worm وtrojan احتلوا جهازي ,,ممكن مساعدة

  • بادئ الموضوع بادئ الموضوع أرووو
  • تاريخ البدء تاريخ البدء
  • المشاهدات 600
أ

أرووو

زيزوومي جديد
إنضم
28 مارس 2009
المشاركات
9
مستوى التفاعل
0
النقاط
0
غير متصل
السلام عليكم ورحمة الله وبركاته

جهازي أصابه قبل مدة worm win32 و تروجان ولم يستطع برنامج الحماية حذفهم (bitdefender(
حملت أداة الكاسبر نظف الجهاز تقريبا صارت ماتطلع لي رسائل التحذير حقت الريجستري وفتحت
الملفات المخفية لكن لما اسوي سكان في البت ديفندر يطلع لي 3 فيروسات ب159 ملف وفي الكاسبر يطلع لي 7 واسوي لهم ديليت ومع ذلك يرجعوا حذفت البت ديفندر علشان أحمل برنامج حماية لكن للاسف ولا موقع لبرامج الحماية يفتح معي واللحين جهازي مافيه برنامج حماية واداة الكاسبر ماتحذف
الفيروسات من غير الهارديسك عندي مليان:er:
ياليت احد يساعدني قبل لا يوصل للريجستر
وشكرا :)
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اولا

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
 بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
 انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثانيا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني

 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
ComboFix 09-03-31.03 - Free User 04/01/2009 16:01:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1015.567 [GMT 3:00]
Running from: c:\download\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\crypts.dll
c:\windows\system32\digeste.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wpv821235998315.cpx
c:\windows\system32\WS2Fix.exe
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 12:26 --------- d-----w c:\program files\Cool Junk Roam
2009-04-17 12:23 --------- d-----w c:\program files\Messenger Plus! Live
2009-04-01 13:05 --------- d-----w c:\documents and settings\Free User\Application Data\uTorrent
2009-04-01 13:04 38,158,368 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-01 13:03 450,392 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-31 20:05 81,984 ----a-w c:\windows\system32\bdod.bin
2009-03-31 19:52 --------- d-----w c:\program files\Perfect Uninstaller
2009-03-27 23:32 --------- d-----w c:\program files\Google
2009-03-27 23:13 --------- d-----w c:\program files\MSN Messenger
2009-03-27 18:56 --------- dc-h--w c:\documents and settings\All Users\Application Data\{017115B5-2F29-4ECD-8FD6-329F9F107B86}
2009-03-27 18:45 720,896 ----a-w c:\windows\iun6002ev.exe
2009-03-27 18:45 248,651 ----a-w c:\windows\Star_Downloader_Toolbar_Uninstaller_3859.exe
2009-03-27 18:44 47,104 ----a-w c:\windows\AKDeInstall.exe
2009-03-27 18:43 --------- d-----w c:\program files\Total Video Converter
2009-03-27 18:43 --------- d-----w c:\program files\Star Downloader
2009-03-27 18:43 --------- d-----w c:\program files\QuickTime
2009-03-27 18:42 --------- d-----w c:\program files\Mobily Connect Card
2009-03-27 18:41 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-27 18:41 --------- d-----w c:\program files\JetAudio
2009-03-27 18:41 --------- d-----w c:\program files\iTunes
2009-03-27 18:41 --------- d-----w c:\program files\DivX
2009-03-27 18:40 --------- d-----w c:\program files\Al-Mutarjim Al-Fawri
2009-03-22 19:00 --------- d-----w c:\program files\Nice Prosper
2009-03-22 19:00 --------- d-----w c:\documents and settings\Free User\Application Data\Internet Saving Optimizer
2009-03-22 18:58 --------- d-----w c:\program files\System Search Dispatcher
2009-03-22 18:58 --------- d-----w c:\program files\Internet Saving Optimizer
2009-03-22 18:58 --------- d-----w c:\program files\DoubleD
2009-03-19 11:00 --------- d-----w c:\program files\WinAVIVideoConverter
2009-03-19 10:59 --------- d-----w c:\program files\Easy Real Converter
2009-03-17 20:00 --------- d-----w c:\program files\Anti Trojan Elite
2009-03-17 17:09 --------- d-----w c:\documents and settings\All Users\Application Data\Okay Way Sixth Exit
2009-03-17 15:57 112,640 --s-a-r c:\windows\system32\alclpu.dll
2009-03-15 17:07 --------- d-----w c:\program files\Circle Developement
2009-03-15 16:55 --------- d-----w c:\documents and settings\Free User\Application Data\Cool Junk Roam
2009-03-13 17:04 --------- d-----w c:\program files\Ringz Studio
2009-03-13 17:04 --------- d-----w c:\program files\Common Files\Real
2009-03-12 22:18 --------- d-----w c:\documents and settings\Free User\Application Data\DivX
2009-03-12 22:15 --------- d-----w c:\program files\Common Files\DivX Shared
2009-03-12 21:40 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-25 14:39 --------- d-----w c:\program files\Star Downloader Toolbar
2009-02-25 00:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-17 11:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 01:33 --------- d-----w c:\program files\LtUcx
2009-02-03 22:15 --------- d-----w c:\documents and settings\Free User\Application Data\CyberLink
2009-01-27 01:35 129,784 ------w c:\windows\system32\pxafs.dll
2009-01-27 01:35 120,056 ------w c:\windows\system32\pxcpyi64.exe
2009-01-27 01:35 118,520 ------w c:\windows\system32\pxinsi64.exe
2009-01-27 01:34 90,112 ----a-w c:\windows\system32\dpl100.dll
2009-01-27 01:34 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-01-27 01:34 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2009-01-27 01:34 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-01-27 01:34 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2009-01-27 01:34 684,032 ----a-w c:\windows\system32\DivX.dll
2009-01-27 01:34 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@Sat 03-28-2009_ 2.16.45.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-16 14:44:25 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-31 17:00:08 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-16 14:44:25 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-31 17:00:08 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-16 14:44:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-31 17:00:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-08 10:54:02 148,496 ----a-w c:\windows\system32\drivers\01203883.sys
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-03-28 19:53:52 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-03-27 22:38:40 41,170 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-01 11:04:57 41,170 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-27 22:38:40 314,842 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-01 11:04:57 314,842 ----a-w c:\windows\system32\perfh009.dat
+ 2006-01-09 06:36:06 40,960 ----a-w c:\windows\system32\swsc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [12/31/2002 03:00 PM 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [03/27/2009 09:43 PM 5674352]
"Star Downloader Free"="c:\program files\Star Downloader\stardown.exe" [03/27/2009 09:43 PM 1785344]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [01/26/2009 06:33 PM 270128]
"SmileyApp"="c:\program files\DoubleD\Desktop Smiley Toolbar\3.9.1.9350\stbapp.exe" [03/02/2009 11:50 AM 598296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [03/27/2009 09:41 PM 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [12/08/2005 12:57 AM 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 01:09 PM 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [01/19/2009 08:27 PM 185896]
"igfxtray"="c:\windows\system32\igfxtray.exe" [03/23/2006 03:17 PM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [03/23/2006 03:13 PM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [03/23/2006 03:17 PM 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 09:11 AM 925696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [09/06/2008 03:09 PM 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [10/01/2008 06:57 PM 289576]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [03/27/2009 09:43 PM 97357]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [12/31/2002 03:00 PM 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [03/27/2009 09:43 PM 5674352]
c:\documents and settings\Free User\Start Menu\Programs\Startup\
is-7UD3G.lnk - c:\documents and settings\Free User\Desktop\Virus Removal Tool\is-7UD3G\startup.exe [2009-03-31 65536]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 03/27/2009 09:43 PM 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
R1 is-7UD3Gdrv;is-7UD3Gdrv;c:\windows\system32\drivers\01203883.sys [2009-03-31 23:13:06 148496]
S2 Irlogon;Universal Event;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S2 systemntmi;systemntmi;\??\c:\windows\system32\drivers\systemntmi.sys --> c:\windows\system32\drivers\systemntmi.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Irlogon
.
Contents of the 'Scheduled Tasks' folder
2009-04-01 c:\windows\Tasks\A3FCF53291F366C6.job
- c:\docume~1\freeus~1\applic~1\coolju~1\sizecdromhtm.exe []
2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [07/30/2008 12:34 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = imam.proxy.com:8080
IE: Download with Star Downloader - c:\program files\Star Downloader\sdie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.78/imscp/talks3n.cab
FF - ProfilePath - c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\hotcchhf.default\
FF - prefs.js: browser.search.selectedEngine - Desktop Smiley
FF - prefs.js: browser.startup.homepage - hxxp://www.iuccsi.com/
FF - prefs.js: keyword.URL - hxxp://www.desktopsmiley.com/search.do?&FamilyName;&keyword=
FF - component: c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-01 16:04:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Irlogon]
"ServiceDll"="c:\windows\system32\alclpu.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 04/01/2009 16:07:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-01 13:07:05
ComboFix2.txt 2009-03-27 23:17:57
Pre-Run: 25,540,354,048 bytes free
Post-Run: 25,639,387,136 bytes free
227
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:09, on 01/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Free User\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = imam.proxy.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Star Downloader Toolbar Helper - {E16AB45F-35A8-4f4d-922F-8D00D760F85B} - C:\Program Files\Star Downloader Toolbar\v2.0.0.5\Star_Downloader_Toolbar.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Star Downloader Toolbar - {8CEB3591-5DDC-47ec-AF97-66699BC85FE0} - C:\Program Files\Star Downloader Toolbar\v2.0.0.5\Star_Downloader_Toolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Star Downloader Free] C:\Program Files\Star Downloader\stardown.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.9.1.9350\stbapp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-7UD3G.lnk = C:\Documents and Settings\Free User\Desktop\Virus Removal Tool\is-7UD3G\startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 8527 bytes
 
تأييد 0
من اداة الهايجاك حدد القيم التالية واحذفها

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)


O2 - BHO: Star Downloader Toolbar Helper - {E16AB45F-35A8-4f4d-922F-8D00D760F85B} - C:\Program Files\Star Downloader Toolbar\v2.0.0.5\Star_Downloader_Toolbar.dll


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)


O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


O3 - Toolbar: Star Downloader Toolbar - {8CEB3591-5DDC-47ec-AF97-66699BC85FE0} - C:\Program Files\Star Downloader Toolbar\v2.0.0.5\Star_Downloader_Toolbar.dll


O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



طريقة الحذف

zyzoom-47abf39087.gif



zyzoom-dc3770ae68.gif




ثم ادخل على ازالة البرامج واحذف جميع التولبار لديك

ثم نزل هالاداة لتنظيف الجهاز


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



zyzoom-3c0e283670.gif


وبعد الانتهاء اعمل تقرير هايجاك جديد

انتظرك ارجوا ان لا تتأخر
 
توقيع : السّاجد لله
تأييد 0
سويت نفس ماقلت لكن عندي تولبار الاكسبور وستار داونلود رفض أوامر الحذف فكملت ونزلت الأداو وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:57, on 01/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Free User\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = imam.proxy.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Star Downloader Free] C:\Program Files\Star Downloader\stardown.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-7UD3G.lnk = C:\Documents and Settings\Free User\Desktop\Virus Removal Tool\is-7UD3G\startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7395 bytes
 
تأييد 0
الان كل شي تمام كيف الوضع عندك حبيبي ؟؟
 
توقيع : السّاجد لله
تأييد 0
أوكي الله يجزاك كل خير
والهارد ديسك الخارجي كيف انظفه واي برنامج حماية تنصحني أحمله ...؟
 
تأييد 0
ممكن تستخدم البت ديفيندر توتال سيكيورتي 2009 او الكاسبر انترنت سيكيورتي 2009 وتلقاهم بركن برامج الحماية
وبالنسبة للهارد الخار جي عند تنصيب برنامج حماية وتحديثة اعمل فحص للهارد بالانتي فايروس وسوف يتم تنظيفة من الفايروسات
 
توقيع : السّاجد لله
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى