فايروسات ضربت الهاردسك الخارجي تبعي

ا

ابو خآلد

زيزوومى متألق
إنضم
5 أبريل 2008
المشاركات
353
مستوى التفاعل
1
النقاط
420
الإقامة
السعودية - الرياض
غير متصل
السلام عليكم

مساكم الله بالخير


عندي هاردسك خارجي ضاربته فايروسات اوتورن


وحذفتها كلها لاكن اذا جيت ابي افتحه الهاردسك من جهاز الكمبيوتر تطلع لي هالرسالة

i10403_.JPG


واتمنى الحل يازيزوميين :b:
 

توقيع : ابو خآلد
ترتيب حسب التاريخ ترتيب حسب الأصوات

اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:28 ص, on 05/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\acer\سطح المكتب\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.254
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &BitSpirit حمله باستخدام
- C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 7749 bytes
 
توقيع : ابو خآلد
تأييد 0
وعليكم السلام
بعد اذن أخي Demo-dash


اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
ComboFix 09-05-03.6 - acer 05/05/2009 0:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2550.2098 [GMT 3:00]
Running from: c:\documents and settings\acer\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.
2009-05-04 21:00 . 2009-05-04 21:05 -------- d-----w c:\program files\Common Files\delet
2009-05-04 20:34 . 2009-05-04 20:34 74 ----a-w c:\windows\StartClean.cmd
2009-05-04 20:34 . 2009-05-04 20:34 499 ----a-w c:\windows\AlfaRun.cmd
2009-05-04 20:33 . 2009-05-04 20:35 63 ----a-w c:\windows\AlfaStart.CMD
2009-05-04 08:09 . 2009-05-04 08:09 -------- d-----w c:\program files\Alfa Autorun Killer 2
2009-05-04 04:35 . 2009-05-04 04:36 -------- d-----w c:\program files\Common Files\Adobe
2009-05-03 18:36 . 2009-05-03 18:36 -------- d-----w C:\Temp
2009-05-03 18:18 . 2009-05-03 18:18 -------- d-----w c:\documents and settings\acer\Local Settings\Application Data\PCHealth
2009-05-03 18:17 . 2009-05-03 18:17 -------- d-----w c:\program files\Microsoft.NET
2009-05-03 18:15 . 2009-05-03 18:15 -------- d-----w c:\windows\SHELLNEW
2009-05-03 18:14 . 2009-05-03 18:14 -------- d-----w c:\documents and settings\acer\Local Settings\Application Data\Microsoft Help
2009-05-03 18:14 . 2009-05-04 04:33 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-03 18:14 . 2009-05-03 18:14 -------- d--h--r C:\MSOCache
2009-05-03 17:02 . 2008-02-29 13:27 676224 ----a-w c:\windows\system32\OGACheckControl.dll
2009-05-03 06:00 . 2009-05-03 06:00 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-03 06:00 . 2009-05-03 06:00 -------- d-----w c:\documents and settings\acer\Application Data\skypePM
2009-05-03 05:59 . 2009-05-03 06:06 -------- d-----w c:\documents and settings\acer\Application Data\Skype
2009-05-03 05:59 . 2009-05-03 05:59 -------- d-----w c:\program files\Common Files\Skype
2009-05-03 05:59 . 2009-05-03 05:59 -------- d-----r c:\program files\Skype
2009-05-03 05:59 . 2009-05-03 05:59 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-02 11:46 . 2009-05-02 11:46 -------- d-----w c:\program files\Internet Cyclone
2009-04-29 22:23 . 2009-04-29 22:23 -------- d-----w c:\documents and settings\acer\Local Settings\Application Data\Thinstall
2009-04-29 22:02 . 2009-04-29 22:05 -------- d-----w c:\program files\Internet Download Manager
2009-04-29 22:02 . 2008-09-28 19:00 439440 ----a-w c:\program files\un_Internet Download Manager_16575.exe
2009-04-29 08:30 . 2009-04-29 08:30 -------- d-----w c:\documents and settings\acer\Application Data\BitSpirit
2009-04-29 08:29 . 2009-04-29 08:29 -------- d-----w c:\program files\Common Files\BitSpirit
2009-04-29 08:29 . 2009-04-29 08:29 -------- d-----w c:\program files\BitSpirit
2009-04-28 04:15 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-04-27 05:56 . 2009-04-27 05:56 -------- d-----w c:\program files\FormatFactory
2009-04-27 05:42 . 2009-04-27 05:52 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-27 05:42 . 2009-04-27 05:52 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-27 05:41 . 2009-05-04 21:13 1490976 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-27 05:41 . 2009-05-04 21:13 327712 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-27 05:41 . 2009-04-27 05:41 -------- d-----w c:\program files\Kaspersky Lab
2009-04-27 05:41 . 2009-05-04 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-21 02:07 . 2009-04-21 02:07 -------- d-----w c:\program files\Common Files\xing shared
2009-04-21 02:07 . 2009-04-21 02:07 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-19 13:34 . 2009-04-19 13:34 83856 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-16 11:31 . 1999-09-10 11:06 5600 -c--a-w c:\windows\system\winaspi.dll
2009-04-16 11:31 . 1999-09-10 11:06 4672 -c--a-w c:\windows\system\wowpost.exe
2009-04-16 11:31 . 1999-09-10 11:06 25244 -c--a-w c:\windows\system32\drivers\aspi32.sys
2009-04-16 11:31 . 1999-09-10 11:06 45056 -c--a-w c:\windows\system32\wnaspi32.dll
2009-04-15 11:30 . 2009-04-15 11:30 -------- d-----w c:\documents and settings\acer\Local Settings\Application Data\Identities
2009-04-15 00:14 . 2009-04-15 00:14 -------- d-sh--w c:\documents and settings\acer\IECompatCache
2009-04-15 00:08 . 2009-04-15 00:10 -------- dc-h--w c:\windows\ie8
2009-04-14 19:23 . 2008-04-21 21:14 215040 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 19:22 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 19:22 . 2009-03-06 14:20 283136 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 19:22 . 2009-02-09 11:21 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 19:22 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 19:22 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 19:22 . 2009-02-09 10:51 681472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 19:22 . 2009-02-09 10:51 723456 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 19:22 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 19:22 . 2009-02-09 10:51 693760 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 12:03 . 2009-04-14 12:03 -------- d-----w c:\program files\Ashampoo
2009-04-14 07:52 . 2009-02-10 09:02 787672 ----a-w c:\windows\system32\drivers\cfosspeed.sys
2009-04-14 07:52 . 2009-02-10 09:02 290008 ----a-w c:\windows\system32\cfosspeed.dll
2009-04-14 07:52 . 2009-05-04 21:15 -------- d-----w c:\program files\cFosSpeed
2009-04-09 11:59 . 2009-04-29 22:23 -------- d-----w c:\documents and settings\acer\Application Data\Thinstall
2009-04-09 11:45 . 2009-04-23 01:09 -------- d-----w c:\documents and settings\acer\Local Settings\Application Data\Deployment
2009-04-08 13:07 . 2009-04-08 13:07 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-07 17:19 . 2009-04-07 17:19 -------- d-----w c:\documents and settings\All Users\Application Data\Winferno
2009-04-07 17:14 . 2009-04-07 17:14 -------- d-----w c:\program files\Free Offers from Freeze.com
2009-04-07 14:05 . 2009-04-07 14:05 -------- d-----w c:\program files\WinASO
2009-04-07 07:42 . 2005-05-19 06:52 1212416 ----a-w c:\windows\system32\NCTAudioInformation2.dll
2009-04-07 07:42 . 2005-05-18 07:37 1986560 ----a-w c:\windows\system32\NCTAudioFile2.dll
2009-04-07 07:42 . 2007-10-12 13:09 1164728 ----a-w c:\windows\system32\NMSDVDXU.dll
2009-04-07 07:42 . 2005-09-23 18:48 1171456 ----a-w c:\windows\system32\msvcr80d.dll
2009-04-07 07:42 . 2007-10-09 20:06 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-04-07 07:42 . 2009-04-07 08:57 -------- d-----w c:\program files\CD Copy Master
2009-04-07 05:15 . 2007-02-15 00:32 81920 ----a-w c:\windows\system32\GkSui20.EXE
2009-04-07 05:15 . 1998-12-02 07:11 143360 ----a-w c:\windows\system32\fsuz.dll
2009-04-07 04:13 . 2009-04-07 04:13 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-07 04:13 . 2009-04-07 04:13 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-07 04:13 . 2009-04-07 04:13 -------- d-----w c:\program files\Common Files\Intel
2009-04-07 03:18 . 2008-06-27 06:39 332928 ----a-w c:\windows\system\rtl8187.sys
2009-04-07 03:17 . 2007-10-09 10:13 38144 ----a-w c:\windows\system32\drivers\EAPPkt.sys
2009-04-07 03:17 . 2009-04-07 03:17 -------- d-----w c:\windows\system32\REALTEK RTL8187 Wireless LAN Driver and Utility
2009-04-07 01:08 . 2009-04-07 01:08 -------- d-----w c:\documents and settings\acer\Application Data\Media Player Classic
2009-04-07 00:39 . 2009-04-07 00:39 -------- d-----w c:\documents and settings\acer\Local Settings\Application Data\Help
2009-04-07 00:38 . 2009-04-07 00:40 -------- d-----w c:\program files\Update Cleanup
2009-04-07 00:34 . 2009-04-07 00:34 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-07 00:32 . 2004-02-22 22:00 1386496 ----a-w c:\windows\MSVBVM60.DLL
2009-04-06 22:44 . 2009-04-06 22:44 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-06 22:08 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-06 10:41 . 2009-04-18 12:19 -------- d-----w c:\documents and settings\acer\Application Data\SlipStream
2009-04-06 10:36 . 2009-04-06 10:36 -------- d-----w c:\program files\Gabest
2009-04-06 10:34 . 2009-04-06 10:34 -------- d-----w C:\برامج بورتابل
2009-04-06 10:33 . 2009-04-22 02:34 -------- d-----w c:\program files\MP3Resizer
2009-04-06 10:31 . 2006-05-13 18:29 843 ----a-w C:\ChangeWinXPKey.vbs
2009-04-06 10:31 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-04-06 10:31 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-04-06 10:31 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-06 10:31 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-04-06 10:31 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-04-06 10:31 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-04-06 10:31 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-06 10:31 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll
2009-04-06 10:31 . 2009-04-06 10:31 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-06 10:27 . 2009-04-06 10:27 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-06 10:27 . 2009-04-06 10:27 -------- d-----w c:\windows\system32\Logs
2009-04-06 10:02 . 2007-05-02 08:00 546976 ----a-w c:\windows\system32\drivers\ar5211.sys
2009-04-06 10:02 . 2007-05-02 08:00 546976 ----a-w c:\windows\system32\ar5211.sys
2009-04-06 10:02 . 2009-04-06 10:12 -------- d-----w c:\program files\Atheros
2009-04-06 10:01 . 2009-04-06 10:01 -------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2009-04-06 09:36 . 2009-04-07 03:18 21035 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-04-06 09:36 . 2008-06-27 06:39 332928 ----a-w c:\windows\system32\drivers\RTL8187.sys
2009-04-06 09:35 . 2009-04-06 09:35 -------- d-----w c:\windows\OPTIONS
2009-04-06 03:03 . 2009-04-06 03:03 -------- d-----w c:\windows\Sun
2009-04-06 03:02 . 2009-04-06 03:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-06 03:02 . 2009-04-06 03:02 -------- d-----w c:\program files\Java
2009-04-06 01:42 . 2009-04-06 01:42 -------- d-----w c:\documents and settings\All Users\Application Data\CenerTCPMessenger
2009-04-06 01:37 . 2006-06-29 10:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-06 01:34 . 2009-05-03 12:34 -------- d-----w c:\documents and settings\acer\Local Settings\Application Data\WMTools Downloaded Files
2009-04-06 01:25 . 2009-04-06 23:03 -------- d-----w c:\windows\ie8updates
2009-04-06 01:25 . 2009-04-06 01:25 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-06 01:24 . 2009-04-06 01:24 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-06 01:24 . 2009-04-06 01:24 -------- d-----w c:\windows\system32\LogFiles
2009-04-06 01:23 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-06 01:08 . 2009-04-06 01:37 -------- d-----w c:\windows\system32\XPSViewer
2009-04-06 01:08 . 2009-04-06 01:08 -------- d-----w c:\program files\MSBuild
2009-04-06 01:08 . 2009-04-06 01:08 -------- d-----w c:\program files\Reference Assemblies
2009-04-06 01:08 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-06 01:08 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 21:13 . 2009-04-27 05:41 3248 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-04 21:13 . 2009-04-27 05:41 13776 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-04 21:00 . 2004-08-03 22:56 390656 ----a-w c:\windows\system32\cmd.exe
2009-05-04 20:37 . 2009-04-05 08:08 16134656 ----a-r c:\windows\RTHDCPL.exe
2009-05-04 20:36 . 2001-09-19 12:00 65268 ----a-w c:\windows\system32\perfc001.dat
2009-05-04 20:36 . 2001-09-19 12:00 361794 ----a-w c:\windows\system32\perfh001.dat
2009-05-04 08:27 . 2001-09-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-05-04 08:26 . 2004-08-03 22:56 15360 ----a-w c:\windows\system32\ctfmon.exe
2009-05-04 08:02 . 2009-04-05 07:44 677888 ----a-w c:\windows\system32\mstsc.exe
2009-05-04 07:58 . 2009-04-05 07:53 36888 ----a-w c:\documents and settings\acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 07:50 . 2008-04-14 16:00 28672 ----a-w c:\windows\system32\verclsid.exe
2009-05-04 07:50 . 2004-08-03 22:56 38912 ----a-w c:\windows\system32\grpconv.exe
2009-05-04 07:34 . 2004-08-03 22:56 25088 ----a-w c:\windows\system32\defrag.exe
2009-05-04 07:14 . 2004-08-03 22:56 6192640 ----a-w c:\windows\system32\logonui.exe
2009-05-04 07:13 . 2001-09-19 12:00 31744 ----a-w c:\windows\system32\ntsd.exe
2009-05-04 07:13 . 2009-04-05 07:44 397824 ----a-w c:\windows\system32\mspaint.exe
2009-05-04 07:13 . 2009-04-05 07:45 194560 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-05-04 04:34 . 2009-04-05 08:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-01 16:28 . 2009-04-05 07:59 -------- d-----w c:\program files\Launch Manager
2009-04-29 22:02 . 2009-04-29 22:02 5973 ----a-w c:\program files\un_Internet Download Manager_16575.txt
2009-04-27 05:52 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-07 04:13 . 2009-04-05 07:59 -------- d-----w c:\program files\Intel
2009-04-07 03:17 . 2009-04-05 08:08 -------- d-----w c:\program files\Realtek
2009-04-06 23:59 . 2009-04-05 08:08 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-05 21:55 . 2004-08-03 22:55 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-05 20:32 . 2009-04-05 07:47 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-05 08:32 . 2009-04-05 08:32 -------- d-----w c:\program files\WIDCOMM
2009-04-05 08:18 . 2009-04-05 08:18 -------- d-----w c:\program files\CONEXANT
2009-04-05 08:14 . 2009-04-05 08:14 -------- d-----w c:\program files\Broadcom
2009-04-05 08:08 . 2009-04-05 08:08 315392 ----a-w c:\windows\HideWin.exe
2009-04-05 07:48 . 2009-04-05 07:48 -------- d-----w c:\program files\microsoft frontpage
2009-04-05 07:47 . 2001-09-19 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-05 07:45 . 2009-04-05 07:45 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-16 17:50 . 2009-03-16 17:50 81984 ----a-w c:\windows\system32\bdod.bin
2009-03-08 01:34 . 2004-08-03 22:55 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2004-08-03 22:55 43008 -c--a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2004-08-03 22:55 18944 -c--a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2004-08-03 22:55 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2004-08-03 22:55 72704 -c--a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2004-08-03 22:55 71680 -c--a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2004-08-03 22:55 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2004-08-03 22:53 48128 -c--a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2004-08-03 22:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2001-09-19 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-03 22:55 283136 ----a-w c:\windows\system32\pdh.dll
2009-02-10 16:03 . 2004-08-04 00:48 2067584 -c--a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:04 . 2004-08-03 22:46 1846656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:22 . 2004-08-03 22:49 2190592 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2004-08-03 22:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-03 22:55 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-03 22:55 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-03 22:55 681472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-03 22:55 693760 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-04-14 15:59 . 2009-04-05 21:55 59904 --sha-w c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe
.
------- Sigcheck -------
[-] 2008-04-14 15:59 1539584 986700AA8F81CE652AD770B87402262F c:\windows\explorer.exe
[-] 2008-04-14 15:59 1031168 157F947B699857E95474F8B612066CFB c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 15:59 1539584 63FC5293BA42F01EC929E99BB81BA606 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 15:59 15360 EB985CA0A3C635D5BF97F1BF35FE0693 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2009-05-04 08:26 15360 56936888D79DF981E3F4E554C65CA9CA c:\windows\system32\ctfmon.exe
[-] 2008-04-14 15:59 15360 64B119EF0C10ED6D1A1552E79997F596 c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 16:00 26112 6E22E8018CEE80775FAAD6C108141976 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-05-04 07:12 26112 D909E5B46308A21C1D851571A0ED04A2 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-05-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2009-05-04 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2009-02-10 876760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-21 198160]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2009-05-04 16134656]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-05-04 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-4 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\DRIVERS\sffp_mmc.sys [2008-04-13 10240]
R3 SjyPkt;SjyPkt; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-27 33808]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e722c6a8-2207-11de-ba90-001f3a951a2f}]
\Shell\AutoRun\command - E:\80avp08.com
\Shell\explore\Command - E:\80avp08.com
\Shell\open\Command - E:\80avp08.com
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1592454029-725345543-1003.job
- c:\documents and settings\acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-05 21:02]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = 192.168.1.254
IE: &BitSpirit حمله باستخدام - c:\program files\BitSpirit\bsurl.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: سأ±بجط¾«ءéدآشط(&B)
LSP: c:\windows\system32\idmmbc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-05 00:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\idmmbc.dll
- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2648)
c:\windows\system32\btmmhook.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\DVobSub.ax
c:\windows\system32\vobsub.dll
c:\program files\K-Lite Codec Pack\Filters\FLVSplitter.ax
c:\program files\K-Lite Codec Pack\Filters\MP4Splitter.ax
c:\program files\Common Files\BitSpirit\MatroskaSplitter.ax
c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\cFosSpeed\spd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\docume~1\acer\LOCALS~1\temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2009-05-04 0:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 21:18
Pre-Run: 109,009,371,136 bytes free
Post-Run: 108,962,861,056 bytes free
337 --- E O F --- 2009-05-04 04:33
 
توقيع : ابو خآلد
تأييد 0
توقيع : ابـــو عــبــد الــلــه
تأييد 0
يعطيكم الف الف عافيه اخواني
لاهنتم
 
توقيع : ابو خآلد
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى