مشكلة الd مايفتح ويطلع رسائل عند فتح الجهاز مع التقرير

  • بادئ الموضوع بادئ الموضوع myHp
  • تاريخ البدء تاريخ البدء
  • المشاهدات 992
M

myHp

زيزوومي نشيط
إنضم
18 أبريل 2008
المشاركات
107
مستوى التفاعل
1
النقاط
120
الإقامة
Saudi Arabia
غير متصل
المشكلة باختصار : جهازي DELL ويطلع رسائل عند فتح الجهاز
وعند فتح الD يقوول Can not find script file " D:\winfile.jpg".
ولايمكن فتحه إلا إذا ضغطت باليمين ثم قلت" فتح"

وعنوان الرسالة فوق : Windows script Host
ياليت تساعدوني على الحل ...؟؟؟
وهذا التقرير يالنشامى :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:56 PM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Explorer =~-.
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\flap build.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\win.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Load comp] C:\DOCUME~1\master\APPLIC~1\CLOSEI~1\BowsPlan.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
--
End of file - 8833 bytes
 

توقيع : myHp
ترتيب حسب التاريخ ترتيب حسب الأصوات
قم بحذف هذه القيمة :

O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg

طريقة الحذف



mg%20%283%29.png





mg%20%284%29.png



بعدها

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم



عطل برنامج الحمايه واستخدم اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png


005.png

ثم قم بعمل تقرير هايجاك جديد
 
التعديل الأخير بواسطة المشرف:
توقيع : king_man
تأييد 0
قم بحذف التالى
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll

O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll

O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll

O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\flap build.exe

O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\win.exe

O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg

O4 - HKCU\..\Run: [Load comp] C:\DOCUME~1\master\APPLIC~1\CLOSEI~1\BowsPlan.exe

واعطنى نتيجة
 
تأييد 0
ugugx قال:
قم بحذف التالى
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll

O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll

O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll

O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\flap build.exe

O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\win.exe

O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg

O4 - HKCU\..\Run: [Load comp] C:\DOCUME~1\master\APPLIC~1\CLOSEI~1\BowsPlan.exe

واعطنى نتيجة
أنقر للتوسيع...

لا تحذف هذه القيم لانها ليست فيها مشاكل ولو حذفتها ممكن تاثر على الويندوز :b:

فقط احذف هذه القيمة :


O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
 
توقيع : king_man
تأييد 0
king_man قال:
لا تحذف هذه القيم لانها ليست فيها مشاكل ولو حذفتها ممكن تاثر على الويندوز :b:

فقط احذف هذه القيمة :


O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
أنقر للتوسيع...
:q:
 
تأييد 0
هذا التقرير الأول : combofix
ComboFix 09-06-08.05 - master 06/09/2009 21:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1014.646 [GMT 3:00]
Running from: c:\documents and settings\master\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Bifrost
c:\program files\Bifrost\logg.dat
c:\windows\system32\systeminfo.dll
c:\windows\system32\winitn.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.
2009-06-09 18:16 . 2009-06-09 18:16 -------- d-----w- c:\windows\LastGood
2009-06-09 18:16 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-09 18:16 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-09 18:16 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-09 18:16 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-09 18:16 . 2009-06-09 18:16 -------- d-----w- c:\program files\Avira
2009-06-09 18:16 . 2009-06-09 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-09 17:09 . 2009-06-09 17:09 -------- d-----w- c:\program files\Trend Micro
2009-06-05 15:31 . 2009-06-05 15:31 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-05 15:31 . 2009-06-09 18:09 -------- d-----w- c:\program files\Google
2009-06-05 15:16 . 2009-06-05 15:16 -------- d-----w- c:\windows\system32\DRM
2009-06-01 16:38 . 2009-06-01 16:38 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-01 16:37 . 2009-06-01 16:38 -------- d-----w- c:\program files\Common Files\HP
2009-06-01 16:35 . 2009-06-01 16:35 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-01 16:31 . 2009-06-01 16:51 127415 ----a-w- c:\windows\hpoins11.dat
2009-06-01 16:12 . 2009-06-01 16:14 103902 ----a-w- c:\windows\hpqins05.dat
2009-06-01 16:11 . 2009-06-01 16:17 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-30 10:53 . 2009-05-30 10:58 -------- d-----w- c:\program files\WinAVI Video Capture
2009-05-30 10:52 . 2009-05-30 11:06 -------- d-----w- c:\program files\PHPNukeEN
2009-05-30 10:52 . 2009-05-30 11:06 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\PHPNukeEN
2009-05-30 10:52 . 2009-05-30 10:52 -------- d-----w- c:\program files\Conduit
2009-05-30 10:52 . 2009-05-30 10:52 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Conduit
2009-05-30 10:40 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-30 10:40 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-29 16:23 . 2009-05-29 16:23 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\IsolatedStorage
2009-05-29 16:22 . 2009-05-29 16:22 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\HP
2009-05-29 16:22 . 2009-06-09 18:12 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\ApplicationHistory
2009-05-29 16:22 . 2009-05-29 16:22 129 ----a-w- c:\documents and settings\master\Local Settings\Application Data\fusioncache.dat
2009-05-29 16:12 . 2009-05-29 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-05-29 16:10 . 2009-05-29 16:10 -------- d-----w- c:\windows\system32\URTTemp
2009-05-29 15:59 . 2009-05-29 20:48 -------- d-----w- c:\documents and settings\master\Application Data\Image Zone Express
2009-05-29 15:58 . 2009-06-01 16:45 -------- d-----w- c:\documents and settings\master\Application Data\HP
2009-05-29 15:46 . 2009-05-29 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-05-29 15:42 . 2009-05-29 15:42 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-29 15:42 . 2006-04-13 01:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-05-29 15:42 . 2006-04-13 01:04 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-05-29 15:41 . 2006-04-10 11:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2009-05-29 15:41 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2009-05-29 15:41 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-29 15:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-29 15:40 . 2006-03-03 18:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-05-29 15:40 . 2006-03-03 18:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-05-29 15:40 . 2006-03-03 18:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-05-29 15:40 . 2007-08-09 07:27 73728 ------w- c:\windows\system32\HPZipm12.exe
2009-05-29 15:40 . 2006-03-03 18:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-05-29 15:40 . 2006-03-03 18:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-05-29 15:40 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-05-29 15:39 . 2009-06-01 16:41 -------- d-----w- c:\program files\HP
2009-05-29 15:39 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-05-29 15:39 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-29 14:48 . 2009-06-04 13:19 -------- d-----w- c:\documents and settings\master\Tracing
2009-05-29 14:41 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-05-29 14:41 . 2009-05-29 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-29 14:40 . 2009-05-29 14:40 -------- d-----w- c:\program files\Microsoft
2009-05-29 14:40 . 2009-05-29 14:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-29 14:27 . 2009-05-29 14:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-29 14:18 . 2009-05-29 14:18 -------- d-----w- c:\windows\system32\scripting
2009-05-29 14:18 . 2009-05-29 14:18 -------- d-----w- c:\windows\l2schemas
2009-05-29 14:18 . 2009-05-29 14:18 -------- d-----w- c:\windows\system32\en
2009-05-29 14:18 . 2009-05-29 14:18 -------- d-----w- c:\windows\system32\bits
2009-05-29 14:16 . 2009-05-29 14:19 -------- d-----w- c:\windows\ServicePackFiles
2009-05-29 13:40 . 2004-08-03 19:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-05-29 13:19 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-05-29 13:19 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-05-29 13:17 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-05-29 13:17 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-29 13:17 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-05-29 13:17 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-29 13:17 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-05-29 13:17 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-05-29 13:17 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-29 13:17 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-05-29 13:17 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-05-29 13:17 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-29 13:17 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-29 13:17 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-29 13:13 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-05-29 13:13 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-29 13:12 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-05-29 12:46 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-05-29 12:46 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-05-29 12:46 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-29 12:46 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-05-29 12:26 . 2008-07-09 07:38 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-29 12:26 . 2009-05-29 14:27 -------- d--h--w- c:\windows\$hf_mig$
2009-05-29 12:11 . 2009-06-03 12:50 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\WinAVI
2009-05-29 12:11 . 2009-05-29 12:11 -------- d-----w- c:\documents and settings\master\Application Data\WinAVI
2009-05-29 12:11 . 2009-06-03 12:50 -------- d-----w- c:\program files\WinAVI FLV Converter
2009-05-29 12:02 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-28 21:27 . 2009-05-29 13:36 -------- d-----w- c:\documents and settings\master\Contacts
2009-05-28 19:58 . 2009-05-28 19:58 -------- d-----w- c:\windows\system32\LogFiles
2009-05-28 14:40 . 2009-05-31 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-28 06:53 . 2009-05-28 06:53 -------- d-----w- c:\documents and settings\master\Application Data\U3
2009-05-28 04:15 . 2009-05-28 04:15 -------- d-s---w- c:\documents and settings\master\UserData
2009-05-28 03:47 . 2009-05-28 03:47 -------- d-----w- c:\windows\speech
2009-05-28 03:47 . 2009-06-07 18:19 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-28 03:47 . 2009-05-28 03:47 172032 ------w- c:\windows\Setup1.exe
2009-05-28 03:47 . 2009-05-28 03:47 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-28 03:16 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-05-28 03:15 . 2009-05-28 03:15 -------- d-----w- c:\program files\Microsoft Works
2009-05-28 03:15 . 2009-05-28 03:15 -------- d-----w- c:\program files\MSBuild
2009-05-28 03:08 . 2009-05-28 03:14 -------- d-----w- c:\windows\SHELLNEW
2009-05-28 03:08 . 2009-05-28 03:08 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Microsoft Help
2009-05-28 03:08 . 2009-06-03 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-28 03:07 . 2009-05-28 03:07 -------- d--h--r- C:\MSOCache
2009-05-28 03:05 . 2004-03-02 23:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-05-28 03:05 . 2004-03-02 23:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-05-28 03:05 . 2000-06-26 17:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-05-28 03:05 . 2009-05-28 03:05 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-28 03:05 . 2004-07-26 23:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-05-28 03:05 . 2004-07-26 23:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-05-28 03:05 . 2004-07-26 23:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-05-28 03:05 . 2004-07-26 23:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-05-28 03:05 . 2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-05-28 03:04 . 2009-05-28 03:05 -------- d-----w- c:\program files\Ahead
2009-05-28 03:03 . 2009-05-28 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Admin Inter 1 Mags
2009-05-28 03:02 . 2009-05-28 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-28 03:02 . 2009-05-29 07:48 -------- d-----w- c:\documents and settings\master\Application Data\CloseInternet
2009-05-28 03:02 . 2009-05-28 03:02 -------- d-----w- c:\program files\Yahoo!
2009-05-28 03:02 . 2009-05-28 03:02 -------- d-----w- c:\program files\CloseInternet
2009-05-28 03:02 . 2009-05-29 07:52 -------- d-----w- c:\program files\Adverts
2009-05-28 03:02 . 2009-05-29 14:41 -------- d-----w- c:\program files\Windows Live
2009-05-28 03:02 . 2009-05-29 14:53 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-28 03:00 . 2009-05-31 15:53 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 15:31 . 2009-05-28 02:53 -------- d-----w- c:\program files\Common Files\Real
2009-06-05 15:31 . 2009-05-28 02:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-01 16:44 . 2009-05-28 02:22 104200 ----a-w- c:\documents and settings\master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 16:00 . 2009-05-28 02:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-29 14:20 . 2009-05-28 02:13 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-28 02:59 . 2009-05-28 02:59 390664 ----a-w- c:\documents and settings\master\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-28 02:58 . 2009-05-28 02:58 -------- d-----w- c:\program files\GRETECH
2009-05-28 02:57 . 2009-05-28 02:57 -------- d-----w- c:\program files\DVD X Studios
2009-05-28 02:56 . 2009-05-28 02:56 79360 ----a-w- c:\windows\system32\realmrec.dll
2009-05-28 02:56 . 2009-05-28 02:56 72704 ----a-w- c:\windows\system32\in_tara.dll
2009-05-28 02:56 . 2009-05-28 02:56 70144 ----a-w- c:\windows\system32\in_cdda.dll
2009-05-28 02:56 . 2009-05-28 02:56 226816 ----a-w- c:\windows\system32\in_vorbis.dll
2009-05-28 02:56 . 2009-05-28 02:56 15360 ----a-w- c:\windows\system32\out_disk.dll
2009-05-28 02:56 . 2009-05-28 02:56 13824 ----a-w- c:\windows\system32\out_wave.dll
2009-05-28 02:56 . 2009-05-28 02:56 102400 ----a-w- c:\windows\system32\in_wm.dll
2009-05-28 02:56 . 2009-05-28 02:56 -------- d-----w- c:\program files\Real_SC
2009-05-28 02:56 . 2009-05-28 02:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-28 02:56 . 2009-05-28 02:55 -------- d-----w- c:\program files\mpegable
2009-05-28 02:55 . 2009-05-28 02:55 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-28 02:55 . 2009-05-28 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-28 02:55 . 2009-05-28 02:55 -------- d-----w- c:\program files\CyberLink
2009-05-28 02:55 . 2009-05-28 02:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-28 02:53 . 2009-05-28 02:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-28 02:53 . 2009-05-28 02:53 -------- d-----w- c:\program files\Real
2009-05-28 02:50 . 2009-05-28 02:50 2232 ----a-w- c:\windows\java\Packages\Data\DNXZZXVP.DAT
2009-05-28 02:50 . 2009-05-28 02:50 155995 ----a-w- c:\windows\java\Packages\42B1Z5BL.ZIP
2009-05-28 02:49 . 2009-05-28 02:49 2678 ----a-w- c:\windows\java\Packages\Data\J9F5RHV7.DAT
2009-05-28 02:49 . 2009-05-28 02:49 2678 ----a-w- c:\windows\java\Packages\Data\WISP35JF.DAT
2009-05-28 02:49 . 2009-05-28 02:49 2678 ----a-w- c:\windows\java\Packages\Data\E9JNTRNX.DAT
2009-05-28 02:49 . 2009-05-28 02:49 2678 ----a-w- c:\windows\java\Packages\Data\5ZB5B9FT.DAT
2009-05-28 02:49 . 2009-05-28 02:49 2678 ----a-w- c:\windows\java\Packages\Data\BT3J5NLZ.DAT
2009-05-28 02:44 . 2009-05-28 02:44 -------- d-----w- c:\program files\WIDCOMM
2009-05-28 02:43 . 2009-05-28 02:43 -------- d-----w- c:\program files\Dell
2009-05-28 02:42 . 2009-05-28 02:42 -------- d-----w- c:\documents and settings\master\Application Data\InstallShield
2009-05-28 02:41 . 2009-05-28 02:41 -------- d-----w- c:\program files\CONEXANT
2009-05-28 02:35 . 2009-05-28 02:35 -------- d-----w- c:\program files\SigmaTel
2009-05-28 02:35 . 2009-05-28 02:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-28 02:35 . 2009-05-28 02:35 -------- d-----w- c:\program files\DIFX
2009-05-28 02:34 . 2009-05-28 02:34 -------- d-----w- c:\program files\Synaptics
2009-05-28 02:14 . 2009-05-28 02:14 -------- d-----w- c:\program files\microsoft frontpage
2009-05-28 02:10 . 2009-05-28 02:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-02-16 12:44 1882136 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-02 4670968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-15 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-05 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\master\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-18 568176]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09/06/2009 09:16 م 108289]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [28/05/2009 05:39 ص 108032]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{78EF1590-7028-A203-A4B3-EC3C46DF8542}]
sc:\documents and settings\master\Application Data\\server.exe s
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Load comp - c:\docume~1\master\APPLIC~1\CLOSEI~1\BowsPlan.exe
HKLM-Run-1 mags 16 more - c:\documents and settings\All Users\Application Data\Admin Inter 1 Mags\flap build.exe
HKLM-Run-regdiit - c:\windows\system32\win.exe
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\WinAVI FLV Converter\FLVTune.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-09 21:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-09 21:26
ComboFix-quarantined-files.txt 2009-06-09 18:26
Pre-Run: 68,935,421,952 bytes free
Post-Run: 69,650,341,888 bytes free
297 --- E O F --- 2009-05-29 14:00
 
توقيع : myHp
تأييد 0
هذا التقرير الثاني:
SmitFraudFix v2.419
Scan done at 21:50:36.25, Tue 06/09/2009
Run from C:\Documents and Settings\master\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BD9431B-9E7F-4B05-8FA8-B85689228D20}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BD9431B-9E7F-4B05-8FA8-B85689228D20}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BD9431B-9E7F-4B05-8FA8-B85689228D20}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

التقرير الاخير هايجاك:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:34, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
--
End of file - 7382 bytes


 
توقيع : myHp
تأييد 0
نتيجة :q:
7
7
7
7
7
7
7
7
7
7
7
7
7
7:no:
 
تأييد 0
نتيجة :q:
7
7
7
7
7
7
7
7
7
7
7
7
7
7
:no:
 
تأييد 0
أشكركم يا أخوان
المشكلة في الــــD انحلت....الحمد لله
بقي هذه الرسالة في بداية تشغيل الوندوز؟؟
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : myHp
تأييد 0
تأييد 0
يرجى اصلاح هذه القيم عن طريق برنامج hijackthis و ان شاء الله لن تعود الرساله للظهور عند بدء التشغيل :

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe


ايضا يمكنك حذف هذه القيم من قائمة بدء التشغيل فهي غير مفيدة في الاقلاع وقد تسبب بطء في بدء الاقلاع :

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


ملاحظة :
للاصلاح عن طريق hijackthis اولا نختار do a system scan only وذلك عند تشغيل البرنامج
ثم قم بوضع اشارة صح بجوار القيم الواجب اصلاحها ثم اضغط زر Fix checked الموجود بالاسفل
 
تأييد 0
ghanoom قال:
يرجى اصلاح هذه القيم عن طريق برنامج hijackthis و ان شاء الله لن تعود الرساله للظهور عند بدء التشغيل :

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe


ايضا يمكنك حذف هذه القيم من قائمة بدء التشغيل فهي غير مفيدة في الاقلاع وقد تسبب بطء في بدء الاقلاع :

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


ملاحظة :
للاصلاح عن طريق hijackthis اولا نختار do a system scan only وذلك عند تشغيل البرنامج
ثم قم بوضع اشارة صح بجوار القيم الواجب اصلاحها ثم اضغط زر Fix checked الموجود بالاسفل
أنقر للتوسيع...

:ok:

 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى