k:
k:
k:
k:
k:
k:
أخوي فورمات ابشرك رجعت لي الايقونات على سطح المكتب
k:
k:
k:
k:
k:
k:
الله يجزاك خير ويرزقك على قد نيتك
ويبارك فيط ويزيدك من علمه وفضله انت واخوي KoNaMi ماقصرتوا معي
ربي يسعدكم ويحفظكم :b::b:
:er::er::er: <<دموووع الفرح
،،،،،،،،،،،،،،،،،،،،،،،،،،،،،،
وهذا التقرير من الآداة
ComboFix 09-05-09.05 - xp 05/11/2009 14:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.510.198 [GMT 3:00]
Running from: c:\documents and settings\xp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\program files\Microsoft Common
c:\windows\IE4 Error Log.txt
c:\windows\system32\digeste.dll
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla
c:\windows\system32\wpv801235998315.cpx
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_securentm
-------\Service_systemntmi
-------\Service_ws2_32sik
((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.
2009-05-11 10:50 . 2009-05-11 10:50 -------- d-----w c:\documents and settings\xp\Application Data\CyberScrub
2009-05-11 10:45 . 2009-05-11 10:45 -------- d-----w c:\documents and settings\xp\Application Data\cleaner
2009-05-11 09:29 . 2009-05-11 09:29 -------- d-----w c:\program files\CodeStuff
2009-05-10 16:24 . 2004-08-04 07:34 39018 ----a-r c:\windows\system32\hsfci011.dll
2009-05-10 16:24 . 2004-03-17 04:00 86016 ----a-r c:\windows\system32\mdmxsdk.dll
2009-05-10 16:24 . 2004-03-17 04:04 13059 ----a-r c:\windows\system32\drivers\mdmxsdk.sys
2009-05-10 16:24 . 2004-09-29 07:33 1036928 ----a-r c:\windows\system32\drivers\HSF_DP.sys
2009-05-10 16:24 . 2004-09-29 07:35 219136 ----a-r c:\windows\system32\drivers\HSFHWBS2.sys
2009-05-10 16:24 . 2004-09-29 07:34 702592 ----a-r c:\windows\system32\drivers\HSF_CNXT.sys
2009-05-10 02:29 . 2009-05-10 03:11 -------- d--h--w c:\windows\system32\GroupPolicy
2009-05-05 07:26 . 2009-05-05 07:26 -------- d-----w C:\Plugins
2009-05-04 20:32 . 2009-05-04 20:38 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-05-04 03:33 . 2009-05-04 03:33 -------- d-----w c:\documents and settings\xp\Local Settings\Application Data\Thinstall
2009-04-18 04:03 . 2009-05-06 10:17 -------- d-----w c:\program files\Adverts
2009-04-18 04:03 . 2009-04-18 04:03 -------- d-----w c:\program files\MessengerPlus! 3
2009-04-15 18:43 . 2009-04-15 18:43 -------- d-----w c:\documents and settings\All Users\طاولة
2009-04-13 19:13 . 2009-04-13 19:13 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-04-13 18:54 . 2009-04-13 18:55 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2009-04-11 15:08 . 2009-04-11 15:08 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\IsolatedStorage
2009-04-11 15:07 . 2009-04-11 15:07 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\HP
2009-04-11 15:07 . 2009-04-11 15:07 149992 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 15:07 . 2009-04-11 15:07 128 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-04-11 15:07 . 2009-04-13 18:30 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 01:08 . 2009-02-23 10:17 -------- d-----w c:\program files\Kelk 2000
2009-04-18 04:24 . 2009-02-23 07:03 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-01 06:00 . 2009-02-23 06:53 -------- d-----w c:\program files\Real
2009-03-20 22:07 . 2009-03-20 22:07 -------- d-----w c:\program files\Circle Dvelopement
2009-03-13 01:32 . 2009-03-13 01:32 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2009-02-25 23:42 . 2009-02-25 23:42 7359424 ----a-w c:\program files\Firefox Setup 3.0.6.exe
2009-02-25 02:09 . 2009-02-23 07:29 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-25 02:09 . 2009-02-23 07:29 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-25 02:09 . 2009-02-23 07:29 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-24 05:35 . 2009-02-24 05:35 0 ----a-w c:\windows\nsreg.dat
2009-02-24 02:57 . 2009-02-22 19:45 149992 ----a-w c:\documents and settings\xp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-23 08:38 . 2009-02-22 20:08 112020 ----a-w c:\windows\hpoins07.dat
2009-02-23 07:48 . 2009-02-23 07:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-23 06:53 . 2003-03-18 17:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-23 06:53 . 2003-02-21 01:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-23 06:52 . 2009-02-23 06:52 47104 ------w c:\windows\AKDeInstall.exe
2009-02-23 06:47 . 2009-02-22 19:23 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-23 06:44 . 2009-02-23 06:44 125 ----a-w c:\documents and settings\xp\Local Settings\Application Data\fusioncache.dat
2009-02-22 19:24 . 2001-08-23 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-22 19:21 . 2009-02-22 19:21 21640 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\xp\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-25 02:09 10520 ----a-w c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/02/2009 10:29 ص 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/02/2009 10:29 ص 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/02/2009 10:29 ص 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/02/2009 10:29 ص 298264]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 Kzlaenk;Kzlaenk;c:\windows\System32\svchost.exe -k netsvcs [04/08/2004 12:56 ص 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Kzlaenk
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baf6dd09-23ac-11de-a718-00167656d5da}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\xp\Application Data\Mozilla\Firefox\Profiles\grcxslxj.default\
FF - component: c:\documents and settings\xp\Application Data\Mozilla\Firefox\Profiles\grcxslxj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-11 14:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2496)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Crypserv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-11 14:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-11 11:52
Pre-Run: 30,823,555,072 bytes free
Post-Run: 30,773,604,352 bytes free
205
___________________
وبسألك بالنسبه
أداة SmitfraudFix _ لفحص وتنظيف الجهاز من الدعايات المزعجه
احملها برضو واعمل فحص ولاخلاص
وطلعه لي تحذير انه يمكن مافيه جدار حمايه الحين
افتح الانتي فايروس واعمل تحديث ولاايش ..؟
وتحملني للنهايه اخوي فورمات وربي فكيت لي ازمه الفورمات
الله يفتحها بوجهك وين ماتروح
