عندي مشكلة في جهازي المكتبي مصاب بالفيروسات

  • بادئ الموضوع بادئ الموضوع brs10
  • تاريخ البدء تاريخ البدء
  • المشاهدات 640
B

brs10

زيزوومي جديد
إنضم
24 مارس 2009
المشاركات
77
مستوى التفاعل
3
النقاط
80
غير متصل
السلام عليكم ورحمة الله وبركاته
هذا الجهاز جنني كل بعد فتره اعمل فورمات وجربت أغلب برامج الحمايه لكن بدون فايده يصاب بعد فتره
هذا تقرير الهايجك هل هو مصاب
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:21:36 م, on 26/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\سطح المكتب\HiJackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {0df30827-593b-b779-f774-c5bd2ec04f40} - {04f40ce2-db5c-477f-977b-b39572803fd0} - C:\WINDOWS\system32\xutxkm.dll (file missing)
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {577faea5-fe4f-4582-93f4-9ac39befb884} - C:\WINDOWS\system32\gofipina.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fezurahapo] Rundll32.exe "C:\WINDOWS\system32\hoheyuli.dll",s
O4 - HKLM\..\Run: [a8dc4c05] rundll32.exe "C:\WINDOWS\system32\fosepoyo.dll",b
O4 - HKLM\..\Run: [CPMabef7f99] Rundll32.exe "c:\windows\system32\dupejume.dll",a
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [fezurahapo] Rundll32.exe "C:\WINDOWS\system32\hoheyuli.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\tehayela.dll xutxkm.dll c:\windows\system32\dupejume.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dupejume.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dupejume.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 8156 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
عليكم السلام ... بسيطه ان شاء الله

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
الله يعطيك العافيه يالغالي
والله ماأدري وش أقولك لكن الكفو يبقى كفوا
هذا التقرير الثاني
ComboFix 09-03-25.04 - USER 03/26/2009 20:52:08.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.447.216 [GMT 3:00]
Running from: c:\documents and settings\USER\سطح المكتب\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\docume~1\USER\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\USER\LOCALS~1\Temp\tmp2.tmp
c:\windows\IE4 Error Log.txt
c:\windows\system32\adiwubav.ini
c:\windows\system32\ekerujew.ini
c:\windows\system32\ewitezuh.ini
c:\windows\system32\ihiyeyem.ini
c:\windows\system32\kakle.dll
c:\windows\system32\okusowot.ini
c:\windows\system32\omakohus.ini
c:\windows\system32\orinetus.ini
c:\windows\system32\oyopesof.ini
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 21:12 --------- d-----w c:\program files\Avira
2009-03-25 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-23 15:57 --------- d-----w c:\program files\Globe7
2009-03-23 15:57 --------- d-----w c:\documents and settings\USER\Application Data\Globe7
2009-03-21 18:02 --------- d-----w c:\program files\Internet Download Manager
2009-03-21 18:02 --------- d-----w c:\documents and settings\USER\Application Data\IDM
2009-03-21 18:02 --------- d-----w c:\documents and settings\USER\Application Data\DMCache
2009-03-19 21:41 --------- d-----w c:\program files\LtUcx
2009-03-19 18:07 --------- d-----w c:\documents and settings\USER\Application Data\skypePM
2009-03-19 13:04 --------- d-----w c:\documents and settings\USER\Application Data\Skype
2009-03-19 11:41 --------- d-----w c:\program files\Google
2009-03-19 11:41 --------- d-----w c:\program files\Common Files\Skype
2009-03-19 11:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-19 11:41 --------- d-----r c:\program files\Skype
2009-03-07 03:13 --------- d-----w c:\documents and settings\USER\Application Data\CyberLink
2009-03-07 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-02-28 15:59 --------- d-----w c:\documents and settings\USER\Application Data\ACD Systems
2009-02-13 11:32 --------- d-----w c:\documents and settings\USER\Application Data\COWON
2009-02-12 23:50 --------- d-----w c:\documents and settings\USER\Application Data\Media Player Classic
2009-02-12 22:26 --------- d-----w c:\program files\Hotspot Shield
2009-02-12 20:52 --------- d-----w c:\documents and settings\USER\Application Data\Yahoo!
2009-02-12 20:52 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-30 20:56 --------- d-----w c:\program files\Microsoft Works
2009-01-30 20:55 --------- d-----w c:\program files\Microsoft.NET
2009-01-30 20:51 --------- d-----w c:\program files\Realtek Sound Manager
2009-01-30 20:51 --------- d-----w c:\program files\Realtek AC97
2009-01-30 20:51 --------- d-----w c:\program files\AvRack
2009-01-30 20:49 --------- d-----w c:\program files\S3
2009-01-30 20:48 --------- d-----w c:\program files\VIA
2009-01-30 20:28 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-01-30 20:28 172,032 ------w c:\windows\Setup1.exe
2009-01-30 20:28 --------- d-----w c:\program files\Nero
2009-01-30 20:28 --------- d-----w c:\program files\Golden Al-Wafi Translator
2009-01-30 20:28 --------- d-----w c:\program files\Common Files\Ahead
2009-01-30 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-01-30 20:27 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-01-30 20:23 --------- d-----w c:\program files\JetAudio
2009-01-30 20:23 --------- d-----w c:\program files\CyberLink
2009-01-30 20:23 --------- d-----w c:\program files\Common Files\COWON
2009-01-30 20:17 --------- d-----w c:\program files\Common Files\xing shared
2009-01-30 20:16 --------- d-----w c:\program files\Real
2009-01-30 20:16 --------- d-----w c:\program files\Common Files\Real
2009-01-30 20:15 47,104 ------w c:\windows\AKDeInstall.exe
2009-01-30 20:15 --------- d-----w c:\program files\mpegable
2009-01-30 20:15 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-30 20:14 90,112 ----a-w c:\windows\system32\agsaami.dll
2009-01-30 20:14 610,304 ----a-w c:\windows\system32\agsaamg.dll
2009-01-30 20:14 372,736 ----a-w c:\windows\system32\agsaamc.dll
2009-01-30 20:14 2,535,424 ----a-w c:\windows\system32\agsaamj.dll
2009-01-30 20:14 196,608 ----a-w c:\windows\system32\maag.dll
2009-01-30 20:14 1,986,560 ----a-w c:\windows\system32\akll.dll
2009-01-30 20:14 1,245,184 ----a-w c:\windows\system32\bkll.dll
2009-01-30 20:14 1,212,416 ----a-w c:\windows\system32\ckll.dll
2009-01-30 20:14 --------- d-----w c:\program files\Real_SC
2009-01-30 20:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 20:10 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-30 19:51 --------- d-----w c:\program files\Common Files\Adobe
2009-01-30 19:46 --------- d-----w c:\program files\Yahoo!
2009-01-30 19:46 --------- d-----w c:\program files\Common Files\ACD Systems
2009-01-30 19:46 --------- d-----w c:\program files\ACD Systems
2009-01-30 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-30 19:42 155,995 ----a-w c:\windows\java\Packages\2CVPR9JX.ZIP
2009-01-30 19:41 --------- d-----w c:\program files\CubedLabs YouTube Download & Convert
2009-01-30 19:39 --------- d-----w c:\program files\Windows Live
2009-01-30 19:33 --------- d-----w c:\program files\Typing Arabic
2009-01-30 19:33 --------- d-----w c:\program files\Quranzu1
2009-01-30 18:51 --------- d-----w c:\program files\Alwil Software
2009-01-30 17:54 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/03/2004 11:56 PM 15360]
"AFProg"="c:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [07/23/2006 12:44 PM 118784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:09 AM 1667584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [03/16/2009 06:47 PM 24095528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/19/2009 03:32 PM 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [07/14/2008 05:42 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [06/12/2008 02:28 PM 266497]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [01/30/2009 11:16 PM 185896]
"VTTimer"="VTTimer.exe" [05/27/2004 11:09 AM 49152 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [06/08/2004 02:58 AM 143360 c:\windows\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [08/03/2006 12:12 AM 577536 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/03/2004 11:56 PM 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-30 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-04-11 394856]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoWelcomeScreen"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSearch"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\(Default)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\AVGUARD.EXE"=
"c:\\Program Files\\CyberLink\\Shared files\\RichVideo.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Globe7\\Globe7.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a7074a-0f1f-11de-a24e-003018a4e806}]
\Shell\AutoRun\command - H:\em8tqm.cmd
\Shell\open\Command - H:\em8tqm.cmd
.
- - - - ORPHANS REMOVED - - - -
BHO-{04f40ce2-db5c-477f-977b-b39572803fd0} - c:\windows\system32\xutxkm.dll
BHO-{577faea5-fe4f-4582-93f4-9ac39befb884} - c:\windows\system32\gofipina.dll
HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe
HKLM-Run-fezurahapo - c:\windows\system32\hoheyuli.dll
HKLM-Run-a8dc4c05 - c:\windows\system32\fosepoyo.dll
HKLM-Run-CPMabef7f99 - c:\windows\system32\dupejume.dll
HKLM-Run-Device Detector - DevDetect.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.84/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-26 20:54:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
c:\windows\EXPLORER.EXE [2008] 0x83C04960
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\COMMON FILES\ACD SYSTEMS\EN\DEVDETECT.EXE
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\program files\HOTSPOT SHIELD\BIN\OPENVPNAS.EXE
c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
c:\program files\INTERNET DOWNLOAD MANAGER\IEMONITOR.EXE
c:\program files\avira\antivir personaledition classic\avcenter.exe
.
**************************************************************************
.
Completion time: 03/26/2009 20:55:52 - machine was rebooted [USER]
ComboFix-quarantined-files.txt 2009-03-26 17:55:50
Pre-Run: 22,242,213,888 bytes free
Post-Run: 23,403,593,728 bytes free
206
 
تأييد 0
سلمك الله من كل شر

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
السلام عليكم
هذا التقرير
Malwarebytes' Anti-Malware 1.34
Database version: 1903
Windows 5.1.2600 Service Pack 2
26/03/2009 09:20:09 م
mbam-log-2009-03-26 (21-20-09).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 112928
Time elapsed: 7 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\CubedLabs YouTube Download & Convert\YouTubeDownloadConvert.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER\Favorites\Free Porn Tube Movies, Porno Pics & Upload XXX Sex Videos.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER\Favorites\Free Porn Movies, Porno Movies, Free Sex Movies, Porno Videos, Download Adult Movies, Delicious Movies.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER\Favorites\Free Porn - FreePornCollection.com.url (Rogue.Link) -> Quarantined and deleted successfully.
 
تأييد 0
ياسلام عليك

والان اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
المعذره طولت عليك طلعت خارج البيت

هذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:39 م, on 26/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\USER\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7137 bytes
 
تأييد 0
ولايهمك ..

احذف Google Toolbar و Yahoo! Toolbar من اضافة وازاله البرامج


ثم من تقرير الهاي جاك احذف القيم التاليه


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


 O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png


حمل هالبرنامج (( المحمول )) لتنظيف جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


فك الضغط وشغل البرنامج

ثم

zyzoom-d762122afb.jpg


zyzoom-8dbf27d5b7.jpg




zyzoom-c43ce2675a.jpg




ثم

zyzoom-13a981099e.jpg



zyzoom-749b8be64f.jpg



zyzoom-233e42ae23.jpg



zyzoom-2835265acc.jpg



zyzoom-0f820fb2e3.jpg



وانتهى
 
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
الله يعطيك العافيه أخوي
والله انك ماقصرت وبيض الله وجهك

بس لو سمحت كيف أتأكد ان الجهاز صار تمام
عن الطريق الهايجك
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى