أرجو من الخبراء الاطلاع عل تقرير جهازي؟؟ هل هو مصاب

ا

الغالي11

زيزوومي جديد
إنضم
29 نوفمبر 2008
المشاركات
35
مستوى التفاعل
0
النقاط
40
غير متصل
مساء الخير

أرجو منكم التأكد من جهازي
لأنه تغير علي في الأيام الأخيرة

Logfile of HijackThis v1.99.1
Scan saved at 07:55:23 م, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\بسم الله\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IslamicPlayer\IslamicPlayer.exe
C:\Mostathmer\AppStart.exe
C:\Mostathmer\Application\Mostathmer.DeskTop.Win.exe
D:\Zine.exe
D:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.87:8080
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\بسم الله\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، انسخه والصقه بردك القادم
 
تأييد 0
شكرا لك والله يجزاك الفردوس الأعلى من الجنة






ComboFix 08-12-14.01 - بسم الله 12/14/2008 22:47:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.1.1025.18.1014.586 [GMT 3:00]
Running from: c:\documents and settings\بسم الله\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 19:55 35,171,616 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-14 19:54 --------- d-----w c:\documents and settings\بسم الله\Application Data\DMCache
2008-12-14 19:53 2,047,008 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-14 19:52 471,980 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-14 19:52 192,884 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-14 10:56 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-13 19:37 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-04 15:29 --------- d-----w c:\program files\Google
2008-12-01 18:12 --------- d-----w c:\documents and settings\بسم الله\Application Data\Thinstall
2008-12-01 17:57 --------- d-----w c:\program files\RegCure
2008-11-29 13:20 --------- d-----w c:\program files\VeryPDF PDF2Word v3.0
2008-11-27 15:31 --------- d-----w c:\program files\Hp
2008-11-27 15:31 --------- d-----w c:\program files\Hewlett-Packard
2008-11-27 15:20 --------- d-----w c:\program files\Java
2008-11-24 20:59 724,992 ----a-w c:\windows\iun6002.exe
2008-11-23 15:34 --------- d-----w c:\program files\Kitco
2008-11-21 21:21 --------- d-----w c:\program files\Common Files\Merge Modules
2008-11-21 21:20 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-11-20 19:47 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-20 00:03 --------- d-----w c:\program files\MSXML 6.0
2008-11-17 16:51 --------- d-----w c:\documents and settings\بسم الله\Application Data\OfficeUpdate12
2008-11-15 19:41 --------- d-----w c:\program files\Microsoft.NET
2008-11-15 19:36 --------- d-----w c:\program files\Microsoft SQL Server 2005 Mobile Edition
2008-11-15 19:36 --------- d-----w c:\program files\Microsoft Device Emulator
2008-11-15 19:24 --------- d-----w c:\program files\HTML Help Workshop
2008-11-15 19:23 --------- d-----w c:\program files\MSBuild
2008-11-15 19:14 --------- d-----w c:\program files\Common Files\Business s
2008-11-15 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2008-11-15 19:10 --------- d-----w c:\program files\CE Remote Tools
2008-11-13 13:40 --------- d-----w c:\program files\MSXML 4.0
2008-11-08 20:01 --------- d-----w c:\program files\95 Percent For Saudi Stocks
2008-11-01 21:33 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-01 21:33 286,720 ------w c:\windows\Setup1.exe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 11:52 28,672 ----a-w c:\windows\ClearPreviousData.dll
2008-03-17 17:55 0 -c--a-w c:\documents and settings\بسم الله\Application Data\wklnhst.dat
2008-09-12 20:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091220080913\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM 313472]
"Google Update"="c:\documents and settings\بسم الله\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [12/09/2008 01:01 AM 133104]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/29/2008 05:12 PM 68856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [12/21/2007 07:08 AM 931760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [04/11/2006 09:54 PM 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/07/2006 01:38 PM 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [10/09/2008 10:58 PM 185872]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM 54840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM 227856]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [04/18/2006 02:29 PM 61952 c:\windows\system32\CHDAudPropShortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KITCO
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 12/21/2007 07:08 AM 931760 c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 03/23/2006 03:13 PM 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 03/23/2006 03:17 PM 118784 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 03/23/2006 03:17 PM 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KashifPro]
--a------ 11/24/2008 09:41 PM 770048 c:\documents and settings\بسم الله\KashifPro\KashifPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
R2 sbbotdi;sbbotdi;\??\c:\progra~1\SPEEDB~1\sbbotdi.sys [2008-04-11 35712]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
S3 VSPerfDrv;Performance Tools Driver;\??\c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2006-12-02 48128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-02 2805000]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - svchost.exe
.
s of the 'Scheduled Tasks' folder
2008-12-14 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\( []
2008-12-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [06/03/2008 01:19 PM]
2008-12-01 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [06/03/2008 01:19 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-DLD - (no file)

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 212.93.193.87:8080
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-14 22:53:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\docume~1\7F75~1\LOCALS~1\Temp\GUR1.tmp 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1356)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
- - - - - - - > 'lsass.exe'(1412)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
- - - - - - - > 'explorer.exe'(788)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\ntshrui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\documents and settings\c:\windows\system32\ctfmon.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 12/14/2008 22:58:45 - machine was rebooted [بسم الله]
ComboFix-quarantined-files.txt 2008-12-14 19:58:37
Pre-Run: 66,635,542,528 bytes free
Post-Run: 66,619,789,312 bytes free
178 --- E O F --- 2008-12-13 19:37:28
 
تأييد 0
التقارير سليمة اخي
موفق
 
تأييد 0
ferdawsvi3.gif
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى