مشكلة بالمتصفح

[saudi09]

السلام عليكم

كل ماحاولت ادخل على انترنت اكسبلورر تطلع لي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهذا تقرير للجهاز​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:11:45 م, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\algssl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\regscan.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\WhiteSmoke\WSEnrichment.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wze8cb\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.149.114.14:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhit.dll
O3 - Toolbar: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhit.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsServer] msfir80.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 5293 bytes​

 

[فارس الملاك]

عزيزي احذف هذه القيم


C:\WINDOWS\System32\regscan.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 62.149.114.14:8080

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhit.dll

O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe

O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe

O4 - HKCU\..\Run: [MsServer] msfir80.exe

وجهازك مليااان فيروسات ترى

وماعندك برامج حماية ولا جدار ناري وهذا اكبر خطا

طريقة الحذف

استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

(1)
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[فارس الملاك]

حمل هذه الاداة دبل كليك واختر apply

انتظر قليلاا ستظهر لك هذه الرسالة اضغط كنسل

تحميل الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

[/URL]

 

[saudi09]

جاري التنفيذ اخواني .. وعندي نفس المشكله بجهاز اخر

اول شي انتهي من الجهاز وارفق تقرير للجهاز الاخر ..

شكرا على الجهد اخواني

 

[فارس الملاك]

اوكي عزيزي

في انتظارك

ولا تنسى تنزل برنامج حماية وانا انصحك بالكاسبر​

 

[saudi09]

الف شكر ورحم الله والديكم

كل شي تمام التمام وهذا تقرير للبرنامج

ComboFix 08-06-20.4 - Administrator 06/28/2008 18:39:48.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.191 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\U.exe
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\ufdata2000.log
C:\WINDOWS\winhelp.ini
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 14:52 --------- d-----w C:\Program Files\One Click Privacy
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-30 14:22 --------- d-----w C:\Program Files\LtUcx
2008-05-24 16:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 10:04 --------- d-----w C:\Program Files\WhiteSmoke_IE
2008-05-06 10:04 --------- d-----w C:\Program Files\WhiteSmoke
2008-05-06 10:04 --------- d-----w C:\Program Files\Conduit
2008-05-06 10:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\WhiteSmoke
2008-04-27 15:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-23 04:16 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-23 04:16 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-23 04:16 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-23 04:16 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-23 04:16 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-23 04:16 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 15:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-31 15:13 16,384 ------w C:\Program Files\تعبئة استمارة الجوازات الموحدة
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{ebba2a2f-7b79-462a-a550-e500fe0dd556}]
12/19/2007 03:53 PM 1514520 --a------ C:\Program Files\WhiteSmoke_IE\tbWhit.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBBA2A2F-7B79-462A-A550-E500FE0DD556}"= C:\Program Files\WhiteSmoke_IE\tbWhit.dll [12/19/2007 03:53 PM 1514520]
[HKEY_CLASSES_ROOT\clsid\{ebba2a2f-7b79-462a-a550-e500fe0dd556}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:56 AM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"MsServer"="msfir80.exe" [03/15/2008 05:05 PM 49152 C:\WINDOWS\system32\msfir80.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [01/09/2004 02:54 AM 65536 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/06/2003 11:19 PM 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/06/2003 11:07 PM 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/26/2008 06:15 PM 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/27/2008 06:29 PM 185896]
"IMJPMIG8.2"="msime80.exe" [03/15/2008 05:05 PM 49152 C:\WINDOWS\system32\msime80.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [08/04/2004 10:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-02-17 09:11:01 69632]
MSI Wireless Utility.lnk - C:\Program Files\MSI\Common\RaUI.exe [2007-10-27 12:56:20 425984]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-11 23:34:40 10252288]
WhiteSmoke.lnk - C:\Program Files\WhiteSmoke\WSEnrichment.exe [2008-05-06 13:04:14 1340736]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"31268:TCP"= 31268:TCPORT_31268
"12066:TCP"= 12066:TCPORT_12066
"52743:TCP"= 52743:TCPORT_52743
"11723:TCP"= 11723:TCPORT_11723
"43426:TCP"= 43426:TCPORT_43426
"55621:TCP"= 55621:TCPORT_55621
"61543:TCP"= 61543:TCPORT_61543
"55824:TCP"= 55824:TCPORT_55824
"54767:TCP"= 54767:TCPORT_54767
"41886:TCP"= 41886:TCPORT_41886
"51906:TCP"= 51906:TCPORT_51906
"39985:TCP"= 39985:TCPORT_39985
"8816:TCP"= 8816:TCPORT_8816
"33516:TCP"= 33516:TCPORT_33516
"56328:TCP"= 56328:TCPORT_56328
"15595:TCP"= 15595:TCPORT_15595
"42323:TCP"= 42323:TCPORT_42323
"32453:TCP"= 32453:TCPORT_32453
"23598:TCP"= 23598:TCPORT_23598
"14473:TCP"= 14473:TCPORT_14473
"57465:TCP"= 57465:TCPORT_57465
"43238:TCP"= 43238:TCPORT_43238
"54065:TCP"= 54065:TCPORT_54065
"22520:TCP"= 22520:TCPORT_22520
"63308:TCP"= 63308:TCPORT_63308
"49239:TCP"= 49239:TCPORT_49239
"6476:TCP"= 6476:TCPORT_6476
"57864:TCP"= 57864:TCPORT_57864
"19320:TCP"= 19320:TCPORT_19320
"58541:TCP"= 58541:TCPORT_58541
"6082:TCP"= 6082:TCPORT_6082
"6682:TCP"= 6682:TCPORT_6682
"65383:TCP"= 65383:TCPORT_65383
"37429:TCP"= 37429:TCPORT_37429
"40918:TCP"= 40918:TCPORT_40918
"29680:TCP"= 29680:TCPORT_29680
"48621:TCP"= 48621:TCPORT_48621
"47480:TCP"= 47480:TCPORT_47480
"63389:TCP"= 63389:TCPORT_63389
"30020:TCP"= 30020:TCPORT_30020
"48431:TCP"= 48431:TCPORT_48431
"41043:TCP"= 41043:TCPORT_41043
"30969:TCP"= 30969:TCPORT_30969
"40527:TCP"= 40527:TCPORT_40527
"26820:TCP"= 26820:TCPORT_26820
"55039:TCP"= 55039:TCPORT_55039
"44164:TCP"= 44164:TCPORT_44164
"62610:TCP"= 62610:TCPORT_62610
"17486:TCP"= 17486:TCPORT_17486
"65043:TCP"= 65043:TCPORT_65043
"15098:TCP"= 15098:TCPORT_15098
"25308:TCP"= 25308:TCPORT_25308
"32496:TCP"= 32496:TCPORT_32496
"5867:TCP"= 5867:TCPORT_5867
"8176:TCP"= 8176:TCPORT_8176
"65055:TCP"= 65055:TCPORT_65055
"39379:TCP"= 39379:TCPORT_39379
"33395:TCP"= 33395:TCPORT_33395
"10629:TCP"= 10629:TCPORT_10629
"43945:TCP"= 43945:TCPORT_43945
"41961:TCP"= 41961:TCPORT_41961
"42012:TCP"= 42012:TCPORT_42012
"47851:TCP"= 47851:TCPORT_47851
"10316:TCP"= 10316:TCPORT_10316
"6848:TCP"= 6848:TCPORT_6848
"10129:TCP"= 10129:TCPORT_10129
"36898:TCP"= 36898:TCPORT_36898
"41027:TCP"= 41027:TCPORT_41027
"39223:TCP"= 39223:TCPORT_39223
"35398:TCP"= 35398:TCPORT_35398
"16691:TCP"= 16691:TCPORT_16691
"46235:TCP"= 46235:TCPORT_46235
"41460:TCP"= 41460:TCPORT_41460
"30446:TCP"= 30446:TCPORT_30446
"30294:TCP"= 30294:TCPORT_30294
"19508:TCP"= 19508:TCPORT_19508
"49637:TCP"= 49637:TCPORT_49637
"62937:TCP"= 62937:TCPORT_62937
"36610:TCP"= 36610:TCPORT_36610
"36961:TCP"= 36961:TCPORT_36961
"45723:TCP"= 45723:TCPORT_45723
"48063:TCP"= 48063:TCPORT_48063
"27658:TCP"= 27658:TCPORT_27658
"16860:TCP"= 16860:TCPORT_16860
"10095:TCP"= 10095:TCPORT_10095
"64646:TCP"= 64646:TCPORT_64646
"63583:TCP"= 63583:TCPORT_63583
"58843:TCP"= 58843:TCPORT_58843
"64013:TCP"= 64013:TCPORT_64013
"22966:TCP"= 22966:TCPORT_22966
"52693:TCP"= 52693:TCPORT_52693
"10325:TCP"= 10325:TCPORT_10325
"34676:TCP"= 34676:TCPORT_34676
"37762:TCP"= 37762:TCPORT_37762
"64781:TCP"= 64781:TCPORT_64781
"39570:TCP"= 39570:TCPORT_39570
"12294:TCP"= 12294:TCPORT_12294
"17478:TCP"= 17478:TCPORT_17478
"46841:TCP"= 46841:TCPORT_46841
"40371:TCP"= 40371:TCPORT_40371
"59967:TCP"= 59967:TCPORT_59967
"51578:TCP"= 51578:TCPORT_51578
"15801:TCP"= 15801:TCPORT_15801
"5566:TCP"= 5566:TCPORT_5566
"10746:TCP"= 10746:TCPORT_10746
"32910:TCP"= 32910:TCPORT_32910
"31372:TCP"= 31372:TCPORT_31372
"42028:TCP"= 42028:TCPORT_42028
"13656:TCP"= 13656:TCPORT_13656
"39871:TCP"= 39871:TCPORT_39871
"57344:TCP"= 57344:TCPORT_57344
"64205:TCP"= 64205:TCPORT_64205
"58739:TCP"= 58739:TCPORT_58739
"33829:TCP"= 33829:TCPORT_33829
"59782:TCP"= 59782:TCPORT_59782
"34883:TCP"= 34883:TCPORT_34883
"24238:TCP"= 24238:TCPORT_24238
"63635:TCP"= 63635:TCPORT_63635
"28724:TCP"= 28724:TCPORT_28724
"58099:TCP"= 58099:TCPORT_58099
"62028:TCP"= 62028:TCPORT_62028
"17088:TCP"= 17088:TCPORT_17088
"32731:TCP"= 32731:TCPORT_32731
"45424:TCP"= 45424:TCPORT_45424
"40105:TCP"= 40105:TCPORT_40105
"5770:TCP"= 5770:TCPORT_5770
"19053:TCP"= 19053:TCPORT_19053
"61051:TCP"= 61051:TCPORT_61051
"28233:TCP"= 28233:TCPORT_28233
"7941:TCP"= 7941:TCPORT_7941
"46397:TCP"= 46397:TCPORT_46397
"43195:TCP"= 43195:TCPORT_43195
"38011:TCP"= 38011:TCPORT_38011
"25634:TCP"= 25634:TCPORT_25634
"40001:TCP"= 40001:TCPORT_40001
"63945:TCP"= 63945:TCPORT_63945
"5281:TCP"= 5281:TCPORT_5281
"24345:TCP"= 24345:TCPORT_24345
"49033:TCP"= 49033:TCPORT_49033
"54280:TCP"= 54280:TCPORT_54280
"43895:TCP"= 43895:TCPORT_43895
"55611:TCP"= 55611:TCPORT_55611
"19251:TCP"= 19251:TCPORT_19251
"18618:TCP"= 18618:TCPORT_18618
"18701:TCP"= 18701:TCPORT_18701
"52072:TCP"= 52072:TCPORT_52072
"16444:TCP"= 16444:TCPORT_16444
"11136:TCP"= 11136:TCPORT_11136
"41543:TCP"= 41543:TCPORT_41543
"30322:TCP"= 30322:TCPORT_30322
"27200:TCP"= 27200:TCPORT_27200
"52985:TCP"= 52985:TCPORT_52985
"35942:TCP"= 35942:TCPORT_35942
"31129:TCP"= 31129:TCPORT_31129
"8247:TCP"= 8247:TCPORT_8247
"20653:TCP"= 20653:TCPORT_20653
S3 autorun;autorun;C:\huadio.tmp [02/16/2005 07:12 PM]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-06-28 18:41:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.2 = msime80.exe???x
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsServer = msfir80.exe???.
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\autorun]
"ImagePath"="\??\C:\huadio.tmp"
.
Completion time: 06/28/2008 18:41:19
ComboFix-quarantined-files.txt 2008-06-28 15:41:18
Pre-Run: 10,003,038,208 bytes free
Post-Run: 9,994,403,840 bytes free
267 --- E O F --- 2008-06-28 14:40:08



وهذا تقرير لبرنامج HiJackT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:48:37 م, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\algssl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\WhiteSmoke\WSEnrichment.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\wzb216\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhit.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsServer] msfir80.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--End of file - 5083 bytes


بخصوص برنامج الحمايه .. الجهاز هذا كان ما يستخدم للنت .. ونسيت ان احط برنامج وراح انزله ان شاء الله

بس لو تعطيني من وقتك شووي راح اعرض مشكلة الجهاز الثاني وتقرير له​

 

[saudi09]

وهذا تقرير للجهاز الاخر نفس المشكله اللي بالاعلى

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:57:56 م, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SGStiMon.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BBC Arabic\bbcarabic.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\Program Files\WhiteSmoke\WSEnrichment.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe
R3 - URLSearchHook: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhi1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhi1.dll
O3 - Toolbar: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhi1.dll
O4 - HKLM\..\Run: [SG310Monitor] C:\WINDOWS\SGStiMon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BBC Arabic] "C:\Program Files\BBC Arabic\bbcarabic.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O4 - Global Startup: WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 6496 bytes



واسف على الازعاج ​

 

[saudi09]

كل شي تمام الان جربت الادوات اللي بالاعلي بالنسبه للجهاز االثاني

وانتهت المشكله

الف شكر للجميع

 

[فارس الملاك]

اعتذر عزيزي عن التاخير بسبب الظروف

لكن الحمد لله على سلامة الجهاز​