[ تم حل المشكله ] هل احذف هذه الاشياء الان ام لا بعد الفحص

  • بادئ الموضوع بادئ الموضوع ahh20
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,199
الحالة
مغلق و غير مفتوح للمزيد من الردود.
A

ahh20

زيزوومي جديد
إنضم
1 مايو 2009
المشاركات
78
مستوى التفاعل
2
النقاط
80
الإقامة
yemen
غير متصل
السلام عليكم اخوتي
ارجو سرعة الرد كمل الفحص الان لم احذف منتظر الرد مع الشكر
عملت فحص ببرنامج Malwarebytes' Anti-Malware
وطلع التقرير الاتي هل احذفها ام لا هل تبع الجهاز والنظام انظروا فيها ام كلها هاكر وغيروه افيدوني
هل احذف هذه الاشياء ام لا بعد الفحص
وهل يعني جهازي مخترق - كيف منع الاختراق مع الشكر
i22837_kkk.JPG

i22838_h.JPG





Malwarebytes' Anti-Malware 1.38
Database version: 2414
Windows 5.1.2600 Service Pack 2
7/13/2009 11:53:03 ص
mbam-log-2009-07-13 (11-53-03).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 192016
Time elapsed: 1 hour(s), 23 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
c:\system volume information\_restore{907f89de-7c21-4dd6-a17d-2a39e0aaccdb}\RP17\A0003361.exe (Malware.Tool) -> Quarantined and deleted successfully.
d:\زين\برامج\akram\idm5.15full\Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
d:\زين\برامج\برنامج اقفال ملفات\مع التسجيل .winrar3.81.rar2)\RAR Slayer v1.1.exe (Malware.Tool) -> Quarantined and deleted successfully.




لكم التحيه
هل اعمل فحص دوري بهذا البرنامج ام لا
واذا طلعت مثل السابق احذفها وهل اكرر كل الخطوات السابقة
شكرا شكرا
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
ايوا اخوي احذفها مافي خوف ان شاء الله

بعد الحذف هات التقرير الجديد
 
توقيع : KoNaMi
تأييد 0
شكرا اخي على الرد
i22863_.JPG




هذا التقرير طلع بعد الحذف في المفكرة
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2
7/14/2009 12:03:07 م
mbam-log-2009-07-14 (12-03-07).txt
Scan type: Quick Scan
Objects scanned: 83028
Time elapsed: 12 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
 
تأييد 0
طيب اخوي الحين تقرير هاجيك
 
توقيع : KoNaMi
تأييد 0
شكرا اخي على تفاعلك وهذا التقرير
اريد اعرف من اين تاتي هذه الاشياء عندي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:54 م, on 7/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\AutorunRemover\AutorunRemover.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [USB Threat Defender] C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe /b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6748 bytes
 
تأييد 0
ماذا اعمل بهذه الصفحة
ايش احذف ام اغلقها من x


i22866_.JPG
 
تأييد 0
احذف التالي

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide

O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(file missing)

طريقه الحذف


mg%20%283%29.png

mg%20%284%29.png

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة

002.png

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))



بعدين اعمل الاتي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : KoNaMi
تأييد 0
اخي الكريم
هل اقول انتهيت
واشغل اي برنامج الان
هذا هو التقرير المطلوب مع التحيه
وهل هذا يعمل كل مره عند الفحص بالبرنامج السابق وعند حدوث اصابه
الان ماذا اعمل

ComboFix 09-07-13.01 - BFC 07/14/2009 13:19.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.511.203 [GMT 3:00]
Running from: d:\زين\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1272afd.msi
c:\windows\Installer\59250b.msp
c:\windows\Installer\59250c.msp
.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.
2009-07-14 09:57 . 2009-07-14 09:57 -------- d-----w- c:\documents and settings\BFC\Application Data\CyberScrub
2009-07-14 09:22 . 2009-07-14 09:22 -------- d-----w- c:\program files\Trend Micro
2009-07-14 05:37 . 2009-07-14 05:48 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-14 05:32 . 2009-07-13 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-14 05:32 . 2009-07-13 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:23 . 2009-07-13 11:23 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-13 06:44 . 2009-07-13 06:44 -------- d-----w- c:\documents and settings\BFC\Application Data\Malwarebytes
2009-07-13 06:44 . 2009-07-13 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 06:44 . 2009-07-13 06:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 18:29 . 2009-07-12 18:29 -------- d-sh--w- C:\FOUND.005
2009-07-12 07:26 . 2009-07-12 07:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-12 07:26 . 2009-07-12 07:26 -------- d-----w- c:\documents and settings\BFC\Application Data\skypePM
2009-07-12 06:54 . 2009-07-12 06:54 -------- d-----w- c:\program files\SlySoft
2009-07-10 16:44 . 2009-07-10 16:44 -------- d-----w- c:\documents and settings\BFC\Application Data\Moyea
2009-07-10 14:33 . 2009-07-10 14:33 -------- d-sh--w- C:\FOUND.004
2009-07-10 04:46 . 2009-07-10 04:46 -------- d-sh--w- C:\FOUND.003
2009-07-06 18:59 . 2009-07-06 18:59 -------- d-sh--w- C:\FOUND.002
2009-07-05 20:43 . 2009-07-05 20:43 -------- d-----w- c:\program files\AutorunRemover
2009-07-05 08:01 . 2009-07-05 08:01 -------- d-sh--w- C:\FOUND.001
2009-07-03 05:58 . 2009-07-03 05:58 -------- d-----w- c:\program files\ArzooSoft Solutions
2009-07-02 09:25 . 2009-07-02 09:29 2926768 ----a-w- c:\documents and settings\BFC\Application Data\IDM\idmupdt.exe
2009-07-02 09:09 . 2009-07-02 09:10 198064 ----a-w- c:\documents and settings\BFC\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-02 06:43 . 2009-07-02 06:43 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-07-02 06:41 . 2001-08-17 10:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2009-07-02 06:41 . 2001-08-17 10:47 12928 ----a-w- c:\windows\system32\dllcache\dot4prt.sys
2009-07-02 06:41 . 2004-08-03 19:58 207360 ----a-w- c:\windows\system32\drivers\Dot4.sys
2009-07-02 06:41 . 2004-08-03 19:58 207360 ----a-w- c:\windows\system32\dllcache\dot4.sys
2009-07-02 06:41 . 2001-09-18 10:39 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2009-07-02 06:41 . 2001-09-18 10:39 23808 ----a-w- c:\windows\system32\dllcache\dot4usb.sys
2009-07-02 06:29 . 2009-07-02 06:29 112144 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys
2009-07-02 06:29 . 2009-07-02 06:29 25104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
2009-07-02 06:27 . 2009-07-02 06:29 772624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
2009-07-02 06:27 . 2009-07-02 06:27 150032 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
2009-07-02 06:26 . 2009-07-02 06:27 354832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll
2009-07-01 19:35 . 2009-07-01 19:35 -------- d-sh--w- C:\FOUND.000
2009-07-01 09:43 . 2009-07-01 09:43 -------- d-----w- c:\windows\system32\NtmsData
2009-07-01 07:52 . 2009-07-01 07:52 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 3(2)
2009-07-01 06:22 . 2009-07-01 06:22 -------- d-----w- c:\program files\USBScan
2009-06-29 11:45 . 2009-06-29 11:45 -------- d-----w- c:\program files\Autorun Eater
2009-06-29 09:08 . 2009-06-29 09:08 -------- d-----w- c:\documents and settings\BFC\Application Data\IDM
2009-06-29 09:08 . 2009-06-29 09:08 -------- d-----w- c:\documents and settings\BFC\Application Data\DMCache
2009-06-29 09:08 . 2009-06-29 09:08 -------- d-----w- c:\program files\Internet Download Manager
2009-06-29 04:10 . 2009-06-29 04:10 -------- d-----w- c:\program files\Activision
2009-06-28 21:37 . 2009-06-28 21:37 -------- d-----w- c:\windows\system32\QuickTime
2009-06-28 21:37 . 2009-06-28 21:37 -------- d-----w- c:\program files\QuickTime(2)
2009-06-28 21:37 . 2009-06-28 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-06-28 21:32 . 2009-06-28 21:32 -------- d-----w- c:\program files\AliveComputing
2009-06-28 21:23 . 2009-06-28 21:24 -------- d-----w- c:\program files\USB Disk Security
2009-06-28 21:17 . 2009-06-28 21:17 -------- d-----w- c:\program files\Elecard
2009-06-28 21:17 . 2009-06-28 21:17 -------- d-----w- c:\program files\Common Files\Elecard
2009-06-28 20:53 . 2009-06-28 20:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-28 20:51 . 2009-06-28 20:51 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-06-28 15:40 . 2009-06-28 15:41 -------- d-----w- c:\documents and settings\BFC\Contacts
2009-06-28 15:40 . 2009-06-28 15:40 -------- d-----w- c:\documents and settings\BFC\Local Settings\Application Data\Yahoo
2009-06-28 15:29 . 2009-06-28 15:29 -------- d-s---w- c:\documents and settings\BFC\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 10:07 . 2001-09-19 09:00 52890 ----a-w- c:\windows\system32\perfc001.dat
2009-07-14 10:07 . 2001-09-19 09:00 318566 ----a-w- c:\windows\system32\perfh001.dat
2009-07-14 10:01 . 2009-01-27 03:51 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-14 10:01 . 2009-01-27 03:51 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-14 10:01 . 2009-01-27 03:51 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-14 10:01 . 2009-01-27 03:51 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-14 09:56 . 2009-07-14 09:56 -------- d-----w- c:\documents and settings\BFC\Application Data\cleaner
2009-07-11 09:22 . 2009-01-28 02:34 84368 ----a-w- c:\documents and settings\BFC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-02 06:30 . 2007-10-31 10:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-06-30 11:12 . 2009-01-27 02:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-29 11:22 . 2009-06-29 11:22 0 ----a-w- c:\windows\VDM44.tmp
2009-06-29 11:13 . 2009-06-29 11:13 0 ----a-w- c:\windows\VDM42.tmp
2009-06-29 11:09 . 2009-06-29 11:09 0 ----a-w- c:\windows\VDM40.tmp
2009-06-29 10:55 . 2009-06-29 10:55 0 ----a-w- c:\windows\VDM3F.tmp
2009-06-29 10:50 . 2009-06-29 10:50 0 ----a-w- c:\windows\VDM3D.tmp
2009-06-29 10:47 . 2009-06-29 10:47 0 ----a-w- c:\windows\VDM3C.tmp
2009-06-29 10:25 . 2009-06-29 10:25 0 ----a-w- c:\windows\VDM3B.tmp
2009-06-29 01:57 . 2009-01-27 03:51 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-29 01:57 . 2009-01-27 03:51 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-03-26 19:11 . 2009-01-27 19:08 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-10-27 3810544]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-01-27 5728112]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"USB Threat Defender"="c:\program files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe" [2009-07-01 1215488]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\BFC\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-27 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-06-06 544768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\BFC\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\cinetray.exe [2002-9-18 98304]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-1-27 344064]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [12/13/2007 01:28 م 24592]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [1/27/2009 06:05 ص 349184]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.video-to-flash.com/flv-player/welcometo_freeflvplayer.php?pc=Moyea+FLV+Player&affid=
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: الدليل السريع - c:\windows\ww80.html
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{46012076-ED62-464b-9554-AD0BEC35D1EC}
FF - ProfilePath - c:\documents and settings\BFC\Application Data\Mozilla\Firefox\Profiles\kyo74utm.default\
FF - component: c:\documents and settings\BFC\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-14 13:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1328)
c:\windows\system32\klogon.dll
.
Completion time: 2009-07-14 13:24
ComboFix-quarantined-files.txt 2009-07-14 10:24
Pre-Run: 8,436,891,648 bytes free
Post-Run: 8,412,585,984 bytes free
168
 
تأييد 0
الحين اخوي هات تقرير جديد للهاجيك عشان نتأكد
 
توقيع : KoNaMi
تأييد 0
السلام عليكم اخي
امس رحت معي عمل العفو الان اكمل
هذا التقرير ماذا افعل هل خلاص تمام
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:50:50 ص, on 7/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [USB Threat Defender] C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe /b
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5992 bytes
i22979_sssssssssssssssss.JPG
 
تأييد 0
اخوي التقرير سليم الحين

آي مشآكل اخرى ؟؟
 
توقيع : KoNaMi
تأييد 0
الحمد لله تمام
لكم التحيه
هل اعمل فحص دوري بهذا البرنامج ام لا
واذا طلعت مثل السابق احذفها وهل اكرر كل الخطوات السابقة
شكرا شكرا
 
تأييد 0
حياك اخوي

بالنسبه لااداة الهاجيك اذا حسيت انو في تغير في الجهاز

حط موضوع جديد هنا فيه التقرير وان شاء الله سوف يتم تحليله من قبل الخبراء واعلامك بالازم

واذا شكيت في الملفات الي ودك تحذفها حط موضوع جديد وان شاء الله الاخوان ماراح يقصروا

كل الود

:. يغلق للانتهاء .:
 
توقيع : KoNaMi
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى