مشكلة في جهازي dell Vostro 1400 الفاحص دوم يظهر لي بوجود فيروس ديدان مع حصان طروادهـ

[دنيـا كئيبة]

السلام عليكم
.
.
أخواني جهازي لاب توب dell Vostro 1400 عندي فاحص أفاست ..
كل اشوي يطلع لي بوجود ديدان وحصان طروادهـ ..
وهذي هي الصورة ..​

​

.
.
وتظهري أثناء التصفح وحتى لو فتحت صفحة عادية في الجهاز
.
.
وهذا تقرير الهايجك ..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:02:52 م, on 06/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Aegisub\Aegisub.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\C-GATE~1\LOCALS~1\Temp\BN7.tmp
C:\Program Files\Golden Al-Wafi Translator\Golden Al-Wafi Translator.exe
C:\WINDOWS\speech\vcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\C-GATE~1\LOCALS~1\Temp\BN9.tmp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\C-GATE~1\LOCALS~1\Temp\BND.tmp
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\C-GATE~1\LOCALS~1\Temp\BN11.tmp
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\C-GATE~1\LOCALS~1\Temp\BN13.tmp
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\C-gate systems\My Documents\Downloads\Programs\HiJackThis.exe
C:\Documents and Settings\C-gate systems\C-gate systems.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [C-gate systems] C:\Documents and Settings\C-gate systems\C-gate systems.exe /i
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9325 bytes
.
.
أنتظر المساعدة منكم
ومشكورين مقدماً ​

 

[Demo-dashDemo-dash is verified member.]

حياك الله

طيب اذا اخترت حذف ... يرجع من جديد ؟

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

​

 

[دنيـا كئيبة]

ياهلا فيك أخوي ومشكور على مساعدتك
.
.
أي نعم إذا أخترت حذف يرجع من جديد
وجـــاري التطبيق .. بالتوفيق

 

[دنيـا كئيبة]

أخوي هذا التقرير اللي ظهر

.
.
.
ComboFix 09-04-04.01 - C-gate systems 04/06/2009 16:39:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1014.563 [GMT 3:00]
Running from: c:\documents and settings\C-gate systems\My Documents\Downloads\Programs\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090405-1] *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\C-gate systems\C-gate systems.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 13:41 --------- d-----w c:\documents and settings\C-gate systems\Application Data\DMCache
2009-04-06 11:08 --------- d-----w c:\documents and settings\C-gate systems\Application Data\uTorrent
2009-04-06 10:50 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 10:50 --------- d-----w c:\documents and settings\C-gate systems\Application Data\Malwarebytes
2009-04-06 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-05 17:03 --------- d-----w c:\program files\MKVtoolnix
2009-04-04 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-04 20:10 --------- d-----w c:\program files\CCleaner
2009-04-04 20:09 --------- d-----w c:\program files\Yahoo!
2009-04-04 18:40 --------- d-----w c:\documents and settings\C-gate systems\Application Data\Aegisub
2009-04-03 22:25 --------- d-----w c:\documents and settings\C-gate systems\Application Data\GRETECH
2009-04-03 20:34 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-01 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-01 19:23 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-01 18:58 --------- d-----w c:\program files\Common Files\Adobe
2009-04-01 18:58 --------- d-----w c:\program files\Bonjour
2009-04-01 18:47 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-01 17:27 --------- d-----w c:\documents and settings\C-gate systems\Application Data\IDM
2009-04-01 15:04 --------- d-----w c:\program files\Alwil Software
2009-04-01 11:05 --------- d-----w c:\program files\Winamp
2009-03-30 19:03 --------- d-----w c:\program files\TechSmith
2009-03-30 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-03-30 19:00 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-30 18:36 --------- d-----w c:\program files\SWiSH Max2
2009-03-30 18:34 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-30 18:33 --------- d-----w c:\program files\Common Files\SWiSHzone.com
2009-03-30 18:25 --------- d-----w c:\documents and settings\C-gate systems\Application Data\Media Player Classic
2009-03-30 13:58 --------- d-----w c:\program files\Internet Download Manager
2009-03-30 12:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 17:14 --------- d-----w c:\documents and settings\C-gate systems\Application Data\DivX
2009-03-28 17:06 --------- d-----w c:\program files\uTorrent
2009-03-28 16:52 --------- d-----w c:\program files\URUSoft
2009-03-28 16:51 --------- d-----w c:\program files\VerbAce Research
2009-03-28 16:25 --------- d-----w c:\program files\Aegisub
2009-03-28 16:23 --------- d-----w c:\documents and settings\C-gate systems\Application Data\COWON
2009-03-27 12:33 --------- d-----w c:\program files\CyberLink
2009-03-27 12:30 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-27 12:29 --------- d-----w c:\program files\Windows Live
2009-03-27 12:26 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-27 12:19 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-27 12:19 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-27 12:19 --------- d-----w c:\program files\Real
2009-03-27 12:19 --------- d-----w c:\program files\Common Files\xing shared
2009-03-27 12:19 --------- d-----w c:\program files\Common Files\Real
2009-03-27 12:14 --------- d-----w c:\program files\Total Video Converter
2009-03-27 12:14 --------- d-----w c:\program files\Nokia
2009-03-27 12:14 --------- d-----w c:\program files\Common Files\Nokia
2009-03-27 12:13 --------- d-----w c:\program files\Nero
2009-03-27 12:13 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-27 12:13 --------- d-----w c:\program files\Common Files\Ahead
2009-03-27 12:09 --------- d-----w c:\program files\Common Files\Vbox
2009-03-27 12:08 --------- d-----w c:\program files\Macromedia
2009-03-27 12:05 --------- d-----w c:\program files\JetAudio
2009-03-27 12:05 --------- d-----w c:\program files\Common Files\COWON
2009-03-27 12:04 --------- d-----w c:\program files\GRETECH
2009-03-27 12:02 --------- d-----w c:\program files\FreshDevices
2009-03-27 11:59 --------- d-----w c:\program files\Google
2009-03-27 11:58 --------- d-----w c:\program files\The KMPlayer
2009-03-26 16:54 --------- d-----w c:\program files\Xilisoft
2009-03-26 16:41 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-26 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-26 16:40 --------- d-----w c:\program files\DivX
2009-03-26 16:21 --------- d-----w c:\documents and settings\C-gate systems\Application Data\ESET
2009-03-26 16:18 --------- d-----w c:\program files\ESET
2009-03-26 16:18 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-26 16:08 --------- d-----w c:\program files\Golden Al-Wafi Translator
2009-03-26 16:07 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-03-26 16:07 172,032 ------w c:\windows\Setup1.exe
2009-03-26 16:06 --------- d-----w c:\program files\Common Files\ACD Systems
2009-03-26 16:06 --------- d-----w c:\program files\ACD Systems
2009-03-26 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-03-26 15:15 --------- d-----w c:\program files\Microsoft.NET
2009-03-26 15:15 --------- d-----w c:\program files\Microsoft ActiveSync
2009-03-26 15:15 --------- d-----w c:\program files\Common Files\L&H
2009-03-26 15:14 --------- d-----w c:\program files\Microsoft Works
2009-03-26 14:54 --------- d-----w c:\program files\CONEXANT
2009-03-26 14:53 --------- d-----w c:\program files\Modem Diagnostic Tool
2009-03-26 14:51 --------- d-----w c:\program files\SigmaTel
2009-03-26 13:34 --------- d-----w c:\program files\WIDCOMM
2009-03-26 08:27 --------- d-----w c:\program files\Dell
2009-03-26 08:26 --------- d-----w c:\documents and settings\C-gate systems\Application Data\InstallShield
2009-03-26 08:25 --------- d-----w c:\program files\Broadcom
2009-03-26 08:24 --------- d-----w c:\program files\DIFX
2009-03-26 07:49 --------- d-----w c:\program files\Intel
2009-03-26 07:16 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((( SnapShot_Sat 04-04-2009_23.11.29.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-03 20:10:08 30,464 ----a-w c:\windows\system32\drivers\i386si.sys
+ 2008-10-16 17:25:34 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
+ 2008-10-16 17:25:46 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
+ 2004-08-03 19:39:38 30,464 ----a-w c:\windows\system32\drivers\ws2_32sik.sys
- 2009-04-01 20:10:13 2,675,120 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-04 20:15:49 2,675,144 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-04-04 17:02:37 40,326 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-06 13:39:24 40,326 ----a-w c:\windows\system32\perfc009.dat
- 2009-04-04 17:02:37 311,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-06 13:39:24 311,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-06 13:34:54 16,384 ------w c:\windows\Temp\Perflib_Perfdata_6dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [08/16/2007 04:19 PM 5728112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [12/12/2008 12:17 PM 2745776]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [01/17/2008 12:40 PM 816368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [10/09/2007 07:17 PM 2183168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [05/16/2007 04:50 PM 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [05/16/2007 04:50 PM 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [05/16/2007 04:50 PM 137752]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/27/2009 03:19 PM 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [03/14/2007 09:01 PM 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [01/08/2007 10:17 PM 52256]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [02/06/2009 12:08 AM 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-03-30 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
VerbAce-Pro Startup Agent.lnk - c:\program files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe [2009-03-28 606208]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-08 525664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.EXE"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-01 20560]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 fips32cup;fips32cup;\??\c:\windows\system32\drivers\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?]
S2 i386si;i386si;c:\windows\system32\drivers\i386si.sys [2004-08-03 30464]
S2 ws2_32sik;ws2_32sik;c:\windows\system32\drivers\ws2_32sik.sys [2009-03-26 30464]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-C-gate systems - c:\documents and settings\C-gate systems\C-gate systems.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-06 16:41:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\windows\System32\BCMLogon.dll
.
Completion time: 04/06/2009 16:42:41
ComboFix-quarantined-files.txt 2009-04-06 13:42:38
ComboFix2.txt 2009-04-04 20:12:19
ComboFix3.txt 2009-04-04 16:20:24
Pre-Run: 41,817,300,992 bytes free
Post-Run: 41,841,291,264 bytes free
205

 

[Demo-dashDemo-dash is verified member.]

ومن الهاي جاك احذف

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O4 - HKCU\..\Run: [C-gate systems] C:\Documents and Settings\C-gate systems\C-gate systems.exe /i

طريقة الحذف

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

​

​

وعطل الأفاست

وافحص جهازك بـ

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وارفقلي التقرير لاهنت
​

 

[دنيـا كئيبة]

عذراً على التأخير اخوي
هذا هو التقرير
.
.
.
Scan
----
Scanned: 428684
Detected: 6
Untreated: 0
Start time: 11/04/1430 07:13:29 م
Duration: 01:39:15
Finish time: 11/04/1430 08:52:44 م

Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Agent.bzyi File: C:\Qoobox\Quarantine\C\Documents and Settings\C-gate systems\C-gate systems.exe.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awjg File: C:\Qoobox\Quarantine\G\u.com.vir
deleted: Trojan program Trojan-GameThief.Win32.Magania.awjg File: C:\System Volume Information\_restore{2718E06F-8C91-4509-A889-13F39ED41C29}\RP18\A0000628.inf
deleted: Trojan program Trojan.Win32.Agent.bzyi File: C:\System Volume Information\_restore{2718E06F-8C91-4509-A889-13F39ED41C29}\RP32\A0008779.exe
deleted: Trojan program Trojan-GameThief.Win32.Magania.awjg File: D:\System Volume Information\_restore{2718E06F-8C91-4509-A889-13F39ED41C29}\RP18\A0000630.inf
deleted: Trojan program Trojan-GameThief.Win32.Magania.awjg File: F:\System Volume Information\_restore{2718E06F-8C91-4509-A889-13F39ED41C29}\RP18\A0000632.inf

Events
------
Time Name Status Reason
---- ---- ------ ------
11/04/1430 07:13:38 م Running module: smss.exe\smss.exe ok scanned

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----

 

[Demo-dashDemo-dash is verified member.]

تم تنظيف 6 فايروسات .. اعمل التالي

عطل نقطة استعادة النظام حسب الشرح التالي
​

​

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

​

​

بعد اعاده التشغيل اردع فعل نقطه استعاده النظام .. هل لاتزال الرساله بالظهور ؟
​

 

[دنيـا كئيبة]

سويت كل هذا
.
.
.
عأآد لي تشغيل و يوم عـآآد تشغيل علق علي ثلآث مرآآتـ
و يطلع لي نافذه تحذير من الأفاست
و يوم عـآآد لي تشغيل للمره الرابعه صار كل شي اوكي
يعني الرساله ما طلعت لي