استفسار عن فايروس ( worm.win32.autorun.rg )

ع

عابر القرات

زيزوومي جديد
إنضم
26 فبراير 2009
المشاركات
17
مستوى التفاعل
9
النقاط
20
غير متصل
بسم الله الرحمن الرحيم

السلام عليكم ورحمة الله وبركاته ،،،

اخواني ، لدي مشكلة مع فايروس رفض أن يحذف ...

الفايروس اسمه ( worm.win32.autorun.rg )

طبعا هو موجود في فلاش وعملت له فحص بالكاسبرأنتر فايروس ، وعندما وصل البحث إلى 99% علق البحث والنتيجة . وجود 122 فايروس حذف منها 1

وإلى الآن معلق البحث ...

فما العمل جزاكم الله خير
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
نصيحة انقل ملفاتك الموجودة على الفلاش الى مجلد على سطح المكتب مثلا, ثم فرمت الفلاش وأعد ملفاتك الى مكانها على الفلاش
 
تأييد 0
تم نقل الموضوع لمكانه الأنسب ,,
حتى تتلقى الدعم اللازم ,,
بارك الله فيك ,,
 
توقيع : ashalshaikh
تأييد 0
وعليكم السلام

اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
 
توقيع : AbOdy
تأييد 0
والله فيروسات w32 مزعجة
 
توقيع : v.i.p
تأييد 0
شاكر لك مشرفنا العزيز ... وجعله الله في ميزان حسناتك


جزاكم الله خير اخواني على النصائح


هذا ما طلبته اخوي AbOdy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:16:02 م, on 17/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\documents and settings\ماجــــــــــد\local settings\application data\sugwmma.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\ماجــــــــــد\My Documents\Downloads\Programs\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [HUAWEI 3G Data Card MTS] C:\PROGRA~1\MOBILY~1\Mobily Connect Card.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [sugwmma] "c:\documents and settings\ماجــــــــــد\local settings\application data\sugwmma.exe" sugwmma
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 11600 bytes


أرجو أن يكون هذا ما طلبته
 
تأييد 0
قم بتركيب الفلاش بالجهاز ثم اعمل التالي


عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
جزاك الله خير أخوي MAAX

فعلت ما أمرتني به عدا أنني لم أقم بإدخال الفلاش لأنه أصبح بعيداً عني

وهذا هو التقرير

ComboFix 09-03-15.01 - ماجــــــــــد 03/18/2009 9:53:47.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1025.18.1526.1021 [GMT 3:00]
Running from: c:\documents and settings\ماجــــــــــد\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\قائمة ابدأ\البرامج\ADSTechnology
c:\documents and settings\All Users\قائمة ابدأ\البرامج\ADSTechnology\ADSTechnology.lnk
c:\documents and settings\All Users\قائمة ابدأ\البرامج\ADSTechnology\Uninstall.lnk
c:\documents and settings\ماجــــــــــد\Application Data\inst.exe
c:\documents and settings\ماجــــــــــد\Local Settings\Application Data\sugwmma.dat
c:\documents and settings\ماجــــــــــد\Local Settings\Application Data\sugwmma.exe
c:\documents and settings\ماجــــــــــد\Local Settings\Application Data\sugwmma_nav.dat
c:\documents and settings\ماجــــــــــد\Local Settings\Application Data\sugwmma_navps.dat
c:\documents and settings\ماجــــــــــد\Local Settings\Temporary Internet Files\~1~Poetry.htm
c:\program files\ActivationManager
c:\program files\ActivationManager\Uninstall.exe
c:\program files\ADSTechnology
c:\program files\ADSTechnology\ADSTechnology.dll
c:\program files\ADSTechnology\ADSTechnology.exe
c:\program files\ADSTechnology\Uninstall.exe
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 06:55 7,200 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-18 06:55 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-18 06:55 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-18 06:55 1,136 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-17 18:16 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-17 18:16 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-17 18:16 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-17 17:52 --------- d-----w c:\program files\Kaspersky Lab
2009-03-17 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-13 10:51 --------- d-----w c:\program files\Live-Player
2009-03-13 10:51 --------- d-----w c:\documents and settings\ماجــــــــــد\Application Data\live-player
2009-03-06 12:02 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-03-05 22:28 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-05 18:20 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-03-05 18:14 --------- d-----w c:\program files\Common Files\PCSuite
2009-03-05 18:13 --------- d-----w c:\program files\PC Connectivity Solution
2009-03-05 16:23 --------- d-----w c:\documents and settings\ماجــــــــــد\Application Data\Marvell
2009-03-05 16:10 --------- d-----w c:\documents and settings\ماجــــــــــد\Application Data\Hewlett-Packard
2009-03-05 16:09 --------- d-----w c:\documents and settings\ماجــــــــــد\Application Data\HP
2009-03-03 16:22 --------- d-----w c:\program files\Driver-Soft
2009-03-02 19:22 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-02 19:19 --------- d-----w c:\program files\Common Files\Adobe
2009-02-06 15:25 --------- d-----w c:\program files\Common Files\xing shared
2009-02-03 16:45 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-03 16:45 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-03 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-02-03 16:21 --------- d-----w c:\program files\MSXML 6.0
2009-02-03 07:06 --------- d-----w c:\program files\Common Files\Nokia
2009-01-29 18:19 90,112 ----a-w c:\windows\system32\ssvideo.dll
2009-01-29 18:19 19,456 ----a-w c:\windows\system32\videocore.dll
2009-01-29 18:19 18,595,840 ----a-w c:\windows\system32\coredata.dll
2009-01-29 18:19 1,128,128 ----a-w c:\windows\system32\NMSDVDXU.dll
2009-01-22 14:49 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-04-23 22:58 47,360 ----a-w c:\documents and settings\ماجــــــــــد\Application Data\pcouffin.sys
.
------- Sigcheck -------
09/12/2006 04:22 AM 2155008 1724a2599cc1e79920a5991636ae3ff8 c:\windows\system32\ntkrnlpa.exe
08/14/2008 07:24 PM 2067584 5be9c85582d409f6b0520f671b7c4ea7 c:\windows\SoftwareDistribution\Download\8ad11f4c819c80cafc7362c581902249\SP3QFE\ntkrnlpa.exe
08/14/2008 04:37 PM 2064512 03707fbdead155480a9f100fb62180a0 c:\windows\SoftwareDistribution\Download\8ad11f4c819c80cafc7362c581902249\SP2QFE\ntkrnlpa.exe
08/14/2008 04:42 PM 2059264 8c7491ade5147a5e8fae7e93ec955159 c:\windows\SoftwareDistribution\Download\8ad11f4c819c80cafc7362c581902249\SP2GDR\ntkrnlpa.exe
08/14/2008 04:20 PM 2067584 c0b601d30c9b2e1b2f37423775e26983 c:\windows\SoftwareDistribution\Download\8ad11f4c819c80cafc7362c581902249\SP3GDR\ntkrnlpa.exe
09/08/2006 11:01 PM 2276864 21512eb316451f217e65d01f7cb0d42e c:\windows\system32\ntoskrnl.exe
08/14/2008 07:24 PM 2190720 8d99acb2cd1a686e7a98cc22119de324 c:\windows\SoftwareDistribution\Download\8ad11f4c819c80cafc7362c581902249\SP3QFE\ntoskrnl.exe
08/14/2008 04:37 PM 2187520 5d43a393467ae76138e25c3acaf27f75 c:\windows\SoftwareDistribution\Download\8ad11f4c819c80cafc7362c581902249\SP2QFE\ntoskrnl.exe
08/14/2008 04:42 PM 2181888 572cd3393619eb7ef75fd897c7dc78ee c:\windows\SoftwareDistribution\Download\8ad11f4c819c80cafc7362c581902249\SP2GDR\ntoskrnl.exe
08/14/2008 04:20 PM 2190720 9d9953c83765c024a5289f625714ed33 c:\windows\SoftwareDistribution\Download\8ad11f4c819c80cafc7362c581902249\SP3GDR\ntoskrnl.exe
09/12/2006 03:12 AM 1616384 810316e2e8d32075c8b984320a6011cf c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [03/13/2008 05:44 AM 57344]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/28/2008 07:08 PM 2606512]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/04/2008 09:07 PM 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [12/03/2008 12:47 PM 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [11/28/2005 10:55 PM 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [11/28/2005 10:52 PM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [11/28/2005 10:55 PM 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [03/06/2009 01:28 AM 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [12/17/2005 01:32 AM 761945]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 02:02 PM 352256]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [11/30/2005 12:25 PM 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [05/12/2005 10:31 AM 118784]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [06/21/2004 08:40 PM 172032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [11/02/2007 02:52 PM 36864]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM 49152]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [08/29/2007 04:06 PM 1077248]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [03/17/2009 09:16 PM 206088]
"TPSMain"="TPSMain.exe" [08/03/2005 02:26 PM 266240 c:\windows\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [03/11/2005 03:03 PM 73728 c:\windows\system32\TDispVol.exe]
"RTHDCPL"="RTHDCPL.EXE" [12/10/2005 12:49 AM 15691264 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [08/04/2004 01:59 AM 44544]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [05/10/2006 02:59 AM 180736]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-03-13 389120]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RecordingManager.exe"=
"c:\\WINDOWS\\System32\\fxsclnt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2008-04-15 85016]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [2008-11-14 100096]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-02-03 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-02-03 8320]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15501a9c-3a3e-11dd-8736-001302531a09}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15501a9d-3a3e-11dd-8736-001302531a09}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38782c2e-db3a-11dd-884a-001302531a09}]
\ShelL\AUToPlay\comMAnd - qjjhei.pif
\ShelL\AutoRun\command - qjjhei.pif
\ShelL\exploRE\CommAnd - qjjhei.pif
\ShelL\OPEn\COmmaNd - qjjhei.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a904fb0-b28a-11dd-8812-001302531a09}]
\Shell\AutoRun\command - G:\AUTORUN_BANDLUXE.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b9f890-f102-11dd-886d-001302531a09}]
\Shell\AutoRun\command - vva0hc0p.cmd
\Shell\explore\Command - vva0hc0p.cmd
\Shell\open\Command - vva0hc0p.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f20ecc4-109f-11dd-86b3-001302531a09}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f20ecc5-109f-11dd-86b3-001302531a09}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a604cc22-dc23-11dd-884e-001302531a09}]
\Shell\AutoRun\command - G:\vva0hc0p.cmd
\Shell\explore\Command - G:\vva0hc0p.cmd
\Shell\open\Command - G:\vva0hc0p.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1f468e6-2850-11dd-8704-001302531a09}]
\Shell\AutoRun\command - g:\wd_windows_tools\setup.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-HUAWEI 3G Data Card MTS - c:\progra~1\MOBILY~1\Mobily Connect Card.exe
HKCU-Run-sugwmma - c:\documents and settings\ماجــــــــــد\local settings\application data\sugwmma.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/webhp?rls=ig
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\ماجــــــــــد\Application Data\Mozilla\Firefox\Profiles\mo8pcia2.default\
FF - component: c:\documents and settings\ماجــــــــــد\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-18 09:57:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{14b4f6be-4f7c-45c9-8082-af9b7a372cea}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c4
"Therad"=dword:0000001b
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):11,6c,f0,7e,3a,cc,2e,47,ef,6c,4e,2d,de,82,22,b2,ca,1f,40,59,c5,
c4,50,f1,78,dd,1f,af,1a,30,ef,47,02,f7,c8,ac,b8,2f,09,f6,00,00,00,00,00,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TOSHIBA\CONFIGFREE\CFSVCS.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\TOSHIBA\TOSHIBA APPLET\TAPPSRV.EXE
c:\windows\SYSTEM32\FXSSVC.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\program files\TOSHIBA\CONFIGFREE\NDSTRAY.EXE
c:\program files\SYNAPTICS\SYNTP\TOSHIBA.EXE
c:\windows\SYSTEM32\TPSBATTM.EXE
c:\program files\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE
c:\program files\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLUSBSRV.EXE
c:\program files\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLRSSRV.EXE
.
**************************************************************************
.
Completion time: 03/18/2009 9:59:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 06:59:36
Pre-Run: 8,274,919,424 bytes free
Post-Run: 9,736,454,144 bytes free
249




أرجو أن تكون النتيجة سليمة ولا يكون الفيروس انتقل لجهازي


شاكر لك مرة أخرى
 
تأييد 0
تم حذف ملفات ضارة
ولكن كان احتاج التقرير بوجود الفلاش
 
تأييد 0
جزاك الله خير ... كفيت ووفيت ..

والفلاش ... مع صاحبه ... حذفت الفيروسات اللي فيه عن طريق الكاسبر أنتر فايروس

وإن شاء الله انها ما ترجع

شاكر لك مرة أخرى مديرنا الفاضل

تقبل أطيب تحياتي

أخوك
أبو عبدالله
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى