[ تم حل المشكله ] حصان طراودة اخترق جهازي

ام جهاد · 17 ديسمبر 2009

السلام عليكم ورحمة الله وبركاته

انا جهازي نت بوك ودخل عليه فايروس حصان طراوده
وهذا تقرير الهايجاك
ومشكورين

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:28:33 ص, on 17/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\Wscript.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\fofo\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9779 bytes

ام جهاد · 17 ديسمبر 2009

totei · 17 ديسمبر 2009

O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe

O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\fofo\LOCALS~1\Temp\herss.exe

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وبلغنا اخر النتائج

ام جهاد · 17 ديسمبر 2009

هذا تقرير هايجاك للجهاز بعد تنظيفه

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:53:50 م, on 17/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\fofo\Application Data\zyzcleaner\run.exe
C:\Documents and Settings\fofo\Application Data\zyzcleaner\run.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AIM BIRD NOUN FAST] C:\Documents and Settings\All Users\Application Data\sign cake aim bird\2 Wait.exe
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\winxp.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [meowoption] C:\DOCUME~1\fofo\APPLIC~1\STOPDR~1\16 build less.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10089 bytes

عزيووو · 17 ديسمبر 2009

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

ام جهاد · 17 ديسمبر 2009

حملت الاداة وعمل فحص ولا اعاد التشغيل
وانتهى من الفحص وما جاني تقرير

والحين الجهاز صار ثقيل

عزيووو · 17 ديسمبر 2009

روحي لجهاز الكمبيوتر - الـ C - بتحصلين مفكره باسم combofix.txt
انسخي اللي فيها والصقيه في ردك القادم

ام جهاد · 17 ديسمبر 2009

معليش اخوي
بس مالقيت المفكرة

البارون · 17 ديسمبر 2009

حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

وبعد انتهاء الفحص اعمل التالي

انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

ام جهاد · 17 ديسمبر 2009

Malwarebytes' Anti-Malware 1.42
نسخة قاعدة البيانات: 3380
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17/12/2009 09:47:32 م
mbam-log-2009-12-17 (21-47-32).txt
نوع البحث: بحث شامل (C:\|)
تم فحص: 162363
الوقت المنقضى: 36 minute(s), 33 second(s)
عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 8
قيم التسجيل المصابة: 2
بيانات التسجيل المصابة: 1
مجلدات مصابة: 1
ملفات مصابة: 4
عمليات الذاكرة المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
وحدات الذاكرة المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
مفاتيح التسجيل المصابة:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwwinxp.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
قيم التسجيل المصابة:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regdiit (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
بيانات التسجيل المصابة:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
مجلدات مصابة:
C:\Program Files\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
ملفات مصابة:
C:\WINDOWS\system32\winxp.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Program Files\Bifrost\server.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\winfile.jpg (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winjpg.jpg (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.

البارون · 17 ديسمبر 2009

تقرير هايجاك جديد مو حصان الا مزرعة تروجنات جهازك

ام جهاد · 17 ديسمبر 2009

هههههههههه
هذا وانا توني شاريه الجهاز
يعني بعد شهر بصير اتاجر في الاحصنه

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:44 م, on 17/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AIM BIRD NOUN FAST] C:\Documents and Settings\All Users\Application Data\sign cake aim bird\2 Wait.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [meowoption] C:\DOCUME~1\fofo\APPLIC~1\STOPDR~1\16 build less.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9430 bytes

البارون · 17 ديسمبر 2009

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

ام جهاد · 17 ديسمبر 2009

ComboFix 09-12-16.05 - fofo 12/17/2009 23:45:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.1014.604 [GMT 3:00]
Running from: c:\documents and settings\fofo\Desktop\KittyFix.exe
AV: avast! antivirus 4.8.1169 [VPS 080418-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\artools.dll
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.
2009-12-17 20:24 . 2009-12-17 20:24 -------- d-----w- C:\KittyFix
2009-12-17 19:48 . 2009-12-17 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-17 18:07 . 2009-12-17 18:07 -------- d-----w- c:\documents and settings\fofo\Application Data\Malwarebytes
2009-12-17 18:07 . 2009-12-03 13:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 18:07 . 2009-12-17 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-17 18:07 . 2009-12-03 13:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 18:06 . 2009-12-17 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 15:00 . 2009-12-17 15:00 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-12-17 15:00 . 2009-12-17 15:00 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-12-17 15:00 . 2009-12-17 15:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-12-17 14:49 . 2009-12-17 14:49 -------- d-----w- c:\documents and settings\fofo\Local Settings\Application Data\Threat Expert
2009-12-17 14:34 . 2009-12-17 17:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-17 02:06 . 2009-12-17 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-12-17 02:05 . 2009-12-17 02:05 266240 ----a-w- c:\documents and settings\fofo\Application Data\stopdrivebin\TestDumbSupport.exe
2009-12-17 02:04 . 2009-12-17 02:04 299008 ----a-w- c:\documents and settings\fofo\Application Data\stopdrivebin\GlueBitsRemoteCity.exe
2009-12-17 02:04 . 2009-12-17 20:39 737280 ----a-w- c:\documents and settings\All Users\Application Data\sign cake aim bird\2 Wait.exe
2009-12-17 02:04 . 2009-12-17 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\sign cake aim bird
2009-12-17 02:04 . 2009-12-17 02:04 737280 ----a-w- c:\documents and settings\fofo\Application Data\stopdrivebin\obwdxkqx.exe
2009-12-17 02:04 . 2009-12-17 02:05 -------- d-----w- c:\documents and settings\fofo\Application Data\stopdrivebin
2009-12-17 02:04 . 2009-12-17 02:04 -------- d-----w- c:\program files\stopdrivebin
2009-12-17 02:04 . 2009-12-17 02:04 529408 ----a-w- c:\documents and settings\fofo\Application Data\stopdrivebin\16 build less.exe
2009-12-17 02:03 . 2009-12-17 02:03 -------- d-----w- c:\program files\Crcle Developement
2009-12-17 02:03 . 2009-12-17 02:03 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-17 01:28 . 2009-12-17 01:28 -------- d-----w- c:\program files\Trend Micro
2009-12-17 01:14 . 2009-12-17 01:14 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-17 01:14 . 2002-10-02 06:57 13532 ----a-w- c:\windows\system32\drivers\SjyPkt.sys
2009-12-17 01:14 . 2009-12-17 01:14 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility
2009-12-17 01:14 . 2009-12-17 01:14 -------- d-----w- c:\windows\OPTIONS
2009-12-17 00:50 . 2007-01-11 10:20 194304 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2009-12-06 15:39 . 2009-12-06 15:41 -------- d-----w- c:\documents and settings\fofo\Application Data\Mathematica
2009-12-06 15:39 . 2009-12-06 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Mathematica
2009-12-06 15:39 . 2009-12-06 15:39 -------- d-----w- c:\documents and settings\fofo\Local Settings\Application Data\Mathematica
2009-12-06 15:39 . 2009-12-06 15:39 -------- d-----w- c:\program files\Wolfram Research
2009-12-06 07:39 . 2009-12-06 07:39 -------- d-----w- c:\documents and settings\fofo\Application Data\Creative
2009-12-06 06:57 . 2009-12-06 06:57 -------- d-----w- c:\documents and settings\fofo\Application Data\Media Player Classic
2009-12-05 22:05 . 2009-12-05 22:05 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-05 22:05 . 2009-12-05 22:05 -------- d-----w- c:\program files\Real
2009-12-05 22:05 . 2009-12-05 22:05 -------- d-----w- c:\program files\Common Files\Real
2009-12-05 22:00 . 2009-12-05 22:01 -------- d-----w- c:\documents and settings\fofo\Local Settings\Application Data\ACD Systems
2009-12-05 22:00 . 2009-12-05 22:00 -------- d-----w- c:\documents and settings\fofo\Application Data\ACD Systems
2009-12-05 21:58 . 2009-12-05 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-12-05 21:58 . 2009-12-05 21:59 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-12-05 21:58 . 2009-12-05 21:58 -------- d-----w- c:\program files\ACD Systems
2009-12-05 21:50 . 2009-12-05 21:50 -------- d-----w- c:\program files\Microsoft.NET
2009-12-05 21:45 . 2009-12-05 21:45 -------- d-----r- C:\MSOCache
2009-12-05 21:41 . 2008-03-29 18:29 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-05 21:41 . 2008-03-29 18:27 42912 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-05 21:41 . 2008-03-29 18:26 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-05 21:41 . 2008-03-29 18:23 95608 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-05 21:41 . 2008-03-29 18:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-05 21:41 . 2008-03-29 18:31 75856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-05 21:41 . 2008-03-29 18:35 94544 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-05 21:41 . 2008-01-17 16:34 93264 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-05 21:41 . 2009-12-05 22:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-05 21:41 . 2009-12-05 22:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-05 21:41 . 2008-03-29 18:45 1146232 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-05 21:41 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-05 21:40 . 2009-12-05 21:40 -------- d-----w- c:\program files\Alwil Software
2009-12-05 21:22 . 2006-10-06 16:26 409 ----a-w- c:\windows\muiara.reg
2009-12-05 21:22 . 2006-10-06 15:15 -------- d-----w- c:\windows\system32\wbem\MUI
2009-12-05 21:22 . 2001-08-23 03:59 57344 ----a-w- c:\windows\system32\WMErrAra.dll
2009-12-05 21:04 . 2009-08-06 16:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-05 21:04 . 2009-08-06 16:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-04 21:55 . 2009-12-04 21:55 -------- d-----w- c:\documents and settings\fofo\Application Data\Windows Search
2009-12-04 12:17 . 2009-12-17 20:39 -------- d-----w- c:\documents and settings\fofo\Tracing
2009-12-04 12:16 . 2009-08-05 19:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-12-04 12:16 . 2009-12-04 12:16 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-04 12:15 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-04 12:15 . 2009-12-04 12:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-04 12:13 . 2009-12-04 12:13 -------- d-----w- c:\program files\Microsoft
2009-12-04 12:13 . 2009-12-04 12:13 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-04 12:12 . 2009-12-04 12:16 -------- d-----w- c:\program files\Windows Live
2009-12-04 12:02 . 2009-12-04 12:02 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-04 12:02 . 2009-12-17 02:03 107808 ----a-w- c:\documents and settings\fofo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 11:59 . 2009-12-04 11:59 -------- d-sh--w- c:\documents and settings\fofo\IECompatCache
2009-12-04 11:58 . 2009-12-04 11:58 -------- d-sh--w- c:\documents and settings\fofo\PrivacIE
2009-12-03 19:55 . 2009-12-03 19:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-03 19:55 . 2009-12-03 19:55 -------- d-sh--w- c:\documents and settings\fofo\IETldCache
2009-12-03 19:38 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-03 19:37 . 2009-12-05 22:13 -------- d-----w- c:\windows\ie8updates
2009-12-03 19:37 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-03 19:37 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-03 19:37 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-03 19:37 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-03 19:37 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-03 19:37 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-03 19:35 . 2009-12-03 19:37 -------- dc-h--w- c:\windows\ie8
2009-12-03 18:27 . 2009-12-03 18:27 -------- d-----w- c:\windows\system32\LogFiles
2009-12-03 18:20 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-03 18:15 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-03 18:15 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-03 18:15 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-03 18:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 17:58 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-03 17:35 . 2009-12-03 17:35 152576 ----a-w- c:\documents and settings\fofo\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 17:32 . 2009-12-03 17:34 79488 ----a-w- c:\documents and settings\fofo\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-03 17:26 . 2009-12-03 17:26 -------- d-----w- c:\documents and settings\fofo\Local Settings\Application Data\SupportSoft
2009-12-03 17:16 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-03 17:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-03 17:16 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-03 17:16 . 2009-12-03 17:16 -------- d-----w- C:\a24b0351ebc73e935ed297
2009-12-03 17:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-03 16:36 . 2009-08-06 16:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-03 16:35 . 2009-12-03 16:35 -------- d-sh--w- c:\documents and settings\fofo\UserData
2009-12-03 16:28 . 2009-12-03 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-12-03 16:09 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 13:51 . 2009-12-17 13:50 -------- d-----w- c:\documents and settings\fofo\Application Data\zyzcleaner
2009-12-17 01:14 . 2009-10-12 07:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 01:14 . 2009-10-12 07:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-08 06:36 . 2009-10-12 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-05 22:13 . 2009-10-12 07:54 -------- d-----w- c:\program files\Microsoft Works
2009-12-05 21:51 . 2008-04-26 01:58 -------- d-----w- c:\program files\MSBuild
2009-12-05 21:47 . 2009-12-05 21:47 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-05 21:47 . 2009-12-05 21:46 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-05 21:10 . 2009-10-12 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-03 17:37 . 2009-10-12 07:44 -------- d-----w- c:\program files\Java
2009-10-12 10:16 . 2009-10-12 10:16 77824 ----a-w- c:\windows\setpwr32.exe
2009-10-12 07:56 . 2009-10-12 07:56 75 --sh--r- c:\windows\CT4CET.bin
2009-10-12 07:31 . 2008-04-26 01:45 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-11 01:17 . 2009-10-12 07:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"meowoption"="c:\docume~1\fofo\APPLIC~1\STOPDR~1\16 build less.exe" [2009-12-17 529408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"WSED"="c:\program files\WSED\WSED.exe" [2009-03-31 251176]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-05 198160]
"AIM BIRD NOUN FAST"="c:\documents and settings\All Users\Application Data\sign cake aim bird\2 Wait.exe" [2009-12-17 737280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-29 604776]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2009-12-17 737280]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-10-12 07:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\fofo\\Desktop\\Mathematica.exe"=
"c:\\Documents and Settings\\fofo\\Desktop\\MathKernel.exe"=
"c:\\Documents and Settings\\fofo\\Desktop\\math.exe"=
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [12/10/2009 10:47 ص 14248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/12/2009 12:41 ص 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/12/2009 12:41 ص 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [04/12/2009 03:16 م 54752]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/10/2009 10:55 ص 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [12/10/2009 01:16 م 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [12/10/2009 01:16 م 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [12/10/2009 01:16 م 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [12/10/2009 01:15 م 162816]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [17/12/2009 03:50 ص 194304]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [17/12/2009 04:14 ص 13532]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/10/2009 01:15 م 1684736]
S3 fsssvc;خدمة أمان العائلة في Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 م 704864]
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=sa&l=ar&s=gen
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-12-17 23:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(900)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2009-12-17 23:52:57
ComboFix-quarantined-files.txt 2009-12-17 20:52
Pre-Run: 148,564,680,704 bytes free
Post-Run: 148,556,865,536 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3D0CE9E30F9240193D17049645DA0C2F

البارون · 17 ديسمبر 2009

ممتاز تقرير هايجاك جديد الان

ام جهاد · 18 ديسمبر 2009

وهذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:34 ص, on 18/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AIM BIRD NOUN FAST] C:\Documents and Settings\All Users\Application Data\sign cake aim bird\2 Wait.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [meowoption] C:\DOCUME~1\fofo\APPLIC~1\STOPDR~1\16 build less.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8899 bytes

البارون · 18 ديسمبر 2009

حمل الاداة التالية واتبع الشرح لعمل تقرير ورفعه

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

اعمل كما الصورة لبدء الفحص

ثم اعمل التالي لحفظ ملف التقرير

بعد حفظه قم بضغط الملف >>>

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وارفع الملف هنا

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

ام جهاد · 18 ديسمبر 2009

معليش بس انا ضغط الملف
ودخلت الرابط وعملت upload للملف
بس ايش اسوي بعد كدا
لاني اول مرة اسوي رفع لملف

ام جهاد · 18 ديسمبر 2009

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

ام جهاد · 18 ديسمبر 2009

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم​

زيزوومي جديد

زيزوومي جديد

زيزوومى فعال

زيزوومي جديد

زيزوومى مبدع

زيزوومي جديد

زيزوومى مبدع

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومي جديد

زيزوومي جديد

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم