فيروس خطير يظهر بشكل صوره

ز

زمان الصمت

زيزوومى متألق
إنضم
25 فبراير 2009
المشاركات
474
مستوى التفاعل
1
النقاط
470
غير متصل
اخواني الكرام عندي فيروس بلاب توب حقي نوعه ايسر

وحاولت احذف الفيروس ولافي فايده عن طريق مكافح

نود وحتى لو حاولت احذفه يرجع وهو

يعطل خاصية الظاهر تشغيل الصور عن

طريق برنامج acdsee ولافي فايده والي قاهرني انه مكتوب

على صوره الفيروس الكيني
 

توقيع : زمان الصمت
ترتيب حسب التاريخ ترتيب حسب الأصوات
الله يحييك اخوي
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0

مشكور اخي ماكس
 
توقيع : زمان الصمت
تأييد 0
عطوني رايكم

---------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:48:16 ص, on 2009-03-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\TORNADO SOFT\TORNADO Safely USB\TORNADO-SU.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\antimos_xp\antimos_xp\AntiMOSXP.exe
C:\Documents and Settings\msr 999\Desktop\1sharemax5.7-sherif777\sharemax.exe
C:\Documents and Settings\msr 999\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll (file missing)
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TORNADO Safely USB] "C:\Program Files\TORNADO SOFT\TORNADO Safely USB\TORNADO-SU.exe" /b
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D37D6684-2440-467F-9D7C-D9814FD9FBB5}: NameServer = 84.235.7.58 84.235.6.58
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe.exe:ext.exe (file missing)
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
--
End of file - 4262 bytes
---------------------------------------
 
تأييد 0
للررررررررررررررررررررررررررررررررررررفع
 
تأييد 0
بعد إذن أخي الكريم ماكس أخي الفاضل لديك قيمة لابد من حذفها وهي

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll (file missing)


طريقة الحذف




mg%20%283%29.png





mg%20%284%29.png






وأتمنى أن يفيدك الموضوع التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


أخوكم
 
التعديل الأخير بواسطة المشرف:
توقيع : البتال
تأييد 0
اضافة لما تفضل به اخي البتال

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
تسلمون
حذفت القيمه واستخدمت الاداه وهذي النتيجه


ComboFix 09-03-29.04 - msr 999 03/31/2009 4:10:19.6 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.991.700 [GMT 3:00]
Running from: c:\documents and settings\msr 999\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 02:36 --------- d-----w c:\program files\Fixup Restrictions
2009-03-30 02:32 --------- d-----w c:\program files\Sadegh Mosavi
2009-03-30 01:59 --------- d-----w c:\program files\M Autorun Killer 1.0
2009-03-30 01:56 --------- d-----w c:\program files\Autorun Eater
2009-03-30 01:54 0 ----a-w C:\osy3.sys
2009-03-30 01:48 --------- d-----w c:\program files\VirusSecureLab
2009-03-30 01:43 --------- d-----w c:\program files\GaruYac
2009-03-30 01:34 --------- d-----w c:\program files\ArpanTECH
2009-03-29 01:10 --------- d-----w c:\program files\ma-config.com
2009-03-29 01:10 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-27 13:52 --------- d-----w c:\program files\Microsoft.NET
2009-03-27 13:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-25 21:50 --------- d-----w c:\documents and settings\msr 999\Application Data\Nokia Multimedia Player
2009-03-13 12:17 --------- d-----w c:\documents and settings\msr 999\Application Data\AIMP
2009-03-13 04:45 --------- d-----w c:\program files\UltraISO
2009-03-13 04:45 --------- d-----w c:\program files\Common Files\EZB Systems
2009-03-13 02:51 --------- d-----w c:\program files\AIMP2
2009-03-09 21:14 --------- d-----w c:\program files\TORNADO SOFT
2009-03-09 15:55 --------- d-----w c:\program files\BreakPoint Software
2009-03-07 20:58 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-03-07 20:58 286,720 ------w c:\windows\Setup1.exe
2009-03-07 19:03 561,152 ----a-w c:\windows\system32\svshostt.exe
2009-03-07 19:03 221,696 ----a-w c:\windows\system32\taskmgr.exe
2009-03-07 19:02 88,064 ----a-w c:\windows\system32\grpconv.exe
2009-03-07 19:02 244,224 ----a-w c:\windows\system32\logon.scr
2009-03-07 19:01 40,448 ----a-w c:\windows\system32\ctfmon.exe
2009-03-07 19:01 34,816 ----a-w c:\windows\system32\rundll32.exe
2009-03-07 19:01 100,864 ----a-w c:\windows\system32\logagent.exe
2009-03-07 19:01 1,518,080 ----a-w c:\windows\system32\mmc.exe
2009-03-07 19:00 390,656 ----a-w c:\windows\system32\cmd.exe
2009-03-07 19:00 275,456 ----a-w c:\windows\regedit.exe
2009-03-02 10:55 --------- d-----w c:\program files\AutorunRemover
2009-03-02 01:08 --------- d-----w c:\program files\Smart Virus Remover
2009-03-02 00:50 --------- d-----w c:\program files\Filseclab
2009-03-02 00:50 --------- d-----w c:\program files\Common Files\Filseclab
2009-03-02 00:14 --------- d-----w c:\program files\MK 1.0
2009-03-01 00:42 720,896 ----a-w c:\windows\iun6002.exe
2009-02-28 22:16 --------- d-----w c:\program files\Abadisoft
2009-02-28 21:46 --------- d-----w c:\program files\AxBx
2009-02-28 21:40 --------- d-----w c:\program files\Disk Heal
2009-02-28 20:43 --------- d-----w c:\program files\USB Disk Security
2009-02-28 19:52 7,098 ----a-w c:\windows\system32\SCS.DLL
2009-02-26 23:29 --------- d-----w c:\program files\Alfa Autorun Killer 2
2009-02-21 13:09 --------- d-----w c:\documents and settings\msr 999\Application Data\Media Player Classic
2009-02-20 23:57 --------- d-----w c:\program files\برجك هذا اليوم
2009-02-19 13:48 --------- d-----w c:\program files\برجك
2009-02-19 13:40 --------- d-----w c:\program files\Internet Download Manager
2009-02-19 13:40 --------- d-----w c:\documents and settings\msr 999\Application Data\IDM
2009-02-19 13:40 --------- d-----w c:\documents and settings\msr 999\Application Data\DMCache
2009-02-19 12:14 --------- d-----w c:\documents and settings\LocalService\Application Data\Avanquest
2009-02-19 12:13 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-02-19 12:11 --------- d-----w c:\program files\Avanquest
2009-02-19 12:11 --------- d-----w c:\documents and settings\msr 999\Application Data\Avanquest
2009-02-19 12:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-19 11:42 --------- d-----w c:\program files\Common Files\BitDefender
2009-02-19 11:29 --------- d-----w c:\program files\Yahoo!
2009-02-19 11:29 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-19 09:54 --------- d-----w c:\program files\microsoft frontpage
2009-02-19 09:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-19 09:38 --------- d-----w c:\documents and settings\msr 999\Application Data\cleaner1
2009-02-19 09:27 --------- d-----w c:\documents and settings\msr 999\Application Data\Nokia
2009-02-19 09:27 --------- d-----w c:\documents and settings\msr 999\Application Data\Datalayer
2009-02-19 09:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 09:24 --------- d-----w c:\documents and settings\msr 999\Application Data\PC Suite
2009-02-19 09:23 --------- d-----w c:\program files\Nokia
2009-02-19 09:23 --------- d-----w c:\program files\Common Files\PCSuite
2009-02-19 09:23 --------- d-----w c:\program files\Common Files\Nokia
2009-02-19 09:22 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-18 21:15 --------- d-----w c:\program files\Ringz Studio
2009-02-18 21:15 --------- d-----w c:\program files\Google
2009-02-18 21:15 --------- d-----w c:\program files\Common Files\Real
2009-02-18 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-18 21:14 --------- d-----w c:\program files\Foxit Reader
2009-02-18 21:11 --------- d-----w c:\program files\Reference Assemblies
2009-02-18 21:11 --------- d-----w c:\program files\MSBuild
2009-02-18 20:57 --------- d-----w c:\program files\Windows Media Connect 2
.
------- Sigcheck -------
06/26/2008 08:16 PM 674816 0f2f01cdf020832eaf0704a3d1481d11 c:\windows\system32\user32.dll
06/25/2008 05:14 AM 361344 8e036eec565910417ea020ce0962aa24 c:\windows\system32\drivers\tcpip.sys
06/26/2008 08:17 PM 557056 7dd9ce78dd441eea2bbaff6d3eeaad08 c:\windows\system32\winlogon.exe
06/26/2008 08:23 PM 2227072 f54927b2c174b5e0b1e6f3bee87f4d22 c:\windows\system32\ntkrnlpa.exe
06/26/2008 08:11 PM 2350208 46391325b9159057fffafca37a39a669 c:\windows\system32\ntoskrnl.exe
06/26/2008 08:07 PM 1377792 bd63be0a3d05056222c86be283256d90 c:\windows\explorer.exe
03/07/2009 10:01 PM 40448 7c05b7cbf1446853ba5133ea0aacde7b c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/07/2009 09:58 PM 847872]
"iKill"="c:\program files\ArpanTECH\iKill\iKill.exe" [12/22/2008 12:33 AM 73728]
"GaruYac_ENG"="c:\program files\GaruYac\eng\GaruYac.exe" [05/17/2008 11:02 PM 9531392]
"GaruYacUpdate_ENG"="c:\program files\GaruYac\eng\Gupdate.exe" [05/07/2008 07:25 AM 36864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [03/07/2009 10:01 PM 40448]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/29/2008 11:56 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [03/07/2009 09:56 PM 1106944]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [03/07/2009 09:59 PM 798720]
"TORNADO Safely USB"="c:\program files\TORNADO SOFT\TORNADO Safely USB\TORNADO-SU.exe" [03/08/2009 12:20 PM 618496]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/07/2009 09:58 PM 167936]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [11/27/2008 02:19 AM 501768]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
"NoUpdateCheck"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 03/07/2009 10:01 PM 40448 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 10/29/2008 11:56 PM 2606512 c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 11/01/2008 04:33 AM 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 04/14/2008 10:13 PM 208952 c:\windows\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 04/14/2008 10:13 PM 59392 c:\windows\system32\IME\PINTLGNT\imscinst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 03/07/2009 09:58 PM 167936 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 04/14/2008 10:13 PM 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 04/14/2008 10:13 PM 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 03/07/2009 09:59 PM 40448 c:\program files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 03/07/2009 10:00 PM 3805184 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\msr 999\\Desktop\\1sharemax5.7-sherif777\\SHAREMAX.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
S2 tmpreflt;tmpreflt;\??\c:\progra~1\AVANQU~1\SYSTEM~1\tmpreflt.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\tmpreflt.sys [?]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\njllkh.sys --> c:\windows\system32\drivers\njllkh.sys [?]
S3 KFilter;KFilter;\??\c:\progra~1\AVANQU~1\SYSTEM~1\KFilter.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\KFilter.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [12/19/2008 4:54:10 PM 195752]
S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys [?]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\progra~1\AVANQU~1\SYSTEM~1\UFilter.dll
.
.
------- File Associations -------
.
vbefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-31 04:11:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites]
@DACL=(02 0000)
"Order"=hex:08,00,00,00,02,00,00,00,b4,38,00,00,01,00,00,00,5d,00,00,00,44,00,
00,00,00,00,00,00,36,00,31,00,00,00,00,00,52,3a,08,aa,10,00,4c,49,4e,4b,53,\
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@DACL=(02 0000)
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10687b20-fe13-11dd-b5ab-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10687b21-fe13-11dd-b5ab-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10687b22-fe13-11dd-b5ab-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10687b23-fe13-11dd-b5ab-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_USERS\S-1-5-21-1844237615-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10687b24-fe13-11dd-b5ab-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d5,0b,4b,cc,bf,78,ea,0a,b3,53,20,f4,f5,e9,b4,79,97,84,2e,9e,08,
8f,ff,24,cb,22,4f,44,a9,12,73,7e,a0,13,43,02,38,e2,88,ae,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9ed4d1dd-7c25-462c-99e6-870676febb3f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000045
"Therad"=dword:00000015
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\SETUPAPI.dll
c:\progra~1\AVANQU~1\SYSTEM~1\UFilter.dll
.
Completion time: 03/31/2009 4:12:08
ComboFix5.txt 2009-03-31 01:10:06
ComboFix-quarantined-files.txt 2009-03-31 01:12:08
ComboFix4.txt 2009-03-02 11:00:10
ComboFix3.txt 2009-03-31 00:52:26
ComboFix2.txt 2009-03-31 01:06:12
Pre-Run: 22,946,529,280 bytes free
Post-Run: 22,938,255,360 bytes free
269 --- E O F --- 2009-03-29 00:07:28
 
تأييد 0
التقرير سليم
هل باقي اي مشاكل ؟
واذا امكن صورة للمشكلة
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى