هل يمكن لاحد الخبراء ان يحلل هذا التقرير من combofix

[اشرف الالفي]

ComboFix 09-04-30.05 - Zoomy 05/01/2009 16:59.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.1013.651 [GMT 3:00]
Running from: d:\للصيانة\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows.0\system32\404Fix.exe
c:\windows.0\system32\Agent.OMZ.Fix.exe
c:\windows.0\system32\dumphive.exe
c:\windows.0\system32\IEDFix.C.exe
c:\windows.0\system32\IEDFix.exe
c:\windows.0\system32\kakle.dll
c:\windows.0\system32\o4Patch.exe
c:\windows.0\system32\Process.exe
c:\windows.0\system32\SrchSTS.exe
c:\windows.0\system32\tmp.reg
c:\windows.0\system32\VACFix.exe
c:\windows.0\system32\VCCLSID.exe
c:\windows.0\system32\WS2Fix.exe
c:\windows.0\system32\x64
.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.
2009-05-01 13:50 . 2009-05-01 13:50 -------- d-----w c:\documents and settings\Zoomy\Application Data\Avira
2009-05-01 13:24 . 2009-05-01 13:24 -------- d-----w c:\windows.0\LastGood
2009-05-01 13:24 . 2009-05-01 13:24 -------- d-----w c:\documents and settings\Zoomy\Application Data\ProcessLasso
2009-05-01 13:24 . 2009-05-01 13:24 -------- d-----w c:\program files\Process Lasso
2009-05-01 13:22 . 2009-05-01 13:22 -------- d-----w c:\program files\cFosSpeed
2009-05-01 12:11 . 2009-05-01 12:11 -------- d-----w c:\windows.0\ShellNew
2009-05-01 00:14 . 2009-05-01 00:14 -------- d-----w c:\program files\MSXML 4.0
2009-04-30 21:41 . 2009-04-30 21:41 -------- d-----w c:\documents and settings\XPPRESP3\Application Data\URSoft
2009-04-30 20:11 . 2004-08-04 00:56 153088 ----a-w c:\windows.0\system32\TRIEDIT.DLL
2009-04-30 20:11 . 1998-06-23 11:59 376304 ----a-w c:\windows.0\system32\DTCRT.DLL
2009-04-30 20:10 . 2009-04-30 20:10 -------- d-----w c:\program files\Arabic2
2009-04-30 18:18 . 2009-04-30 18:18 -------- d-----w c:\documents and settings\Zoomy\Local Settings\Application Data\Ahead
2009-04-30 17:13 . 2009-04-30 17:13 40960 ----a-w c:\windows.0\system32\SSubTmr6.dll
2009-04-30 17:13 . 2009-04-30 17:13 -------- d-----w c:\program files\arabic2regclean
2009-04-30 17:04 . 2009-04-30 17:04 -------- d-----w c:\documents and settings\Zoomy\Application Data\URSoft
2009-04-30 17:04 . 2009-04-30 17:04 -------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP
2009-04-30 17:03 . 2009-04-30 17:03 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-30 16:39 . 2009-04-30 16:39 -------- d-----w c:\documents and settings\Zoomy\Application Data\CyberScrub
2009-04-30 16:39 . 2009-04-30 16:39 -------- d-----w c:\documents and settings\Zoomy\Application Data\cleaner
2009-04-30 16:06 . 2009-04-30 16:06 -------- d-----w c:\documents and settings\Zoomy\Application Data\TeraCopy
2009-04-30 15:01 . 2009-04-30 15:01 -------- d-----w c:\documents and settings\Zoomy\Application Data\Uniblue
2009-04-30 14:56 . 2009-04-30 14:56 -------- d--h--w c:\documents and settings\All Users.WINDOWS.0\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-30 13:46 . 2009-04-30 13:46 -------- d-----w c:\documents and settings\Zoomy\Local Settings\Application Data\Help
2009-04-30 13:45 . 1997-12-16 23:33 304128 ----a-w c:\windows.0\IsUninst.exe
2009-04-30 13:45 . 2009-04-30 13:45 -------- d-----w c:\documents and settings\Zoomy\WINDOWS
2009-04-30 07:09 . 2009-04-30 07:09 -------- d-----w c:\program files\Common Files\xing shared
2009-04-30 07:09 . 2009-04-30 07:09 -------- d-----w c:\program files\Common Files\Real
2009-04-30 07:09 . 2009-04-30 07:09 -------- d-----w c:\program files\Real
2009-04-29 12:06 . 2009-04-29 12:06 -------- d--h--w c:\windows.0\$hf_mig$
2009-04-29 11:51 . 2009-02-03 18:59 56832 ------w c:\windows.0\system32\dllcache\secur32.dll
2009-04-29 11:50 . 2009-02-20 17:09 63488 ------w c:\windows.0\system32\dllcache\icardie.dll
2009-04-29 11:50 . 2009-02-20 17:09 102912 ------w c:\windows.0\system32\dllcache\occache.dll
2009-04-29 11:50 . 2009-02-20 17:09 268288 ------w c:\windows.0\system32\dllcache\iertutil.dll
2009-04-29 11:50 . 2009-02-20 17:09 52224 ------w c:\windows.0\system32\dllcache\msfeedsbs.dll
2009-04-29 11:50 . 2009-02-20 09:24 13824 ------w c:\windows.0\system32\dllcache\ieudinit.exe
2009-04-29 11:50 . 2009-02-20 17:09 44544 ------w c:\windows.0\system32\dllcache\pngfilt.dll
2009-04-29 11:50 . 2009-02-20 17:09 459264 ------w c:\windows.0\system32\dllcache\msfeeds.dll
2009-04-29 11:50 . 2008-07-09 13:25 2455488 ------w c:\windows.0\system32\dllcache\ieapfltr.dat
2009-04-29 11:50 . 2009-02-20 17:09 380928 ------w c:\windows.0\system32\dllcache\ieapfltr.dll
2009-04-29 11:50 . 2009-02-20 17:09 233472 ------w c:\windows.0\system32\dllcache\webcheck.dll
2009-04-29 11:50 . 2009-02-20 17:09 6068736 ------w c:\windows.0\system32\dllcache\ieframe.dll
2009-04-29 11:49 . 2008-06-12 13:23 91648 ------w c:\windows.0\system32\dllcache\mtxoci.dll
2009-04-29 11:49 . 2008-06-12 13:23 66560 ------w c:\windows.0\system32\dllcache\mtxclu.dll
2009-04-29 11:49 . 2008-06-17 18:04 8461824 ------w c:\windows.0\system32\dllcache\shell32.dll
2009-04-29 11:49 . 2009-02-09 10:08 1847552 ------w c:\windows.0\system32\dllcache\win32k.sys
2009-04-29 11:49 . 2008-09-10 00:14 1307648 ------w c:\windows.0\system32\dllcache\msxml6.dll
2009-04-29 11:48 . 2008-12-16 11:30 354304 ------w c:\windows.0\system32\dllcache\winhttp.dll
2009-04-29 11:48 . 2008-05-03 10:55 2560 ------w c:\windows.0\system32\xpsp4res.dll
2009-04-29 11:48 . 2008-04-21 11:08 215552 ------w c:\windows.0\system32\dllcache\wordpad.exe
2009-04-29 11:46 . 2009-03-06 12:49 284160 ------w c:\windows.0\system32\dllcache\pdh.dll
2009-04-29 11:46 . 2009-02-06 09:36 35328 ------w c:\windows.0\system32\dllcache\sc.exe
2009-04-29 11:46 . 2009-02-09 09:56 401408 ------w c:\windows.0\system32\dllcache\rpcss.dll
2009-04-29 11:46 . 2009-02-06 10:06 110592 ------w c:\windows.0\system32\dllcache\services.exe
2009-04-29 11:46 . 2009-02-06 09:15 227840 ------w c:\windows.0\system32\dllcache\wmiprvse.exe
2009-04-29 11:46 . 2009-02-09 09:56 453120 ------w c:\windows.0\system32\dllcache\wmiprvsd.dll
2009-04-29 11:46 . 2009-02-06 10:03 2145280 ------w c:\windows.0\system32\dllcache\ntkrnlmp.exe
2009-04-29 11:46 . 2009-02-06 09:30 2023936 ------w c:\windows.0\system32\dllcache\ntkrpamp.exe
2009-04-29 11:46 . 2009-02-06 09:30 2066176 ------w c:\windows.0\system32\dllcache\ntkrnlpa.exe
2009-04-29 11:46 . 2008-10-24 10:41 455936 ------w c:\windows.0\system32\dllcache\mrxsmb.sys
2009-04-29 11:45 . 2008-12-11 09:57 333952 ------w c:\windows.0\system32\dllcache\srv.sys
2009-04-29 11:36 . 2008-09-04 16:15 1106944 ------w c:\windows.0\system32\dllcache\msxml3.dll
2009-04-26 14:32 . 2009-04-26 14:32 -------- d-----w c:\documents and settings\Zoomy\Application Data\Styler
2009-04-26 12:37 . 2009-04-26 12:37 -------- d-----w C:\My Music
2009-04-26 12:37 . 2009-04-26 12:37 5 ----a-w c:\windows.0\system32\SySMP3CutJoin.dat
2009-04-26 12:23 . 2009-04-26 12:23 -------- d-----w c:\program files\Winamp
2009-04-26 12:20 . 2004-12-20 17:37 20016 ------w c:\windows.0\system32\drivers\pxhelp20.sys
2009-04-24 12:37 . 2009-04-24 12:37 -------- d-----w c:\documents and settings\Zoomy\Application Data\Nokia Multimedia Player
2009-04-24 12:33 . 2009-04-24 12:33 -------- d-----w c:\documents and settings\Zoomy\Phone Browser
2009-04-24 12:28 . 2009-04-24 12:28 -------- d-----w c:\documents and settings\Zoomy\Application Data\Nokia
2009-04-24 12:28 . 2009-04-24 12:28 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-24 12:28 . 2007-02-22 08:15 12288 ----a-w c:\windows.0\system32\drivers\nmwcdcj.sys
2009-04-24 12:28 . 2007-02-22 08:15 12288 ----a-w c:\windows.0\system32\drivers\nmwcdcm.sys
2009-04-24 12:28 . 2007-02-22 08:15 8320 ----a-w c:\windows.0\system32\drivers\nmwcdc.sys
2009-04-24 12:28 . 2007-02-22 08:15 137216 ----a-w c:\windows.0\system32\drivers\nmwcd.sys
2009-04-24 12:28 . 2007-02-22 08:15 65536 ----a-w c:\windows.0\system32\nmwcdcocls.dll
2009-04-24 12:27 . 2009-04-24 12:27 -------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Installations
2009-04-24 12:07 . 2009-04-24 12:07 -------- d-----w c:\documents and settings\Zoomy\Application Data\Media Player Classic
2009-04-24 07:33 . 2009-04-24 07:33 -------- d-----w c:\program files\Avira
2009-04-23 19:01 . 2009-04-23 19:01 -------- d-----w c:\documents and settings\Zoomy\Local Settings\Application Data\Identities
2009-04-23 18:57 . 2009-04-23 18:57 -------- d-----w c:\documents and settings\Zoomy\Application Data\TeamViewer
2009-04-23 18:56 . 2009-04-23 18:56 -------- d-----w c:\program files\TeamViewer
2009-04-23 18:42 . 2009-04-23 18:42 -------- d-----w c:\documents and settings\Zoomy\temp
2009-04-23 18:23 . 2008-04-13 21:15 26368 ----a-w c:\windows.0\system32\dllcache\usbstor.sys
2009-04-23 16:44 . 2009-04-23 16:44 -------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab Setup Files
2009-04-23 16:37 . 2009-04-23 16:37 -------- d-----w c:\windows.0\system32\LogFiles
2009-04-23 13:25 . 2009-04-23 13:25 -------- d-----w c:\documents and settings\Zoomy\Application Data\PC Suite
2009-04-23 13:25 . 2009-04-23 13:25 -------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\PC Suite
2009-04-23 13:25 . 2007-02-22 08:15 90624 ----a-w c:\windows.0\system32\nmwcdcls.dll
2009-04-23 12:00 . 2009-04-23 12:00 -------- d-----w c:\documents and settings\Zoomy\Local Settings\Application Data\Google
2009-04-22 22:11 . 2008-04-14 11:00 8704 ----a-w c:\windows.0\system32\dllcache\batt.dll
2009-04-22 21:35 . 2009-04-22 21:35 -------- d-----w c:\documents and settings\Zoomy\Local Settings\Application Data\Yahoo
2009-04-22 21:35 . 2009-04-22 21:35 -------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-04-22 21:30 . 2009-04-22 21:30 -------- d-----w c:\program files\GRETECH
2009-04-22 21:24 . 2009-04-22 21:24 -------- d-----w c:\documents and settings\Zoomy\Application Data\COWON
2009-04-22 21:24 . 2009-04-22 21:24 -------- d-----w c:\documents and settings\Zoomy\Local Settings\Application Data\Adobe
2009-04-22 21:22 . 2007-09-04 15:56 164352 ----a-w c:\windows.0\system32\unrar.dll
2009-04-22 21:21 . 2004-01-25 15:18 217088 ----a-w c:\windows.0\system32\yv12vfw.dll
2009-04-22 21:21 . 2008-01-10 11:15 755027 ----a-w c:\windows.0\system32\xvidcore.dll
2009-04-22 21:21 . 2008-01-10 11:16 159839 ----a-w c:\windows.0\system32\xvidvfw.dll
2009-04-22 21:21 . 2008-07-23 15:50 3596288 ----a-w c:\windows.0\system32\qt-dx331.dll
2009-04-22 21:21 . 2008-07-25 07:34 81920 ----a-w c:\windows.0\system32\dpl100.dll
2009-04-22 21:21 . 2008-07-25 07:34 683520 ----a-w c:\windows.0\system32\divx.dll
2009-04-22 21:21 . 2008-06-12 17:36 7680 ----a-w c:\windows.0\system32\ff_vfw.dll
2009-04-22 21:21 . 2003-03-19 02:14 499712 ----a-w c:\windows.0\system32\msvcp71.dll
2009-04-22 21:21 . 2004-01-11 21:00 348160 ----a-w c:\windows.0\system32\msvcr71.dll
2009-04-22 21:21 . 2009-04-22 21:21 -------- d-----w c:\documents and settings\Zoomy\Local Settings\Application Data\Real
2009-04-22 21:17 . 2009-04-22 21:17 -------- d-----w c:\documents and settings\Zoomy\Application Data\IDM
2009-04-22 21:17 . 2009-04-22 21:17 -------- d-----w c:\documents and settings\Zoomy\Application Data\DMCache
2009-04-22 21:15 . 2009-04-22 21:15 27872 ----a-w c:\documents and settings\Zoomy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 14:38 . 2009-04-30 14:38 196608 ----a-w c:\windows.0\system32\maag.dll
2009-04-30 14:38 . 2009-04-30 14:38 1986560 ----a-w c:\windows.0\system32\akll.dll
2009-04-30 14:38 . 2009-04-30 14:38 1245184 ----a-w c:\windows.0\system32\bkll.dll
2009-04-30 14:38 . 2009-04-30 14:38 1212416 ----a-w c:\windows.0\system32\ckll.dll
2009-04-30 14:38 . 2009-04-30 14:38 2535424 ----a-w c:\windows.0\system32\agsaamj.dll
2009-04-30 14:38 . 2009-04-30 14:38 90112 ----a-w c:\windows.0\system32\agsaami.dll
2009-04-30 14:38 . 2009-04-30 14:38 610304 ----a-w c:\windows.0\system32\agsaamg.dll
2009-04-30 14:38 . 2009-04-30 14:38 372736 ----a-w c:\windows.0\system32\agsaamc.dll
2009-04-30 14:38 . 2009-04-30 14:38 -------- d-----w c:\program files\Real_SC
2009-04-28 17:16 . 2009-04-16 18:02 55640 ----a-w c:\windows.0\system32\drivers\avgntflt.sys
2009-04-26 13:00 . 2009-04-22 20:31 86339 ----a-w c:\windows.0\pchealth\helpctr\OfflineCache\index.dat
2009-04-22 20:32 . 2008-04-14 09:00 67 --sha-w c:\windows.0\Fonts\desktop.ini
2009-04-22 20:26 . 2009-04-22 20:26 21640 ----a-w c:\windows.0\system32\emptyregdb.dat
2009-04-20 12:49 . 2009-04-20 12:49 -------- d-----w c:\program files\PowerQuest
2009-04-20 11:43 . 2009-04-17 16:29 20176 ----a-w c:\documents and settings\XPPRESP3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 16:27 . 2009-04-19 16:27 -------- d-----w c:\program files\DIFX
2009-04-19 16:24 . 2009-04-19 16:24 -------- d-----w c:\program files\Common Files\Nokia
2009-04-19 16:23 . 2009-04-19 16:23 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-19 16:23 . 2009-04-19 16:23 -------- d-----w c:\program files\Nokia
2009-04-17 18:55 . 2009-04-17 18:55 -------- d-----w c:\program files\Google
2009-04-17 17:48 . 2009-04-17 17:48 -------- d-----w c:\program files\EA SPORTS
2009-04-17 17:19 . 2009-04-17 17:19 -------- d-----w c:\program files\IEPro
2009-04-17 17:02 . 2009-04-17 17:02 -------- d-----w c:\program files\Common Files\COWON
2009-04-17 17:02 . 2009-04-17 17:02 -------- d-----w c:\program files\JetAudio
2009-04-17 16:32 . 2009-04-17 16:32 -------- d-----w c:\program files\Win32Pad
2009-04-17 16:29 . 2009-04-17 16:29 -------- d-----w c:\program files\Paint.NET
2009-04-17 16:29 . 2009-04-17 16:28 -------- d-----w c:\program files\ieSpell
2009-04-17 16:28 . 2009-04-17 16:28 -------- d-----w c:\program files\IE7Pro
2009-04-17 16:28 . 2009-04-17 16:28 -------- d-----w c:\program files\Driver Genius Pro 2007
2009-04-17 16:15 . 2009-04-17 16:15 -------- d-----w c:\program files\DAMN NFO Viewer
2009-04-17 16:14 . 2009-04-17 16:14 -------- d-----w c:\program files\CPU-Z
2009-04-17 16:14 . 2009-04-17 16:14 -------- d-----w c:\program files\Softland
2009-04-17 16:09 . 2009-04-17 16:09 -------- d-----w c:\program files\LClock
2009-04-17 16:07 . 2009-04-17 16:07 -------- d-----w c:\program files\RocketDock
2009-04-17 16:07 . 2009-04-17 16:07 -------- d-----w c:\program files\Desktop
2009-04-17 16:07 . 2009-04-17 16:07 -------- d-----w c:\program files\SysInternals
2009-04-17 16:07 . 2009-04-17 16:07 -------- d-----w c:\program files\Graphics
2009-04-17 16:07 . 2009-04-17 16:07 -------- d-----w c:\program files\Utilities
2009-04-16 14:51 . 2009-04-16 14:51 -------- d-----w c:\program files\ArcSoft
2009-04-13 20:36 . 2009-04-13 18:39 75752 ----a-w c:\documents and settings\Vortex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 19:53 . 2009-04-13 19:53 -------- d-----w c:\program files\Internet Download Manager
2009-04-13 19:44 . 2009-04-13 19:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 19:38 . 2009-04-13 19:38 -------- d-----w c:\program files\Microsoft.NET
2009-04-13 19:37 . 2009-04-13 19:37 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-13 18:04 . 2009-04-13 18:04 -------- d-----w c:\program files\SuperCopier2
2009-04-13 16:56 . 2009-04-13 16:56 -------- d-----w c:\program files\Nero
2009-04-13 16:56 . 2009-04-13 16:56 -------- d-----w c:\program files\Common Files\Ahead
2009-04-13 16:14 . 2009-04-13 16:14 -------- d-----w c:\program files\Realtek
2009-04-13 16:14 . 2009-04-13 16:14 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 16:14 . 2009-04-13 16:14 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 16:11 . 2009-04-13 16:11 -------- d-----w c:\program files\Intel
2009-04-13 13:31 . 2009-04-13 13:31 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-13 13:31 . 2009-04-13 13:31 -------- d-----w c:\program files\UltraISO
2009-04-13 13:30 . 2009-04-13 13:30 -------- d-----w c:\program files\vortex tools
2009-04-13 13:30 . 2009-04-13 13:30 -------- d-----w c:\program files\Windows Live
2009-04-13 13:30 . 2009-04-13 13:29 -------- d-----w c:\program files\Yahoo!
2009-04-13 13:29 . 2009-04-13 13:29 -------- d-----w c:\program files\Real Alternative
2009-04-13 13:29 . 2009-04-13 13:28 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-13 13:04 . 2009-04-13 13:04 -------- d-----w c:\program files\microsoft frontpage
2009-04-13 12:12 . 2009-04-13 12:12 -------- d-----w c:\program files\Alky for Applications
2009-04-13 12:09 . 2009-04-13 12:09 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-13 12:02 . 2009-04-13 12:02 -------- d-----w c:\program files\VistaExperience.org
2009-04-13 11:59 . 2009-04-13 11:59 -------- d-----w c:\program files\Foxit Software
2009-04-13 11:59 . 2009-04-13 11:59 -------- d-----w c:\program files\TeraCopy
2009-04-13 11:59 . 2009-04-13 11:59 -------- d-----w c:\program files\ISO Recorder
2009-04-13 11:59 . 2009-04-13 11:59 -------- d-----w c:\program files\System
2009-04-13 11:59 . 2009-04-13 11:59 -------- d-----w c:\program files\Windows Sidebar
2009-04-13 11:58 . 2009-04-13 11:58 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-06 12:49 . 2008-04-14 09:00 284160 ----a-w c:\windows.0\system32\pdh.dll
2009-03-02 23:17 . 2008-04-23 00:35 828416 ----a-w c:\windows.0\system32\wininet.dll
2009-02-20 17:09 . 2007-08-13 13:45 78336 ----a-w c:\windows.0\system32\ieencode.dll
2009-02-10 16:26 . 2008-04-14 09:00 617472 ----a-w c:\windows.0\system32\advapi32.dll
2009-02-09 10:08 . 2008-05-30 08:42 1847552 ----a-w c:\windows.0\system32\win32k.sys
2009-02-09 09:56 . 2008-05-05 06:16 715264 ----a-w c:\windows.0\system32\ntdll.dll
2009-02-09 09:56 . 2008-04-17 01:50 729088 ----a-w c:\windows.0\system32\lsasrv.dll
2009-02-09 09:56 . 2008-04-14 09:00 401408 ----a-w c:\windows.0\system32\rpcss.dll
2009-02-07 16:35 . 2008-04-23 08:49 2189184 ----a-w c:\windows.0\system32\ntoskrnl.exe
2009-02-06 10:06 . 2008-04-14 09:00 110592 ----a-w c:\windows.0\system32\services.exe
2009-02-06 09:36 . 2008-04-14 09:00 35328 ----a-w c:\windows.0\system32\sc.exe
2009-02-06 09:30 . 2008-04-23 12:44 2066176 ----a-w c:\windows.0\system32\ntkrnlpa.exe
2009-02-03 18:59 . 2008-04-14 09:00 56832 ----a-w c:\windows.0\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-23 2745776]
"ProcessSupervisorGUI"="c:\program files\Process Lasso\ProcessLasso.exe" [2009-04-25 357392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows.0\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows.0\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows.0\system32\igfxpers.exe" [2007-12-19 131072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-04-24 209153]
"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2009-04-25 151568]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows.0\RTHDCPL.EXE [2008-04-10 16861184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows.0\system32\narrator.exe [2008-04-14 53760]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-28 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-28 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-04-24 432897]
.
Contents of the 'Scheduled Tasks' folder
2009-04-30 c:\windows.0\Tasks\User_Feed_Synchronization-{71DC9BC4-CF96-4424-A759-21C0F13F38E1}.job
- c:\windows.0\system32\msfeedssync.exe [2007-08-13 13:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {0E287E99-3FB1-491C-A2B5-68735387FD45} = 163.121.128.134,163.121.128.135
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-01 17:10
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(776)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-05-01 17:14
ComboFix-quarantined-files.txt 2009-05-01 14:14
Pre-Run: 826,892,288 bytes free
Post-Run: 991,961,088 bytes free
285 --- E O F --- 2009-05-01 00:14

 

[اشرف الالفي]

فيييييييييييين التححححححححححليييييييييييييل​

 

[KoNaMi]

حياك يالغلا

تم حذف 14 فيروس الحين هات تقرير للهاجيك ..

تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 

[اشرف الالفي]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:53, on 01/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\برامج مـــهمة\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\vortex tools\Classes\Vortex\vista\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ProcessSupervisorGUI] C:\Program Files\Process Lasso\ProcessLasso.exe /tray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{0E287E99-3FB1-491C-A2B5-68735387FD45}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E287E99-3FB1-491C-A2B5-68735387FD45}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E287E99-3FB1-491C-A2B5-68735387FD45}: NameServer = 163.121.128.134,163.121.128.135
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6053 bytes

 

[KoNaMi]

طيب يالغلا هل تعاني من مشكلة معينه في الجهاز ؟؟؟

الان اعمل الاتي
​

رابط تحميل آخر تحديث للاداة​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
​

شرح الاستخدام ,,,,,,​

​

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور​

​

​

​

​

​

​

​

​

​

​

​

​

​