اتمنى مساعدتكم اكثر من 100 فايروس بالجهاز ..

فهد بن خالد

فهد بن خالد

زيزوومى فعال
إنضم
28 نوفمبر 2008
المشاركات
261
مستوى التفاعل
15
النقاط
340
غير متصل
السلام عليكم ورحمة الله وبركاته

جمعه مباركه يالغالين ،،

محتاج مساعدتكم الله يوفقكم بمشكلتي مع فايروس عجزت احذفه ودمر لي كذا ملف تابع للنظام


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بهذا الموضوع وضحت مشكلتي لكن الله ماكتب ألقى الحل ،،

وحملت أداة من موضوع اخوي Demo-Dash
جزاه الله كل خير
Win32Sality_Remover tool_11.0.153

حاولت ارفع التقرير بملف مظغوط لكن الوينرار تقريبا تعطل ،،

المشكله عند نهاية الفحص بالأداة خرجت رسالة توضح ان فيه فيروسات ماقدرت الاداة تحذفها

اتمنى تساعدوني الله لايحرمكم الاجر ويحفظكم من كل مكروه


نسخت جزء من تقرير اداة الفحص


C:\WINDOWS\system32\comuid.dll OK
C:\WINDOWS\system32\config\default Cannot open
C:\WINDOWS\system32\config\default.LOG Cannot open
C:\WINDOWS\system32\config\SAM Cannot open
C:\WINDOWS\system32\config\SAM.LOG Cannot open
C:\WINDOWS\system32\config\SECURITY Cannot open
C:\WINDOWS\system32\config\SECURITY.LOG Cannot open
C:\WINDOWS\system32\config\software Cannot open
C:\WINDOWS\system32\config\software.LOG Cannot open
C:\WINDOWS\system32\config\system Cannot open
C:\WINDOWS\system32\config\system.LOG Cannot open
C:\WINDOWS\system32\confmsp.dll OK
C:\WINDOWS\system32\conime.exe OK
C:\WINDOWS\system32\console.dll OK
C:\WINDOWS\system32\control.exe OK
C:\WINDOWS\system32\convert.exe OK
C:\WINDOWS\system32\corpol.dll OK
C:\WINDOWS\system32\credui.dll OK
C:\WINDOWS\system32\crtdll.dll OK
C:\WINDOWS\system32\crypt32.dll OK
C:\WINDOWS\system32\cryptdlg.dll OK
C:\WINDOWS\system32\cryptdll.dll OK
C:\WINDOWS\system32\cryptext.dll OK
C:\WINDOWS\system32\cryptnet.dll OK
C:\WINDOWS\system32\cryptsvc.dll OK
C:\WINDOWS\system32\cryptui.dll OK
C:\WINDOWS\system32\cscdll.dll OK
C:\WINDOWS\system32\cscript.exe OK
C:\WINDOWS\system32\cscui.dll OK
C:\WINDOWS\system32\csrsrv.dll OK
C:\WINDOWS\system32\csrss.exe OK
C:\WINDOWS\system32\csseqchk.dll OK
C:\WINDOWS\system32\ctfmon.exe OK
C:\WINDOWS\system32\ctl3d32.dll OK
C:\WINDOWS\system32\c_iscii.dll OK
C:\WINDOWS\system32\d3d8.dll OK
C:\WINDOWS\system32\d3d8thk.dll OK
C:\WINDOWS\system32\d3d9.dll OK
C:\WINDOWS\system32\d3dim.dll OK
C:\WINDOWS\system32\d3dim700.dll OK
C:\WINDOWS\system32\d3dpmesh.dll OK
C:\WINDOWS\system32\d3dramp.dll OK
C:\WINDOWS\system32\d3drm.dll OK
C:\WINDOWS\system32\d3dxof.dll OK
C:\WINDOWS\system32\danim.dll OK
C:\WINDOWS\system32\dataclen.dll OK
C:\WINDOWS\system32\datime.dll OK
C:\WINDOWS\system32\davclnt.dll OK
C:\WINDOWS\system32\daxctle.ocx OK
C:\WINDOWS\system32\dbgeng.dll OK
C:\WINDOWS\system32\dbghelp.dll OK
C:\WINDOWS\system32\dbmsrpcn.dll OK
C:\WINDOWS\system32\dbnetlib.dll OK
C:\WINDOWS\system32\dbnmpntw.dll OK
C:\WINDOWS\system32\dciman32.dll OK
C:\WINDOWS\system32\dcomcnfg.exe OK
C:\WINDOWS\system32\ddeshare.exe OK
C:\WINDOWS\system32\ddraw.dll OK
C:\WINDOWS\system32\ddrawex.dll OK
C:\WINDOWS\system32\defrag.exe OK
C:\WINDOWS\system32\desk.cpl OK
C:\WINDOWS\system32\deskadp.dll OK
C:\WINDOWS\system32\deskmon.dll OK
C:\WINDOWS\system32\deskperf.dll OK
C:\WINDOWS\system32\devenum.dll OK
C:\WINDOWS\system32\devmgr.dll OK
C:\WINDOWS\system32\dfrgfat.exe OK
C:\WINDOWS\system32\dfrgntfs.exe OK
C:\WINDOWS\system32\dfrgres.dll OK
C:\WINDOWS\system32\dfrgsnap.dll OK
C:\WINDOWS\system32\dfrgui.dll OK
C:\WINDOWS\system32\DfSdkBt.exe OK
C:\WINDOWS\system32\DfSdkBt64.exe OK
C:\WINDOWS\system32\dfsshlex.dll OK
C:\WINDOWS\system32\dgnet.dll OK
C:\WINDOWS\system32\dgrpsetu.dll OK
C:\WINDOWS\system32\dgsetup.dll OK
C:\WINDOWS\system32\dhcpcsvc.dll OK
C:\WINDOWS\system32\dhcpmon.dll OK
C:\WINDOWS\system32\dhcpsapi.dll OK
C:\WINDOWS\system32\diactfrm.dll OK
C:\WINDOWS\system32\diantz.exe OK
C:\WINDOWS\system32\digest.dll OK
C:\WINDOWS\system32\dimap.dll OK
C:\WINDOWS\system32\dinput.dll OK
C:\WINDOWS\system32\dinput8.dll OK
C:\WINDOWS\system32\diskcomp.com OK
C:\WINDOWS\system32\diskcopy.com OK
C:\WINDOWS\system32\diskcopy.dll OK
C:\WINDOWS\system32\diskpart.exe OK
C:\WINDOWS\system32\diskperf.exe OK
C:\WINDOWS\system32\dispex.dll OK
C:\WINDOWS\system32\divx.dll OK
C:\WINDOWS\system32\dllcache\6to4svc.dll OK
C:\WINDOWS\system32\dllcache\aaaamon.dll OK
C:\WINDOWS\system32\dllcache\access.cpl OK
C:\WINDOWS\system32\dllcache\acctres.dll OK
C:\WINDOWS\system32\dllcache\accwiz.exe OK
C:\WINDOWS\system32\dllcache\acgenral.dll OK
C:\WINDOWS\system32\dllcache\aclayers.dll OK
C:\WINDOWS\system32\dllcache\acledit.dll OK
C:\WINDOWS\system32\dllcache\aclua.dll OK
C:\WINDOWS\system32\dllcache\aclui.dll OK
C:\WINDOWS\system32\dllcache\acspecfc.dll OK
C:\WINDOWS\system32\dllcache\activeds.dll OK
C:\WINDOWS\system32\dllcache\activeds.tlb OK
C:\WINDOWS\system32\dllcache\actmovie.exe OK
C:\WINDOWS\system32\dllcache\actxprxy.dll OK
C:\WINDOWS\system32\dllcache\acxtrnal.dll OK
C:\WINDOWS\system32\dllcache\admexs.dll OK
C:\WINDOWS\system32\dllcache\admin.dll OK
C:\WINDOWS\system32\dllcache\admin.exe OK
C:\WINDOWS\system32\dllcache\admparse.dll OK
C:\WINDOWS\system32\dllcache\admwprox.dll OK
C:\WINDOWS\system32\dllcache\admxprox.dll OK
C:\WINDOWS\system32\dllcache\adptif.dll OK
C:\WINDOWS\system32\dllcache\adrot.dll OK
C:\WINDOWS\system32\dllcache\adsiis51.dll OK
C:\WINDOWS\system32\dllcache\adsldp.dll OK
C:\WINDOWS\system32\dllcache\adsldpc.dll OK
C:\WINDOWS\system32\dllcache\adsmsext.dll OK
C:\WINDOWS\system32\dllcache\adsnds.dll OK
C:\WINDOWS\system32\dllcache\adsnt.dll OK
C:\WINDOWS\system32\dllcache\adsnw.dll OK
C:\WINDOWS\system32\dllcache\advapi32.dll OK
C:\WINDOWS\system32\dllcache\advpack.dll OK
C:\WINDOWS\system32\dllcache\aec.sys OK
C:\WINDOWS\system32\dllcache\afd.sys OK
C:\WINDOWS\system32\dllcache\agentanm.dll OK
C:\WINDOWS\system32\dllcache\agentctl.dll OK
C:\WINDOWS\system32\dllcache\agentdp2.dll OK​
 

توقيع : فهد بن خالد
ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام
حياك ربي

عطل استعادة النظام حسب الشرح التالي

i7549_1.png


i7550_2.png


i7551_3.png


ادخل هذه الصفحة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
التقرير noor_mcafee
وارفعه على هذا الموقع
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وارفق رابط التحميل بمشاركتك القادمة
 
توقيع : AbOdy
تأييد 0
هلا اخوي عبدالله ،، جمعه مباركه ،، الله يجزاك بالجنه ويوفقك ،،

اعتذر عن التأخر كل الوقت راح في محاولات لجل ارفع لك التقرير

الوينرار تعطل ،، فيه طريقه ثانيه ارفع فيه التقرير !

المكافي ماقصر تقريبا هو البرنامج الوحيد وقت الفحص ماعاد الجهاز التشغيل تلقائيا

ووقت الفحص لاحظت ملف حذفه المكافي بإسم ،، باك دور ،،، لكن إلا الآن الفيروس موجود

نصب برنامج النود بشكل سليم والاعدادات على اعلى حمايه وتنضيف لكن كالعاده اعادة التشغيل التلقائي


تقرير الكومبكس ،،

ComboFix 09-07-29.04 - master 07/31/2009 17:38.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1023.705 [GMT 3:00]
Running from: c:\documents and settings\master\سطح المكتب\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\6a7a0.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 13:07 . 2001-08-17 10:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-07-31 13:07 . 2001-08-17 10:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-07-31 13:07 . 2009-07-31 13:07 -------- d-----w- c:\program files\CONEXANT
2009-07-31 12:18 . 2009-07-31 12:18 -------- d-----w- c:\program files\Gyrus Solutions
2009-07-31 10:13 . 2009-07-31 10:13 -------- d-----w- c:\program files\ESET
2009-07-31 10:13 . 2009-07-31 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-31 07:04 . 2009-07-31 07:07 3872 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-31 07:01 . 2009-07-31 07:06 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-31 07:00 . 2009-07-31 07:00 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Downloaded Installations
2009-07-31 06:54 . 2009-07-31 06:54 -------- d-sha-r- c:\windows\system32\wmdrtc32.dll
2009-07-31 06:54 . 2009-07-31 06:54 -------- d-sha-r- c:\windows\system32\wmdrtc32.dl_
2009-07-31 06:54 . 2009-07-31 06:54 -------- d-sha-r- c:\windows\system32\ntfsus.exe
2009-07-31 06:54 . 2009-07-31 06:54 -------- d-sha-r- c:\windows\system32\dnsq.dll
2009-07-31 06:52 . 2009-07-31 14:41 46596064 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-31 06:19 . 2008-07-08 11:54 148496 ----a-w- c:\windows\system32\drivers\81668202.sys
2009-07-30 16:59 . 2009-07-30 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-30 15:48 . 2009-07-30 15:48 -------- d-----w- c:\documents and settings\master\Application Data\Ahead
2009-07-30 14:08 . 2009-07-30 14:08 -------- d-----w- c:\program files\VS Revo Group
2009-07-30 11:56 . 2009-07-30 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-30 10:51 . 2009-07-30 10:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-30 03:06 . 2009-07-30 03:06 171008 ----a-w- c:\windows\system32\GeeKz_db.dll
2009-07-29 22:22 . 2009-07-29 22:22 -------- d-----w- c:\program files\Trend Micro
2009-07-29 17:26 . 2008-10-16 11:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-29 00:26 . 2008-07-08 11:54 148496 ----a-w- c:\windows\system32\drivers\64172826.sys
2009-07-28 21:08 . 2009-07-30 14:15 -------- d-----w- c:\windows\system32\NtmsData
2009-07-28 21:02 . 2009-07-28 21:02 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-28 18:48 . 2009-07-28 18:48 -------- d-s---w- c:\documents and settings\master\UserData
2009-07-28 18:46 . 2004-08-03 20:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-07-28 18:46 . 2004-08-03 20:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-28 18:46 . 2007-07-16 15:23 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-07-28 18:46 . 2007-07-16 15:23 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-07-28 18:45 . 2009-07-28 18:47 -------- d-----w- c:\program files\Mobily Connect Card
2009-07-28 14:51 . 2009-07-28 14:51 -------- d-----w- c:\documents and settings\master\Application Data\Media Player Classic
2009-07-28 14:43 . 2009-07-28 14:49 -------- d-----w- c:\documents and settings\master\Application Data\TigerPlayer
2009-07-28 14:42 . 2009-07-28 14:43 -------- d-----w- c:\program files\MpcStar
2009-07-28 14:41 . 2009-07-28 14:41 -------- d-----w- c:\program files\VideoLAN
2009-07-28 14:22 . 2004-08-03 21:55 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-28 14:18 . 2009-07-28 14:18 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-28 14:16 . 2009-07-28 14:16 -------- d-----w- c:\documents and settings\master\Application Data\COWON
2009-07-28 14:16 . 2009-07-28 14:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-28 14:16 . 2009-07-28 14:16 -------- d-----w- c:\windows\system32\LogFiles
2009-07-28 14:15 . 2009-07-28 14:15 -------- d-----w- c:\documents and settings\master\Application Data\Apple Computer
2009-07-28 14:13 . 2009-07-28 14:13 -------- d-----w- c:\windows\system32\ar-sa
2009-07-28 14:11 . 2006-09-25 14:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-28 14:10 . 2009-07-31 12:06 -------- d--h--w- c:\windows\$hf_mig$
2009-07-28 14:09 . 2009-07-28 14:09 0 ----a-w- c:\windows\nsreg.dat
2009-07-28 14:08 . 2009-07-28 14:08 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Mozilla
2009-07-28 14:08 . 2009-07-28 14:08 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-28 14:07 . 2009-07-28 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-28 14:07 . 2004-07-26 13:16 476320 ----a-w- c:\windows\system32\imagXpr7.dll
2009-07-28 14:07 . 2004-07-26 13:16 471040 ----a-w- c:\windows\system32\imagXRA7.dll
2009-07-28 14:07 . 2004-07-26 13:16 262144 ----a-w- c:\windows\system32\imagXR7.dll
2009-07-28 14:07 . 2004-07-26 13:16 1568768 ----a-w- c:\windows\system32\imagX7.dll
2009-07-28 14:07 . 2004-07-09 05:43 364544 ----a-w- c:\windows\system32\TwnLib4.dll
2009-07-28 14:07 . 2009-07-28 14:08 -------- d-----w- c:\program files\Nero
2009-07-28 14:07 . 2009-07-28 14:08 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-28 14:07 . 2003-03-19 03:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-07-28 14:07 . 2003-03-18 17:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2009-07-28 14:06 . 2009-07-28 14:06 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-28 14:06 . 2009-07-28 14:06 -------- d-----w- c:\program files\Windows Live
2009-07-28 14:05 . 2009-07-28 14:05 -------- d-----w- C:\Windows Live Messenger v8.5 Final arabic
2009-07-28 14:04 . 2009-07-31 08:04 -------- d-----w- c:\documents and settings\master\Application Data\Skype
2009-07-28 14:03 . 2009-07-31 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-28 13:59 . 2009-07-28 13:59 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Apple
2009-07-28 13:58 . 2009-07-28 13:58 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Apple Computer
2009-07-28 13:58 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-28 13:58 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-28 13:58 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-28 13:58 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-28 13:58 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-28 13:58 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-28 13:58 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-28 13:58 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-28 13:58 . 2009-07-28 14:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-28 13:58 . 2009-07-28 13:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-28 13:58 . 2009-07-28 13:58 -------- d-----w- c:\program files\FormatFactory
2009-07-28 13:57 . 2009-07-28 13:57 -------- d-----w- c:\program files\Flash Movie Player
2009-07-28 13:57 . 2009-07-28 13:57 -------- d-----w- c:\program files\The KMPlayer
2009-07-28 13:56 . 2009-07-28 13:57 -------- d-----w- c:\program files\Common Files\COWON
2009-07-28 13:56 . 2009-07-28 13:57 -------- d-----w- c:\program files\JetAudio
2009-07-28 13:56 . 2009-07-28 13:57 -------- d-----w- c:\documents and settings\master\Application Data\BSplayer Pro
2009-07-28 13:56 . 2009-07-28 13:56 -------- d-----w- c:\program files\Webteh
2009-07-28 13:52 . 2009-07-28 20:11 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-28 13:52 . 2009-07-28 13:52 -------- d-----w- c:\windows\Autorun Cleaner
2009-07-28 13:52 . 2009-01-09 09:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-07-28 13:52 . 2009-01-09 09:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-07-28 13:51 . 2009-07-28 14:00 -------- d-----w- c:\program files\Ashampoo
2009-07-28 13:45 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-07-28 13:00 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 14:41 . 2009-07-31 06:52 66632 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-31 13:13 . 2001-09-19 12:00 40118 ----a-w- c:\windows\system32\perfc001.dat
2009-07-31 13:13 . 2001-09-19 12:00 251674 ----a-w- c:\windows\system32\perfh001.dat
2009-07-31 08:27 . 2009-07-31 08:27 -------- d-----w- c:\documents and settings\master\Application Data\CyberScrub
2009-07-31 08:27 . 2009-07-31 08:27 -------- d-----w- c:\documents and settings\master\Application Data\cleaner
2009-07-31 07:07 . 2009-07-31 07:04 1412 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-30 18:35 . 2009-07-28 10:07 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-28 14:02 . 2009-07-28 14:01 -------- d-----w- c:\program files\Common Files\Real
2009-07-28 14:01 . 2009-07-28 14:01 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-28 14:01 . 2009-07-28 14:01 -------- d-----w- c:\documents and settings\master\Application Data\Ashampoo
2009-07-28 14:01 . 2009-07-28 14:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-28 14:01 . 2009-07-28 14:01 -------- d-----w- c:\program files\Real
2009-07-28 14:00 . 2009-07-28 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2009-07-28 13:56 . 2009-07-28 10:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 13:54 . 2009-07-28 10:16 94632 ----a-w- c:\documents and settings\master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-28 13:47 . 2009-07-28 13:47 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-07-28 13:47 . 2009-07-28 13:47 2232 ----a-w- c:\windows\java\Packages\Data\CTVJ57PR.DAT
2009-07-28 13:47 . 2009-07-28 13:47 155995 ----a-w- c:\windows\java\Packages\WX3N5BN1.ZIP
2009-07-28 13:47 . 2009-07-28 13:47 2678 ----a-w- c:\windows\java\Packages\Data\6SPNJFPR.DAT
2009-07-28 13:47 . 2009-07-28 13:47 172032 ------w- c:\windows\Setup1.exe
2009-07-28 13:47 . 2009-07-28 13:47 2678 ----a-w- c:\windows\java\Packages\Data\IUMQ1Z3H.DAT
2009-07-28 13:47 . 2009-07-28 13:47 2678 ----a-w- c:\windows\java\Packages\Data\WDFHRN7D.DAT
2009-07-28 13:47 . 2009-07-28 13:47 2678 ----a-w- c:\windows\java\Packages\Data\W04RHZ1N.DAT
2009-07-28 13:47 . 2009-07-28 13:47 2678 ----a-w- c:\windows\java\Packages\Data\JN1379BT.DAT
2009-07-28 13:47 . 2009-07-28 13:47 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-28 10:24 . 2009-07-28 10:24 -------- d-----w- c:\program files\Realtek AC97
2009-07-28 10:23 . 2009-07-28 10:23 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-28 10:19 . 2009-07-28 10:19 -------- d-----w- c:\program files\Microsoft.NET
2009-07-28 10:18 . 2009-07-28 10:18 -------- d-----w- c:\program files\Microsoft Works
2009-07-28 10:08 . 2009-07-28 10:08 -------- d-----w- c:\program files\microsoft frontpage
2009-07-28 10:05 . 2009-07-28 10:05 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-24 13:36 . 2009-07-28 14:08 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2008-10-31 02:37 1547776 6E932D21E116B51ED9D5157E31C48E33 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_CF]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^master^قائمة ابدأ^البرامج^بدء التشغيل^is-AM128.lnk]
path=c:\documents and settings\master\قائمة ابدأ\البرامج\بدء التشغيل\is-AM128.lnk
backup=c:\windows\pss\is-AM128.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 02:23 م 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 02:24 م 93336]
R1 is-V1QM4drv;is-V1QM4drv;c:\windows\system32\drivers\81668202.sys [31/07/2009 09:19 ص 148496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 02:23 م 727720]
S1 is-AM128drv;is-AM128drv;c:\windows\system32\drivers\64172826.sys [29/07/2009 03:26 ص 148496]
S4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [28/07/2009 04:52 م 410976]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\master\Application Data\Mozilla\Firefox\Profiles\4fg319j8.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-31 17:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(676)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-31 17:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 14:44
Pre-Run: 16,100,528,128 bytes free
Post-Run: 16,090,669,056 bytes free
260
 
توقيع : فهد بن خالد
تأييد 0
بالنسبه لتقرير المكافي ,,
انسخه والصقه هنا ,,
 
توقيع : Future Tank X-1
تأييد 0
سم اخووي هذا التقرير ،،​

McAfee VirusScan for Win32 v5.30.0
Copyright (c) 1992-2008 McAfee, Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Jun 16 2008
Scan engine v5.3.00 for Win32.
Virus data file v5688 created Jul 25 2009
Scanning for 540433 viruses, trojans and variants.

--------------------------------------------------------------------------------
Virus Scan Results
--------------------------------------------------------------------------------


07/31/2009 12:31:40

Options:
/ADL /WINMEM/CLEAN /APPEND /HTML C:\NOOR_MCAFEE.HTM
Scanning C: []
Scanning C:\*.*
C:\WINDOWS\system32\ior.exe ... Found the BackDoor-CEP!o trojan !!!
The file or process has been deleted.
Summary report on C:\*.*
File(s)
Total files: ........... 22680
Clean: ................. 22660
Not scanned: ........... 0
Possibly Infected: ..... 1
Cleaned: ............... 0
Deleted: ............... 1
Non-critical Error(s): 1
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Scanning D: []
Scanning D:\*.*
Summary report on D:\*.*
File(s)
Total files: ........... 14268
Clean: ................. 14268
Not scanned: ........... 0
Possibly Infected: ..... 0
Cleaned: ............... 0
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


 
توقيع : فهد بن خالد
تأييد 0
اخي تقريرك الان سليم ولا يوجد اي فيروس
ولكن دودة السالتي تتلف جميع البرامج
اي برنامج عندك لا يعمل ،، احذفه واعد تثبيته
ما في الا هالحل
موفق
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى