فايروس اخفى لي الاقراص الموجوده

غ

غرووورانثى

زيزوومى مميز
إنضم
27 أكتوبر 2007
المشاركات
562
مستوى التفاعل
8
النقاط
520
الإقامة
الشرقيه
غير متصل
السلام عليكم ورحمه الله وبركاته


صادفتني مشكله يااعضاء زيزووم ركبت يوم اس بي في الجهاز ومن بعدها ماقدرت ادخل

على الاقراص E & D ويقول فتح بأستخدااااام :no: مثل مافي هذي الصوره اتمنى تفيدوني

يااهل الخبرااااااتـ ....

zyzoom-1b20db5635.jpg
 

توقيع : غرووورانثى
ترتيب حسب التاريخ ترتيب حسب الأصوات
هذا فايروس الأوتورن ,, مافيه غيره


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
اووك ,, خذي راحتك
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
ComboFix 08-10-11.02 - Administrator 10/12/2008 16:09:45.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.80 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\سطح المكتب\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 12:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
2008-10-12 12:40 --------- d-----w C:\Program Files\DIFX
2008-10-12 12:39 --------- d-----w C:\Program Files\Nokia
2008-10-12 12:39 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-10-12 12:39 --------- d-----w C:\Program Files\Common Files\Nokia
2008-10-12 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-10-12 12:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-10-12 12:35 --------- d-----w C:\Program Files\Texas Instruments Inc
2008-10-12 12:34 --------- d-----w C:\Program Files\HPQ
2008-10-12 12:33 --------- d-----w C:\Program Files\Synaptics
2008-10-12 12:31 --------- d-----w C:\Program Files\Intel
2008-10-12 12:29 --------- d-----w C:\Program Files\Analog Devices
2008-10-12 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-12 12:28 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-12 12:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-12 12:27 --------- d-----w C:\Program Files\Broadcom
2008-10-12 12:16 --------- d-----w C:\Program Files\Windows Live
2008-10-12 12:08 --------- d-----w C:\Program Files\Real Alternative
2008-10-12 12:08 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-12 11:59 --------- d-----w C:\Program Files\Avira
2008-10-12 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-10-12 11:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-10-12 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-12 09:45 52,195 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-10-12 09:45 5,997 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-12 09:45 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-10-12 09:34 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-12 09:34 --------- d-----w C:\Program Files\MSBuild
2008-10-12 09:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-12 09:26 --------- d-----w C:\Program Files\Utilities
2008-10-12 09:26 --------- d-----w C:\Program Files\Unlocker
2008-10-12 09:26 --------- d-----w C:\Program Files\TaskSwitchXP
2008-10-12 09:26 --------- d-----w C:\Program Files\Attribute Changer
2008-09-12 14:08 1,393,664 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-09-11 23:55 949,520 ----a-w C:\WINDOWS\system32\calc.exe
2008-09-11 21:04 86,073 ----a-w C:\WINDOWS\system32\usrfaxa.dll
2008-09-11 20:59 124,928 ----a-w C:\WINDOWS\system32\drivers\ulsata2.sys
2008-09-11 20:58 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-09-11 20:58 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-09-11 20:58 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-09-11 20:58 139,264 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-09-11 20:58 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-09-11 20:58 1,286,144 ----a-w C:\WINDOWS\system32\quartz.dll
2008-09-11 20:56 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
2008-09-11 20:55 98,304 ----a-w C:\WINDOWS\system32\makecab.exe
2008-09-11 20:46 1,571,328 ----a-w C:\WINDOWS\system32\sfcfiles.dll
2008-09-11 20:37 1,244,672 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-09-09 18:28 11,651,072 ----a-w C:\WINDOWS\system32\logonui.exe
2008-07-30 00:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-30 00:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-30 00:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 23:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 22:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 22:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 22:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 22:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 22:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 22:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 22:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 14:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 14:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 14:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 14:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
.

------- Sigcheck -------

08/13/2007 06:54 PM 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\system32\wininet.dll
08/13/2007 06:54 PM 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\system32\dllcache\wininet.dll
04/15/2008 03:00 PM 664576 699b4dbfba7d4201d67c521e5df0670d C:\WINDOWS\ie7\wininet.dll

07/08/2008 02:09 AM 2330368 e55c4af28cb524e1bcf37eeebcf86273 C:\WINDOWS\system32\ntoskrnl.exe

04/15/2008 12:00 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\explorer.exe

04/15/2008 03:00 PM 100352 70d82b81c0157cf4579b1ada9a9551b0 C:\WINDOWS\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/15/2008 12:00 PM 15360]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [08/05/2006 02:29 AM 62976]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/12/2008 03:21 PM 5728112]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/27/2006 04:21 PM 1449984]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunGCW"="C:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.EXE" [06/09/2006 10:33 AM 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerTweak Menu"="C:\WINDOWS\system32\mmm.exe" [07/05/2005 02:34 PM 828416]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 11:19 AM 15872]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 02:28 PM 266497]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 09:11 AM 925696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/31/2006 04:01 PM 761946]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/02/2006 03:39 PM 131072]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2006 10:09 AM 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2006 10:06 AM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/06/2006 10:10 AM 118784]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [06/15/2006 12:36 PM 229376]
"AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 03:00 PM 88203 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/15/2008 12:00 PM 15360]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [08/05/2006 02:29 AM 62976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [08/13/2007 06:39 PM 123904 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\Administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 ulsata2;ulsata2;C:\WINDOWS\system32\drivers\ulsata2.sys [09/11/2008 11:59 PM 124928]
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [05/07/2008 02:20 PM 71592]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [07/11/2008 12:23 PM 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [06/12/2008 02:59 PM 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [05/09/2008 01:22 PM 41217]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [05/07/2008 10:51 AM 71464]
S2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe [05/16/2008 10:19 AM 344321]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{300379b8-9857-11dd-adb6-806d6172696f}]
\Shell\AutoRun\command - cm.com
\Shell\explore\Command - cm.com
\Shell\open\Command - cm.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{300379b9-9857-11dd-adb6-806d6172696f}]
\Shell\AutoRun\command - cm.com
\Shell\explore\Command - cm.com
\Shell\open\Command - cm.com

*Newly Created Service* - ANTIVIRFIREWALLSERVICE
*Newly Created Service* - ANTIVIRMAILSERVICE
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - ANTIVIRWEBSERVICE
*Newly Created Service* - AVESERVICE
*Newly Created Service* - AVFWOT
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - HPQWMIEX
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SERVICELAYER
*Newly Created Service* - SSMDRV
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fpq9dcdy.default\
.
.
------- File Associations -------
.
inffile=C:\WINDOWS\system32\Notepad2.exe %1
inifile=C:\WINDOWS\system32\Notepad2.exe %1
txtfile=C:\WINDOWS\system32\Notepad2.exe %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-12 16:14:22
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 10/12/2008 16:14:56
ComboFix-quarantined-files.txt 2008-10-12 13:14:54

Pre-Run: 15,908,552,704 bytes free
Post-Run: 15,925,510,144 bytes free

196
 
توقيع : غرووورانثى
تأييد 0
الحمد لله انحلت المشكله بمجرد مانصبت البرنامج الاحمر

يعطيك الف عافيه اخوووي مشكور والله جزاك الله خير
 
توقيع : غرووورانثى
تأييد 0
وياك يارب
بالتوفيق
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى