مشكله في جهازي

قرقر واجد · 8 يونيو 2009

السلام عليكم و رحمة الله و بركاته

حابه أستفسر عن مشكله في جهازي
أشك فيه فيروسات و يمكن تجسس :er:

أنا جهازي فيه برنامج أفاست :er:
أحيناً يتقفل المسن من نفسه
و أحياناً صفحات تتقفل
كيف أعرف لو فيه تجسس أو لا و كيف أحميه ؟؟

ربي يسعدكم يا رب
:er:

algnral · 8 يونيو 2009

حمل هذا الآداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
أتمنى منك الصبر حتى يتم تحليل التقرير

قرقر واجد · 8 يونيو 2009

بس ممكن أعرف شو هاي الأدآه
معلومه يعني

algnral · 8 يونيو 2009

اداه تصلح اخطاء الجهاز والفايروسات

قرقر واجد · 8 يونيو 2009

Logfile of HijackThis v1.99.1
Scan saved at 12:38:38 ص, on 04/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\00THotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pcw\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\SiCoDriVeT\vsdrv.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C891932-6F76-44F0-B33C-439A8A9DA8F7}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: xspgvnb - xspgvnb.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

:q:
هذا اللي طلع لي
الله يعينك علي :b:

algnral · 8 يونيو 2009

اول شي عطل برنامج الحمايه<< سوى له خروج من شريط المهام
حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

يجب ان تكون جميع النوافذ مغلقة تماما

عطنا التقريرن الاول جديد وهذا

قرقر واجد · 8 يونيو 2009

اول شي عطل برنامج الحمايه<< سوى له خروج من شريط المهام

أنا برنامجي أفاست
سويت له إيقاف الحمايه وقت الوصول
عليه مثل إشاره كتم الصوت ( مدري كذا تقفل أو لا )
؟؟
ربي يسعدك يا رب

algnral · 8 يونيو 2009

تمام كملي الخطوات

قرقر واجد · 8 يونيو 2009

combofix 09-06-07.03 - pcw 04/04/2009 1:04.1 - ntfsx86
microsoft windows xp professional 5.1.2600.2.1256.966.1033.18.503.269 [gmt 3:00]
running from: C:\downloads\combofix.exe
av: Avast! Antivirus 4.8.1335 [vps 090607-0] *on-access scanning disabled* (updated) {7591db91-41f0-48a3-b128-1a293fd8233d}
warning -this machine does not have the recovery console installed !!
.
((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\program files\antispy2
c:\program files\antispy2\anti_spy.exe
c:\program files\antispy2\s.txt
c:\program files\antispy2\uninstall\irimg1.jpg
c:\program files\antispy2\uninstall\irimg2.jpg
c:\program files\antispy2\uninstall\irimg3.jpg
c:\program files\antispy2\uninstall\uninstall.dat
c:\program files\antispy2\uninstall\uninstall.xml
c:\windows\ie4 error log.txt
c:\windows\system32\drivers\toshiba_tecra a8_04491-ar_pta83e-01d02.mrk
.
((((((((((((((((((((((((((((((((((((((( drivers/services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\service_tcpsr

((((((((((((((((((((((((( files created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 21:58 . 2009-04-03 21:58 -------- d-----w- c:\windows\system32\wbem\repository
2009-04-03 21:57 . 2009-04-03 21:57 -------- d-----w- c:\program files\common files\xing shared
2009-04-03 21:44 . 2009-04-03 21:53 -------- d-----w- c:\documents and settings\pcw\tracing
2009-04-03 21:34 . 2009-04-03 21:34 -------- d-----w- c:\program files\microsoft sync framework
2009-04-03 21:33 . 2009-04-03 21:33 -------- d-----w- c:\program files\microsoft sql server compact edition
2009-04-03 21:30 . 2009-04-03 21:41 -------- d-----w- c:\wamp
2009-04-03 21:30 . 2009-04-03 21:30 -------- d-----w- c:\program files\microsoft
2009-04-03 21:12 . 2009-04-03 21:12 -------- d-----w- c:\program files\common files\windows live
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 22:04 . 2008-11-17 21:02 -------- d-----w- c:\documents and settings\pcw\application data\skype
2009-04-03 21:57 . 2008-03-09 19:32 -------- d-----w- c:\program files\common files\real
2009-04-03 21:40 . 2008-03-09 19:29 -------- d-----w- c:\program files\windows live
2009-04-03 21:24 . 2008-03-09 19:26 -------- d-----w- c:\program files\google
2009-04-03 21:14 . 2008-11-17 21:07 -------- d-----w- c:\documents and settings\pcw\application data\skypepm
2009-04-03 21:13 . 2008-03-09 19:28 -------- d-----w- c:\program files\msn messenger
2009-04-03 21:10 . 2008-04-22 07:54 -------- d-----w- c:\documents and settings\pcw\application data\dna
2009-04-03 21:08 . 2008-03-09 17:30 167264 ----a-w- c:\documents and settings\pcw\local settings\application data\gdipfontcachev1.dat
2009-04-03 21:08 . 2008-04-09 14:50 -------- d-----w- c:\documents and settings\pcw\application data\orbit
2009-02-05 21:11 . 2008-03-12 17:06 1256296 ----a-w- c:\windows\system32\aswboot.exe
2009-02-05 21:08 . 2008-03-12 17:06 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-02-05 21:08 . 2008-03-12 17:06 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-02-05 21:07 . 2008-04-06 22:22 114768 ----a-w- c:\windows\system32\drivers\aswsp.sys
2009-02-05 21:07 . 2008-04-06 22:22 20560 ----a-w- c:\windows\system32\drivers\aswfsblk.sys
2009-02-05 21:06 . 2008-03-12 17:06 51376 ----a-w- c:\windows\system32\drivers\aswtdi.sys
2009-02-05 21:06 . 2008-03-12 17:06 23152 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2009-02-05 21:05 . 2008-03-12 17:06 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-02-05 21:04 . 2008-03-12 17:06 97480 ----a-w- c:\windows\system32\avastss.scr
2005-08-27 12:26 . 2008-03-09 19:36 1581056 ----a-w- c:\program files\flashplayer8.exe
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
[hkey_current_user\software\microsoft\windows\currentversion\run]
"swg"="c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" [2008-10-03 68856]
"bittorrent dna"="c:\program files\dna\btdna.exe" [2009-04-03 289088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"sunjavaupdatesched"="c:\program files\java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"tkbellexe"="c:\program files\common files\real\update_ob\realsched.exe" [2008-03-09 185896]
"vistadrv"="c:\program files\sicodrivet\vsdrv.exe" [2006-07-30 121089]
"toshkcw.exe"="c:\program files\toshiba\wireless hotkey\toshkcw.exe" [2005-05-17 49152]
"00thotkey"="c:\windows\system32\00thotkey.exe" [2006-05-18 09:53 253952]
"avast!"="c:\progra~1\alwils~1\avast4\ashdisp.exe" [2009-02-05 81000]
"hp software update"="c:\program files\hp\hp software update\hpwuschd2.exe" [2006-02-18 49152]
"remotecontrol"="c:\program files\cyberlink\powerdvd\pdvdserv.exe" [2004-11-02 32768]
"tfncky"="tfncky.exe" [bu]
"000stthk"="000stthk.exe" - c:\windows\system32\000stthk.exe [2001-06-23 03:28 24576]
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
c:\documents and settings\all users\start menu\programs\startup\
bluetooth manager.lnk - c:\program files\toshiba\bluetooth toshiba stack\tosbtmng.exe [2007-5-22 2756608]
hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe [2006-2-19 288472]
orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe [2008-4-9 1678536]
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\ati0pwxx.sys]
@="driver"
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\ati7elxx.sys]
@="driver"
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\ati7hoxx.sys]
@="driver"
[hkey_local_machine\software\microsoft\security center]
"antivirusdisablenotify"=dword:00000001
"updatesdisablenotify"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\program files\\orbitdownloader\\orbitdm.exe"=
"c:\\program files\\orbitdownloader\\orbitnet.exe"=
"c:\\program files\\mobily connect card\\mobily connect card.exe"=
"c:\\program files\\messenger\\msmsgs.exe"=
"c:\\program files\\dna\\btdna.exe"=
"c:\\program files\\msn messenger\\msnmsgr.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\program files\\skype\\phone\\skype.exe"=
r0 thpdrv;toshiba hdd protection driver;c:\windows\system32\drivers\thpdrv.sys [28/12/2004 01:31 ص 16384]
r0 thpevm;toshiba hdd protection - shock sensor driver;c:\windows\system32\drivers\thpevm.sys [06/06/2006 04:27 م 6144]
r1 aswsp;avast! Self protection;c:\windows\system32\drivers\aswsp.sys [07/04/2008 01:22 ص 114768]
r1 tmei3e;tmei3e;c:\windows\system32\drivers\tmei3e.sys [06/06/2006 04:31 م 5888]
r2 aswfsblk;aswfsblk;c:\windows\system32\drivers\aswfsblk.sys [07/04/2008 01:22 ص 20560]
r2 tmesrv;tmesrv3;c:\program files\toshiba\tme3\tmesrv31.exe [06/06/2006 04:31 م 114688]
s0 ati0pwxx;ati0pwxx;c:\windows\system32\drivers\ati0pwxx.sys --> c:\windows\system32\drivers\ati0pwxx.sys [?]
s0 ati7elxx;ati7elxx;c:\windows\system32\drivers\ati7elxx.sys --> c:\windows\system32\drivers\ati7elxx.sys [?]
s0 ati7hoxx;ati7hoxx;c:\windows\system32\drivers\ati7hoxx.sys --> c:\windows\system32\drivers\ati7hoxx.sys [?]
s3 ifxtpm;ifxtpm;c:\windows\system32\drivers\ifxtpm.sys [06/06/2006 04:49 م 35968]
.
Contents of the 'scheduled tasks' folder
.
- - - - orphans removed - - - -
notify-xspgvnb - xspgvnb.dll
safeboot-procexp90.sys

.
------- supplementary scan -------
.
Ustart page = hxxp://www.google.com.sa/
usearch page = hxxp://www.google.com
usearch bar = hxxp://www.google.com/ie
mdefault_search_url = hxxp://www.google.com/ie
mstart page = hxxp://home.sweetim.com
usearchassistant = hxxp://www.google.com/ie
usearchurl,(default) = hxxp://www.google.com/search?q=%s
msearchassistant = hxxp://www.google.com/ie
ie: &download by orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
ie: &grab video by orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
ie: Do&wnload selected by orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
ie: Down&load all by orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
ie: E&xport to microsoft excel - c:\progra~1\micros~2\office11\excel.exe/3000
tcp: {3c891932-6f76-44f0-b33c-439a8a9da8f7} = 84.23.101.84 84.23.101.85
filter: X-sdch - {b1759355-3eec-4c1e-b0f1-b719fe26e377} - c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll
dpf: Microsoft xml parser for java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ff - profilepath - c:\documents and settings\pcw\application data\mozilla\firefox\profiles\6eo2g26i.default\
ff - prefs.js: Browser.search.selectedengine - mystart search
ff - prefs.js: Browser.startup.homepage - hxxp://mystart.hiyo.com/
ff - prefs.js: Keyword.url - hxxp://mystart.hiyo.com/?loc=ff_address&search=
ff - component: C:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2009-04-04 00:06
windows 5.1.2600 service pack 2 ntfs
scanning hidden processes ...
Scanning hidden autostart entries ...
Scanning hidden files ...
Scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- dlls loaded under running processes ---------------------
- - - - - - - > 'explorer.exe'(1776)
c:\windows\system32\msi.dll
.
------------------------ other running processes ------------------------
.
C:\program files\intel\wireless\bin\evteng.exe
c:\program files\intel\wireless\bin\s24evmon.exe
c:\program files\alwil software\avast4\aswupdsv.exe
c:\program files\alwil software\avast4\ashserv.exe
c:\program files\toshiba\configfree\cfsvcs.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\hpzipm12.exe
c:\program files\intel\wireless\bin\regsrvc.exe
c:\windows\system32\thpsrv.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\toshiba\toshiba controls\tfncky.exe
c:\program files\orbitdownloader\orbitnet.exe
c:\program files\toshiba\bluetooth toshiba stack\tosa2dp.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbthid.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbthsp.exe
c:\program files\hp\digital imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-04-03 0:11 - machine was rebooted
combofix-quarantined-files.txt 2009-04-03 21:10
pre-run: 34,130,460,672 bytes free
post-run: 45,609,201,664 bytes free
184

هذا التقرير اللي طلع لي

قرقر واجد · 8 يونيو 2009

MMA_LORD_735 · 8 يونيو 2009

مرحباً ...

الله يعطيكون العافية يارب ...

عطيني أخي تقرير هايجك جديد ...

قرقر واجد · 8 يونيو 2009

logfile of hijackthis v1.99.1
scan saved at 12:39:56 ص, on 04/04/2009
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\intel\wireless\bin\evteng.exe
c:\program files\intel\wireless\bin\s24evmon.exe
c:\program files\alwil software\avast4\aswupdsv.exe
c:\program files\alwil software\avast4\ashserv.exe
c:\windows\system32\spoolsv.exe
c:\program files\toshiba\configfree\cfsvcs.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\hpzipm12.exe
c:\program files\intel\wireless\bin\regsrvc.exe
c:\windows\system32\svchost.exe
c:\windows\system32\thpsrv.exe
c:\program files\toshiba\tme3\tmesrv31.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe
c:\program files\alwil software\avast4\ashmaisv.exe
c:\program files\alwil software\avast4\ashwebsv.exe
c:\windows\explorer.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\program files\java\jre1.6.0_03\bin\jusched.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\toshiba\wireless hotkey\toshkcw.exe
c:\program files\toshiba\toshiba controls\tfncky.exe
c:\windows\system32\00thotkey.exe
c:\progra~1\alwils~1\avast4\ashdisp.exe
c:\program files\hp\hp software update\hpwuschd2.exe
c:\program files\cyberlink\powerdvd\pdvdserv.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\program files\dna\btdna.exe
c:\windows\system32\ctfmon.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbtmng.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
c:\program files\orbitdownloader\orbitdm.exe
c:\program files\orbitdownloader\orbitnet.exe
c:\program files\toshiba\bluetooth toshiba stack\tosa2dp.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbthid.exe
c:\program files\toshiba\bluetooth toshiba stack\tosbthsp.exe
c:\program files\hp\digital imaging\bin\hpqste08.exe
c:\program files\mobily connect card\mobily connect card.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\common files\microsoft shared\windows live\wlloginproxy.exe
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\notepad.exe
c:\documents and settings\pcw\desktop\hijackthis.exe
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,default_search_url =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,search page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r0 - hklm\software\microsoft\internet explorer\main,start page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o2 - bho: Btorbit.com - {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
o2 - bho: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: Ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: Windows live sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar.dll
o2 - bho: Google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
o2 - bho: Google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll
o3 - toolbar: Google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar.dll
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [igfxhkcmd] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [igfxpers] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [vistadrv] c:\program files\sicodrivet\vsdrv.exe
o4 - hklm\..\run: [toshkcw.exe] "c:\program files\toshiba\wireless hotkey\toshkcw.exe"
o4 - hklm\..\run: [tfncky] tfncky.exe
o4 - hklm\..\run: [00thotkey] c:\windows\system32\00thotkey.exe
o4 - hklm\..\run: [000stthk] 000stthk.exe
o4 - hklm\..\run: [avast!] c:\progra~1\alwils~1\avast4\ashdisp.exe
o4 - hklm\..\run: [hp software update] c:\program files\hp\hp software update\hpwuschd2.exe
o4 - hklm\..\run: [remotecontrol] "c:\program files\cyberlink\powerdvd\pdvdserv.exe"
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [bittorrent dna] "c:\program files\dna\btdna.exe"
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - global startup: Bluetooth manager.lnk = ?
O4 - global startup: Hp digital imaging monitor.lnk = c:\program files\hp\digital imaging\bin\hpqtra08.exe
o4 - global startup: Orbit.lnk = c:\program files\orbitdownloader\orbitdm.exe
o8 - extra context menu item: &download by orbit - res://c:\program files\orbitdownloader\orbitmxt.dll/201
o8 - extra context menu item: &grab video by orbit - res://c:\program files\orbitdownloader\orbitmxt.dll/204
o8 - extra context menu item: Do&wnload selected by orbit - res://c:\program files\orbitdownloader\orbitmxt.dll/203
o8 - extra context menu item: Down&load all by orbit - res://c:\program files\orbitdownloader\orbitmxt.dll/202
o8 - extra context menu item: E&xport to microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
o9 - extra 'tools' menuitem: Sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
o9 - extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: بحث - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o17 - hklm\system\ccs\services\tcpip\..\{3c891932-6f76-44f0-b33c-439a8a9da8f7}: Nameserver = 84.23.101.84 84.23.101.85
o18 - protocol: Livecall - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\msnmes~1\msgrap~1.dll
o18 - protocol: Msnim - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\msnmes~1\msgrap~1.dll
o18 - protocol: Skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~1\common~1\skype\skype4~1.dll
o18 - filter: X-sdch - {b1759355-3eec-4c1e-b0f1-b719fe26e377} - c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll
o20 - winlogon notify: Igfxcui - c:\windows\system32\igfxdev.dll
o23 - service: Avast! Iavs4 control service (aswupdsv) - alwil software - c:\program files\alwil software\avast4\aswupdsv.exe
o23 - service: Avast! Antivirus - alwil software - c:\program files\alwil software\avast4\ashserv.exe
o23 - service: Avast! Mail scanner - unknown owner - c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
o23 - service: Avast! Web scanner - unknown owner - c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)
o23 - service: Configfree service (cfsvcs) - toshiba corporation - c:\program files\toshiba\configfree\cfsvcs.exe
o23 - service: Intel(r) proset/wireless event log (evteng) - intel corporation - c:\program files\intel\wireless\bin\evteng.exe
o23 - service: Filezilla server ftp server (filezilla server) - unknown owner - c:\program files\filezilla server\filezilla server.exe (file missing)
o23 - service: Google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: Installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
o23 - service: Pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
o23 - service: Intel(r) proset/wireless registry service (regsrvc) - intel corporation - c:\program files\intel\wireless\bin\regsrvc.exe
o23 - service: Intel(r) proset/wireless service (s24eventmonitor) - intel corporation - c:\program files\intel\wireless\bin\s24evmon.exe
o23 - service: Toshiba hdd protection (thpsrv) - toshiba corporation - c:\windows\system32\thpsrv.exe
o23 - service: Tmesrv3 (tmesrv) - unknown owner - c:\program files\toshiba\tme3\tmesrv31.exe" /service (file missing)
o23 - service: Toshiba bluetooth service - toshiba corporation - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe
o23 - service: Wampapache - unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice (file missing)
o23 - service: Wampmysqld - unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

معليش تأخرت بس كان الجهاز شوي معلق عندي

ربي يسعدك يا رب

MMA_LORD_735 · 8 يونيو 2009

:hh:

دوختني والله ...

<< ما لح تفهم علي لو شرحتلك بس المهم ...

عطيني تقرير كامل و بدون أي أكود أو أقباس

...

قرقر واجد · 8 يونيو 2009

وي
هذا التقرير اللي طلع لي في مفكره

boob77 · 8 يونيو 2009

هلاا خيتواا ايواا حطي نفس التقرير بس بدون اقتباس ^^

قرقر واجد · 8 يونيو 2009

Logfile of HijackThis v1.99.1
Scan saved at 12:39:56 ص, on 04/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\00THotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\pcw\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =