[تم حل المشكلة] فـآيروس ديدان ينتشر ويحذف البرآمج

  • بادئ الموضوع بادئ الموضوع الرحآل
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,433
الحالة
مغلق و غير مفتوح للمزيد من الردود.
ا

الرحآل

زيزوومي جديد
إنضم
30 يونيو 2009
المشاركات
94
مستوى التفاعل
0
النقاط
110
غير متصل
السـلآم عليكم ورحمة الله وبركاته

وانا احمل برنامج الا وطلع ملغوم وشوي يطفى برنامج الحماية وتطلعلي نافذة زرقـآء واعيد تشغيل الجهـآز

وقاعد تنحذف البرآمج وهذا تقرير الهايجك:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:12:00 أبو سعد, on 04/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST\aswUpdSv.exe
C:\Program Files\AVAST\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Bosco\slave.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVAST\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVAST\ashMaiSv.exe
C:\Program Files\AVAST\ashWebSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User1\Desktop\cleanss.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\AVAST\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\AVAST\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\AVAST\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\WINDOWS\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\WINDOWS\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\WINDOWS\
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - C:\Program Files\Bosco\slave.exe

--
End of file - 5113 bytes




بسرعة يـآأخوان برآمجي رآحت :f: والمشكلة أي برنامج أضغطه يحذفه الانتي فايروس
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
عطل برامج الحماية عن العمل
ثم

حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

ثم حمل الأداة التالية :

اداة System Repair Engineer لتصفير اعدادات مسجل النظا

الحجم : 2.1 ميقابايت

التوافق : ويندوز فيستا & ويندوز اكسبي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح استخدام الأداة :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 
التعديل الأخير بواسطة المشرف:
توقيع : Al jNtEeL
تأييد 0
مـآيمديني ادخل السيف مود تطلعلي نافذة زرقـآء
 
تأييد 0
[تم حل المشكلة] فايروس ديدان يحذف الملفات وينتشر

هذآ التقرير:

ComboFix 09-08-03.A2 - User1 08/04/2009 19:44.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.503.234 [GMT 3:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090804-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User1\Application Data\addon.dat
c:\documents and settings\User1\Application Data\Bifrost
c:\documents and settings\User1\Application Data\Bifrost\logg.dat
c:\documents and settings\User1\Desktop\~$crosoft Word Document New .doc
c:\windows\Mylist.dll
c:\windows\system32\drivers\KeenSense.sys
c:\windows\system32\drivers\ksdevice.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_asc3360pr
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 16:48 . 2009-08-04 16:48 -------- d-sh--w- \RECYCLER
2009-08-04 16:42 . 2009-08-04 16:49 -------- d-s---w- \ComboFix
2009-08-04 16:42 . 2009-08-04 16:48 -------- d-----w- \Qoobox
2009-08-03 17:52 . 2009-08-03 17:52 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Xenocode
2009-08-02 17:11 . 2009-08-02 17:15 5370 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-08-02 11:09 . 2009-08-02 11:09 -------- d-----w- c:\documents and settings\User1\Application Data\FlashFXP
2009-07-29 14:54 . 2009-07-29 14:54 -------- d-----w- c:\windows\block msn live
2009-07-27 15:47 . 2004-08-03 20:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-07-24 15:20 . 2000-07-15 03:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-07-22 21:56 . 2009-07-23 21:46 -------- d-----w- c:\documents and settings\User1\Application Data\IDM
2009-07-22 21:56 . 2009-07-24 09:22 -------- d-----w- c:\documents and settings\User1\Application Data\DMCache
2009-07-19 18:41 . 2008-06-21 15:54 11779 ----a-w- c:\windows\REGTWEAK.REG
2009-07-19 08:22 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-07-17 13:07 . 2009-07-17 13:07 28944 ----a-w- c:\documents and settings\User1\psapi.dll
2009-07-16 19:35 . 2009-07-16 19:35 -------- d-----w- C:\sound
2009-07-16 19:35 . 2009-07-16 19:35 -------- d-----w- \sound
2009-07-15 22:50 . 2009-07-15 22:50 -------- d-----w- c:\documents and settings\User1\Application Data\MDCrack
2009-07-11 20:27 . 2009-07-11 20:27 -------- d-----w- c:\documents and settings\User1\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-07-11 18:28 . 2004-08-03 20:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-11 06:57 . 2009-07-11 06:57 -------- d-----w- c:\windows\system32\wbem\MUI
2009-07-11 06:56 . 2001-09-07 11:43 57344 ----a-w- c:\windows\system32\WMErrAra.dll
2009-07-10 16:59 . 2009-07-10 21:04 41947 ----a-w- c:\windows\k_urlmon.dll
2009-07-07 09:25 . 2009-08-04 13:20 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Paint.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 16:50 . 2009-08-04 16:42 -------- d-s---w- \ComboFix
2009-08-04 16:50 . 2009-06-23 06:34 1024 ---ha-w- c:\documents and settings\User1\ntuser.dat.LOG
2009-08-04 16:50 . 2009-06-23 06:32 1024 ---ha-w- c:\documents and settings\NetworkService\ntuser.dat.LOG
2009-08-04 16:50 . 2009-06-23 06:33 1024 ---ha-w- c:\documents and settings\LocalService\ntuser.dat.LOG
2009-08-04 16:49 . 2009-06-23 06:28 1897236 ----a-w- c:\windows\WindowsUpdate.log
2009-08-04 16:49 . 2009-06-23 09:13 -------- d-----w- C:\WINDOWS
2009-08-04 16:49 . 2009-06-23 09:13 -------- d-----w- \WINDOWS
2009-08-04 16:49 . 2004-08-04 11:00 516 ----a-w- c:\windows\system.ini
2009-08-04 16:48 . 2009-08-04 16:42 -------- d-----w- \Qoobox
2009-08-04 16:48 . 2009-07-19 22:27 48 ----a-w- c:\windows\wiaservc.log
2009-08-04 16:48 . 2009-07-19 22:27 157 ----a-w- c:\windows\wiadebug.log
2009-08-04 16:47 . 2009-06-23 09:13 792723456 --sha-w- \pagefile.sys
2009-08-04 16:47 . 2009-06-23 09:13 -------- d-----w- c:\windows\system32\drivers
2009-08-04 16:47 . 2009-06-23 09:13 -------- d-----w- c:\windows\security
2009-08-04 16:46 . 2009-06-23 06:34 178 --sh--w- c:\documents and settings\User1\ntuser.ini
2009-08-04 16:46 . 2009-06-23 09:13 -------- d-----w- c:\windows\system32\config
2009-08-04 16:46 . 2009-06-23 09:13 -------- d-----w- c:\windows\system32
2009-08-04 16:46 . 2009-06-23 09:13 -------- d-s---r- c:\windows\Fonts
2009-08-04 16:46 . 2009-06-23 06:28 -------- d-s---w- c:\windows\Downloaded Program Files
2009-08-04 16:46 . 2009-06-23 06:27 -------- d-s---w- c:\windows\Tasks
2009-08-04 16:45 . 2009-06-23 09:13 -------- d-----w- c:\windows\AppPatch
2009-08-04 16:43 . 2009-06-23 09:19 -------- d-----w- c:\windows\system32\CatRoot2
2009-08-04 16:43 . 2009-07-03 09:16 1024 ---ha-w- c:\windows\system32\config\systemprofile\NtUser.dat.LOG
2009-08-04 16:43 . 2009-06-23 06:49 1024 ---ha-w- c:\documents and settings\Default User\NtUser.dat.LOG
2009-08-04 16:42 . 2009-06-23 09:18 -------- d-sh--w- \System Volume Information
2009-08-04 16:42 . 2009-06-23 06:27 -------- d-----w- c:\windows\system32\Restore
2009-08-04 16:08 . 2009-06-23 09:13 -------- d-----w- c:\windows\system32\wbem\Logs
2009-08-04 16:00 . 2009-06-23 06:33 178 --sh--w- c:\documents and settings\LocalService\ntuser.ini
2009-08-04 12:43 . 2009-06-23 09:17 210 --sh--w- \boot.ini
2009-08-04 12:43 . 2004-08-04 11:00 712 ----a-w- c:\windows\win.ini
2009-08-03 15:18 . 2009-07-16 12:46 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX
2009-08-03 11:07 . 2009-08-03 11:05 121 ----a-w- c:\windows\Winchat.ini
2009-08-03 10:30 . 2009-06-23 06:34 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Microsoft
2009-08-03 10:18 . 2009-06-23 09:13 -------- d-----w- c:\windows\system32\usmt
2009-08-02 19:21 . 2009-06-23 09:21 -------- d-----r- C:\Program Files
2009-08-02 19:21 . 2009-06-23 09:21 -------- d-----r- \Program Files
2009-08-02 17:15 . 2009-07-01 05:15 59852 ----a-w- c:\windows\BricoPackUninst.cmd
2009-08-02 17:15 . 2009-07-01 05:11 59852 ----a-w- c:\windows\BricoPackUninst.txt
2009-08-02 17:14 . 2009-07-01 05:15 2359350 ----a-w- c:\windows\BricoPack Wallpaper.bmp
2009-08-02 17:10 . 2009-07-01 05:11 -------- d-----w- c:\windows\BricoPacks
2009-08-02 11:58 . 2009-06-23 18:42 -------- d-----w- c:\documents and settings\User1\Application Data\MessengerDiscovery 2
2009-08-02 11:58 . 2009-06-23 17:47 -------- d-----w- c:\documents and settings\User1\Contacts
2009-07-27 22:17 . 2009-06-23 09:13 -------- dcsh--r- c:\windows\system32\dllcache
2009-07-27 15:46 . 2009-06-23 09:13 -------- d--h--w- c:\windows\inf
2009-07-27 15:44 . 2009-07-27 15:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-07-27 15:44 . 2009-07-27 15:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-23 16:55 . 2009-06-23 09:21 -------- d-sh--w- c:\windows\Installer
2009-07-19 22:27 . 2009-07-19 22:27 0 ------w- c:\windows\Sti_Trace.log
2009-07-19 21:33 . 2009-06-23 09:19 -------- d-----w- c:\windows\system32\CatRoot
2009-07-19 20:04 . 2009-06-23 09:13 -------- d-----w- c:\windows\Debug
2009-07-18 08:16 . 2009-06-23 07:55 -------- d--h--w- c:\windows\$hf_mig$
2009-07-17 19:11 . 2009-07-15 20:03 54156 ---ha-w- c:\windows\QTFont.qfn
2009-07-17 13:07 . 2009-07-17 13:07 69206 ----a-w- c:\documents and settings\User1\APorts.hlp
2009-07-17 13:07 . 2009-07-17 13:07 497 ----a-w- c:\documents and settings\User1\APorts.cnt
2009-07-17 12:57 . 2009-07-17 12:57 771 ----a-w- c:\windows\Mylist2.txt
2009-07-17 12:57 . 2009-07-17 12:57 1813 ----a-w- c:\windows\Mylist1.txt
2009-07-16 19:00 . 2009-06-23 07:18 -------- d-----w- c:\documents and settings\User1\Application Data\Apple Computer
2009-07-16 18:59 . 2009-06-27 07:21 -------- d-----w- c:\documents and settings\User1\Application Data\dvdcss
2009-07-16 18:59 . 2009-06-23 08:08 6144 ----a-w- c:\documents and settings\User1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-07-15 20:03 . 2009-07-15 20:03 1409 ----a-w- c:\windows\QTFont.for
2009-07-15 19:57 . 2009-06-23 09:13 -------- d-----w- c:\windows\Help
2009-07-15 14:37 . 2009-06-23 09:21 458340 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-07-15 14:37 . 2009-06-23 06:26 -------- d-----w- c:\windows\system32\wbem\Performance
2009-07-15 08:25 . 2009-06-23 17:46 -------- d-----w- c:\documents and settings\User1\Application Data\chin frag
2009-07-15 08:23 . 2009-06-23 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\active move body safe
2009-07-13 09:05 . 2009-07-13 09:02 -------- d-----w- c:\documents and settings\User1\Application Data\zyzcleaner
2009-07-13 09:02 . 2009-07-13 09:02 -------- d-----w- c:\documents and settings\User1\Application Data\CyberScrub
2009-07-12 14:55 . 2009-07-12 14:55 268 ---ha-w- C:\sqmdata04.sqm
2009-07-12 14:55 . 2009-07-12 14:55 268 ---ha-w- \sqmdata04.sqm
2009-07-12 14:55 . 2009-07-12 14:55 244 ---ha-w- C:\sqmnoopt04.sqm
2009-07-12 14:55 . 2009-07-12 14:55 244 ---ha-w- \sqmnoopt04.sqm
2009-07-12 08:44 . 2004-08-04 11:00 2206 ----a-w- c:\windows\system32\wpa.dbl
2009-07-12 08:44 . 2009-06-23 06:26 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-07-11 06:57 . 2009-06-23 09:13 -------- d-----w- c:\windows\mui
2009-07-11 06:57 . 2009-06-23 09:13 -------- d-----w- c:\windows\system32\wbem
2009-07-11 06:56 . 2009-06-23 06:28 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-11 06:56 . 2009-06-23 09:13 -------- d-----w- c:\windows\pchealth
2009-07-11 06:56 . 2009-06-23 09:13 -------- d-----w- c:\windows\system32\1025
2009-07-11 06:56 . 2009-06-23 09:13 -------- d-----w- c:\windows\system32\oobe
2009-07-11 06:56 . 2009-06-23 09:13 -------- d-----r- c:\windows\Web
2009-07-10 12:41 . 2009-07-10 12:41 9351 ----a-w- c:\windows\system32\ابو سعد.rar
2009-07-09 06:52 . 2009-07-09 06:52 268 ---ha-w- C:\sqmdata03.sqm
2009-07-09 06:52 . 2009-07-09 06:52 268 ---ha-w- \sqmdata03.sqm
2009-07-09 06:52 . 2009-07-09 06:52 244 ---ha-w- C:\sqmnoopt03.sqm
2009-07-09 06:52 . 2009-07-09 06:52 244 ---ha-w- \sqmnoopt03.sqm
2009-07-04 06:03 . 2009-06-23 06:29 2616 ----a-w- c:\windows\system32\CONFIG.NT
2009-07-02 06:37 . 2009-07-02 06:36 -------- d-----w- c:\documents and settings\User1\Application Data\Resource Tuner
2009-07-01 13:55 . 2009-07-01 13:55 0 ----a-w- C:\FTP_Test(ZioN_is_King).txt
2009-07-01 13:55 . 2009-07-01 13:55 0 ----a-w- \FTP_Test(ZioN_is_King).txt
2009-07-01 10:38 . 2009-06-28 12:14 8 --sha-r- c:\documents and settings\All Users\ntuser.pol
2009-07-01 05:15 . 2004-08-04 11:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-01 05:14 . 2009-06-23 09:13 -------- d-----w- c:\windows\Cursors
2009-07-01 05:14 . 2009-06-23 09:13 -------- d-----w- c:\windows\Media
2009-06-30 17:02 . 2009-06-30 17:02 230 ----a-w- c:\windows\system32\spupdsvc.inf
2009-06-30 12:47 . 2009-06-30 12:47 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\ESET
2009-06-29 08:34 . 2009-06-29 08:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-06-29 06:06 . 2009-06-29 06:06 319488 ----a-w- c:\windows\HideWin.exe
2009-06-27 07:21 . 2009-06-27 07:12 -------- d-----w- c:\documents and settings\User1\Application Data\vlc
2009-06-27 06:18 . 2009-06-27 06:18 -------- d-----w- c:\windows\system32\KB905474
2009-06-26 07:15 . 2009-06-26 07:15 211402 ----a-w- c:\windows\system32\TZLog.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\AVAST\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-23 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\User1\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MessengerDiscovery 2\\MessengerDiscovery 2.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/07/2009 09:03 أبو سعد 114768]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 03:47 أبو سعد 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/05/2009 03:49 أبو سعد 94360]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/07/2009 09:03 أبو سعد 20560]
R2 ekrn;ESET Service;c:\windows\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 03:47 أبو سعد 731840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-28 c:\windows\Tasks\AF357C8691B6F36E.job
- c:\docume~1\user1\applic~1\chinfr~1\antitestenc.exe [2009-06-23 17:51]

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:57]

2009-06-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-27 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\pf5s4ksv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - plugin: c:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Java\jre1.6.0_07\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0_07\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0_07\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0_07\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0_07\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0_07\bin\npjpi160_07.dll
FF - plugin: c:\program files\Java\jre1.6.0_07\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-04 19:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-220523388-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4048)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST\aswUpdSv.exe
c:\program files\AVAST\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Bosco\slave.exe
.
**************************************************************************
.
Completion time: 2009-08-04 19:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 16:52

Pre-Run: 30,859,788,288 bytes free
Post-Run: 30,787,301,376 bytes free

265 --- E O F --- 2009-07-18 08:16
 
تأييد 0
طيب أخوي لااهنت ادخل هالموضوع وطبق الي فيه كله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : Al jNtEeL
تأييد 0
بـآرك الله فيك رآح الفايروس بفضل الله ثم بفضلك ياغالي
عندي استفسار بسيط هالحين بعض البرآمج وقفها الفايروس لا جيت احذف البرنامج تطلعلي ذي الصورة:

k456a64f422c.gif



ويعطيك الف عافية وبارك الله فيك
 
تأييد 0
وفيك بارك الحمد لله على زوال الفايروس

بالنسبة لمشكلتك الثانية >>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ان شاء الله تجد الحل
 
توقيع : Al jNtEeL
تأييد 0
كفـو يـآشنب والله شنب

تم حل المشكلة جزاك الله خير وبارك الله فيك

مـآأعرف وشلون أشكرك يالغالي

اكرر شكري مجددا

تم حل المشكلة بنجاح
 
تأييد 0
تسلم والله أخوي .. اللهم آمين وإياك وكل مسلم

الحمد لله يارب على حل مشكلتك .. نتشرف بمساعدتك

يغلق الموضوع لـ انتهاء المشكلة
 
توقيع : Al jNtEeL
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى