ãäÊÏíÇÊ ÇáãÌÇæÔí

ãäÊÏíÇÊ ÇáãÌÇæÔí (http://www.vb.mjawshy.net/index.php)
-   Arabic Rss (http://www.vb.mjawshy.net/forumdisplay.php?f=41)
-   -   ÌåÇÒì íÚíÏ ÇáÊÔÛíá ÊáÞÇÆíÇ - ÇáÊÞÑíÑ ãæÌæÏ - (http://www.vb.mjawshy.net/showthread.php?t=84428)

RSS 10-01-2010 12:24 PM
ÌåÇÒì íÚíÏ ÇáÊÔÛíá ÊáÞÇÆíÇ - ÇáÊÞÑíÑ ãæÌæÏ -
 
ÇáÓáÇã Úáíßã æÑÍãÉ Çááå æÈÑßÇÊå

ãäÐ ÝÊÑÉ ÞÕíÑÉ ÇÚÇÏ ÌåÇÒì ÇáÊÔÛíá ãä Ïæä ÊÏÎá ãäì æÇáíæã ÇÚÇÏ äÝÓ ÇáÚãáíÉ

ÑÛã Çäì æÇÖÚ ÇáÍãÇíÉ ÇáßÇãáÉ Çä ÔÇÁ Çááå

æÇÔß ÇÍíÇäÇ Ýì ÇáåÇÑÏæíÑ ÚáãÇ ÇäÇ ÌåÇÒì ÌÏíÏ æããßä ãä ÇÍÏ ÇáÎÈÑÇÁ Çä íæÖÍáì ßíÝ ÇÊÃßÏ ãä

ÓáÇãÉ ÇáåÇÑÏæíÑ ÇÐÇ áã Êßä ÇáãÔßáÉ Ýì ÇÎÊÑÇÞ Çæ ãÇÔÇÈå

ÊÞÑíÑ ÇáåÇíÌß

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:33 AM, on 01/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\KeyScrambler\keyscrambler.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7391CCD2-11C6-4541-A01E-CAB695E3EB55}: NameServer = 41.221.20.4 66.28.0.61
O17 - HKLM\System\CS2\Services\Tcpip\..\{052D190C-9F17-43E4-AD91-25E21AD6610D}: NameServer = 93.182.182.85 93.182.182.85
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGR A~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7553 bytes


ÊÞÑíÑ ÈÊÏÝÇäÏÑ


QuickScan Beta 32-bit v0.9.9.41
-------------------------------
Scan date: Fri Oct 01 09:52:46 2010
Machine ID: ECB8F047



No infection found.
-------------------



Processes
---------
DynDNS® Updater 952 C:\Program Files\DynDNS Updater\DynUpSvc.exe
Firefox 2832 C:\Program Files\Mozilla Firefox\firefox.exe
IEMonitor Application 1060 C:\Program Files\Internet Download Manager\IEMonitor.exe
Intel(R) Common User Interface 3836 C:\WINDOWS\system32\igfxsrvc.exe
Internet Download Manager (IDM) 1316 C:\Program Files\Internet Download Manager\IDMan.exe
Java(TM) Platform SE 6 U13 1504 C:\Program Files\Java\jre6\bin\jqs.exe
Kaspersky Anti-Virus 724 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Kaspersky Anti-Virus 1212 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Kaspersky Anti-Virus 3052 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
KeyScrambler 1232 C:\Program Files\KeyScrambler\KeyScrambler.exe
Microsoft® Windows® Operating System 3008 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 1404 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 1288 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 1500 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 832 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 244 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 460 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1692 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1840 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1908 C:\WINDOWS\system32\svchost.exe
NVIDIA Driver Helper Service, Version 1 1948 C:\WINDOWS\system32\nvsvc32.exe
Sandboxie 1880 C:\Program Files\Sandboxie\SbieSvc.exe
Système d'exploitation Microsoft® Windo 1072 C:\WINDOWS\explorer.exe
Système d'exploitation Microsoft® Windo 1480 C:\WINDOWS\system32\services.exe
Système d'exploitation Microsoft® Windo 1348 C:\WINDOWS\system32\smss.exe
Système d'exploitation Microsoft® Windo 2360 C:\WINDOWS\system32\wbem\wmiapsrv.exe
Système d'exploitation Microsoft® Windo 1428 C:\WINDOWS\system32\winlogon.exe
TuneUp Utilities 2304 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
TuneUp Utilities 124 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe


Network activity
----------------
Process avp.exe (724) connected on port 80 (HTTP) --> 88.221.69.115
Process avp.exe (724) connected on port 80 (HTTP) --> 209.85.227.138
Process avp.exe (724) connected on port 80 (HTTP) --> 173.192.230.28
Process avp.exe (724) connected on port 80 (HTTP) --> 173.192.230.28
Process avp.exe (724) connected on port 80 (HTTP) --> 173.192.230.28
Process avp.exe (724) connected on port 80 (HTTP) --> 209.85.227.138

Process avp.exe (724) listens on ports: 1110, 19780


Autoruns and critical files
---------------------------
Intel(R) Common User Interface C:\WINDOWS\system32\igfxdev.dll
Internet Download Manager (IDM) C:\Program Files\Internet Download Manager\IDMan.exe
Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Kaspersky Anti-Virus c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll
Kaspersky Anti-Virus c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll
Kaspersky Anti-Virus C:\WINDOWS\system32\klogon.dll
KeyScrambler C:\Program Files\KeyScrambler\KeyScrambler.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\dumprep.exe
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\browseui.dll
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\crypt32.dll
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\cscdll.dll
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\logonui.exe
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\sclgntfy.dll
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\shell32.dll
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\stobject.dll
Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\webcheck.dll
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\wlnotify.dll


Browser plugins
---------------
BitDefender QuickScan C:\Documents and Settings\DAVID\Application Data\Mozilla\Firefox\Profiles\zmo2sctb.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Documents and Settings\DAVID\Application Data\Mozilla\Firefox\Profiles\zmo2sctb.default\ext ensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FFExternalAlert.dll C:\Documents and Settings\DAVID\Application Data\Mozilla\Firefox\Profiles\zmo2sctb.default\ext ensions\{1b53182f-27cf-4e9e-8efb-8d75d84a244a}\components\FFExternalAlert.dll
Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Foxit Reader Plugin for Mozilla C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
IE Tab Plug-in C:\Documents and Settings\DAVID\Application Data\Mozilla\Firefox\Profiles\zmo2sctb.default\ext ensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
Internet Download Manager Module c:\program files\internet download manager\idmiecc.dll
Java(TM) Platform SE 6 U13 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U13 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Java(TM) Platform SE 6 U13 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
RadioWMPCore.dll C:\Documents and Settings\DAVID\Application Data\Mozilla\Firefox\Profiles\zmo2sctb.default\ext ensions\{1b53182f-27cf-4e9e-8efb-8d75d84a244a}\components\RadioWMPCore.dll
RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\mswsock.dll
Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\shdocvw.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll


Missing files
-------------
File not found: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Paramet ers\"ServiceDll"


Scan
----


No file uploaded.

Scan finished - communication took 6 sec
Total traffic - 0.07 MB sent, 2.46 KB recvd
Scanned 1107 files and modules - 20 seconds

================================================== ============================













ÃßËÑ...


ÇáÓÇÚÉ ÇáÂä 05:49 AM

Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd. ãäÊÏíÇÊ ÈáÇß ÈíÑí mjawshy.net
ÇáãÌÇæÔí ááÊÞäíÉ ÇáãÊÞÏãÉ