05-29-2012
|
 |
ناقل الأخبار
|
|
تاريخ التسجيل: 11 - 2 - 10
المشاركات: 660,898
|
|
جهازي مليء بالفيروسات
السلام عليكم ورحمة الله وبركاته
جهازي مليء بالفيروسات
وتقيل جدا في الاقلاع
وحولت اسط نسخة ويندوز جديده
لكن لا يتم اقلاع النسخه من السي دي
press any key to bot from cd
اضغط اي مفتاح لكن بلا فائده
وهذا تقرير الهاي جاك
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:11:11 م, on 29/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program
Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application
Data\IBUpdaterService\ibsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Application
Data\IBUpdaterService\ibsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir
Desktop\AVWEBGRD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download
Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
Bing
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = Zoeken
SearchSource=10&ctid=CT3032526
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = Yahoo! Nederland
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
Bing
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
Bing
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page = Yahoo! Nederland
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = Lenovo - Laptops, notebook, tablets, netbooks, desktop accessories (Netherlands)
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Lenovo XP 7 Style
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-
17B458C2A3A8} - C:\Program Files\Internet Download
Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-
A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for
Internet Explorer - {3049C3E9-B461-4BC5-8870-
4C09146192CA} - C:\Documents and Settings\All
Users\Application
Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serr
ecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-
90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-
4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4
-8F7B-F1F7851A4497} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-
A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-
4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program
Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VistaDrive]
C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32
\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32
\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\program
files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet
Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32
advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32
advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32
advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'Default
user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32
advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User
'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE11
\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links with IDM
- C:\Program Files\Internet Download
Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM -
C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل باستخدام داون لود إكسبريس -
C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: Click to call with Skype - {898EA8C8-
E7FF-479B-8935-AEC46303B9E5} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype -
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
C:\Program Files\Skype\Toolbars\Internet
Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-
B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1
\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-
82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-
4E58-B298-07617B9B86A8} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} -
C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache
daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -
C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiARP Client Loader
(AntiARPClientLoader) - Unknown owner - C:\Program
Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Avira FireWall (AntiVirFirewallService) -
Avira Operations GmbH & Co. KG - C:\Program
Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) -
Avira Operations GmbH & Co. KG - C:\Program
Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) -
Avira Operations GmbH & Co. KG - C:\Program
Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) -
Avira Operations GmbH & Co. KG - C:\Program
Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) -
Avira Operations GmbH & Co. KG - C:\Program
Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Updater Service (IBUpdaterService) -
Unknown owner - C:\Documents and Settings\All
Users\Application Data\IBUpdaterService\ibsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) -
Sun Microsystems, Inc. - C:\Program Files\Java\jre6
\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service
(MozillaMaintenance) - Mozilla Foundation - C:\Program
Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 8638 bytes
الموضوع الأساسي: جهازي مليء بالفيروسات
المصدر: زيزوووم للأمن والحماية
أكثر...
|