|
|
|
#1
01-13-2011
|
||||
|
||||
لقد قاربت علي البكاء بسبب فيرس Malware.sality
السلام عليكم ورحمت الله وبركاته
المشكلة اني لا استطيع فتح ال Taskmanger و ملفات الرجيتري واثناء عمل اسكان ببرنامج Spydoctor اشكتشفت اصابت الجهاز بفيروس Malware.sality وبعض الفيروسات الاخري وجربت احذفهم ولكن بدون جدوي لدرجة اني خلاص سوف ابكي بسببه حتي الان انا مستطب 5 نسخ ويندوز في يومين و10 برامج انتي فيرس كاسبر ريموف وافاستا وافاستا ريموف ونود32 وسباي دوكتور والخ واخيرا AntiMalware ولكن جميعهم لايستطيعون حذف الفيرس ويكتشفونه ولكن لا يحذفونه معادا AntiMalware يحذف ولكن عند عمل اسكان مرة اخري للتاكد يكتشفهم مرة ثانية وهذا تقريره ************' Anti-Malware 1.50.1.1100 www.************.org Database version: 5512 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 13/01/2011 05:59:21 م mbam-log-2011-01-13 (17-59-17).txt Scan type: Quick scan Objects scanned: 121391 Time elapsed: 1 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_AMSINT32 (Virus.Sality) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\amsint32 (Virus.Sality) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: j:\Documents and Settings\Administrator\Local Settings\Temp\winbgxh.exe (Trojan.Pramro) -> No action taken. وده تقرير الهايجاك Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:04:44 م, on 13/01/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: J:\WINDOWS\System32\smss.exe J:\WINDOWS\system32\winlogon.exe J:\WINDOWS\system32\services.exe J:\WINDOWS\system32\lsass.exe J:\WINDOWS\system32\svchost.exe J:\WINDOWS\System32\svchost.exe J:\WINDOWS\system32\spoolsv.exe J:\WINDOWS\Explorer.EXE J:\Program Files\************' Anti-Malware\mbamservice.exe J:\WINDOWS\system32\svchost.exe J:\Program Files\Internet Explorer\IEXPLORE.EXE J:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hcci.exe J:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbgxh.exe J:\Documents and Settings\Administrator\Desktop\HiJackThis.exe O4 - HKLM\..\Run: [************' Anti-Malware (reboot)] "J:\Program Files\************' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "J:\WINDOWS\Srchasst" (User 'NETWORK SERVICE') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O23 - Service: MBAMService - ************ Corporation - J:\Program Files\************' Anti-Malware\mbamservice.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing) -- End of file - 1711 bytes وده تقرير رن سكنر Runscanner logfile http://www.runscanner.net * = signed file - = file not found General info ------------ Computer name : BATMAN-A9A3A8F7 Creation time : 13/01/2011 06:06:21 م Hosts 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 6.0.2900.2180 OS : Microsoft Windows XP OS Build : 2600 OS SP : Service Pack 2 RunScanner Version : 2.0.0.50 User Language : Arabic (Egypt) User rights : Administrator Windows folder : J:\WINDOWS Running processes ----------------- * J:\WINDOWS\System32\csrss.exe (Microsoft Corporation) * J:\WINDOWS\System32\svchost.exe (Microsoft Corporation) * J:\WINDOWS\System32\svchost.exe (Microsoft Corporation) * J:\WINDOWS\System32\svchost.exe (Microsoft Corporation) * J:\WINDOWS\System32\svchost.exe (Microsoft Corporation) * J:\WINDOWS\System32\svchost.exe (Microsoft Corporation) * J:\WINDOWS\System32\svchost.exe (Microsoft Corporation) J:\Documents and Settings\Administrator\Local Settings\Temp\hcci.exe J:\Documents and Settings\Administrator\Desktop\HiJackThis.exe (Trend Micro Inc.) J:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) * J:\WINDOWS\System32\lsass.exe (Microsoft Corporation) * J:\Program Files\************' Anti-Malware\mbamservice.exe (************ Corporation) * J:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) * J:\WINDOWS\System32\services.exe (Microsoft Corporation) * J:\WINDOWS\System32\spoolsv.exe (Microsoft Corporation) J:\Documents and Settings\Administrator\Local Settings\Temp\winbgxh.exe * J:\WINDOWS\Explorer.EXE (Microsoft Corporation) * J:\WINDOWS\System32\winlogon.exe (Microsoft Corporation) * J:\WINDOWS\System32\SMSS.EXE (Microsoft Corporation) * J:\WINDOWS\System32\Wbem\WMIPRVSE.EXE (Microsoft Corporation) C:\Zyzoom_Forum_Tools\ZYZOOM.EXE Unrated items ------------- 002 J:\Program Files\************' Anti-Malware\mbam.exe (************ Corporation) 010 J:\WINDOWS\System32\dmadmin.exe (Logical Disk Manager Administrative Service) 011 J:\WINDOWS\System32\drivers\qhcdbnbn.sys (gxbgu) 011 J:\Program Files\UltraISO\drivers\ISODrive.sys (ISO DVD/CD-ROM Device Driver) 011 J:\WINDOWS\system32\DRIVERS\secdrv.sys (Secdrv) 011 J:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver) 030 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {733AC4CB-F1A4-11d0-B951-00A0C90312E1} 035 J:\Program Files\Outlook Express\setup50.exe (Microsoft Corporation) {7790769C-0471-11d2-AF11-00C04FA35D02} 035 J:\Program Files\Outlook Express\setup50.exe (Microsoft Corporation) {44BBA840-CC51-11CF-AAFA-00AA00B6015C} 035 J:\WINDOWS\system32\regsvr32.exe (Microsoft Corporation) {2C7339CF-2B09-4501-B3F3-F3508C9228ED} 035 J:\WINDOWS\system32\regsvr32.exe (Microsoft Corporation) {89820200-ECBD-11cf-8B85-00AA005B4340} 045 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {0E5CBF21-D15F-11D0-8301-00AA005B4383} 050 J:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} 050 J:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {AEB6717E-7E19-11d0-97EE-00C04FD91972} 060 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {fbeb8a05-beee-4442-804e-409d6c4515e9} 060 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {7849596a-48ea-486e-8937-a2a3009f31a9} 061 J:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 061 J:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} 061 J:\WINDOWS\system32\ShellExt\TTFExtNT.dll (Microsoft Corporation) {afc638f0-e8a4-11ce-9ade-00aa00a42d2e} 061 J:\Program Files\Gyrus Solutions\XPHomeTools\XPhomePermsMgrExt.dll (Gyrus Solutions) {FFC99EA8-29FB-4B60-AB60-CFD2FE06DA32} 061 J:\Program Files\UltraISO\isoshell.dll (EZB Systems, Inc.) {AD392E40-428C-459F-961E-9B147782D099} 061 J:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} 061 J:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 062 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {0D2E74C4-3C34-11d2-A27E-00C04FC30871} 062 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {24F14F01-7B1C-11d1-838f-0000F80461CF} 062 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {24F14F02-7B1C-11d1-838f-0000F80461CF} 062 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {66742402-F9B9-11D1-A202-0000F81FEDEE} 064 J:\WINDOWS\system32\shell32.dll (Microsoft Corporation) 066 J:\WINDOWS\system32\logonui.exe (Microsoft Corporation) 100 Start Page HKCU : http://www.google.com.eg/ 160 DisableRegistryTools : 1 160 DisableTaskMgr : 1 171 J:\WINDOWS\RESOUR~1\Themes\Win7PDC\SS\Win7PDC.scr 173 J:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 173 J:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} 173 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936} 173 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46} 173 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Start Menu Pin 173 J:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu 173 J:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} 173 J:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 221 J:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 221 J:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} 221 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {09799AFB-AD67-11d1-ABCD-00C04FC30936} 221 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46} 221 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Start Menu Pin 221 J:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu 221 J:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} 221 J:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 223 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {7BA4C740-9E81-11CF-99D3-00AA004AE837} 225 J:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} 225 J:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} 225 J:\Program Files\UltraISO\isoshell.dll (EZB Systems, Inc.) {AD392E40-428C-459F-961E-9B147782D099} 225 J:\Program Files\UltraISO\isoshell.dll (EZB Systems, Inc.) {AD392E40-428C-459F-961E-9B147782D099} 225 J:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} 225 J:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} 225 J:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 225 J:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 227 J:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 227 J:\WINDOWS\system32\CopyToSendTo.dll {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} 227 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {A470F8CF-A1E8-4f65-8335-227475AA5C46} 227 J:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu 227 J:\Program Files\UltraISO\isoshell.dll (EZB Systems, Inc.) {AD392E40-428C-459F-961E-9B147782D099} 227 J:\Program Files\Unlocker\UnlockerCOM.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} 227 J:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 229 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) {D969A300-E7FF-11d0-A93B-00A0C90F2719} 231 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 231 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 231 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 231 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 251 J:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000} 251 J:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 253 J:\Program Files\Gyrus Solutions\XPHomeTools\XPhomePermsMgrExt.dll (Gyrus Solutions) {FFC99EA8-29FB-4B60-AB60-CFD2FE06DA32} 253 J:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 254 J:\WINDOWS\system32\shell32.dll (Microsoft Corporation) {217FC9C0-3AEA-1069-A2DB-08002B30309D} Missing files ------------- 010 hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00, 011 J:\WINDOWS\system32\drivers\Abiosdsk.sys 011 J:\WINDOWS\system32\drivers\abp480n5.sys 011 J:\WINDOWS\system32\drivers\adpu160m.sys 011 J:\WINDOWS\system32\drivers\Aha154x.sys 011 J:\WINDOWS\system32\drivers\aic78u2.sys 011 J:\WINDOWS\system32\drivers\aic78xx.sys 011 J:\WINDOWS\system32\drivers\AliIde.sys 011 J:\WINDOWS\system32\drivers\amsint.sys 011 J:\WINDOWS\system32\drivers\asc.sys 011 J:\WINDOWS\system32\drivers\asc3350p.sys 011 J:\WINDOWS\system32\drivers\asc3550.sys 011 J:\WINDOWS\system32\drivers\Atdisk.sys 011 J:\WINDOWS\system32\drivers\cd20xrnt.sys 011 J:\WINDOWS\system32\drivers\Changer.sys 011 J:\WINDOWS\system32\drivers\CmdIde.sys 011 J:\WINDOWS\system32\drivers\Cpqarray.sys 011 J:\WINDOWS\system32\drivers\dac2w2k.sys 011 J:\WINDOWS\system32\drivers\dac960nt.sys 011 J:\WINDOWS\system32\drivers\dpti2o.sys 011 J:\WINDOWS\system32\drivers\hpn.sys 011 J:\WINDOWS\system32\drivers\i2omgmt.sys 011 J:\WINDOWS\system32\drivers\i2omp.sys 011 J:\WINDOWS\system32\drivers\ini910u.sys 011 J:\WINDOWS\system32\drivers\IntelIde.sys 011 J:\WINDOWS\system32\drivers\lbrtfdc.sys 011 J:\WINDOWS\system32\drivers\mraid35x.sys 011 J:\WINDOWS\system32\drivers\PCIDump.sys 011 J:\WINDOWS\system32\drivers\PDCOMP.sys 011 J:\WINDOWS\system32\drivers\PDFRAME.sys 011 J:\WINDOWS\system32\drivers\PDRELI.sys 011 J:\WINDOWS\system32\drivers\PDRFRAME.sys 011 J:\WINDOWS\system32\drivers\perc2.sys 011 J:\WINDOWS\system32\drivers\perc2hib.sys 011 J:\WINDOWS\system32\drivers\ql1080.sys 011 J:\WINDOWS\system32\drivers\Ql10wnt.sys 011 J:\WINDOWS\system32\drivers\ql12160.sys 011 J:\WINDOWS\system32\drivers\ql1240.sys 011 J:\WINDOWS\system32\drivers\ql1280.sys 011 J:\WINDOWS\system32\drivers\Simbad.sys 011 J:\WINDOWS\system32\drivers\Sparrow.sys 011 J:\WINDOWS\system32\drivers\sym_hi.sys 011 J:\WINDOWS\system32\drivers\sym_u3.sys 011 J:\WINDOWS\system32\drivers\symc810.sys 011 J:\WINDOWS\system32\drivers\symc8xx.sys 011 J:\WINDOWS\system32\drivers\TosIde.sys 011 J:\WINDOWS\system32\drivers\ultra.sys 011 J:\WINDOWS\system32\drivers\ViaIde.sys 011 J:\WINDOWS\system32\drivers\WDICA.sys 011 hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,3 2,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53, 00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00 ,73,00,79,00,73,00,00,00 011 hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,3 2,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53, 00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00 ,73,00,79,00,73,00,00,00 061 deskpan.dll ملاحظة : انا واضع 2 هارد ديسك واحد 80 وده فاضي ولكن نسخة والويندوز عليه والتاني 230 ولكن بدون نسخة ويندوز ولكن به الالعاب والافلام والقران هل ده هياثر علي تحليل سيادتكم أكثر... |
| مواقع النشر (المفضلة) |
| الكلمات الدلالية (Tags) |
| لقد , البكاء , بسبب , Malware.sality , على , فيرس , قاربت |
|
|
المواضيع المتشابهه
|
||||
| الموضوع | كاتب الموضوع | المنتدى | مشاركات | آخر مشاركة |
| مقطع الضحــك حتى البكاء | RSS | Arabic Rss | 0 | 01-11-2011 04:26 PM |
| البكاء على جثتك هوا اقصى ما استطيع | RSS | Arabic Rss | 0 | 12-04-2010 03:30 AM |
| كيف اقضى على فيرس win32/Sality.NAR Virus | RSS | Arabic Rss | 0 | 06-10-2010 02:56 AM |
| .. اقسى اسباب البكاء .. | RSS | Arabic Rss | 0 | 04-17-2010 07:30 PM |
| البكاء يفيد في تحسن مزاج الإنسان | المجاوشي | المجاوشي للأخبار العامه والسياسية والرياضية | 0 | 12-27-2008 08:52 AM |
|
|
العرض المتطور
