ثلاثة فايروسات ماقدرت أشيلها

  • بادئ الموضوع بادئ الموضوع brs10
  • تاريخ البدء تاريخ البدء
  • المشاهدات 886
B

brs10

زيزوومي جديد
إنضم
24 مارس 2009
المشاركات
77
مستوى التفاعل
3
النقاط
80
غير متصل
السلام عليكم ورحمة الله وبركاته

كيفكم اخواني الزيزومين

انا طلع عندي ثلاث فيروسات

وصلحة سكان بأداة كاسبر ريموف تولز

وماقدرت أحذفها وهذا تقرير الاداة

Scan
----
Scanned: 294918
Detected: 3
Untreated: 3
Start time: 25/05/1430 10:56:08 م
Duration: 01:02:50
Finish time: 25/05/1430 11:58:58 م

Detected
--------
Status Object
------ ------
detected: virus Net-Worm.Win32.Kido.ih File: H:\ARK44.tmp
detected: virus Net-Worm.Win32.Kido.ih File: I:\ARK45.tmp
detected: virus Net-Worm.Win32.Kido.ih File: J:\ARK46.tmp

Events
------
Time Name Status Reason
---- ---- ------ ------
25/05/1430 10:56:20 م Running module: SMSS.EXE\smss.exe ok scanned

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اولا
عطل برامج الحماية لديك

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
 بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
 انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثانيا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني
 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
الله يعطيك العافيه

هذا التقرير الأول

ComboFix 09-05-19.04 - USER 05/20/2009 1:04.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.447.200 [GMT 3:00]
Running from: c:\documents and settings\USER\سطح المكتب\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
H:\Autorun.inf . . . . failed to delete
I:\Autorun.inf . . . . failed to delete
J:\Autorun.inf . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.
2009-05-19 21:22 . 2009-05-19 21:22 -------- d-----w c:\program files\GVR
2009-05-19 19:55 . 2008-07-08 11:54 148496 ----a-w c:\windows\system32\drivers\52571040.sys
2009-05-19 13:45 . 2009-05-19 13:45 -------- d-sh--w C:\FOUND.012
2009-05-17 14:09 . 2009-05-17 14:09 -------- d-----w c:\program files\ProDM
2009-05-17 13:39 . 2009-05-17 13:39 -------- d-sh--w C:\FOUND.011
2009-05-16 17:57 . 2009-05-16 17:57 -------- d-sh--w C:\FOUND.010
2009-05-16 14:38 . 2009-05-16 14:38 -------- d-sh--w C:\FOUND.009
2009-05-14 23:21 . 2009-05-14 23:21 -------- d-sh--w C:\FOUND.008
2009-05-14 14:00 . 2009-05-14 14:00 -------- d-sh--w C:\FOUND.007
2009-05-13 22:46 . 2009-05-13 22:46 -------- d-sh--w C:\FOUND.006
2009-05-12 13:36 . 2009-05-12 13:37 -------- d-----w c:\documents and settings\USER\Local Settings\Application Data\HP
2009-05-06 22:11 . 2009-05-06 22:11 -------- d-----w c:\program files\IE Accelerator
2009-05-02 18:39 . 2009-05-02 18:39 -------- d-----w c:\program files\MSXML 4.0
2009-05-01 18:05 . 2009-05-01 18:05 -------- d-----w c:\documents and settings\USER\Application Data\HPAppData
2009-05-01 17:17 . 2009-05-01 17:17 -------- d-----w c:\documents and settings\USER\Application Data\HP
2009-05-01 17:00 . 2008-01-18 15:56 932 ------w c:\windows\hpomdl27.dat
2009-05-01 17:00 . 2007-11-08 14:52 271704 ----a-r c:\windows\system32\hpzids01.dll
2009-05-01 17:00 . 2007-10-20 15:25 117760 ----a-w c:\windows\system32\hpzll5mu.dll
2009-05-01 17:00 . 2007-10-30 09:25 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-05-01 17:00 . 2004-08-03 20:01 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-01 17:00 . 2004-08-03 20:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-01 17:00 . 2007-10-30 09:25 309760 ----a-r c:\windows\system32\difxapi.dll
2009-05-01 17:00 . 2007-10-30 09:25 372736 ----a-r c:\windows\system32\hppldcoi.dll
2009-05-01 17:00 . 2007-10-30 09:11 303104 ----a-r c:\windows\system32\hpovst15.dll
2009-05-01 17:00 . 2007-10-30 09:11 581632 ----a-r c:\windows\system32\hpotscl6.dll
2009-05-01 17:00 . 2007-10-30 09:11 729088 ----a-r c:\windows\system32\hpowiax7.dll
2009-05-01 17:00 . 2004-08-03 19:58 15104 ----a-w c:\windows\system32\dllcache\usbscan.sys
2009-05-01 17:00 . 2004-08-03 19:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-05-01 16:59 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-01 16:59 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-28 16:52 . 2009-05-19 22:07 38944 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-26 20:32 . 2009-04-26 20:32 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-25 07:54 . 2008-06-14 17:59 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-04-25 03:48 . 2008-07-09 07:34 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-25 03:48 . 2009-04-25 03:48 -------- d--h--w c:\windows\$hf_mig$
2009-04-24 11:03 . 2009-04-24 11:03 -------- d-----w c:\program files\HLPSOFT
2009-04-20 13:11 . 2009-04-20 13:11 -------- d-----w c:\documents and settings\USER\Application Data\JLC's Software
2009-04-20 13:11 . 2009-04-20 13:11 -------- d-----w c:\program files\JLC's Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 22:07 . 2009-04-28 16:52 3572 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-01 17:13 . 2009-05-01 17:00 173519 ----a-w c:\windows\hpoins27.dat
2009-05-01 17:03 . 2009-05-01 17:03 -------- d-----w c:\program files\Hewlett-Packard
2009-05-01 17:03 . 2009-05-01 17:03 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-05-01 17:03 . 2009-05-01 17:02 -------- d-----w c:\program files\Common Files\HP
2009-05-01 17:02 . 2009-05-01 17:02 -------- d-----w c:\program files\HP
2009-04-26 01:03 . 2001-09-19 11:00 58586 ----a-w c:\windows\system32\perfc001.dat
2009-04-26 01:03 . 2001-09-19 11:00 328222 ----a-w c:\windows\system32\perfh001.dat
2009-04-05 14:47 . 2009-04-05 14:46 -------- d-----w c:\program files\FreeCall.com
2009-03-30 18:26 . 2009-03-30 18:26 0 ----a-w c:\windows\nsreg.dat
2009-03-27 11:52 . 2009-03-27 11:52 -------- d-----w c:\program files\Internet Download Manager
2009-03-26 18:06 . 2009-03-26 18:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-25 21:12 . 2009-03-25 21:12 -------- d-----w c:\program files\Avira
2009-03-23 15:57 . 2009-03-23 15:57 -------- d-----w c:\program files\Globe7
2009-03-19 18:07 . 2009-03-19 18:07 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-06 14:44 . 2004-08-03 20:55 282624 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:29 . 2004-08-03 20:55 657920 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:29 . 2004-08-03 20:55 81920 ----a-w c:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2007-12-15 14:12 1547776 B0BACE02277B1979F22CE785536F651F c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-28_18.19.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-19 17:46 . 2007-10-19 17:46 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll
+ 2007-10-19 17:46 . 2007-10-19 17:46 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll
+ 2007-10-19 17:46 . 2007-10-19 17:46 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll
+ 2007-10-19 17:46 . 2007-10-19 17:46 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll
+ 2007-10-19 17:46 . 2007-10-19 17:46 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll
+ 2007-10-19 17:46 . 2007-10-19 17:46 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll
+ 2007-10-19 17:46 . 2007-10-19 17:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll
+ 2007-10-19 17:46 . 2007-10-19 17:46 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll
+ 2007-10-19 17:46 . 2007-10-19 17:46 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll
+ 2007-05-08 11:19 . 2007-05-08 11:19 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
+ 2007-05-08 11:19 . 2007-05-08 11:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2007-09-12 08:23 . 2007-09-12 08:23 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2008-09-30 13:45 . 2008-09-30 13:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-05-01 17:03 . 2009-05-01 17:03 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2007-10-31 11:45 . 2007-10-31 11:45 12288 c:\windows\Twunk_32.dll
+ 2007-10-31 11:45 . 2007-10-31 11:45 12288 c:\windows\Twunk_16.dll
+ 2009-05-01 17:00 . 2007-07-31 10:52 57344 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpuac5mu.dll
+ 2009-05-01 17:00 . 2007-07-31 10:52 57344 c:\windows\system32\spool\drivers\w32x86\3\hpuac5mu.dll
+ 2009-04-28 21:44 . 2006-07-23 09:44 27136 c:\windows\system32\ReinstallBackups\0009\DriverFiles\tapvpn.sys
+ 2007-09-11 07:45 . 2007-09-11 07:45 82432 c:\windows\system32\msxml4r.dll
+ 2006-11-08 13:35 . 2006-11-08 13:35 20480 c:\windows\system32\hpzisn12.dll
+ 2006-11-08 13:35 . 2006-11-08 13:35 29696 c:\windows\system32\hpzipt12.dll
+ 2006-11-08 13:35 . 2006-11-08 13:35 33280 c:\windows\system32\HPZipr12.dll
+ 2006-11-08 13:35 . 2006-11-08 13:35 53248 c:\windows\system32\HPZipm12.dll
+ 2006-11-08 13:35 . 2006-11-08 13:35 43520 c:\windows\system32\HPZinw12.dll
+ 2006-11-08 13:35 . 2006-11-08 13:35 49152 c:\windows\system32\HPZidr12.dll
+ 2009-05-01 17:00 . 2007-10-30 09:25 16800 c:\windows\system32\DRVSTORE\hpzius13_7EB5A3C53FCA2E1B45FC55214BA62EA11FFB20F5\drivers\dot4\WinxP\Hppaufd0.sys
+ 2009-05-01 17:00 . 2007-10-30 09:25 21568 c:\windows\system32\DRVSTORE\hpzius13_7EB5A3C53FCA2E1B45FC55214BA62EA11FFB20F5\drivers\dot4\Win2000\HPZius12.sys
+ 2009-05-01 17:00 . 2007-10-30 09:25 16496 c:\windows\system32\DRVSTORE\hpzius13_7EB5A3C53FCA2E1B45FC55214BA62EA11FFB20F5\drivers\dot4\Win2000\hpzipr12.sys
+ 2009-05-01 17:00 . 2007-10-30 09:25 49920 c:\windows\system32\DRVSTORE\hpzius13_7EB5A3C53FCA2E1B45FC55214BA62EA11FFB20F5\drivers\dot4\Win2000\hpzid412.sys
+ 2009-05-01 17:00 . 2007-10-30 09:25 16496 c:\windows\system32\DRVSTORE\hpzipr13_2BA7123A2B001C782F00BD878EE3E5AB9802BA28\drivers\dot4\Win2000\HPZipr12.sys
+ 2009-05-01 17:00 . 2007-10-30 09:25 21568 c:\windows\system32\DRVSTORE\hpzipa13_A7DBD9D5978C82F6DF51BD5B2874D5189981C606\drivers\dot4\Win2000\HPZius12.sys
+ 2009-05-01 17:00 . 2007-10-30 09:25 16496 c:\windows\system32\DRVSTORE\hpzipa13_A7DBD9D5978C82F6DF51BD5B2874D5189981C606\drivers\dot4\Win2000\HPzipr12.sys
+ 2009-05-01 17:00 . 2007-10-30 09:25 49920 c:\windows\system32\DRVSTORE\hpzipa13_A7DBD9D5978C82F6DF51BD5B2874D5189981C606\drivers\dot4\Win2000\HPZid412.sys
+ 2009-05-01 17:00 . 2007-10-30 09:25 49920 c:\windows\system32\DRVSTORE\hpzid413_F2DA46DE686A3E981420574C9735FC7A1D1CEC02\drivers\dot4\Win2000\HPZid412.sys
+ 2009-05-01 17:01 . 2007-10-30 09:25 16496 c:\windows\system32\drivers\HPZipr12.sys
+ 2009-05-01 17:01 . 2007-10-30 09:25 49920 c:\windows\system32\drivers\HPZid412.sys
+ 2003-03-18 16:05 . 2003-03-18 16:05 89088 c:\windows\system32\atl71.dll
+ 2009-05-01 17:05 . 2009-05-01 17:05 25214 c:\windows\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}\NewShortcut2_8CEA85DE955B4BF487F20BAA62821633.exe
+ 2009-05-01 17:05 . 2009-05-01 17:05 25214 c:\windows\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}\NewShortcut1_8CEA85DE955B4BF487F20BAA62821633.exe
+ 2009-05-01 17:05 . 2009-05-01 17:05 25214 c:\windows\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}\ARPPRODUCTICON.exe
+ 2009-05-01 17:04 . 2009-05-01 17:04 25214 c:\windows\Installer\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}\NewShortcut11.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe
+ 2009-05-01 17:04 . 2009-05-01 17:04 25214 c:\windows\Installer\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}\NewShortcut1.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe
+ 2009-05-02 18:39 . 2009-05-02 18:39 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-05-01 17:03 . 2009-05-01 17:04 65536 c:\windows\Installer\{5ACE69F0-A3E8-44eb-88C1-0A841E700180}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2009-05-01 17:05 . 2009-05-01 17:05 25214 c:\windows\Installer\{34BFB099-07B2-4E95-A673-7362D60866A2}\ARPPRODUCTICON.exe
+ 2009-05-01 17:04 . 2009-05-01 17:04 65536 c:\windows\Installer\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}\ARPPRODUCTICON.exe
+ 2006-01-18 14:50 . 2006-01-18 14:50 57344 c:\windows\Downloaded Program Files\IMSInfo.dll
+ 2007-05-08 11:19 . 2007-05-08 11:19 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2007-05-08 11:19 . 2007-05-08 11:19 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2007-05-08 11:19 . 2007-05-08 11:19 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2009-05-01 17:00 . 2007-10-20 15:21 278016 c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
+ 2009-05-01 17:00 . 2007-03-09 07:03 761344 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\UNIRES.DLL
+ 2009-05-01 17:00 . 2007-03-09 07:03 740864 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\UNIDRVUI.DLL
+ 2009-05-01 17:00 . 2007-03-09 07:03 372736 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\UNIDRV.DLL
+ 2009-05-01 17:00 . 2007-10-20 15:19 674816 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzss5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:21 854016 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzse5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:22 302592 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzpr5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:21 783872 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzle5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:22 790528 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzev5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:25 235008 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzc35mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:14 977920 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpz3c5mu.dll
+ 2009-05-01 17:00 . 2007-06-29 08:56 113664 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpfrs5mu.dll
+ 2009-05-01 17:00 . 2007-08-10 07:06 356352 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpfig5mu.dll
+ 2009-05-01 17:00 . 2007-06-29 08:55 326144 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpfie5mu.dll
+ 2009-05-01 17:00 . 2006-11-30 08:14 671816 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpcdmc32.dll
+ 2009-05-01 17:00 . 2007-03-09 07:03 761344 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2009-05-01 17:00 . 2007-03-09 07:03 740864 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2009-05-01 17:00 . 2007-03-09 07:03 372736 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2009-05-01 17:00 . 2007-10-20 15:19 674816 c:\windows\system32\spool\drivers\w32x86\3\hpzss5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:21 854016 c:\windows\system32\spool\drivers\w32x86\3\hpzse5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:22 302592 c:\windows\system32\spool\drivers\w32x86\3\hpzpr5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:21 783872 c:\windows\system32\spool\drivers\w32x86\3\hpzle5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:22 790528 c:\windows\system32\spool\drivers\w32x86\3\hpzev5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:25 235008 c:\windows\system32\spool\drivers\w32x86\3\hpzc35mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:14 977920 c:\windows\system32\spool\drivers\w32x86\3\hpz3c5mu.dll
+ 2009-05-01 17:00 . 2007-06-29 08:56 113664 c:\windows\system32\spool\drivers\w32x86\3\hpfrs5mu.dll
+ 2009-05-01 17:00 . 2007-08-10 07:06 356352 c:\windows\system32\spool\drivers\w32x86\3\hpfig5mu.dll
+ 2009-05-01 17:00 . 2007-06-29 08:55 326144 c:\windows\system32\spool\drivers\w32x86\3\hpfie5mu.dll
+ 2009-05-01 17:00 . 2006-11-30 08:14 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2007-10-19 17:37 . 2007-10-19 17:37 190072 c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
+ 2009-05-01 17:00 . 2007-10-30 09:25 282624 c:\windows\system32\DRVSTORE\hpzius13_7EB5A3C53FCA2E1B45FC55214BA62EA11FFB20F5\HPZc3212.dll
+ 2009-05-01 17:00 . 2007-10-30 09:25 372736 c:\windows\system32\DRVSTORE\hpzius13_7EB5A3C53FCA2E1B45FC55214BA62EA11FFB20F5\drivers\dot4\Win2000\hppldcoi.dll
+ 2009-05-01 17:00 . 2007-10-30 09:25 309760 c:\windows\system32\DRVSTORE\hpzius13_7EB5A3C53FCA2E1B45FC55214BA62EA11FFB20F5\drivers\dot4\Win2000\difxapi.dll
+ 2009-05-01 17:00 . 2007-10-30 09:25 282624 c:\windows\system32\DRVSTORE\hpzipa13_A7DBD9D5978C82F6DF51BD5B2874D5189981C606\HPZc3212.dll
+ 2009-05-01 17:00 . 2007-10-30 09:25 372736 c:\windows\system32\DRVSTORE\hpzipa13_A7DBD9D5978C82F6DF51BD5B2874D5189981C606\drivers\dot4\Win2000\hppldcoi.dll
+ 2009-05-01 17:00 . 2007-10-30 09:25 309760 c:\windows\system32\DRVSTORE\hpzipa13_A7DBD9D5978C82F6DF51BD5B2874D5189981C606\drivers\dot4\Win2000\difxapi.dll
+ 2009-05-01 17:00 . 2007-10-30 09:11 729088 c:\windows\system32\DRVSTORE\hpoF2200_s_ED3F22677072FC6142D86F46F93ED1B09FCAF22C\drivers\scanner\x32\hpowiax7.dll
+ 2009-05-01 17:00 . 2007-10-30 09:11 303104 c:\windows\system32\DRVSTORE\hpoF2200_s_ED3F22677072FC6142D86F46F93ED1B09FCAF22C\drivers\scanner\x32\hpovst15.dll
+ 2009-05-01 17:00 . 2007-10-21 16:45 229376 c:\windows\system32\DRVSTORE\hpoF2200_s_ED3F22677072FC6142D86F46F93ED1B09FCAF22C\drivers\scanner\x32\hpotsti1.dll
+ 2009-05-01 17:00 . 2007-10-30 09:11 581632 c:\windows\system32\DRVSTORE\hpoF2200_s_ED3F22677072FC6142D86F46F93ED1B09FCAF22C\drivers\scanner\x32\hpotscl6.dll
+ 2009-05-01 17:00 . 2007-10-30 09:25 372736 c:\windows\system32\DRVSTORE\hpoF2200_s_ED3F22677072FC6142D86F46F93ED1B09FCAF22C\drivers\dot4\Win2000\hppldcoi.dll
+ 2009-05-01 17:00 . 2007-10-30 09:25 309760 c:\windows\system32\DRVSTORE\hpoF2200_s_ED3F22677072FC6142D86F46F93ED1B09FCAF22C\drivers\dot4\Win2000\difxapi.dll
+ 2009-05-01 17:00 . 2007-11-08 14:52 271704 c:\windows\system32\DRVSTORE\hpF2200a_21060AE15D679CBAF97C26D4E680E8EF9799FDD8\hpzids01.dll
+ 2007-08-22 13:34 . 2007-08-22 13:34 287256 c:\windows\system32\AbaleZip.dll
+ 2009-05-01 17:04 . 2009-05-01 17:04 689456 c:\windows\Installer\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
+ 2007-05-08 11:19 . 2007-05-08 11:19 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2007-05-08 11:19 . 2007-05-08 11:19 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2008-09-30 13:42 . 2008-09-30 13:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2009-05-01 17:03 . 2009-05-01 17:03 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2009-05-01 17:00 . 2007-10-20 15:13 1176576 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzur5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:22 3354112 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzui5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:33 6312448 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzst5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:24 5193728 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpzla5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:25 1789440 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpz3r5mu.dll
+ 2009-05-01 17:00 . 2007-09-14 10:52 3019264 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f2200_seri87c7\hpbcfgre.dll
+ 2009-05-01 17:00 . 2007-10-20 15:13 1176576 c:\windows\system32\spool\drivers\w32x86\3\hpzur5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:22 3354112 c:\windows\system32\spool\drivers\w32x86\3\hpzui5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:33 6312448 c:\windows\system32\spool\drivers\w32x86\3\hpzst5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:24 5193728 c:\windows\system32\spool\drivers\w32x86\3\hpzla5mu.dll
+ 2009-05-01 17:00 . 2007-10-20 15:25 1789440 c:\windows\system32\spool\drivers\w32x86\3\hpz3r5mu.dll
+ 2009-05-01 17:00 . 2007-09-14 10:52 3019264 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2008-09-30 13:43 . 2008-09-30 13:43 1286152 c:\windows\system32\msxml4.dll
+ 2007-12-20 08:05 . 2007-12-20 08:05 1645320 c:\windows\system32\gdiplus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-03-27 2745776]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2008-09-01 9109296]
"AFProg"="c:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-07-23 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-30 185896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"IE Accelerator"="c:\progra~1\IEACCE~1\IEAccelerator.exe" [2009-03-30 284672]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-05-27 49152]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2004-06-07 143360]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-02 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\USER\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
is-S294C.lnk - c:\documents and settings\USER\«ل¥ ںéêè¢ \Virus Removal Tool\is-S294C\startup.exe [2009-5-19 65536]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-30 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-11 394856]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoWelcomeScreen"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSearch"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\AVGUARD.EXE"=
"c:\\Program Files\\CyberLink\\Shared files\\RichVideo.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Globe7\\Globe7.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 is-S294Cdrv;is-S294Cdrv;c:\windows\system32\drivers\52571040.sys [19/05/2009 10:55 م 148496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} - hxxp://75.126.0.68/imscp/talka.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\7n3sljv1.default\
FF - component: c:\documents and settings\USER\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-20 01:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e3,bd,63,df,52,b1,11,67,0e,51,5c,98,e3,26,36,6e,eb,77,42,98,87,
6f,fe,c3,21,19,c5,88,cb,bc,d9,e5,4a,84,ae,01,d0,b3,f5,45,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b441d10c-711f-49ca-859c-5058eaa2fc19}]
@Denied: (Full) (Everyone)
"Model"=dword:00000055
"Therad"=dword:00000007
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\program files\HOTSPOT SHIELD\BIN\OPENVPNAS.EXE
c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
c:\program files\IE ACCELERATOR\IEACCELERATOR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-05-19 1:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 22:10
ComboFix2.txt 2009-04-28 18:20
ComboFix3.txt 2009-03-26 17:55
Pre-Run: 20,000,833,536 bytes free
Post-Run: 20,223,000,576 bytes free
320 --- E O F --- 2009-05-02 18:39
 
تأييد 0
هذا التقري الثاني هايجك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:30 ص, on 20/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\IEACCE~1\IEAccelerator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\USER\سطح المكتب\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IE Accelerator] C:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-S294C.lnk = ?
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 7233 bytes
 
تأييد 0
من برنامج الهايجاك حدد القيم التالية واحذفها

O4 - HKLM\..\Run: [IE Accelerator] C:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto


O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



طريقة الحذف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




وبذلك تكون تمت عملية الحذف

بعدها حمل هذه الأدآة

استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثم تقرير هايجاك جديد بعد عمل المطلوب اعلاه
 
توقيع : السّاجد لله
تأييد 0
SmitFraudFix v2.416
Scan done at 1:39:01.98, Wed 05/20/2009
Run from I:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: محول VIA PCI 10/100Mb Fast Ethernet - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
Description: TAP VPN Adapter - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 10.6.160.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9F4421C6-E1A9-40D2-8BF6-3496F7FA1175}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D2BB01B7-BC5E-4F3F-8A84-029375C36160}: DhcpNameServer=10.6.160.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9F4421C6-E1A9-40D2-8BF6-3496F7FA1175}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D2BB01B7-BC5E-4F3F-8A84-029375C36160}: DhcpNameServer=10.6.160.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9F4421C6-E1A9-40D2-8BF6-3496F7FA1175}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D2BB01B7-BC5E-4F3F-8A84-029375C36160}: DhcpNameServer=10.6.160.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
تأييد 0
وهذا تقرير هايجك جديد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:44:13, on 20/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\USER\سطح المكتب\HiJackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-S294C.lnk = ?
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 6521 bytes
 
تأييد 0
كيف الاوضاع عندك يالغلااا ؟؟؟
 
توقيع : KoNaMi
تأييد 0
الان كل شي تمام كيف الوضع عندك اخوي ؟؟؟؟؟؟؟
 
توقيع : السّاجد لله
تأييد 0
الأوضاع تمام الله يعطيكم العافيه يااخواني الغالين

ومشكورين على اهتمامكم
 
تأييد 0
Autorun.inf ههه الحمد لله انتهت مشكلتك كمان انحدف الاوترون عندك
 
توقيع : format
تأييد 0
الحمدالله انتهت المشكلة

ومشكور اخوي على اهتمامك
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى