فيرسWin32

ع

عادل البراوى

زيزوومى مبدع
إنضم
10 أكتوبر 2008
المشاركات
1,286
مستوى التفاعل
5
النقاط
620
غير متصل
السلام عليكم
اخوانى اليزووومين
دة تقريرعن جهاز اخى كان مصابب580فيرس win32/sality
نزلتلة كاسبر9 والحمدالله نظف الجهاز
ولكن رايت فى مواضيع المنتدى ان الفيرس بيقبع داخل ملفات الجهاز او ملفات السيتم لكل درايفرلانها مغلقةولا يستطيع اى انتى فيرس رؤيته
للعلم انا سطبت نسخة جديدة كمان معها الافيرا ولم يظهر شىء
واداة ازالةwin32/salityمن اخى ديمو داش
لكن موضوع انة بيختفى فى الستيم لاى درايفراقلقنى
دة تقرير الكومبو فارجو اعلامى ان كان تم القضاء على الفيرس ام لا

تقرير الكومبو
ComboFix 08-12-09.03 - NoUr 12/10/2008 18:59:53.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1078 [GMT 2:00]
Running from: c:\documents and settings\NoUr\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 16:01 --------- d-----w c:\documents and settings\NoUr\Application Data\Media Player Classic
2008-12-10 16:00 --------- d-----w c:\program files\Ringz Studio
2008-12-10 16:00 --------- d-----w c:\program files\Common Files\Real
2008-12-10 15:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 15:00 --------- d-----w c:\program files\Realtek
2008-12-10 15:00 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-10 14:56 --------- d-----w c:\program files\Yahoo!
2008-12-10 14:56 --------- d-----w c:\program files\Intel
2008-12-10 14:52 --------- d-----w c:\program files\Avira
2008-12-10 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-12-10 14:45 --------- d-----w c:\program files\FolderSize
2008-12-10 14:44 --------- d-----w c:\program files\Winamp
2008-12-10 14:44 --------- d-----w c:\program files\Common Files\Adobe
2008-12-10 14:44 --------- d-----w c:\program files\CD-R
2008-12-10 14:43 --------- d-----w c:\program files\Internet Download Manager
2008-12-10 14:39 --------- d-----w c:\program files\Windows Update Download
2008-12-10 14:39 --------- d-----w c:\program files\System Tools
2008-12-10 14:39 --------- d-----w c:\program files\SuperCopier2
2008-12-10 14:38 --------- d-----w c:\program files\MSXML 4.0
2008-12-10 14:34 --------- d-----w c:\program files\YzToolbar
2008-12-10 14:34 --------- d-----w c:\program files\TaskSwitchXP
2008-12-10 14:34 --------- d-----w c:\program files\RegShot
2008-12-10 14:34 --------- d-----w c:\program files\Rainlendar2
2008-12-10 14:34 --------- d-----w c:\program files\Microsoft
2008-12-10 14:34 --------- d-----w c:\program files\Games
2008-12-10 14:34 --------- d-----w c:\program files\Attribute Changer
2008-12-10 14:33 --------- d-----w c:\program files\Utilities
2008-12-10 14:33 --------- d-----w c:\program files\Unlocker
2008-12-10 14:33 --------- d-----w c:\program files\Network
2008-12-10 14:33 --------- d-----w c:\program files\Graphics
2008-12-10 14:33 --------- d-----w c:\program files\Desktop
2008-12-10 14:33 --------- d-----w c:\program files\CMenu
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [11/04/2006 04:51 PM 15360]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [10/28/2006 08:22 AM 981504]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [08/05/2006 02:29 AM 62976]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [07/07/2006 06:45 PM 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [10/05/2006 08:56 PM 280779]
"KelsPackSoft"="c:\windows\system32\mmm.exe" [07/05/2005 02:34 PM 828416]
"VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [07/31/2006 02:33 PM 36864]
"DAEMON Tools 3.47-1033"="c:\program files\CD-R\DAEMON Tools\daemon.exe" [08/22/2004 05:05 PM 81920]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 02:28 PM 266497]
"igfxtray"="c:\windows\system32\igfxtray.exe" [11/28/2005 07:55 AM 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [11/28/2005 07:52 AM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [11/28/2005 07:55 AM 118784]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [02/07/2005 04:04 AM 94037]
"RTHDCPL"="RTHDCPL.EXE" [07/21/2006 10:56 AM 16261632 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 12:04 PM 2879488 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [11/04/2006 04:51 PM 15360]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [10/28/2006 08:22 AM 981504]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [08/05/2006 02:29 AM 62976]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [07/07/2006 06:45 PM 1052672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide1"="move" [X]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vista Build Tag.lnk - c:\program files\Utilities\Vista Desktop Gadjets\Build Tag.exe [2008-12-10 540672]

c:\documents and settings\NoUr\Start Menu\Programs\Startup\
Vista Build Tag.lnk - c:\program files\Utilities\Vista Desktop Gadjets\Build Tag.exe [2008-12-10 540672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-12-10 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2008-12-10 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-12-10 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-12-10 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-12-10 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-12-10 71464]
S1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\Drivers\fwdrv.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{4BDB0185-3AF2-4627-BDFE-ED75F6639448} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: {{aad080d5-9287-40ed-bdec-2cbed012baaa} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: {{4BDB0185-3AF2-4627-BDFE-ED75F6639448} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
-
IE: {{aad080d5-9287-40ed-bdec-2cbed012baaa} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
-
LSP: avsda.dll
FireFox -: Profile - c:\documents and settings\NoUr\Application Data\Mozilla\Firefox\Profiles\4u2djzvt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/search?q=%s
.
.
------- File Associations -------
.
inffile=c:\windows\system32\NOTEPAD2.EXE %1
inifile=c:\windows\system32\NOTEPAD2.EXE %1
txtfile=c:\windows\system32\NOTEPAD2.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-10 19:01:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\NoUr\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\avsda.dll
.
Completion time: 12/10/2008 19:01:38
ComboFix-quarantined-files.txt 2008-12-10 17:01:38
ComboFix2.txt 2008-12-10 16:58:34

Pre-Run: 1,274,679,296 bytes free
Post-Run: 1,268,064,256 bytes free

172


 

توقيع : عادل البراوى
ترتيب حسب التاريخ ترتيب حسب الأصوات
طيب الحين لاهنت ارفعلي تقرير جديد للهاجيك....​
 

توقيع : KoNaMi
تأييد 0
دة تقرير الهاى جاك
اوعى تجرى وتسبنى
هههههههههههههههLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:06:00 ص, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\CD-R\DAEMON Tools\daemon.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\NoUr\Desktop\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [KelsPackSoft] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [DAEMON Tools 3.47-1033] "C:\Program Files\CD-R\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Vista Build Tag.lnk = C:\Program Files\Utilities\Vista Desktop Gadjets\Build Tag.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vista Build Tag.lnk = C:\Program Files\Utilities\Vista Desktop Gadjets\Build Tag.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vista Build Tag.lnk = C:\Program Files\Utilities\Vista Desktop Gadjets\Build Tag.exe (User 'Default user')
O4 - Startup: Vista Build Tag.lnk = C:\Program Files\Utilities\Vista Desktop Gadjets\Build Tag.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 6611 bytes


 
توقيع : عادل البراوى
تأييد 0
اخوي لاهنت ممكن ترفع التقرير بدون تكبير لخط...​
 
توقيع : KoNaMi
تأييد 0
انا اسف مخدتش بالى
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:18:41 ص, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\CD-R\DAEMON Tools\daemon.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\NoUr\Desktop\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [KelsPackSoft] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [DAEMON Tools 3.47-1033] "C:\Program Files\CD-R\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Vista Build Tag.lnk = C:\Program Files\Utilities\Vista Desktop Gadjets\Build Tag.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vista Build Tag.lnk = C:\Program Files\Utilities\Vista Desktop Gadjets\Build Tag.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vista Build Tag.lnk = C:\Program Files\Utilities\Vista Desktop Gadjets\Build Tag.exe (User 'Default user')
O4 - Startup: Vista Build Tag.lnk = C:\Program Files\Utilities\Vista Desktop Gadjets\Build Tag.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 6611 bytes
 
توقيع : عادل البراوى
تأييد 0
اخى حمود انا فصلت مياة ونور
خلااااااااااااااااص مش قادر ان شاء الله
اشوف ردك باكر
 
توقيع : عادل البراوى
تأييد 0
اخوي التقرير سليم ماعدا هذة القيمه

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)

نوم العوافي ان شاء الله​
 
توقيع : KoNaMi
تأييد 0
شكرا اخى حمود
وشكرا لكل الاخوان اللذين ساعدونى
وتم حذف القيمة المذكورة
وان شاء الله ذهاب بلا عودة لهذا الفيرس اللعين
 
توقيع : عادل البراوى
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى