[تم حل المشكلة]البحث عن برنامج لازالة الفايروس عن المموري كارت

  • بادئ الموضوع بادئ الموضوع walid ali
  • تاريخ البدء تاريخ البدء
  • المشاهدات 778
الحالة
مغلق و غير مفتوح للمزيد من الردود.
walid ali

walid ali

زيزوومى محترف
إنضم
13 يونيو 2008
المشاركات
2,399
مستوى التفاعل
63
النقاط
740
الإقامة
ارض الله
غير متصل
البحث عن برنامج لازالة الفايروس عن المموري كارت التي لا يستطيع الكاسبر سكاى مسحه ...... ارجو المساعده وشكرا
 

توقيع : walid ali
ترتيب حسب التاريخ ترتيب حسب الأصوات
توقيع : walid ali
تأييد 0
كيف عرفت انه فيروس

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:14:22 م, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: ???????? ????? ???? ????? ????? - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8471C4DE-330C-4CD6-A8E3-F266D47E0689}: NameServer = 81.10.124.2,81.10.124.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: خدمة تحديث Google (gupdate1c9d725baee6b1e) (gupdate1c9d725baee6b1e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7342 bytes
 
توقيع : walid ali
تأييد 0
اشبك الفلاش بالجهاز واعمل التالي



عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
ComboFix 09-05-18.06 - greymobile1 05/19/2009 21:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2559.2089 [GMT 7:00]
Running from: c:\documents and settings\greymobile1\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR


((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-19 14:22 . 2009-05-19 14:22 -------- d-----w c:\windows\system32\xircom
2009-05-19 14:22 . 2009-05-19 14:22 -------- d-----w c:\program files\microsoft frontpage
2009-05-19 12:12 . 2009-05-19 12:12 -------- d-----w c:\program files\Trend Micro
2009-05-18 18:56 . 2009-05-18 18:56 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-17 19:36 . 2009-05-17 19:36 -------- d-----w c:\program files\Common Files\xing shared
2009-05-17 19:35 . 2009-05-17 19:35 -------- d-----w c:\program files\Real
2009-05-17 19:35 . 2009-05-17 19:36 -------- d-----w c:\program files\Common Files\Real
2009-05-17 19:29 . 2009-05-17 19:29 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-17 19:28 . 2009-05-17 19:34 -------- d-----w c:\documents and settings\greymobile1\Local Settings\Application Data\Google
2009-05-17 19:28 . 2009-05-17 19:29 -------- d-----w c:\program files\Google
2009-05-17 18:19 . 2009-05-17 18:19 -------- d-----w c:\program files\Internet Download Manager
2009-05-15 13:56 . 2009-05-15 13:56 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-15 13:47 . 2009-05-15 13:47 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-05-15 13:47 . 2009-05-15 13:56 -------- d-----w c:\documents and settings\greymobile1\Application Data\Azureus
2009-05-15 13:46 . 2009-05-15 14:01 -------- d-----w c:\program files\Vuze
2009-05-15 13:36 . 2009-05-15 13:36 -------- d-----w c:\windows\Sun
2009-05-15 13:34 . 2009-05-15 13:33 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-15 13:33 . 2009-05-15 13:33 -------- d-----w c:\program files\Java
2009-05-14 18:04 . 2009-05-14 18:04 -------- d-----w c:\program files\Alwil Software
2009-05-14 17:35 . 2009-05-14 17:35 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-05-14 17:34 . 2009-05-14 17:34 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-14 17:34 . 2009-05-15 18:37 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-05-09 13:15 . 2009-05-09 13:15 -------- d-----w c:\program files\SarasSoft
2009-05-08 17:42 . 2009-05-08 17:42 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-08 17:42 . 2009-04-27 07:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-08 17:42 . 2009-05-08 17:42 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-08 17:42 . 2009-05-08 17:53 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-08 17:27 . 2009-05-08 17:27 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-08 16:40 . 2009-05-08 16:40 -------- d-----w c:\documents and settings\greymobile1\Application Data\TuneUp Software
2009-05-08 16:40 . 2009-05-08 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-07 22:58 . 2009-05-07 22:58 -------- d-----w c:\documents and settings\greymobile1\Application Data\InstallShield
2009-05-07 22:32 . 2009-05-07 22:32 -------- d-----w c:\program files\uTorrent
2009-05-07 21:31 . 2009-05-07 21:32 41376 ----a-w c:\windows\system32\drivers\Oreans.sys
2009-05-07 18:46 . 2009-05-07 18:46 -------- d-----w c:\documents and settings\greymobile1\Local Settings\Application Data\Identities
2009-05-07 16:18 . 2009-05-07 16:32 -------- d-----w c:\program files\Anti Trojan Elite
2009-05-07 16:04 . 2009-05-07 16:04 -------- d-----w c:\documents and settings\greymobile1\DoctorWeb
2009-05-07 15:53 . 2009-05-07 15:53 171008 ----a-w c:\windows\system32\GeeKz_db.dll
2009-05-07 15:43 . 2009-05-07 15:42 720896 ----a-w c:\windows\iun6002.exe
2009-05-07 15:15 . 2009-05-07 16:32 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-07 15:07 . 2009-05-07 15:07 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-05-07 07:42 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-05-06 17:04 . 2004-04-14 11:32 51821 ----a-r c:\windows\system32\ftserui2.dll
2009-05-06 17:04 . 2004-04-20 08:05 57404 ----a-r c:\windows\system32\drivers\ftser2k.sys
2009-05-06 17:04 . 2003-12-19 15:54 10368 ----a-r c:\windows\system32\drivers\egaterdr.sys
2009-05-06 17:04 . 2004-10-26 04:43 169472 ----a-r c:\windows\system32\fcunin.exe
2009-05-06 17:04 . 2004-04-20 08:04 24209 ----a-r c:\windows\system32\drivers\ftdibus.sys
2009-05-06 17:03 . 2003-12-19 15:54 11264 ----a-r c:\windows\system32\drivers\egatebus.sys
2009-05-06 17:03 . 2003-12-19 15:54 53248 ----a-r c:\windows\system32\slbmgpg.dll
2009-05-06 17:03 . 2003-12-19 15:54 131072 ----a-r c:\windows\system32\egdrvins1.dll
2009-05-06 17:03 . 2003-12-19 15:54 13312 ----a-r c:\windows\system32\drivers\egate.sys
2009-05-05 17:36 . 2009-05-05 17:36 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-05 17:35 . 2009-05-05 17:35 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-04 21:28 . 2007-06-27 00:05 53184 ----a-w c:\windows\system32\drivers\UFS2XX.sys
2009-05-04 21:28 . 2007-06-27 00:10 202048 ----a-w c:\windows\system32\UFS2XX.dll
2009-05-04 16:13 . 2009-05-04 16:13 -------- d-----w c:\documents and settings\greymobile1\Application Data\Auslogics
2009-05-04 16:13 . 2009-05-04 16:13 -------- d-----w c:\program files\Auslogics
2009-05-04 14:01 . 2009-05-04 14:01 -------- d-----w c:\program files\GriffinTeam
2009-05-04 13:42 . 2009-05-17 14:46 -------- d-----w c:\documents and settings\greymobile1\Application Data\uTorrent
2009-05-03 15:39 . 2009-05-03 15:39 -------- d-----w c:\windows\system32\LogFiles
2009-05-03 15:38 . 2008-04-13 10:15 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-05-03 15:37 . 2008-03-21 06:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-05-03 15:37 . 2009-05-03 15:39 -------- d-----w c:\documents and settings\greymobile1\Application Data\Nokia
2009-05-03 15:37 . 2009-05-04 14:18 -------- d-----w c:\documents and settings\greymobile1\Application Data\PC Suite
2009-05-03 15:37 . 2009-05-03 15:38 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-05-03 15:36 . 2009-05-05 17:36 -------- d-----w c:\program files\Common Files\Nokia
2009-05-03 15:36 . 2009-05-03 15:36 -------- d-----w c:\program files\DIFX
2009-05-03 15:36 . 2008-08-26 03:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-05-03 15:36 . 2009-05-05 17:37 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-03 15:36 . 2009-02-09 00:37 91136 ----a-w c:\windows\system32\nmwcdcls.dll
2009-05-03 15:36 . 2009-05-05 17:36 -------- d-----w c:\program files\Nokia
2009-05-03 15:35 . 2009-05-05 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 14:21 . 2009-05-02 15:34 3648544 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-19 14:21 . 2009-05-02 15:34 30632 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-19 14:21 . 2009-05-02 15:34 24608 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-19 14:21 . 2009-05-02 15:34 2212 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-17 19:35 . 2009-05-02 15:29 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-17 19:35 . 2009-05-02 15:29 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-17 08:35 . 2009-05-02 18:36 -------- d-----w c:\program files\USB Disk Security
2009-05-08 15:35 . 2009-05-02 15:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 14:26 . 2009-05-02 15:37 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-03 15:38 . 2009-05-03 15:38 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-05-03 15:38 . 2009-05-03 15:38 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-02 18:41 . 2009-05-02 15:19 -------- d-----w c:\program files\Unlocker
2009-05-02 17:27 . 2009-05-02 17:27 0 ----a-w c:\windows\nsreg.dat
2009-05-02 17:04 . 2009-05-02 17:04 4096 ----a-w c:\windows\d3dx.dat
2009-05-02 16:33 . 2009-05-02 16:31 -------- d-----w c:\program files\RegCure
2009-05-02 16:27 . 2009-05-02 16:27 -------- d-----w c:\program files\CONEXANT
2009-05-02 16:22 . 2009-05-02 16:22 -------- d-----w c:\program files\Yahoo!
2009-05-02 16:17 . 2008-01-29 10:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-02 16:17 . 2009-05-02 15:36 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-02 16:17 . 2009-05-02 15:36 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-02 16:09 . 2009-05-02 16:09 37256 ----a-w c:\documents and settings\greymobile1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 15:38 . 2009-05-02 15:38 -------- d-----w c:\program files\Analog Devices
2009-05-02 15:34 . 2009-05-02 15:34 -------- d-----w c:\program files\Kaspersky Lab
2009-05-02 15:26 . 2009-05-02 15:26 97920 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-02 15:26 . 2009-05-02 15:26 -------- d-----w c:\program files\MSBuild
2009-05-02 15:26 . 2009-05-02 15:26 -------- d-----w c:\program files\Reference Assemblies
2009-05-02 15:22 . 2009-05-02 15:22 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-02 15:20 . 2009-05-02 15:20 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-02 15:19 . 2009-05-02 15:19 -------- d-----w c:\program files\LClock
2009-05-02 15:19 . 2009-05-02 15:19 -------- d-----w c:\program files\System
2009-05-02 15:19 . 2009-05-02 15:19 -------- d-----w c:\program files\HashTab Shell Extension
2009-05-02 15:19 . 2009-05-02 15:19 -------- d-----w c:\program files\Microsoft PowerToys
2009-04-06 03:50 . 2009-05-02 15:29 14471 ----a-w c:\windows\REGTWEAK.REG
2009-03-07 21:34 . 2009-04-06 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-07 21:34 . 2009-04-06 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 21:33 . 2009-04-06 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 21:33 . 2009-04-06 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-07 21:32 . 2009-04-06 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-07 21:32 . 2009-04-06 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 21:31 . 2009-04-06 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 21:31 . 2009-04-06 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 21:31 . 2009-04-06 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-07 21:22 . 2009-04-06 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 13:49 . 2009-04-06 12:00 284160 ----a-w c:\windows\system32\pdh.dll
.

------- Sigcheck -------

[-] 2009-04-06 12:00 578048 894B313C52589628BB996E175B581E3A c:\windows\system32\user32.dll

[-] 2009-04-06 12:00 557056 C64E97CC32E4662F2972FE7E8FA9B6CE c:\windows\system32\winlogon.exe

[-] 2009-04-06 12:00 1641472 B8129BACB446D8CE8B083EC0728C2132 c:\windows\explorer.exe

[-] 2009-04-06 12:00 40448 C1D50243355A290CB3AA684FD8B38170 c:\windows\system32\ctfmon.exe

[-] 2009-04-06 12:00 295424 56F4867BAE6FD78E5365A3A7AFA59C82 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-06 40448]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-07 2807216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2009-04-06 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2009-04-06 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2009-04-06 455168]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-02 206088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-15 148888]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-05-16 798720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-17 198160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-04-06 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-07 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\greymobile1\\My Documents\\Downloads\\Programs\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [02/05/2009 10:19 م 8576]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [09/05/2009 12:42 ص 604416]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [07/05/2009 12:03 ص 11264]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [07/05/2009 12:04 ص 10368]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S2 gupdate1c9d725baee6b1e;خدمة تحديث Google (gupdate1c9d725baee6b1e);c:\program files\Google\Update\GoogleUpdate.exe [18/05/2009 02:28 ص 133104]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [07/05/2009 12:03 ص 13312]
S3 MtbUsb;Universal Flashing Interface;c:\windows\system32\drivers\mtbox.sys [08/09/2005 02:11 ص 31452]
S3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\UFS2XX.sys [05/05/2009 04:28 ص 53184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - VCDROM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 08:37]

2009-05-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 19:28]

2009-05-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 16:33]

2009-05-16 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 16:33]

2009-05-19 c:\windows\Tasks\User_Feed_Synchronization-{74313CFE-A65E-4FCA-A7E2-FF9B2553688A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 21:31]

2009-05-19 c:\windows\Tasks\الصيانة بنقرة واحدة.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 08:37]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Download with IDM
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {8471C4DE-330C-4CD6-A8E3-F266D47E0689} = 81.10.124.2,81.10.124.3
FF - ProfilePath - c:\documents and settings\greymobile1\Application Data\Mozilla\Firefox\Profiles\400ou3bt.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
FF - component: c:\documents and settings\greymobile1\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-19 21:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{471fde44-a232-40a8-be59-fa7c6978cf29}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008a
"Therad"=dword:0000000f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5f,e2,10,02,8e,26,c5,59,33,c4,9f,29,c8,61,6a,1f,b0,bf,64,86,00,
00,06,26,61,a6,4c,5d,f7,64,68,7d,30,f8,d2,97,21,ba,22,ce,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(1608)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\program files\LClock\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-05-19 21:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 14:28

Pre-Run: 52,881,051,648 bytes free
Post-Run: 52,812,136,448 bytes free

310 --- E O F --- 2009-05-13 12:34
 
توقيع : walid ali
تأييد 0
لا يوجد فيروس بالفلاش جسب التقرير
اعمل صورة لما يكتشفه الكاسبر
 
تأييد 0
شكرا لك حضرة المدير العام ولكن بعد ما قمة بالخطوات التي طلبتها مني استخدمت الكاسبر سكاي للمره الثانيه استطاعه الكاسبر ان يمسحها هذا ما حدث ولك جزيل الشكر
 
توقيع : walid ali
تأييد 0
الله يوفقك اخي
والحمدلله على انتهاء المشكلة
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى