vbsfile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-15 19:18:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-15 19:19:49
ComboFix-quarantined-files.txt 2008-10-15 19:19:37
ComboFix2.txt 2008-10-15 04:11:47
ComboFix3.txt 2008-10-14 04:24:56
ComboFix4.txt 2008-10-14 04:09:39

Pre-Run: 6,129,364,992 bytes free
Post-Run: 6,116,859,904 bytes free

271 --- E O F --- 2008-10-15 03:00:54
أنقر للتوسيع...

و هنا تقرير الهايجاك قبل تشغيل الأنتي فيروس
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:13, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\msapps\csrss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Crystal\smss.exe
C:\WINDOWS\Cursors\lsass.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMan.exe
C:\Program Files\NgrabLite\NGrabLite.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\aboal7roof\aboal7roof.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.138;192.168.0.50;<local>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NGrabLite] C:\Program Files\NgrabLite\NGrabLite.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: aboal7roof.lnk = C:\Program Files\aboal7roof\aboal7roof.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ANB Direct - file:///C:/ebank/classes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (ANB Direct) - file:///C:/ebank/anb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Transaction Coordinator (htoad) - Unknown owner - svshost.exe (file missing)
O23 - Service: Transaction Coordinator (htuad) - Update - C:\WINDOWS\msapps\csrss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Transaction Coordinator (stuad) - ACME - C:\WINDOWS\Crystal\smss.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Transaction Coordinator (ztuad) - Mat's WAREZ - C:\WINDOWS\Cursors\lsass.exe

--
End of file - 8207 bytes
أنقر للتوسيع...
 
توقيع : Mourinho
تأييد 0
و هنا الهايجاك بعد تشغيل الـ avast

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:24, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\msapps\csrss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Crystal\smss.exe
C:\WINDOWS\Cursors\lsass.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMan.exe
C:\Program Files\NgrabLite\NGrabLite.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\aboal7roof\aboal7roof.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.138;192.168.0.50;<local>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NGrabLite] C:\Program Files\NgrabLite\NGrabLite.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: aboal7roof.lnk = C:\Program Files\aboal7roof\aboal7roof.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ANB Direct - file:///C:/ebank/classes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (ANB Direct) - file:///C:/ebank/anb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Transaction Coordinator (htoad) - Unknown owner - svshost.exe (file missing)
O23 - Service: Transaction Coordinator (htuad) - Update - C:\WINDOWS\msapps\csrss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Transaction Coordinator (stuad) - ACME - C:\WINDOWS\Crystal\smss.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Transaction Coordinator (ztuad) - Mat's WAREZ - C:\WINDOWS\Cursors\lsass.exe

--
End of file - 8313 bytes
أنقر للتوسيع...
 
توقيع : Mourinho
تأييد 0
حدد التالي واحذفهه

C:\WINDOWS\msapps\csrss.exe

C:\WINDOWS\Crystal\smss.exe

C:\WINDOWS\Cursors\lsass.exe



C:\Program Files\aboal7roof\aboal7roof.exe C:\Program Files\NgrabLite\NGrabLite.exe





طريقة الحذف

طبق كما في المثال التالي لحذف القيم اعلاه

سوف ناخذ مثال على برنامج avg هو طبعا ما فيه مشاكل لكن بنطبق عليه الحذف وامري لله

صورته بموقع التحليل

cca%20%287%29.png

وعلى اعتباره برنامج ضار سننفذ الحذف عليه بالطريقة التالية والحديث سيكون على الصور
(الحذف بواسطة اداة الهايجاك)

cca%20%288%29.png

wh_80835080.png

cca%20%2810%29.png

cca%20%2811%29.png

cca%20%2812%29.png

cca%20%2813%29.png

cca%20%2814%29.png

 
توقيع : السّاجد لله
تأييد 0
ثم احذف القيم التالية ايضا

O4 - HKCU\..\Run: [NGrabLite] C:\Program Files\NgrabLite\NGrabLite.exe


O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll


O16 - DPF: ANB Direct - file:///C:/ebank/classes.cab


O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (ANB Direct) - file:///C:/ebank/anb.cab



O23 - Service: Transaction Coordinator (htuad) - Update - C:\WINDOWS\msapps\csrss.exe


O23 - Service: Transaction Coordinator (stuad) - ACME - C:\WINDOWS\Crystal\smss.exe


O23 - Service: Transaction Coordinator (ztuad) - Mat's WAREZ - C:\WINDOWS\Cursors\lsass.exe


طريقة الحذف هذه المرة كالتالي

طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png



ثم ادخل على ازالة البرامج واحذف التولبار لديك ان وجد

ثم تقرير جديد



 
توقيع : السّاجد لله
تأييد 0
أخي العزيز

هذين البرنامجين مضمونين
C:\Program Files\aboal7roof\aboal7roof.exe
C:\Program Files\NgrabLite\NGrabLite.exe

و مركبين عندي منذ فترة طويلة..

نجرب على القية..!

شكراً جزيلاً لك
 
توقيع : Mourinho
تأييد 0
لم أستطيع الحذف

111111ad4.jpg


أتعبتك معي عزيزي..
 
توقيع : Mourinho
تأييد 0
اولا مافي تعب ولا شي
ثانيا قبل الحذف اعمل التالي ثم كمل خطواتك السابقة كما قلت لك بالتفصيل

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



ثم وافق على اعادة التغشيل


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
شكرا لك اخي هشام
 
توقيع : SALEM666
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى