أرجو مساعدة من الخبراء من فضلكم أنا في ورطة (لمن يعرف طريقة للتخلص من فايرس Runouce.b )

  • بادئ الموضوع بادئ الموضوع ilias25
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,308
I

ilias25

زيزوومي جديد
إنضم
1 مارس 2008
المشاركات
71
مستوى التفاعل
0
النقاط
80
غير متصل
السلام عليكم و رحمة الله تعالى وبركاته

ألجأ إليكم إخوتي اليوم بعد أن نفذت حيلتي و ذاق صدري بهذا الفيروس اللعين الذي خرب جهازي و أفسد حياتي أقصد بهذا فيروس Runouce.b
هذه الصورة من جهازي

runouceib2.jpg


اصاب جهازي فيروس Email-Worm.Win32.Runouce.b لا اعلم من اين اتى !
confused.gif


سويت فورمات للجهاز لكل البارتشنات ولكن لازال الفيروس موجود!

عندي الكاسبر سكاي انتي فايرس 7

هذا الفيروس يحذف جميع الملفات التي امتدادها exe - html

والله تعبني مره .. وفقدت الكثير من البرامج والملفات
frown.gif


هل من طريقة للقضاء عليه
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
بارك الله فيك أخي العزيز

هذا تقرير الهيجاك
PHP: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:21, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Logiciels\Programes Portable\AntiVirus - Anti SpyWar\Portable Zyzoom HijackThis\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MAISON\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E663F5FE-C620-4639-B814-CD0B6A0E72AF}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Transaction Coordinator (stuad) - Unknown owner - C:\WINDOWS\Web\printers\svchost.exe (file missing)
O23 - Service: COM+ System Appliction (stued) - Unknown owner - C:\WINDOWS\System32\RTCOM\svchost.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 6892 bytes
 
تأييد 0
و هذا تقرير Ombofix أخي ( مع العلم فإن جهازي لم يعاد تشغيله (Reboot) كما قلت لي


PHP: 
ComboFix 08-11-11.01 - MAISON 2008-11-12 22:07:38.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1256.213.1036.18.605 [GMT 1:00]
Running from: c:\documents and settings\MAISON\Mes documents\Downloads\Programs\ComboFix.exe
 * Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Bifrost
c:\program files\bifrost\klog.dat
c:\windows\system\oeminfo.ini
c:\windows\system32\runouce.exe
c:\windows\system32\Ultra.dll

.
(((((((((((((((((((((((((   Files Created from 2008-10-12 to 2008-11-12  )))))))))))))))))))))))))))))))
.

2008-11-12 22:05 . 2008-11-12 22:05    401,408    --a------    c:\windows\system32\CF12840.exe.vir
2008-11-12 21:44 . 2008-11-12 21:44    236    --a------    C:\sqmdata02.sqm
2008-11-12 21:44 . 2008-11-12 21:44    200    --a------    C:\sqmnoopt02.sqm
2008-11-12 21:12 . 2008-11-12 21:12    634    --a------    C:\is.html
2008-11-12 20:34 . 2008-11-12 20:34    <REP>    d--------    c:\documents and settings\MAISON\Application Data\Thinstall
2008-11-12 19:51 . 2008-11-12 19:51    236    --a------    C:\sqmdata01.sqm
2008-11-12 19:51 . 2008-11-12 19:51    200    --a------    C:\sqmnoopt01.sqm
2008-11-12 15:12 . 2008-11-12 15:12    4,096    --a------    c:\windows\system32\runouce.exe.kav
2008-11-12 14:58 . 2008-11-12 14:58    <REP>    d--------    c:\program files\Fichiers communs\Adobe
2008-11-10 20:07 . 2008-11-10 20:07    196,608    --a------    c:\windows\system32\avisynth.dll
2008-11-10 20:06 . 2008-11-10 20:07    <REP>    d--------    c:\program files\DivXCodec
2008-11-09 02:41 . 2008-11-09 02:41    <REP>    d--------    c:\documents and settings\MAISON\Application Data\DivX
2008-11-08 18:53 . 2008-11-08 18:53    <REP>    d--------    c:\documents and settings\MAISON\Application Data\vlc
2008-11-08 16:18 . 2002-08-16 15:15    60,928    --a------    c:\windows\unleap.exe
2008-11-08 01:16 . 2008-11-12 22:06    <REP>    d--------    c:\documents and settings\MAISON\Application Data\DMCache
2008-11-08 00:27 . 2008-11-12 20:47    <REP>    d--------    c:\documents and settings\MAISON\Application Data\Spyware Terminator
2008-11-07 18:19 . 2008-11-07 18:19    <REP>    d--------    c:\documents and settings\MAISON\Application Data\Adobe-BackupByPhotoshopPortable
2008-11-07 11:24 . 2008-11-07 11:24    <REP>    d--------    c:\program files\Fichiers communs\Adobe Systems Shared
2008-11-07 10:30 . 2008-11-07 10:30    <REP>    d--------    c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-07 10:29 . 2008-11-07 10:29    <REP>    d--------    c:\program files\Fichiers communs\Macrovision Shared
2008-11-07 09:58 . 2008-11-07 09:58    <REP>    d--------    c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-05 00:19 . 2008-11-05 00:19    <REP>    d--------    c:\documents and settings\All Users\Application Data\Grisoft
2008-11-05 00:03 . 2008-11-05 00:12    <REP>    d--------    c:\program files\ESTsoft
2008-11-03 21:48 . 2008-11-03 21:53    0    --a------    c:\windows\system32\listm
2008-11-03 13:48 . 2008-11-03 13:48    <REP>    d--------    c:\documents and settings\ALIAS
2008-11-01 17:41 . 2008-11-01 17:41    <REP>    d--------    c:\program files\MSECache
2008-11-01 16:24 . 2008-11-01 16:24    <REP>    d--------    c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-01 14:48 . 2008-11-01 14:48    <REP>    d--------    c:\program files\Sarm Software
2008-10-31 16:29 . 2008-10-31 16:29    <REP>    d--------    c:\program files\MOJOSOFT
2008-10-31 16:09 . 2008-10-31 16:09    <REP>    d--------    c:\program files\Microsoft Works
2008-10-31 16:08 . 2008-10-31 16:08    <REP>    d--------    c:\program files\MSBuild
2008-10-31 16:07 . 2008-10-31 16:07    <REP>    d--------    c:\program files\Microsoft.NET
2008-10-31 16:05 . 2008-10-31 16:05    <REP>    d--------    c:\program files\Microsoft Visual Studio 8
2008-10-31 16:04 . 2008-11-03 13:58    <REP>    d--------    c:\windows\SHELLNEW
2008-10-31 16:04 . 2008-11-01 16:36    <REP>    d--------    c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-31 16:03 . 2008-10-31 16:03    <REP>    dr-h-----    C:\MSOCache
2008-10-31 15:48 . 2008-11-07 14:35    <REP>    d--------    c:\documents and settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable
2008-10-30 13:23 . 2008-10-30 13:23    138,368    --a------    c:\windows\system32\drivers\sp_rsdrv2.sys
2008-10-30 13:04 . 2008-11-12 22:01    <REP>    d--------    c:\program files\Spyware Terminator
2008-10-30 13:04 . 2008-11-12 20:46    <REP>    d--------    c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-10-30 12:34 . 2008-10-30 12:37    65,266    --a------    c:\windows\system32\OEMLogo.bmp
2008-10-30 12:34 . 2008-10-30 12:37    168    --a------    c:\windows\system32\OEMInfo.ini
2008-10-30 12:28 . 2008-10-30 12:54    <REP>    d--------    c:\program files\VisualTaskTips
2008-10-29 21:39 . 2008-10-29 21:39    754    --a------    c:\windows\WORDPAD.INI
2008-10-29 08:18 . 2008-10-30 13:03    3,249    --a------    c:\windows\sremcon_drivers.dat
2008-10-29 08:18 . 2008-10-30 13:03    204    --a------    c:\windows\sremcon_winlogon.dat
2008-10-29 08:18 . 2008-10-30 13:03    196    --a------    c:\windows\sremcon_startup.dat
2008-10-26 20:14 . 2008-10-26 20:14    10,606    --a------    c:\windows\system\oemlogo.bmp
2008-10-26 16:43 . 2008-11-07 14:36    <REP>    d--------    c:\program files\Fichiers communs\Adobe-BackupByPhotoshopPortable
2008-10-22 21:25 . 2008-10-22 21:28    <REP>    d--------    c:\program files\SplitCam
2008-10-22 21:25 . 2003-05-14 20:07    389,120    --a------    c:\windows\system32\actskn43.ocx
2008-10-22 21:25 . 2008-10-22 21:25    13,824    --a------    c:\windows\system32\drivers\splitcam.sys
2008-10-17 16:11 . 2008-09-04 21:03    56,344    --a------    c:\windows\system32\drivers\fssfltr.sys
2008-10-16 00:35 . 2003-12-08 13:01    933,888    --a------    c:\windows\system32\Flash.ocx
2008-10-15 19:57 . 2008-10-15 19:58    <REP>    d--------    c:\program files\TuneUp Utilities 2008
2008-10-15 19:57 . 2008-10-15 19:57    <REP>    d--------    c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-15 19:57 . 2008-10-15 19:57    306,432    --a------    c:\windows\system32\TuneUpDefragService.exe
2008-10-15 19:57 . 2007-12-20 09:41    29,440    --a------    c:\windows\system32\uxtuneup.dll
2008-10-15 02:30 . 2008-10-17 16:11    <REP>    d----c---    c:\windows\system32\DRVSTORE
2008-10-14 21:26 . 2008-10-14 21:26    <REP>    d--------    c:\program files\No-IP
2008-10-14 20:43 . 2008-10-14 20:43    <REP>    d--------    c:\program files\Hamachi
2008-10-14 20:43 . 2008-10-14 20:43    25,280    --a------    c:\windows\system32\drivers\hamachi.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 21:09    39,291,424    --sha-w    c:\windows\system32\drivers\fidbox.dat
2008-11-12 21:09    1,622,560    --sha-w    c:\windows\system32\drivers\fidbox2.dat
2008-11-12 19:53    ---------    d-----w    c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-12 15:33    537,980    --sha-w    c:\windows\system32\drivers\fidbox.idx
2008-11-12 15:33    164,108    --sha-w    c:\windows\system32\drivers\fidbox2.idx
2008-11-12 15:30    ---------    d-----w    c:\documents and settings\MAISON\Application Data\uTorrent
2008-11-10 19:35    ---------    d-----w    c:\program files\Valve
2008-11-10 19:07    ---------    d-----w    c:\program files\Gabest
2008-11-10 19:06    414,272    ----a-w    c:\windows\system32\DivXc32f.dll
2008-11-10 19:06    414,272    ----a-w    c:\windows\system32\DivXc32.dll
2008-11-10 19:06    33,280    ----a-w    c:\windows\system32\HUFFYUV.DLL
2008-11-08 15:30    ---------    d---a-w    c:\documents and settings\All Users\Application Data\TEMP
2008-11-01 19:20    ---------    d--h--w    c:\program files\InstallShield Installation Information
2008-11-01 15:13    970,752    ----a-w    c:\windows\WD90VM.DLL
2008-11-01 15:13    565,248    ----a-w    c:\windows\WD90IMG.DLL
2008-11-01 15:13    417,792    ----a-w    c:\windows\WD90COM.DLL
2008-11-01 15:13    394,752    ----a-w    c:\windows\WD90STD.DLL
2008-11-01 15:13    1,539,584    ----a-w    c:\windows\WD90OBJ.DLL
2008-11-01 13:56    462,848    ----a-w    c:\windows\WD90PRN.DLL
2008-11-01 13:56    454,709    ----a-w    c:\windows\WD90PDF.DLL
2008-11-01 13:56    446,464    ----a-w    c:\windows\WD90XML.DLL
2008-11-01 13:56    352,256    ----a-w    c:\windows\WD90ETAT.DLL
2008-11-01 13:56    307,200    ----a-w    c:\windows\WD90HTML.DLL
2008-11-01 13:56    303,104    ----a-w    c:\windows\WD90ZIP.DLL
2008-11-01 13:56    155,648    ----a-w    c:\windows\WD90RTF.DLL
2008-11-01 08:42    ---------    d-----w    c:\program files\DivX
2008-10-31 23:13    ---------    d-----w    c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-30 12:21    ---------    d-----w    c:\program files\DAEMON Tools
2008-10-27 21:11    ---------    d-----r    c:\program files\Internet Download Manager
2008-10-27 21:11    ---------    d-----r    c:\program files\Eidos Interactive
2008-10-27 21:11    ---------    d-----r    c:\program files\AC3Filter
2008-10-17 15:11    ---------    d-----w    c:\program files\Windows Live
2008-10-15 22:50    ---------    d-----w    c:\program files\Messenger Plus! Live
2008-10-10 22:51    ---------    d-----w    c:\program files\Microsoft
2008-10-10 22:49    ---------    d-----w    c:\program files\Fichiers communs\Windows Live
2008-10-10 08:58    ---------    d-----w    c:\program files\uTorrent
2008-10-08 10:13    ---------    d-----w    c:\documents and settings\MAISON\Application Data\IndigoRose
2008-10-07 19:29    361,344    ----a-w    c:\windows\system32\drivers\TCPIP.SYS
2008-10-04 15:14    2,560    ----a-w    c:\windows\_MSRSTRT.EXE
2008-10-01 18:04    ---------    d-----w    c:\documents and settings\All Users\Application Data\Microgaming
2008-10-01 18:04    ---------    d-----w    c:\documents and settings\All Users\Application Data\MGS
2008-09-30 09:00    ---------    d-----w    c:\program files\AviSynth 2.5
2008-09-29 14:37    ---------    d-----w    c:\program files\VMware
2008-09-22 15:20    ---------    d-----w    c:\program files\Easy RealMedia Tools
2008-09-22 14:30    2,287,104    ----a-w    c:\windows\system32\TUKernel.exe
2008-09-19 17:06    ---------    d-----w    c:\program files\GordianKnot
2008-09-18 14:45    ---------    d-----w    c:\documents and settings\All Users\Application Data\TuneUp Software
2008-09-18 11:07    ---------    d-----w    c:\program files\Loop12 V2
2008-09-15 00:40    ---------    d-----w    c:\program files\Fichiers communs\eSellerate
2008-09-14 23:21    720,896    ----a-w    c:\windows\iun6002ev.exe
2008-09-14 00:27    ---------    d-----w    c:\program files\sXe Injected
2008-09-13 23:34    ---------    d-----w    c:\documents and settings\All Users\Application Data\Hot Lava Games
2008-09-10 08:54    397,312    ----a-w    c:\windows\spool.exe
2008-09-08 22:03    51,712    ----a-w    c:\windows\system32\sirenacm.dll
2008-09-05 14:04    288,768    ----a-w    c:\windows\WLXPGSS.SCR
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-09-08 3513344]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-08-25 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-30 2709504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [2008-08-11 929870]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^MAISON^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\MAISON\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-08-25 12:33 2610608 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-09-08 23:02 3513344 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"RTHDCPL"=RTHDCPL.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe"
"NeroFilterCheck"=c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Logiciels\\Logiciels d'internet\\Chat Outils\\McoViewer  MSN\\mcoviewer1.2.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"d:\\Logiciels\\Programes Portable\\Communication\\mIRC 6.16 Portable\\mIRC.exe"=
"d:\\Logiciels\\Programes Portable\\Communication\\ooVoo Portable 1.6\\ooVoo.exe"=
"d:\\Logiciels\\Programes Portable\\Telephoner Free\\Wizzl\\Wizzl.exe"=
"d:\\Logiciels\\Loisir--Miltimedia--Jeux\\Racer_PC_jeu_gratuit\\racer053b4\\tracked.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Logiciels\\Programes Portable\\Communication\\Skype 3.8\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP المنفذ 37675
"5110:UDP"= 5110:UDP:prorat

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-01-21 21512]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-30 138368]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe [2008-04-13 14336]
R3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys [2003-12-01 117785]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-01-21 26248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S2 BlueSoleilCS;BlueSoleilCS;c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-06-05 778240]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 143467]
S2 stuad;Transaction Coordinator;c:\windows\Web\printers\svchost.exe [ ]
S2 stued;COM+ System Appliction;c:\windows\System32\RTCOM\svchost.exe [ ]
S3 BsHelpCS;BsHelpCS;c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-06-04 69735]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-15 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder

2008-11-07 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:39]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Runonce - c:\windows\system32\runouce.exe
MSConfigStartUp-WindowBlinds - c:\documents and settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\MAISON\Application Data\Mozilla\Firefox\Profiles\k45227do.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1392740&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 22:09:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Runonce = c:\windows\system32\runouce.exe?^??q0($?????????????????????????????]??? ($?p.?q<???cv?e???|??<~??>~O?<~ ???0u???????O?|?????p?????????? ???\??????????|l$?|!???x????????O?|D??????????????????????????????????????????????????????????????????????????? ???ZZ@ 

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-12 22:11:07
ComboFix-quarantined-files.txt  2008-11-12 21:10:54

Pre-Run: 12 928 798 720 octets libres
Post-Run: 12,931,403,776 octets libres

268
 
تأييد 0
رابط تحميل آخر تحديث للاداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شرح الاستخدام ,,,,,,


قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور



000.png


001.png



002.png



003.png



004.png



005.png
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

^^
تستخدم بالوضع الامن ثم


ثم عطل نقطة استعادة النظام حسب الشرح التالي

dis_sys_xp.jpg



حمل اداة الكاسبر من الرابط التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

zyzoom-3d6517b067.png

zyzoom-7717063ed7.png

zyzoom-cda271da05.png

zyzoom-26888dbf15.png

zyzoom-3f4576c288.png

ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
التعديل الأخير بواسطة المشرف:
توقيع : ابـــو عــبــد الــلــه
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى