هل جهازي مصاب

  • بادئ الموضوع بادئ الموضوع براء
  • تاريخ البدء تاريخ البدء
  • المشاهدات 563
الحالة
مغلق و غير مفتوح للمزيد من الردود.
ب

براء

زيزوومي جديد
إنضم
30 أبريل 2009
المشاركات
62
مستوى التفاعل
0
النقاط
80
الإقامة
SYRIAN HEART SAUDIAN SOUL
غير متصل
السلام عليكم ورحمة الله وبركاته

ارجو ان تفيدوني لانه ليس لدي خبرة بالفيروسات
وهذا تقرير الأفيرا وتقرير الهايجاك

الأفيرا
Version information:
BUILD.DAT : 9.0.0.367 29020 Bytes 25/04/1430 11:35:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 22/04/1430 16:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 03/03/1430 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 25/02/1430 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 03/03/1430 18:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/1429 20:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 16/02/1430 04:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 07/03/1430 15:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 09/03/1430 22:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 02/02/1430 01:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 03/03/1430 04:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 17/02/1430 19:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 01/11/1429 02:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 08/03/1430 21:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 03/03/1430 04:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 01/03/1430 23:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 03/03/1430 04:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 08/03/1430 21:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/1429 22:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 22/02/1430 22:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/1429 22:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 14/12/1429 16:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 07/12/1429 18:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 24/01/1430 22:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/12/1429 18:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 28/03/1430 23:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 04/02/1430 18:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 02/02/1430 23:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 07/02/1430 16:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 07/12/1429 18:32:10
RCIMAGE.DLL : 9.0.0.22 2901249 Bytes 15/03/1430 22:47:13
RCTEXT.DLL : 9.0.37.0 90369 Bytes 22/04/1430 18:04:17
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: Sunday, May 03, 2009 00:34
Starting search for hidden objects.
c:\windows\system32\0e6b4503f3cd38e98c0e90dd8a3a1829.sys
[INFO] The file is not visible.
[DETECTION] Contains recognition pattern of the RKIT/Agent.39936 root kit
[INFO] No SpecVir entry was found!
[NOTE] A backup was created as '4a334986.qua' ( QUARANTINE )
c:\windows\system32\twain_32\local.ds
[INFO] The file is not visible.
[NOTE] A backup was created as '4a604990.qua' ( QUARANTINE )
c:\windows\system32\twain_32\user.ds
[INFO] The file is not visible.
[NOTE] A backup was created as '4a624994.qua' ( QUARANTINE )
c:\windows\system32\twain_32\user.ds.cla
[INFO] The file is not visible.
[NOTE] A backup was created as '4b8fc11d.qua' ( QUARANTINE )
c:\windows\system32\twain_32
[INFO] The directory is not visible.
[NOTE] A backup was created as '4a5e4998.qua' ( QUARANTINE )
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0e6b4503f3cd38e98c0e90dd8a3a1829\c
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0e6b4503f3cd38e98c0e90dd8a3a1829\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0e6b4503f3cd38e98c0e90dd8a3a1829\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0e6b4503f3cd38e98c0e90dd8a3a1829\errorcontrol
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0e6b4503f3cd38e98c0e90dd8a3a1829\tag
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0e6b4503f3cd38e98c0e90dd8a3a1829\imagepath
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0e6b4503f3cd38e98c0e90dd8a3a1829\displayname
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0e6b4503f3cd38e98c0e90dd8a3a1829\group
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0e6b4503f3cd38e98c0e90dd8a3a1829\Security\security
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_0E6B4503F3CD38E98C0E90DD8A3A1829\nextinstance
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_0E6B4503F3CD38E98C0E90DD8A3A1829\0000\service
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_0E6B4503F3CD38E98C0E90DD8A3A1829\0000\legacy
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_0E6B4503F3CD38E98C0E90DD8A3A1829\0000\configflags
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_0E6B4503F3CD38E98C0E90DD8A3A1829\0000\class
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_0E6B4503F3CD38E98C0E90DD8A3A1829\0000\classguid
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_0E6B4503F3CD38E98C0E90DD8A3A1829\0000\devicedesc
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_0E6B4503F3CD38E98C0E90DD8A3A1829\0000\capabilities
[INFO] The registry entry is invisible.
'42594' objects were checked, '22' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'IDMan.exe' - '1' Module(s) have been scanned
Scan process 'IEMonitor.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '54' files ).

Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP28\A0003014.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP31\A0003426.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP31\A0003427.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP37\A0009560.exe
[DETECTION] Contains recognition pattern of the APPL/HackAV.K application
C:\WINDOWS\system32\twex.exe
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP16\A0001232.exe
[0] Archive type: RAR SFX (self extracting)
--> findkey.exe
[DETECTION] Contains recognition pattern of the SPR/XP.Keyfinder program
--> xpkey.exe
[DETECTION] Contains recognition pattern of the SPR/PSW.RAS.A.2 program
--> officekey.exe
[DETECTION] Contains recognition pattern of the SPR/PSW.RAS.A.3 program
Begin scan in 'E:\'
E:\مجلد جديد\بسملة وسلام\0025051md0K.gif
[DETECTION] Is the TR/Click.HTML.IFrame.TB Trojan
E:\مجلد جديد\بسملة وسلام\2458241957_d305fd290a_o.gif
[DETECTION] Is the TR/Click.HTML.IFrame.TB.4 Trojan
E:\مجلد جديد\بسملة وسلام\2459539238_cdd1291bb0_o.gif
[DETECTION] Is the TR/Click.HTML.IFrame.TB.1 Trojan
E:\مجلد جديد\بسملة وسلام\mtzxluwndzgxeznynnyail3.gif
[DETECTION] Is the TR/Click.HTML.IFrame.TB.1 Trojan
Beginning disinfection:
C:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP28\A0003014.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a2d4df5.qua'!
C:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP31\A0003426.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49fb11ce.qua'!
C:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP31\A0003427.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49f19e2e.qua'!
C:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP37\A0009560.exe
[DETECTION] Contains recognition pattern of the APPL/HackAV.K application
[NOTE] The file was moved to '4bf4fd5e.qua'!
D:\System Volume Information\_restore{1780BE56-CD19-4A5C-910D-58F5DC50B778}\RP16\A0001232.exe
[NOTE] The file was moved to '49f979ae.qua'!
E:\مجلد جديد\بسملة وسلام\0025051md0K.gif
[DETECTION] Is the TR/Click.HTML.IFrame.TB Trojan
[NOTE] The file was moved to '4a2f4df5.qua'!
E:\مجلد جديد\بسملة وسلام\2458241957_d305fd290a_o.gif
[DETECTION] Is the TR/Click.HTML.IFrame.TB.4 Trojan
[NOTE] The file was moved to '4a324df9.qua'!
E:\مجلد جديد\بسملة وسلام\2459539238_cdd1291bb0_o.gif
[DETECTION] Is the TR/Click.HTML.IFrame.TB.1 Trojan
[NOTE] The file was moved to '49e04182.qua'!
E:\مجلد جديد\بسملة وسلام\mtzxluwndzgxeznynnyail3.gif
[DETECTION] Is the TR/Click.HTML.IFrame.TB.1 Trojan
[NOTE] The file was moved to '4a774e39.qua'!

End of the scan: Sunday, May 03, 2009 00:54
Used time: 19:35 Minute(s)
The scan has been done completely.
3695 Scanned directories
374801 Files were scanned
12 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
14 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
374787 Files not concerned
1373 Archives were scanned
2 Warnings
15 Notes
42594 Objects were scanned with rootkit scan
22 Hidden objects were found


الهايجاك


C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Documents and Settings\winxp sp2\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe,C:\WINDOWS\system32\twext.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: MMklkl - {1428A472-5260-404E-9977-7ECDF1DAF936} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - S-1-5-18 Startup: userinit.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: userinit.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 5404 bytes

ومشكورين
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اهلين ..

ماعليك .. الفايروسات الي اكتشفت كلها حولت للحجر الصحي ..

اعملي التالي


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
الله يعطيك العافية اخي demo مشكور وهذا التقرير
لكن لفت نظري التحذير لونته بلاحمر ولكن لااعرف ماهو

ComboFix 09-05-03.1 - winxp sp2 05/04/2009 12:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2039.1693 [GMT -7:00]
Running from: c:\documents and settings\winxp sp2\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 1
'PV' is not recognized as an internal or external command

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\program files\Microsoft Common
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\userinit.exe
c:\windows\system32\config\systemprofile\svchost.exe
c:\windows\system32\drivers\services.exe
c:\windows\system32\mukmil.dll
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twex.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICF
-------\Service_ICF

((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.
2009-05-04 04:14 . 2009-05-04 04:14 -------- d-----w C:\Programme
2009-05-03 07:25 . 2009-03-24 23:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-03 04:53 . 2009-05-04 04:30 -------- d-----w c:\documents and settings\winxp sp2\Application Data\IDM
2009-05-03 04:53 . 2009-05-03 07:16 -------- d-----w c:\program files\Internet Download Manager
2009-05-03 04:53 . 2008-09-29 05:00 439440 ----a-w c:\program files\un_Internet Download Manager_16575.exe
2009-05-03 02:17 . 2009-05-03 03:18 -------- d-----w c:\windows\BDOSCAN8
2009-04-30 23:41 . 2009-04-30 23:56 -------- d-----w c:\program files\ccleaner
2009-04-30 00:25 . 2009-04-30 00:25 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-28 00:29 . 2009-04-28 00:29 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-28 00:22 . 2009-04-28 00:29 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-26 23:18 . 2009-05-04 04:20 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-26 02:56 . 2009-04-26 02:56 -------- d-----w c:\documents and settings\winxp sp2\Local Settings\Application Data\Google
2009-04-25 22:20 . 2009-02-20 18:09 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-25 22:20 . 2009-02-20 18:09 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-25 22:20 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 22:20 . 2009-02-20 18:09 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-25 22:20 . 2009-02-20 18:09 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-25 22:20 . 2009-02-20 18:09 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-25 22:20 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-25 22:20 . 2009-02-20 18:09 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-25 21:53 . 2008-04-13 18:47 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-25 21:53 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-23 05:23 . 2009-03-11 05:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-23 05:23 . 2009-03-11 05:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-23 05:23 . 2009-04-23 05:23 -------- d-----w c:\windows\system32\KB905474
2009-04-22 03:32 . 2009-04-22 03:32 -------- d-----w c:\documents and settings\winxp sp2\Local Settings\Application Data\WMTools Downloaded Files
2009-04-22 03:29 . 2009-04-22 03:29 -------- d-----w c:\documents and settings\winxp sp2\Application Data\ArcSoft
2009-04-21 02:51 . 2009-04-21 02:51 -------- d-----w c:\documents and settings\winxp sp2\Local Settings\Application Data\Yahoo
2009-04-21 02:51 . 2009-04-21 02:51 -------- d-----w c:\documents and settings\winxp sp2\Application Data\Yahoo!
2009-04-20 04:08 . 2009-04-20 04:08 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-04-20 01:38 . 2009-04-20 01:38 -------- d-----w c:\documents and settings\winxp sp2\Local Settings\Application Data\ESET
2009-04-17 22:19 . 2008-04-14 00:12 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-17 00:44 . 2009-04-17 00:44 -------- d-----w c:\windows\system32\scripting
2009-04-17 00:44 . 2009-04-17 00:44 -------- d-----w c:\windows\l2schemas
2009-04-17 00:44 . 2009-04-17 00:44 -------- d-----w c:\windows\system32\en
2009-04-17 00:44 . 2009-04-17 00:44 -------- d-----w c:\windows\system32\bits
2009-04-17 00:43 . 2009-04-17 00:43 -------- d-----w c:\windows\ServicePackFiles
2009-04-15 08:49 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 08:18 . 2008-04-13 18:39 5504 ----a-w c:\windows\system32\drivers\mstee.sys
2009-04-15 08:18 . 2008-04-13 18:46 10880 ----a-w c:\windows\system32\drivers\ndisip.sys
2009-04-15 08:18 . 2008-04-13 18:46 15232 ----a-w c:\windows\system32\drivers\streamip.sys
2009-04-15 08:18 . 2008-04-13 18:46 11136 ----a-w c:\windows\system32\drivers\slip.sys
2009-04-15 08:18 . 2008-04-13 18:46 19200 ----a-w c:\windows\system32\drivers\wstcodec.sys
2009-04-15 08:18 . 2008-04-13 18:46 85248 ----a-w c:\windows\system32\drivers\nabtsfec.sys
2009-04-15 08:18 . 2008-04-13 18:46 17024 ----a-w c:\windows\system32\drivers\ccdecode.sys
2009-04-15 08:18 . 2008-04-14 00:12 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-04-15 08:18 . 2008-04-13 18:46 121984 ----a-w c:\windows\system32\drivers\usbvideo.sys
2009-04-14 05:14 . 2009-04-14 05:14 -------- d-----w c:\documents and settings\winxp sp2\Local Settings\Application Data\Identities
2009-04-14 04:19 . 2009-04-14 04:19 -------- d-----w c:\program files\MSXML 4.0
2009-04-12 19:35 . 2009-04-12 19:35 -------- d-----w c:\program files\Macromedia Flash Player 8
2009-04-12 01:09 . 2009-04-12 01:09 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-04-09 01:26 . 2009-04-09 01:27 -------- d-----w c:\program files\Adobe Flash
2009-04-07 07:42 . 2009-04-07 07:42 -------- d-----w c:\program files\Common Files\SWiSHzone.com
2009-04-07 00:09 . 2009-04-07 00:46 -------- d-----w c:\program files\IDM_5.15
2009-04-05 05:12 . 2009-04-05 05:12 0 ----a-w c:\windows\nsreg.dat
2009-04-05 05:12 . 2009-04-05 05:12 -------- d-----w c:\documents and settings\winxp sp2\Local Settings\Application Data\Mozilla
2009-04-05 05:08 . 2004-03-30 00:23 90112 ----a-w c:\windows\unvise32.exe
2009-04-05 05:04 . 2009-04-05 05:04 -------- d-----w c:\windows\system32\NtmsData
2009-04-05 03:50 . 2001-08-18 06:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-05 03:50 . 2004-08-04 08:56 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-04-05 03:50 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-05 03:46 . 2009-04-05 03:46 -------- d-----w c:\documents and settings\winxp sp2\Application Data\Nikon
2009-04-05 03:45 . 2009-04-05 03:45 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-04-05 03:45 . 2009-04-05 03:45 -------- d-----w c:\documents and settings\All Users\Application Data\Nikon
2009-04-05 03:45 . 2009-04-05 03:45 -------- d-----w c:\program files\Nikon
2009-04-05 03:45 . 2009-04-05 03:45 -------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-04-05 03:45 . 2009-05-04 09:21 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-04-05 03:45 . 2009-04-05 03:45 -------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-04-05 03:43 . 2009-04-05 03:45 -------- d-----w c:\program files\Common Files\Nikon
2009-04-05 03:42 . 2009-04-05 03:42 -------- d-----w c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 19:44 . 2009-04-23 05:23 266 ----a-w c:\windows\Tasks\WGASetup.job
2009-05-04 19:44 . 2009-04-02 01:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 04:53 . 2009-05-03 04:53 6003 ----a-w c:\program files\un_Internet Download Manager_16575.txt
2009-04-26 02:23 . 2009-04-02 01:04 -------- d-----w c:\program files\Yahoo!
2009-04-17 00:45 . 2009-04-02 00:57 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-12 01:48 . 2009-04-02 01:07 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-12 01:14 . 2009-04-02 01:02 106552 ----a-w c:\documents and settings\winxp sp2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 03:43 . 2003-03-19 20:05 106496 ----a-w c:\windows\system32\ATL71.DLL
2009-04-05 03:40 . 2009-04-02 01:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 01:51 . 2009-04-02 01:25 -------- d-----w c:\program files\Common Files\Adobe
2009-04-02 01:46 . 2009-04-02 01:44 -------- d-----w c:\program files\Realtek
2009-04-02 01:44 . 2009-04-02 01:44 315392 ----a-w c:\windows\HideWin.exe
2009-04-02 01:44 . 2009-04-02 01:08 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-02 01:41 . 2009-04-02 01:41 -------- d-----w c:\program files\Intel
2009-04-02 01:35 . 2009-04-02 01:35 -------- d-----w c:\program files\Common Files\L&H
2009-04-02 01:35 . 2009-04-02 01:35 -------- d-----w c:\program files\Microsoft.NET
2009-04-02 01:35 . 2009-04-02 01:35 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-02 01:35 . 2009-04-02 01:35 -------- d-----w c:\program files\Microsoft Works
2009-04-02 01:30 . 2009-04-02 01:30 -------- d-----w c:\program files\mpegable
2009-04-02 01:30 . 2009-04-02 01:30 47104 ------w c:\windows\AKDeInstall.exe
2009-04-02 01:29 . 2009-04-02 01:29 -------- d-----w c:\program files\Nokia
2009-04-02 01:29 . 2009-04-02 01:29 -------- d-----w c:\program files\Common Files\Nokia
2009-04-02 01:23 . 2009-04-02 01:23 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-02 01:23 . 2009-04-02 01:23 172032 ------w c:\windows\Setup1.exe
2009-04-02 01:23 . 2009-04-02 01:23 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-02 01:22 . 2009-04-02 01:22 -------- d-----w c:\program files\MSN Messenger
2009-04-02 01:19 . 2009-04-02 01:19 -------- d-----w c:\program files\Ahead
2009-04-02 01:19 . 2009-04-02 01:19 -------- d-----w c:\program files\Common Files\Ahead
2009-04-02 01:08 . 2009-04-02 01:08 -------- d-----w c:\program files\CyberLink
2009-04-02 01:08 . 2009-04-02 01:08 -------- d-----w c:\program files\iTunes
2009-04-02 01:08 . 2009-04-02 01:08 -------- d-----w c:\program files\iPod
2009-04-02 01:07 . 2009-04-02 01:07 -------- d-----w c:\program files\Apple Software Update
2009-04-02 01:07 . 2009-04-02 01:07 -------- d-----w c:\program files\Java
2009-04-02 01:07 . 2009-04-02 01:07 -------- d-----w c:\program files\Common Files\Java
2009-04-02 01:06 . 2009-04-02 01:06 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-02 01:05 . 2009-04-02 01:05 -------- d-----w c:\program files\Common Files\xing shared
2009-04-02 01:05 . 2009-04-02 01:05 -------- d-----w c:\program files\Real
2009-04-02 01:05 . 2009-04-02 01:05 -------- d-----w c:\program files\Common Files\Real
2009-04-02 00:58 . 2009-04-02 00:58 -------- d-----w c:\program files\microsoft frontpage
2009-04-02 00:58 . 2001-08-23 15:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-02 00:56 . 2009-04-02 00:56 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:22 . 2004-08-03 22:56 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-03 22:56 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-03 22:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-03 22:56 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-03 22:56 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-03 22:56 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-03 22:56 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 11:13 . 2004-08-03 21:17 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-03 22:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-03 21:18 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2001-08-23 15:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-03 22:56 56832 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-30 2799024]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^winxp sp2^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\winxp sp2\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"<NO NAME>"= c:\\wjysuxjs.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 Iywuyru;Iywuyru;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
Iywuyru
napagent
hkmsvc
.
Contents of the 'Scheduled Tasks' folder
2009-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 22:21]
2009-05-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.datanet4net.net/vb/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-04 12:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\windows\system32\0e6b4503f3cd38e98c0e90dd8a3a1829.sys 39936 bytes executable
c:\windows\system32\_0e6b4503f3cd38e98c0e90dd8a3a1829.sys_.vir 39936 bytes executable

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,28,2b,d3,3c,4e,7b,d5,7a,c8,76,5a,c5,fb,da,d7,0c,51,fe,f7,59,
41,c5,22,dc,da,91,63,b9,f5,8d,7c,d2,28,46,9c,63,30,fe,9d,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f76342dc-4df8-4594-bbcd-7e6613ded3e9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000077
"Therad"=dword:0000000c
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2009-05-04 12:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 19:46
Pre-Run: 52,138,659,840 bytes free
Post-Run: 52,458,291,200 bytes free
278 --- E O F --- 2009-04-27 01:47

بانتظار ردك الكريم
 
تأييد 0
الله يعافيك .. التقرير الاخير تم حذف اصابات .... ولايزال جهازك مصاب


اعملي التالي .. لكي نتاكد من تنضيفه .. عطلي استعادة النظام حسب الشرح التالي

i7549_1.png


i7550_2.png


i7551_3.png





حملي اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


 
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
الله يكافيك على مجهودك ماشاء الله
سأطبق الشرح واعود بالتقرير
 
تأييد 0
الله يعافيك .. بانتظار التقرير ان شاء الله
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
السلام عليكم ورحمة الله وبركاته
اختي الكريم dash
هذا التقرير وان شاء الله اكون قد رفعته بشكل صحيح
بانتظار ردك الكريم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
ايوة تمام ....

من التقرير الأخير تم حذف 5 فايروسات .. والان الجهاز نظيف بإذن الله

اعملي تقرير اخير للهايجاك للتنظيف من القيم الضارة وتنظيف الجهاز
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
آسف عالخطأ السابق اخي الكريم
هذا تقرير الهايجاك
بانتظار ردك الكريم

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:52 م, on 04/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\winxp sp2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: MMklkl - {1428A472-5260-404E-9977-7ECDF1DAF936} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: is-5AUT8.lnk = C:\Documents and Settings\winxp sp2\Desktop\Virus Removal Tool\is-5AUT8\startup.exe
O4 - Startup: is-IG1GP.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 4529 bytes
 
تأييد 0
مو مشكلة .. ابدا .. التقرير احسن من اول بكثير

فقط احذفي القيم التالية


O2 - BHO: MMklkl - {1428A472-5260-404E-9977-7ECDF1DAF936} - (no file)


 O4 - Startup: is-IG1GP.lnk = ?


ثم نزلي هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png

وعليك بالعافية
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
الله يعطيك العافيه ويجزيك الخير ويزيدك من علمه
الجهاز صار ممتاز
بس عندي استفسار
هل احتفظ بالادوات التي اعطيتني اياها
بالنسبة لاستعادة النظام هل افعله ام اتركه دون تفعيل
هل اقوم بتشغيل برنامج الحماية

ولك جزيل الشكر وعميق الامتنان
 
تأييد 0
اهلين ... الان باستطاعتك تفعيل استعادة النظام بكل امان

هل اقوم بتشغيل برنامج الحماية
أنقر للتوسيع...

اي نعم ..

احتفضي بها وخاصة الأداة الأخيرة لأنها مهمة لتنظيف الجهاز من المخلفات اليومية

وبالتوفيق
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
شكرا لك بارك الله بك وبعملك وبصحتك
 
تأييد 0
وياك يارب ... الله يوفق الجميع ..

يغلق للإنتهاء
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى