اتمنى مساعدتكم يااخوان جهازي مصاب ب trojan

[myas1234]

السلام عليكم

اتمنى مساعدتكم يااخوان جهازي مصاب ب trojan
وبهذل لي الجهاز مع ان معاي بالرغم كاسبر اصلي لكن مانفع معاة بهذل لي الجهاز يعلق ويطفى والنت بطئ وفتح الايقونات بطئ كذلك ...الجهاز صار بطئ جدا مع انة جديد لاب توب اسيوس شريتة قبل ثمانية اشهر
ونزلت من هذا الموقع DRspyware وعملت سكان وطلعت كل الترونجات لكن رجعت من جديد

وش الحل يااخوان اتمنى مساعدتي انا في الغربة للدراسة باستراليا ومافي زي عندنا بدولنا اقفز لأقرب محل ويظبط لي الجهاز هنا كل شئ برامج اصلية وغالية الثمن لو ابي افرمت الجهاز حيكلف كثير مع تركيب البرامج الاصلية
وش تشورون علي؟؟؟

اسف على الكتابة بهذا الشكل الغير مرتب

 

[القبطان الصغير]

هلا بك أخي

انت وضعت الموضوع في القسم الخاطئ

المهم ممكن تعطيني اسم التورجان؟

و الله الموفق

 

[techno]

عذرا بتعديل العنوان ونقله للقسم المناسب بالتوفيق
​

 

[myas1234]

اسف ياخوي ماادري اني حطيت الموضوع في المكان الخاطئ

اسمة اعتقد trojan/win32

لست متأكد من الاسم لكن بعضة بهذا الشكل

 

[Al jNtEeL]

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيلها واتبع الشرح :

ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :

تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :

بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار

هذه هو التقرير قد خرج انسخه والصقه في ردك القادم

(2)

حمل أداة الهايجاك​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

بعد ان تشغل البرنامج اعمل الاتي :

ستظهر لك هذه النافذه .. اتبع الشرح :

ثم ستظهر لك هذه النافذه ::

انسخ التقرير كاملا وارفقه في ردك القادم لتحليله​

 

[myas1234]

اشغل واحد من البرامج والا اشغل الاثنين كلها

 

[Al jNtEeL]

الكـل

 

[myas1234]

الله يبارك فيك يالجنتل ويكثر من امثالك

خذ هذا التقرير الأول وبعد شوية راح اعطيك التقرير الثاني

ComboFix 08-08-09.06 - USER 2008-08-10 22:07:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1256.966.1033.18.305 [GMT -7:00]
Running from: C:\Users\USER.USER-PC\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\ADSTechnology
C:\Program Files\ADSTechnology\Uninstall.exe
C:\Program Files\Helper
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADSTechnology
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADSTechnology\Uninstall.lnk
C:\Users\USER.USER-PC\AppData\Roaming\macromedia\Flash Player\#Shareds\KZD9W85B\interclick.com
C:\Users\USER.USER-PC\AppData\Roaming\macromedia\Flash Player\#Shareds\KZD9W85B\interclick.com\ud.sol
C:\Users\USER.USER-PC\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\USER.USER-PC\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\system32\ddcBRjGa.dll
C:\Windows\system32\ddeafyac.ini
C:\Windows\System32\HPrXwGgh.ini
C:\Windows\System32\HPrXwGgh.ini2
C:\Windows\System32\LUuxxyxx.ini
C:\Windows\System32\LUuxxyxx.ini2
C:\Windows\system32\nbaxjwuo.dll
C:\Windows\system32\wvorfqlv.dll
C:\Windows\system32\wVpMFvuv.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 05:20 34,039,072 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-11 05:18 457,904 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-11 05:02 --------- d---a-w C:\ProgramData\TEMP
2008-08-11 03:46 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-11 01:08 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-11 00:43 --------- d-----w C:\Users\USER.USER-PC\AppData\Roaming\PC Tools
2008-08-10 22:46 --------- d-----w C:\Program Files\STOPzilla!
2008-08-10 22:32 --------- d-----w C:\ProgramData\STOPzilla!
2008-08-10 12:33 --------- d-----w C:\Program Files\Minefield
2008-08-10 12:25 --------- d-----w C:\ProgramData\SITEguard
2008-08-10 12:03 --------- d-----w C:\Program Files\Common Files\iS3
2008-08-10 11:50 --------- d-----w C:\Program Files\Anti Trojan Elite
2008-08-10 09:54 --------- d-----w C:\Users\USER.USER-PC\AppData\Roaming\Simply Super Software
2008-08-10 09:24 0 ----a-w C:\ntuser.dat
2008-08-07 10:06 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-08-03 09:24 --------- d-----w C:\Users\USER.USER-PC\AppData\Roaming\Skype
2008-08-02 07:05 --------- d-----w C:\Users\USER.USER-PC\AppData\Roaming\skypePM
2008-08-02 06:12 --------- d-----w C:\Program Files\Google
2008-08-02 06:11 --------- d-----w C:\ProgramData\Skype
2008-08-02 06:11 --------- d-----w C:\Program Files\Skype
2008-08-02 06:11 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-25 03:52 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-20 06:43 --------- d-----w C:\Program Files\Paltalk Messenger
2008-07-19 10:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 20:54 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 20:48 --------- d-----w C:\Program Files\Windows Mail
2008-07-01 06:13 --------- d-----w C:\Users\USER.USER-PC\AppData\Roaming\Babylon
2008-07-01 06:13 --------- d-----w C:\ProgramData\Babylon
2008-07-01 06:12 --------- d-----w C:\Program Files\myBabylon
2008-07-01 06:12 --------- d-----w C:\Program Files\Conduit
2008-07-01 06:12 --------- d-----w C:\Program Files\Babylon
2008-06-11 04:22 81,288 ----a-w C:\Windows\system32\drivers\iksyssec.sys
2007-11-12 06:39 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-12 06:39 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2007-11-12 06:39 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\s\index.dat
2008-03-16 02:01 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-16 02:01 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2008-03-16 02:01 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\s\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\myBabylon\tbmyBa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{DAECDE8B-3524-497D-AB33-DD4E33F127DE}]
2008-08-10 05:19 312320 --a------ C:\Windows\system32\xxyxxuUL.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:34 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 04:43 729088]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-21 22:27 815104]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-10 17:36 778240]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-20 23:08 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-30 22:36 4186112 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-04-11 03:36:09 991600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
--a------ 2008-04-16 17:41 863232 C:\Program Files\Anti Trojan Elite\TJEnder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 15:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-30 17:17 21738792 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2A8003E0-C033-44F2-802E-9578BA03D71B}C:\\program files\\paltalk messenger\\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exealtalkScene
"UDP Query User{926A3914-615B-4EC8-976E-A25E8D22E74E}C:\\program files\\paltalk messenger\\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exealtalkScene
"{222FAE9B-9C9C-421F-A983-6AB4D9C9D5D5}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8043CAFC-629E-4EC9-A688-C7AEE76188FC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{44F3D888-F5D7-4106-A0FB-57D903BE269B}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{DBC05DC1-3CB6-4CE0-B184-CAB4E855EF32}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5BF9B0D6-D1CC-47EA-8A20-31A8C2FE94A4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BE1CC152-B862-4DA0-9187-2407EE9A19F3}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C5334A5F-1CFC-4900-AB3A-EC25FE4DC0AD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4BC9420A-8F15-4E9B-9273-FA14D35C5739}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8FCBCF5A-5DEE-4C12-A98A-C5099AFD7672}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0AEDFDCA-8F74-4A1E-8270-044B98F1EF33}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B2664809-5F6A-49A7-A04F-35E0D372467E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4A177F1F-BBB8-46DE-988D-40A998DE4D5C}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{326D991C-15CD-4572-875D-40B457E5ADA0}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E9F311F0-81F1-4CEE-8371-938FE023FB8E}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{46D2BB33-1B4F-4D98-8752-A583792802A0}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{A18DB680-9E9F-4763-B770-84A9D7735371}C:\\program files\\paltalk messenger\\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exealtalkScene
"UDP Query User{0CBB4D36-A1B8-4166-848A-1E81A0679794}C:\\program files\\paltalk messenger\\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exealtalkScene
"TCP Query User{48B9013E-2BC5-49DD-9720-897596F9FD06}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1DB5803F-FADB-4DA7-A54D-520B4D4BEE04}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{487D59AA-0108-42A4-AD48-DF75F90353EA}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{2EA78144-743C-4C1A-8B19-17CC2202FACC}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{6E58A2DC-B90C-42F5-BA99-0C8E48E3C9B3}C:\\users\\user.user-pc\\appdata\\local\\temp\\rar$ex00.037\\h[1].r.exe"= UDP:C:\users\user.user-pc\appdata\local\temp\rar$ex00.037\h[1].r.exe:h[1].r.exe
"UDP Query User{A05720C4-E1B1-4C05-8235-376511BA6E6F}C:\\users\\user.user-pc\\appdata\\local\\temp\\rar$ex00.037\\h[1].r.exe"= TCP:C:\users\user.user-pc\appdata\local\temp\rar$ex00.037\h[1].r.exe:h[1].r.exe
"{CB84677D-C5C7-45E4-84C2-4D1D8FA9F5D3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD363C39-4155-41B5-A4BE-9520265198CC}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-10 09:31]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2006-12-21 11:36]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-02 15:37]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37ebe2b7-bf42-11dc-9338-001b770cf9e1}]
\shell\Auto\command - auto.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\shell\explore\Command - ntde1ect.com
\shell\open\Command - ntde1ect.com
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {1588FCDE-E779-AA74-BF76-64C8037C5C9F} /qb
.
s of the 'Scheduled Tasks' folder
2008-08-11 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKLM-Run-Babylon Client - C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
HKLM-Run-MSServer - C:\Windows\system32\ddcBRjGa.dll
HKLM-Run-BM8d877f89 - C:\Windows\system32\nbaxjwuo.dll
ShellExecuteHooks-{6BC03760-586E-4D52-9FCA-B4AC1415BF16} - C:\Windows\system32\ddcBRjGa.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\USER.USER-PC\AppData\Roaming\Mozilla\Firefox\Profiles\2jhup99n.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Minefield\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-10 22:20:44
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\System32\conime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-08-10 22:30:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-11 05:29:10
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 44,177,711,104 bytes free
244 --- E O F --- 2008-08-09 01:52:34

 

[Al jNtEeL]

مشاء الله جهازك مكتظ بالفايروسات المعششه فيـه :q:

بنتظار تقرير الهايجاك لتحليله وتقديـم الحلول

 

[myas1234]

هذة التقرير الثاني...والمشكلة عندي كاسبر نسخة اصلية

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:50 PM, on 10/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\USER.USER-PC\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨?¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! ¤u¨?¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: myBabylon Toolbar - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - C:\Program Files\myBabylon\tbmyBa.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
--
End of file - 8075 bytes

 

[myas1234]

وين رحت اخوي الجنتل الحق علي
من كثر ماعملت سكان للجهاز صار الواير لس مايشتغل للنت وصرت اركب سلك النت اذا ابي استخدم النت

--------------------------------------------------------------------------
للمعلومية الجهاز ويندوز فيستا

 

[myas1234]

للرفع

 

[myas1234]

للرفع ...وينك ياجنتل

 

[myas1234]

للرفع

 

[myas1234]

للرفع

 

[Demo-dashDemo-dash is verified member.]

احذف

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


R3 - URLSearchHook: Yahoo! ¤u¨?¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll


O3 - Toolbar: Yahoo! ¤u¨?¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll


O8 - Extra context menu item: Add to Windows &Live Favorites -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)


O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)

وروح اضافه وازاله البرامج واحذف ياهو وقوقل تولبار لو كانت موجوده





استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[myas1234]

الله يبارك فيك اخوي ديمو ويجعلة في ميزان حسناتك

راح اتبع الخطوات وارفق التقرير