كيف أحذف فايروسات التورجان ؟

sayyaf · 20 يوليو 2009

السلام عليكم ورحمة الله وبركاته

أمس نزلت ماسنجر بلس وعند الأنتهاء من التثبيت طلعت لي رسالة من الكاسبر يقول أنه تورجان

الخيارات المفترضة من الكاسبر إما حذف أو مستحسن أو تخطي ...

الخيارات كلها أختفت وبقي تخطي معناته موافقة على قبول الفايروس .. !!

سويت فحص على السريع في الكاسبر ولايوجد شيء والله أعلم كأني رأيت مسار الفايروس في مجلد

السيستم ..

هل في أداة تحذف التروجان ؟

وللعلم الكاسبر أنترنت سكورتي 2009 واصلي ..

البارون · 20 يوليو 2009

طيب عطنا صورة الرسالة اخوي

sayyaf · 20 يوليو 2009

أخوي الرسالة أختفت
والان رجعت وثبته علشان أصورها لك ولكن طلعت هذه الصورة

وأبغى أسألك ماقصة الكلام المكتوب تحت

أنت مستخدم نسخة تجريبية
موصى بشراء النسخة التجارية

البرنامج أشتريه على أنه أصلي قبل شهرين ركبته وما كانت تظهر لي نهائي
إلا قبل يومين فرمت الجهاز وركبت البرنامج والمفتاح وصارت تطلع لي

وهذا التهديدات المكتشفة من الكاسبر

هل صحيح أنحذف أو لا ؟

البارون · 20 يوليو 2009

طيب تقرير هايجاك

sayyaf · 20 يوليو 2009

ممكن تجاوب لي على نسخة الكاسبر ؟

التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:39:46 م, on 20/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AFAQ Wireless\AFAQ Wireless.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\system32\wuauclt.exe
H:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\AFAQ Wireless\AFAQ Wireless.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: أضافة إلى مانع الأعلانات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7288 bytes

sayyaf · 20 يوليو 2009

البارون التقرير وصل :d:

البارون · 20 يوليو 2009

طيب (( قاعد افحص اون لاين النت بطىءءءءءء ))

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

sayyaf · 20 يوليو 2009

التقرير طويل جداً

هذا الجزء الأول

ComboFix 09-07-19.04 - shaher 07/20/2009 16:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.2937.2379 [GMT 3:00]
Running from: c:\documents and settings\shaher\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\kakle.dll
c:\windows\system32\mdm.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-20 12:23 . 2007-04-23 04:52 8444416 ----a-w- c:\windows\system32\dllcache\shell32.dll
2009-07-20 12:08 . 2009-07-20 12:08 -------- d-----w- c:\program files\Windows Live
2009-07-20 12:06 . 2009-07-20 12:06 -------- d-----w- c:\program files\Circl Developement
2009-07-20 10:54 . 2009-07-20 10:54 766 ----a-r- c:\documents and settings\shaher\Application Data\Microsoft\Installer\{06392D0A-3CD3-4B87-B507-65A1A7D383D4}\InstantDemo_1.exe
2009-07-20 10:54 . 2009-07-20 10:54 16718 ----a-r- c:\documents and settings\shaher\Application Data\Microsoft\Installer\{06392D0A-3CD3-4B87-B507-65A1A7D383D4}\InstantDemo.exe
2009-07-20 10:54 . 2009-07-20 10:54 16718 ----a-r- c:\documents and settings\shaher\Application Data\Microsoft\Installer\{06392D0A-3CD3-4B87-B507-65A1A7D383D4}\controlPanelIcon.exe
2009-07-20 10:54 . 2009-07-20 10:54 10134 ----a-r- c:\documents and settings\shaher\Application Data\Microsoft\Installer\{06392D0A-3CD3-4B87-B507-65A1A7D383D4}\SystemFolder_msiexec.exe
2009-07-20 10:36 . 2009-07-20 10:56 -------- d-----w- c:\documents and settings\shaher\Local Settings\Application Data\Instant Demo
2009-07-19 22:22 . 2009-07-20 12:08 -------- d-----w- c:\program files\Circle Developemet
2009-07-19 22:22 . 2009-07-20 12:08 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-19 22:21 . 2009-07-19 22:21 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-19 22:21 . 2009-07-20 12:08 -------- d-----w- c:\program files\MSN Messenger
2009-07-19 19:58 . 2001-08-17 19:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-07-19 19:58 . 2001-08-17 19:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-07-19 19:58 . 2001-08-17 19:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-07-19 19:58 . 2001-08-17 19:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-07-19 19:58 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-07-19 19:58 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-07-19 19:58 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-07-19 19:58 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-07-19 19:58 . 2001-08-17 11:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-07-19 19:58 . 2001-08-17 11:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-07-19 19:58 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-07-19 19:58 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-07-19 19:36 . 2009-07-19 19:36 -------- d-----w- c:\windows\برنامج بوصلة طالب العلم الإصدار الأول
2009-07-19 19:36 . 2009-07-19 19:36 -------- d-----w- c:\program files\برنامج بوصلة طالب العلم الإصدار الأول
2009-07-19 09:29 . 2009-07-19 09:29 -------- d-----w- c:\program files\Web Publish
2009-07-19 08:52 . 2009-07-19 08:52 -------- d-----w- c:\documents and settings\shaher\Local Settings\Application Data\Help
2009-07-19 08:32 . 2009-07-19 08:32 -------- d-----w- c:\documents and settings\shaher\Local Settings\Application Data\Identities
2009-07-19 08:02 . 2004-08-04 00:41 57216 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-07-19 08:02 . 2001-08-17 14:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-19 08:02 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-07-19 08:01 . 2004-08-04 00:55 73728 ----a-w- c:\windows\system32\usbui.dll
2009-07-19 08:01 . 2004-08-03 23:07 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2009-07-19 08:01 . 2001-08-17 13:58 9344 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-07-19 08:01 . 2004-08-03 23:07 14080 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2009-07-19 08:01 . 2001-09-18 13:30 16256 ----a-w- c:\windows\system32\drivers\battc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 13:07 . 2009-07-19 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-20 13:06 . 2009-07-19 05:34 2996 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-20 13:06 . 2009-07-19 05:34 253984 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-20 13:06 . 2009-07-19 05:34 14580 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-20 13:06 . 2009-07-19 05:34 1057312 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-20 12:42 . 2001-09-19 12:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-07-20 12:42 . 2001-09-19 12:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-07-20 12:38 . 2009-07-19 07:38 -------- d-----w- c:\program files\Conduit
2009-07-20 10:44 . 2009-07-19 07:52 -------- d-----w- c:\program files\Hotspot Shield
2009-07-20 10:43 . 2009-07-19 06:09 -------- d-----w- c:\program files\mpegable
2009-07-20 03:20 . 2009-07-19 05:33 27264 ----a-w- c:\documents and settings\shaher\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-19 09:17 . 2009-07-19 09:17 2678 ----a-w- c:\windows\java\Packages\Data\4XFV5F5B.DAT
2009-07-19 09:17 . 2009-07-19 09:17 2678 ----a-w- c:\windows\java\Packages\Data\ZDZJBV9N.DAT
2009-07-19 09:17 . 2009-07-19 09:17 2678 ----a-w- c:\windows\java\Packages\Data\TVRD7RDB.DAT
2009-07-19 09:17 . 2009-07-19 09:17 2678 ----a-w- c:\windows\java\Packages\Data\DNJBJ7PJ.DAT
2009-07-19 07:57 . 2009-07-19 06:18 -------- d-----w- c:\program files\AskTBar
2009-07-19 07:56 . 2009-07-19 07:56 -------- d-----w- c:\documents and settings\shaher\Application Data\Yahoo!
2009-07-19 07:56 . 2009-07-19 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-19 06:32 . 2009-07-19 06:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-19 06:31 . 2009-07-19 06:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-19 06:31 . 2009-07-19 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-19 06:27 . 2009-07-19 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-07-19 06:27 . 2009-07-19 06:27 -------- d-----w- c:\program files\TechSmith
2009-07-19 06:27 . 2009-07-19 06:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-19 06:23 . 2009-07-19 06:23 -------- d-----w- c:\documents and settings\shaher\Application Data\Ahead
2009-07-19 06:23 . 2009-07-19 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-07-19 06:22 . 2009-07-19 06:21 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-19 06:21 . 2009-07-19 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-19 06:21 . 2009-07-19 06:21 -------- d-----w- c:\program files\Nero
2009-07-19 06:14 . 2009-07-19 06:14 0 ----a-w- c:\windows\nsreg.dat
2009-07-19 06:11 . 2009-07-19 06:11 -------- d-----w- c:\program files\Ozone
2009-07-19 06:10 . 2009-07-19 06:10 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-19 06:10 . 2009-07-19 06:10 -------- d-----w- c:\program files\Nokia
2009-07-19 06:09 . 2009-07-19 06:09 47104 ------w- c:\windows\AKDeInstall.exe
2009-07-19 06:08 . 2009-07-19 06:08 -------- d-----w- c:\program files\Yahoo!
2009-07-19 06:08 . 2009-07-19 06:08 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-19 06:08 . 2009-07-19 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-07-19 06:08 . 2009-07-19 06:08 -------- d-----w- c:\program files\ACD Systems
2009-07-19 06:06 . 2009-07-19 06:06 -------- d-----w- c:\program files\VS Revo Group
2009-07-19 06:06 . 2009-07-19 06:05 -------- d-----w- c:\program files\Quranzu1
2009-07-19 06:04 . 2009-07-19 06:04 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-19 06:04 . 2009-07-19 06:04 -------- d-----w- c:\program files\Common Files\Real
2009-07-19 06:04 . 2009-07-19 06:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-19 06:04 . 2009-07-19 06:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-19 06:04 . 2009-07-19 06:04 -------- d-----w- c:\program files\Real
2009-07-19 06:03 . 2009-07-19 06:03 -------- d-----w- c:\program files\Real_SC
2009-07-19 06:02 . 2009-07-19 06:02 -------- d-----w- c:\program files\مشغل الفلاش العربي
2009-07-19 06:01 . 2009-07-19 05:34 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-19 05:59 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-19 05:59 . 2009-07-19 05:34 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-19 05:59 . 2009-07-19 05:34 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-19 05:59 . 2009-07-19 05:59 44808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-07-19 05:59 . 2009-07-19 05:59 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-07-19 05:59 . 2009-07-19 05:59 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-07-19 05:59 . 2009-07-19 05:59 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys
2009-07-19 05:44 . 2009-07-19 05:41 112821 ----a-w- c:\windows\hpoins07.dat
2009-07-19 05:43 . 2009-07-19 05:42 -------- d-----w- c:\program files\HP
2009-07-19 05:41 . 2009-07-19 05:41 -------- d-----w- c:\documents and settings\shaher\Application Data\HP
2009-07-19 05:33 . 2009-07-19 05:31 -------- d-----w- c:\program files\AFAQ Wireless
2009-07-19 05:31 . 2009-07-19 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-19 05:20 . 2009-07-19 05:20 -------- d-----w- c:\program files\CONEXANT
2009-07-19 05:11 . 2009-07-19 05:11 -------- d-----w- c:\program files\microsoft frontpage
2009-07-19 05:10 . 2009-07-19 05:10 -------- d-----w- c:\program files\MSXML 4.0
2009-07-19 05:09 . 2009-07-19 05:09 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-19 05:07 . 2009-07-19 05:07 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2008-10-31 21:05 . 2009-07-19 06:13 134656 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-07-19 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Mobile Partner"="c:\program files\AFAQ Wireless\AFAQ Wireless.exe" [2009-07-19 110592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-09 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-09 141848]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-19 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-19 185896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-04-23 12451]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-03 99840]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-19 113664]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-5-15 6822728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

تابع التقرير

sayyaf · 20 يوليو 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [19/07/2009 08:20 ص 732160]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [19/07/2009 08:21 ص 110080]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd3b7c2-7423-11de-9f8f-a89aba89b666}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Device Detector - DevDetect.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
uInternet Connection Wizard,ShellNext = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1561552
IE: أضافة إلى مانع الأعلانات - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\shaher\Application Data\Mozilla\Firefox\Profiles\5uzbq222.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-20 16:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(2596)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\TechSmith\SnagIt 9\TscHelp.exe
c:\program files\TechSmith\SnagIt 9\SnagPriv.exe
c:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
.
**************************************************************************
.
Completion time: 2009-07-20 16:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-20 13:09

Pre-Run: 64,737,898,496 bytes free
Post-Run: 66,339,246,080 bytes free

231

sayyaf · 20 يوليو 2009

تقرير Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:13:15 م, on 20/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AFAQ Wireless\AFAQ Wireless.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\shaher\سطح المكتب\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\AFAQ Wireless\AFAQ Wireless.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: أضافة إلى مانع الأعلانات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7D8DE2F-39C1-4A2C-813F-DD73F3259371}: NameServer = 84.235.7.58 84.235.6.58
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7118 bytes

sayyaf · 20 يوليو 2009

للرفع

كيف أحذف فايروسات التورجان ؟

sayyaf

زيزوومى متألق

البارون

زيزوومى فضى

توقيع : البارون

sayyaf

زيزوومى متألق

البارون

زيزوومى فضى

توقيع : البارون

sayyaf

زيزوومى متألق

sayyaf

زيزوومى متألق

البارون

زيزوومى فضى

توقيع : البارون

sayyaf

زيزوومى متألق

sayyaf

زيزوومى متألق

sayyaf

زيزوومى متألق

sayyaf

زيزوومى متألق

NTLite Business 2025.8.10552 X64