من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
السلام عليكم
انا كنت شغال و مره واحده الفيروسات دخلت على الجهاز و دمرت الدنيا
انا شغال بالكسبر و بعمل تحديثات بصفه مستمره
بس شكل الكاسبر ده اى كلام و انا حرجع لل bitdefender من تانى
المهم اطلعهم الاول
ده تقرير الهاى جاك
وده الى مطلعه الكاسبر
انا كنت شغال و مره واحده الفيروسات دخلت على الجهاز و دمرت الدنيا
انا شغال بالكسبر و بعمل تحديثات بصفه مستمره
بس شكل الكاسبر ده اى كلام و انا حرجع لل bitdefender من تانى
المهم اطلعهم الاول
ده تقرير الهاى جاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:12:04 م, on 02/05/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\khawarzmi\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EEAFEE9-80FB-4E4F-BCA2-3202423E15B1}: NameServer = 163.121.128.134,212.103.160.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4CEE90-2755-40E6-AD8F-A9188459B262}: NameServer = 163.121.128.134,212.103.160.18
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 4440 bytes
وده الى مطلعه الكاسبر
حد يلحقنى ارجوكمdeleted: Trojan program Exploit.JS.RealPlr.el File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\0TI1I12J\6[1].gif
deleted: Trojan program Trojan-Downloader.JS.Small.js File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\0TI1I12J\ads[1].js
deleted: Trojan program Trojan-Downloader.JS.Small.js File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\8XUV49ER\ads[1].js
deleted: Trojan program Trojan-Downloader.JS.Small.js File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\ADI3498F\ads[1].js
deleted: Trojan program Trojan-Downloader.JS.Small.js File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\C9234TUV\ads[2].js
deleted: Trojan program Trojan-Downloader.JS.Small.js File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\K92ZC5IZ\ads[1].js
deleted: Trojan program Trojan-Downloader.JS.Small.js File: C:\Documents and Settings\khawarzmi\My Documents\database_files\ads.js
deleted: Trojan program Trojan-Downloader.Win32.Agent.dwj File: I:\Recycle.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.erl File: C:\WINDOWS\linkinfo.dll
deleted: Trojan program Trojan-Downloader.Win32.AutoIt.q File: I:\mentor (second time)\mentor (second time).exe
deleted: Trojan program Trojan-Downloader.Win32.AutoIt.q File: I:\New Folder.exe
deleted: Trojan program Trojan-Downloader.Win32.AutoIt.q File: I:\SCVHSOT.exe
deleted: Trojan program Trojan-Downloader.Win32.Small.gkm File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\0TI1I12J\rm[1].exe
deleted: Trojan program Trojan-Dropper.Win32.KGen.do File: C:\Program Files\eMule\Incoming\Mentor Graphics Precision Synthesis v2005c Update2.W4All.Ci[Ri]-fff.zip/keygen.exe
deleted: Trojan program Trojan-Spy.Win32.FtpSend.b File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\8XUV49ER\dat[1].asp
deleted: Trojan program Trojan-Spy.Win32.FtpSend.b File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\C9234TUV\dat[1].asp
deleted: virus Virus.Win32.Alman.b File: E:\micro\VLSI\Xilinx 7.1 Webpack\webpack_71_fcfull_i.exe
deleted: virus Worm.Win32.AutoRun.cyq File: I:\v.cmd
detected: riskware Hidden data sending Running process: C:\Documents and Settings\khawarzmi\Local Settings\Temp\dfq\update_key.exe
detected: riskware Hidden data sending Running process: C:\Program Files\Windows Media Player\wmplayer.exe
detected: riskware Hidden data sending Running process: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
detected: riskware Hidden install Running process: C:\Program Files\Yahoo!\Messenger\yupdater.exe
detected: riskware Invader Running process: C:\Documents and Settings\khawarzmi\Local Settings\Temp\{16C83D01-415C-41CF-B580-0781C6BAFD85}\setup.exe
detected: riskware Invader Running process: C:\Documents and Settings\khawarzmi\Local Settings\Temp\{4FC00FE2-17EA-4267-8A49-48C6404F6973}\setup.exe
detected: riskware Invader Running process: C:\Documents and Settings\khawarzmi\Local Settings\Temp\{F06876F8-5184-4CC9-A561-C9C8CE1734E2}\setup.exe
detected: Trojan program Exploit.JS.RealPlr.el Script:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي[2]
detected: Trojan program Exploit.JS.RealPlr.el Script:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي[2]
detected: Trojan program Exploit.JS.RealPlr.el Script:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي[2]
detected: Trojan program Exploit.JS.RealPlr.el URL:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
detected: Trojan program Exploit.Win32.IMG-ANI.ac URL:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
detected: Trojan program Trojan-Downloader.JS.Small.en Script:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي[3]
detected: Trojan program Trojan-Downloader.JS.Small.en Script:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي[3]
detected: Trojan program Trojan-Downloader.JS.Small.en Script:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي[3]
deleted: Trojan program Trojan-Downloader.JS.Small.js File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\C9234TUV\ads[1].js
not found: Trojan program Trojan-Downloader.JS.Small.js File: C:\Documents and Settings\khawarzmi\Local Settings\Temporary Internet Files\.IE5\C9234TUV\ads[1].js
detected: Trojan program Trojan-Downloader.JS.Small.js URL:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
detected: Trojan program Trojan-Downloader.VBS.Psyme.mc URL:يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
disinfected: virus Virus.Win32.Alman.b File: D:\G\ÚÑÈì\kanz.exe
disinfected: virus Virus.Win32.Alman.b File: D:\G\ÚÑÈì\kanzalmalomat.exe
disinfected: virus Virus.Win32.Alman.b File: D:\games\feeding frenzy 2\feedingfrenzytwo.exe
disinfected: virus Virus.Win32.Alman.b File: D:\games\feeding frenzy 2\unwise.exe
disinfected: virus Virus.Win32.Alman.b File: D:\games\FeedingFrenzy\feedingfrenzy.exe
disinfected: virus Virus.Win32.Alman.b File: D:\games\MARIO\rocknesx.exe
disinfected: virus Virus.Win32.Alman.b File: D:\games\Zuma Beta\zuma.exe
disinfected: virus Virus.Win32.Alman.b File: D:\torrent Downloads\Alco.120.1.9.7.6002.ink.key._www.softarchive.net\keymaker.exe
disinfected: virus Virus.Win32.Alman.b File: D:\torrent Downloads\Foxit PDF Tools\Foxit PDF Page Organizer 2.9\patch.exe
disinfected: virus Virus.Win32.Alman.b File: D:\torrent Downloads\Google Earth Pro Crack\Google Earth Pro v4.0.2722 NoLimit regfile by CW2K\googleearth_4.2_nolimit.exe
disinfected: virus Virus.Win32.Alman.b File: D:\torrent Downloads\Google Earth Pro Crack\Optional files (or maybe not, read readme.txt first!!)\Crack\patch.exe
disinfected: virus Virus.Win32.Alman.b File: D:\torrent Downloads\PDF2Word v3.0 Complete\pdf2word v3.0 crack.exe
disinfected: virus Virus.Win32.Alman.b File: E:\handsa+programing\myprog\C\INVERTOR\Debug\inverter.exe
disinfected: virus Virus.Win32.Alman.b File: E:\handsa+programing\myprog\Calc\project1.exe
disinfected: virus Virus.Win32.Alman.b File: E:\iso\office2007\msoe2007kg.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\Eagle\eagle 4.16\eagle-win-eng-4.16r2.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\icprogG\icprog.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\PIC\WINPICPR\winpicsetup.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\resistors.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\VLSI\CD\programs\AIMSP32\aimsp32.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\VLSI\L_edit+Tutorials\Tanner Ledit 8.3andT-SPICE6.02\tanner83\_isdel.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\VLSI\L_edit+Tutorials\Tanner Ledit 8.3andT-SPICE6.02\tanner83\setup.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\VLSI\ModelSim 6.3c\mxe_3_6.3c\mxesetup.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\VLSI\ModelSim 6.3c\mxe_3_6.3c\setup.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\VLSI\ModelSim.SE.v6.2c incl Keygen\keygen.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\VLSI\Uyemura (VLSI) (book cd)\aimsp32.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\VLSI\Uyemura (VLSI) (book cd)\MicroCap6\_isdel.exe
disinfected: virus Virus.Win32.Alman.b File: E:\micro\VLSI\Uyemura (VLSI) (book cd)\MicroCap6\setup.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\Emergency\general_removal.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\Emergency\Repair Hard\disk manager segate\dmgr956a.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\graphics\ACDSee v8.0.39 + KeyGen\keygen.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\graphics\CV\cv.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\graphics\Photoshop 7.0 Me(moon15.com)\Photoshop 7.0 ME\_isdel.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\graphics\Photoshop 7.0 Me(moon15.com)\Photoshop 7.0 ME\setup.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\graphics\Photoshop 7.0 Me(moon15.com)\plugin.galaxy.v1.5.for.adobe.photoshop.win.retail\pg15fullwin.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\net\BEAR share\install that\bearshare.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\net\BT Engine + Crack\btengine.crack.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\net\ÊÔÛíá 2 íÇåæ Çæ ÇßËÑ ãÚ ÈÚÖ æÇã ÇÓ Çä æÇáÌì ãíá\multiid.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\Recover4all Pro 2.19\recover4all-professional.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\Recover4all.Professional.v2.32\pro.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\S-Spline 2.04\setup.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\siw.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\total copy\tcopy.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\total copy\total copy\tc11.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\TuneUp Utilities 2007 6.0.2200.0\keygen.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\vedio\vedio codecs\QuickTime Player 6\quicktime 6 pro keygen (1).exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\vedio\vkaraoke íáÛì ÕæÊ ÇáãØÑÈ.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\virtual cd\NERO6303\keygen.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\ÇÚÑÝ æÒäß\ÃÚÑÝ æÒäß.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\ÇáßÔÝ Úáì ÇáßãÈíæÊÑ\testcpu.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\ÛíÑ ßáãÉ ÓÊÇÑÊ\startbtn.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\ãÚÑÝÉ ÍÇáÉ ÇáåÇÑÏ\stats99.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\ãÚÑÝÉ ÍÇáÉ ÇáåÇÑÏ\unwise.exe
disinfected: virus Virus.Win32.Alman.b File: E:\Source\ãæÇÞíÊ ÇáÚÇáã.exe
disinfected: virus Virus.Win32.Alman.b File: F:\habrok\2GB\serial_IO\LpT port on win xp\porttalk22\uninstall.exe
disinfected: virus Virus.Win32.Alman.b File: F:\habrok\ãÚÑÝÉ ÇáÚãÑ\helmy.exe
disinfected: virus Virus.Win32.Alman.b File: F:\islamic\is\collection\ÝáÇÔÇÊ\25dua's.exe
disinfected: virus Virus.Win32.Alman.b File: F:\islamic\is\collection\ÝáÇÔÇÊ\ÍÓÇÈ ÒßÇÉ ÇáÃãæÇá.exe
disinfected: virus Virus.Win32.Alman.b File: F:\ÇÚÔÇÈ.exe
not found: virus P2P-Worm.Win32.Polip.a File: \\10.0.0.198\ãÍæá ÕæÊíÇÊ RealPlayer æ Media Player on Abdila\Setup.exe
will be deleted when the computer is restarted: Trojan program Trojan-Downloader.Win32.Agent.erl File: C:\WINDOWS\linkinfo.dll
