albrince
زيزوومى فعال
غير متصل
[align=center]
لو في شي أخبروني الله يرضى عليكم
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:22:58 ص, on 07/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-1\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iZone Internet Turbo\izone.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iZone Internet Turbo\izgui.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Faronics\Deep Freeze\Install C-1\_$Df\FrzState2k.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\user\Local Settings\Temp\wzdce8\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\iZone Internet Turbo\components\NOWImaging.dll
O3 - Toolbar: iZone Internet Turbo - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\iZone Internet Turbo\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\iZone Internet Turbo\izone.exe"
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Shim For.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zyz1] c:\zyz_auto_killer\run2.exe
O4 - HKCU\..\Run: [army software] C:\DOCUME~1\user\APPLIC~1\MEMOFO~1\link joy.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: iZone Internet Turbo.lnk = C:\Program Files\iZone Internet Turbo\izgui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\iZone Internet Turbo\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\iZone Internet Turbo\gui_resource.dll/328
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2EA8706-6CC2-4D07-B24D-DEFAB56170A0}: NameServer = 84.23.102.172 84.23.102.173
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-1\DF5Serv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 5064 bytes[/align]
أخواني جهازي ويندوز اكس بي سيرفر باك تو
حملت برنامج AutoPlay Media Studio 6.0.5.0 Full by BouzalouFe.rar
وبعد الانتهاء من الأسطوانة .... حاولت اخرج المشروع
طلع لي نافذة
وعند الضغط على الأمر الموضح
طلعت لي نافذة
علما فحصت جهازي بأكثر من برنامج واداه للفايروسات والباتشات والنتيجة لا فايروسات
الرجاء المساعدة
وهذا تقرير لجهازيحملت برنامج AutoPlay Media Studio 6.0.5.0 Full by BouzalouFe.rar
وبعد الانتهاء من الأسطوانة .... حاولت اخرج المشروع
طلع لي نافذة
وعند الضغط على الأمر الموضح
طلعت لي نافذة
علما فحصت جهازي بأكثر من برنامج واداه للفايروسات والباتشات والنتيجة لا فايروسات
الرجاء المساعدة
لو في شي أخبروني الله يرضى عليكم
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:22:58 ص, on 07/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-1\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iZone Internet Turbo\izone.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iZone Internet Turbo\izgui.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Faronics\Deep Freeze\Install C-1\_$Df\FrzState2k.exe
C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\user\Local Settings\Temp\wzdce8\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\iZone Internet Turbo\components\NOWImaging.dll
O3 - Toolbar: iZone Internet Turbo - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\iZone Internet Turbo\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\iZone Internet Turbo\izone.exe"
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Shim For.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zyz1] c:\zyz_auto_killer\run2.exe
O4 - HKCU\..\Run: [army software] C:\DOCUME~1\user\APPLIC~1\MEMOFO~1\link joy.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: iZone Internet Turbo.lnk = C:\Program Files\iZone Internet Turbo\izgui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\iZone Internet Turbo\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\iZone Internet Turbo\gui_resource.dll/328
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2EA8706-6CC2-4D07-B24D-DEFAB56170A0}: NameServer = 84.23.102.172 84.23.102.173
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-1\DF5Serv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 5064 bytes
.png)
.png)
