ممكن اخوانى تحليل التقرير لأداة ComboFix

ع

عـاشـق وهـم

زيزوومى محترف
إنضم
22 ديسمبر 2008
المشاركات
4,786
مستوى التفاعل
21
النقاط
830
الإقامة
KSA.....Taif
غير متصل
السلام عليكم ورحمة الله وبركاته


ممكن اخوانى تحليل التقرير لأداة ComboFix


هذا التقرير





ComboFix 09-07-02.02 - user 07/04/2009 0:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1015.558 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\16d4ac.msi
c:\windows\Installer\8882db.msp
c:\windows\Installer\8882dc.msp
c:\windows\Installer\8882dd.msp
c:\windows\Installer\8882de.msp
c:\windows\Installer\8882df.msp
c:\windows\Installer\8882e0.msp
c:\windows\Installer\8882e1.msp
c:\windows\Installer\8882e2.msp
c:\windows\Installer\8882e3.msp
c:\windows\Installer\8aa326.msp
c:\windows\Installer\8aa327.msp
c:\windows\Installer\8aa328.msp
c:\windows\Installer\8aa329.msp
c:\windows\Installer\8aa32a.msp
c:\windows\Installer\8aa32b.msp
c:\windows\Installer\8aa32c.msp
c:\windows\Installer\8aa32d.msp
c:\windows\Installer\8aa32e.msp
c:\windows\Installer\8aa32f.msp
c:\windows\Installer\8b9cad.msp
c:\windows\Installer\8b9cb8.msp
c:\windows\Installer\8b9cc4.msp
c:\windows\Installer\8fbf3c.msp
c:\windows\Installer\8fbf3d.msp
c:\windows\Installer\8fbf3e.msp
c:\windows\Installer\8fbf3f.msp
c:\windows\Installer\8fbf40.msp
c:\windows\Installer\8fbf51.msp
c:\windows\Installer\8fbf52.msp
c:\windows\Installer\8fbf53.msp
c:\windows\Installer\8fbf54.msp
c:\windows\Installer\8fbf55.msp
c:\windows\Installer\8fbf56.msp
c:\windows\Installer\8fbf57.msp
c:\windows\system32\url(4).dll
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-07-03 11:55 . 2009-07-03 14:25 -------- d-----w- c:\program files\mp3DirectCut
2009-07-01 18:09 . 2009-07-02 09:28 -------- d-----w- c:\documents and settings\user\Application Data\TeraCopy
2009-07-01 18:09 . 2009-07-01 18:09 -------- d-----w- c:\program files\TeraCopy
2009-07-01 17:18 . 2009-07-01 17:22 -------- d-----w- c:\documents and settings\user\Application Data\SWiSH Max2
2009-07-01 16:57 . 2009-07-01 16:57 -------- d-----w- c:\program files\LameACM
2009-07-01 16:56 . 2009-07-03 19:59 -------- d-----w- c:\program files\SWiSH Max2
2009-07-01 16:33 . 2004-03-29 12:23 90112 ----a-w- c:\windows\unvise32.exe
2009-07-01 16:33 . 2009-07-01 16:33 -------- d-----w- c:\program files\SWiSHmax
2009-07-01 11:20 . 2009-07-01 11:20 7168 ----a-w- c:\documents and settings\user\Application Data\Thinstall\SWiSH Max2\300000003400002i\dwwin.exe
2009-07-01 11:20 . 2009-07-01 11:20 7168 ----a-w- c:\documents and settings\user\Application Data\Thinstall\SWiSH Max2\1000000500002i\dumprep.exe
2009-07-01 00:04 . 2009-07-01 00:06 -------- d-----w- c:\documents and settings\user\Application Data\Steady Recorder
2009-07-01 00:04 . 2009-07-01 00:04 -------- d-----w- c:\program files\Steady Recorder
2009-06-28 23:51 . 2009-06-28 23:51 -------- d-----w- c:\program files\TeamViewer
2009-06-28 23:40 . 2009-06-28 23:40 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-28 23:40 . 2009-06-29 05:36 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2009-06-28 23:39 . 2009-06-29 15:31 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2009-06-28 23:37 . 2009-06-28 23:37 -------- d-----w- c:\program files\Skype
2009-06-28 23:37 . 2009-06-28 23:37 -------- d-----w- c:\program files\Common Files\Skype
2009-06-28 23:37 . 2009-06-28 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-28 06:06 . 2009-06-28 06:06 -------- d-----w- c:\documents and settings\user\Application Data\AMPSoft
2009-06-28 06:06 . 2009-07-01 09:59 -------- d-----w- c:\program files\AMP Font Viewer
2009-06-27 00:06 . 2009-06-27 00:06 -------- d-----w- c:\program files\WOT
2009-06-26 22:36 . 2002-01-05 12:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-26 22:34 . 2009-06-26 22:36 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-26 22:34 . 2009-06-26 22:34 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-25 16:07 . 2009-06-25 16:08 -------- d-----w- c:\documents and settings\user\Application Data\Tomato
2009-06-25 16:07 . 2009-06-25 16:07 -------- d-----w- c:\program files\Common Files\Tomato
2009-06-25 15:53 . 2009-06-25 15:53 120240 ----a-w- c:\documents and settings\user\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-25 15:53 . 2009-06-25 16:00 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-06-25 15:53 . 2009-06-25 15:56 -------- d-----w- c:\program files\Internet Download Manager
2009-06-21 01:06 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\user\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-06-16 23:19 . 2009-06-16 23:19 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-16 22:19 . 2009-06-16 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\GroupPolicy
2009-06-11 21:33 . 2009-06-18 21:38 2988592 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Temp\Update.exe
2009-06-11 20:04 . 2009-06-11 20:04 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
2009-06-11 20:02 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-11 20:02 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-11 20:02 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-11 20:02 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-06-11 20:02 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-06-11 20:02 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-06-11 20:02 . 2009-04-02 13:21 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-11 20:02 . 2009-06-11 20:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-11 19:06 . 2009-06-11 19:06 -------- d-----w- c:\documents and settings\LocalService\سطح المكتب
2009-06-11 17:54 . 2009-06-11 17:54 -------- d-----w- c:\documents and settings\user\Application Data\GRETECH
2009-06-11 12:02 . 2009-06-11 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-06-11 11:58 . 2009-06-11 12:05 -------- d-----w- c:\documents and settings\user\Application Data\DriverCure
2009-06-11 11:57 . 2009-06-22 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-06-11 11:56 . 2009-06-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-09 21:49 . 2009-06-09 21:49 -------- d-----w- c:\program files\Common Files\SWiSHzone.com
2009-06-09 16:23 . 2009-06-19 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-09 16:22 . 2009-06-09 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-07 08:27 . 2009-06-07 10:32 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-07 08:27 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-07 08:27 . 2009-06-07 10:32 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-07 08:26 . 2009-06-07 10:32 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-07 08:17 . 2009-06-07 08:17 -------- d-----w- c:\documents and settings\user\Application Data\TuneUp Software
2009-06-07 08:16 . 2009-06-07 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-07 08:12 . 2009-06-07 08:12 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-06 00:35 . 2009-06-06 00:35 -------- d-----w- C:\zyzoom 256.FONT by.zed has
2009-06-05 02:14 . 2008-06-21 15:54 11779 ----a-w- c:\windows\REGTWEAK.REG
2009-06-04 23:22 . 2009-06-04 23:22 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-06-04 23:12 . 2009-06-04 23:13 -------- d-----w- c:\program files\SplitCam
2009-06-04 03:44 . 2004-03-08 08:00 24576 ----a-r- c:\windows\system32\RunSetup.dll
2009-06-04 03:44 . 2002-08-22 07:34 147456 ----a-r- c:\windows\VMCap.exe
2009-06-04 03:44 . 2004-06-09 06:37 40960 ----a-r- c:\windows\VM_STI.EXE
2009-06-04 03:44 . 2002-10-16 00:29 49152 ----a-r- c:\windows\amcap.exe
2009-06-04 03:44 . 2003-05-15 08:17 61440 ----a-r- c:\windows\system32\VM31bSTI.dll
2009-06-04 03:44 . 2004-09-07 07:11 90568 ----a-r- c:\windows\system32\drivers\usbVM31b.sys
2009-06-04 03:44 . 2008-04-14 18:29 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-04 03:44 . 2008-04-14 18:29 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-03 23:37 . 2003-11-04 12:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-03 23:37 . 2004-05-14 13:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-06-03 23:37 . 2004-05-14 13:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-06-03 23:37 . 2004-05-14 13:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-06-03 23:37 . 2004-05-14 13:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-06-03 23:37 . 2004-05-14 13:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-03 23:37 . 2004-05-14 13:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-06-03 23:37 . 2004-01-11 23:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 21:17 . 2009-05-13 12:30 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-07-01 22:28 . 2009-05-31 04:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-01 12:45 . 2009-05-31 23:01 -------- d-----w- c:\program files\مشغل الفلاش العربي
2009-07-01 12:34 . 2009-05-30 17:25 -------- d-----w- c:\program files\mpegable
2009-07-01 11:19 . 2009-05-17 06:31 -------- d-----w- c:\documents and settings\user\Application Data\Thinstall
2009-07-01 09:59 . 2009-05-31 01:00 5632 --sha-w- c:\program files\Common Files\Thumbs.db
2009-06-30 15:01 . 2009-05-29 01:08 -------- d-----w- c:\program files\Unlocker
2009-06-28 23:51 . 2009-05-19 05:47 -------- d-----w- c:\documents and settings\user\Application Data\TeamViewer
2009-06-28 07:24 . 2009-05-14 13:10 194504 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 01:39 . 2009-05-28 21:39 -------- d-----w- c:\documents and settings\user\Application Data\LogSys
2009-06-16 23:19 . 2009-05-13 07:38 -------- d-----w- c:\program files\Common Files\Real
2009-06-16 23:19 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-16 23:19 . 2003-02-21 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-16 23:19 . 2009-05-13 07:38 -------- d-----w- c:\program files\Real
2009-06-15 01:28 . 2008-04-15 12:00 95686 ----a-w- c:\windows\system32\perfc001.dat
2009-06-15 01:28 . 2008-04-15 12:00 484800 ----a-w- c:\windows\system32\perfh001.dat
2009-06-11 17:53 . 2009-05-27 20:23 -------- d-----w- c:\program files\GRETECH
2009-06-11 17:29 . 2009-05-25 11:00 -------- d-----w- c:\program files\Google
2009-06-04 23:12 . 2009-05-13 01:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 00:54 . 2009-06-03 00:54 -------- d-----w- c:\documents and settings\user\Application Data\Uniblue
2009-06-03 00:53 . 2009-06-03 00:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-03 00:53 . 2009-06-03 00:53 -------- d-----w- c:\program files\Uniblue
2009-06-01 19:17 . 2009-05-13 01:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 13:12 . 2009-05-31 13:12 -------- d-----w- c:\program files\Common Files\Vbox
2009-05-31 09:25 . 2009-05-31 09:25 -------- d-----w- c:\documents and settings\user\Application Data\ESET
2009-05-30 22:42 . 2009-05-13 01:39 -------- d-----w- c:\program files\Realtek
2009-05-30 22:41 . 2009-05-25 11:00 -------- d-----w- c:\documents and settings\user\Application Data\Free Download Manager
2009-05-30 17:25 . 2009-05-30 17:25 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-29 20:54 . 2009-05-29 20:54 172032 ------w- c:\windows\Setup1.exe
2009-05-29 20:54 . 2009-05-29 20:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-29 15:20 . 2009-05-29 15:20 8704 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Adobe\1000000b00002i\rundll32.exe
2009-05-29 15:20 . 2009-05-29 15:20 8704 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Adobe\400000110c00002i\Photoshop.exe
2009-05-29 12:34 . 2009-05-28 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-05-29 12:34 . 2009-05-29 12:34 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-05-29 12:34 . 2009-05-28 22:18 -------- d-----w- c:\program files\TechSmith
2009-05-29 01:34 . 2009-05-29 01:34 -------- d-----w- c:\documents and settings\user\Application Data\TechSmith
2009-05-29 01:08 . 2009-05-29 01:08 -------- d-----w- c:\documents and settings\user\Application Data\Desktopicon
2009-05-29 00:39 . 2009-05-28 21:39 -------- d-----w- c:\documents and settings\user\Application Data\Blueberry
2009-05-28 22:17 . 2009-05-28 22:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-28 21:40 . 2009-05-28 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Blueberry
2009-05-28 21:39 . 2009-05-28 21:39 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-05-28 21:39 . 2009-05-28 21:39 30720 ----a-w- c:\windows\system32\bbcap.dll
2009-05-28 21:39 . 2009-05-28 21:39 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-05-28 21:39 . 2009-05-28 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\LogSys
2009-05-28 21:39 . 2009-05-28 21:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}
2009-05-28 21:39 . 2009-05-28 21:39 -------- d-----w- c:\program files\Common Files\Blueberry Software
2009-05-28 21:39 . 2009-05-28 21:39 -------- d-----w- c:\program files\Blueberry Software
2009-05-27 20:25 . 2009-05-27 20:25 -------- d-----w- c:\program files\Gabest
2009-05-26 21:10 . 2009-05-24 19:59 -------- d-----w- c:\program files\RegCure(2)
2009-05-26 21:10 . 2009-05-15 00:23 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-26 21:10 . 2009-05-16 05:26 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 20:48 . 2009-05-13 14:40 -------- d-----w- c:\program files\Windows Live
2009-05-26 20:48 . 2009-05-13 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-26 15:50 . 2009-05-25 11:00 -------- d-----w- c:\documents and settings\user\Application Data\Software Informer
2009-05-26 02:04 . 2009-05-26 02:04 -------- d-----w- c:\program files\MSBuild
2009-05-25 17:36 . 2009-05-25 17:36 -------- d-----w- c:\program files\LtUcx
2009-05-25 12:03 . 2009-05-19 05:46 -------- d-----w- c:\program files\TeamViewer3
2009-05-25 11:41 . 2009-05-25 11:41 -------- d-----w- c:\program files\Microsoft.NET
2009-05-25 11:34 . 2009-05-13 14:40 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-25 11:29 . 2009-05-17 10:45 358056 ----a-w- c:\windows\hpoins27.dat
2009-05-25 11:28 . 2009-05-25 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-05-25 11:28 . 2009-05-17 10:53 -------- d-----w- c:\program files\HP
2009-05-25 11:27 . 2009-05-25 11:27 -------- d-----w- c:\program files\Common Files\HP
2009-05-25 11:20 . 2009-05-25 11:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-25 11:01 . 2009-05-20 23:42 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-25 11:00 . 2009-05-25 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-05-25 10:53 . 2009-05-20 02:00 -------- d-----w- c:\documents and settings\user\Application Data\IDM(2)
2009-05-25 10:53 . 2009-05-20 23:42 -------- d-----w- c:\program files\Nokia
2009-05-25 10:53 . 2009-05-20 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-25 10:53 . 2009-05-20 23:43 -------- d-----w- c:\documents and settings\user\Application Data\Nokia
2009-05-25 10:52 . 2009-05-22 09:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-05-25 10:44 . 2009-05-24 23:03 -------- d-----w- c:\program files\Microsoft Office(2)
2009-05-24 17:58 . 2009-05-20 23:42 -------- d-----w- c:\documents and settings\user\Application Data\PC Suite
2009-05-22 13:46 . 2009-05-22 13:46 -------- d-----w- c:\documents and settings\user\Application Data\Nokia Multimedia Player
2009-05-20 23:41 . 2009-05-20 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-17 11:15 . 2009-05-17 11:15 -------- d-----w- c:\documents and settings\user\Application Data\HP
2009-05-17 11:12 . 2009-05-17 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-05-17 10:56 . 2009-05-17 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-05-17 10:55 . 2009-05-17 10:55 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-16 22:16 . 2009-05-16 22:16 -------- d-----w- c:\program files\Reference Assemblies
2009-05-15 23:19 . 2009-05-15 23:19 -------- d-----w- c:\documents and settings\user\Application Data\Nero
2009-05-15 00:23 . 2009-05-15 00:23 -------- d-----w- c:\documents and settings\user\Application Data\URSoft
2009-05-14 01:45 . 2009-05-14 01:45 0 ----a-w- c:\windows\nsreg.dat
2009-05-13 10:20 . 2009-05-13 01:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-13 06:20 . 2009-05-13 06:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 06:20 . 2009-05-13 05:56 -------- d-----w- c:\program files\Java
2009-05-13 06:19 . 2009-05-13 06:07 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-13 05:46 . 2009-05-13 05:46 -------- d-----w- c:\program files\Common Files\Java
2009-05-13 03:33 . 2009-05-13 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-13 02:58 . 2009-05-13 02:58 -------- d-----w- c:\program files\ESET
2009-05-13 02:58 . 2009-05-13 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-13 01:39 . 2009-05-13 01:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-13 01:31 . 2009-05-13 01:31 -------- d-----w- c:\program files\microsoft frontpage
2009-05-13 01:28 . 2009-05-13 01:28 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-07 15:32 . 2008-04-15 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:43 . 2008-04-15 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:42 . 2008-04-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 22:12 . 2009-05-28 21:39 2698192 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\BB FlashBack.exe
2009-04-23 22:12 . 2009-05-28 21:37 1218560 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\F6DB5167\D8FFC998\FlashBack Batch Export.exe
2009-04-23 22:11 . 2009-05-28 21:37 3670016 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\45D559EB\D8FFC998\FlashBack Recorder.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-15 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09/04/2009 03:18 م 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [09/04/2009 03:19 م 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [07/06/2009 11:27 ص 604416]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [29/05/2009 12:39 ص 4096]
R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [04/06/2009 06:44 ص 90568]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - HTTPFILTER
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-07-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 10.0.0.1:5555
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7n35xe4o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\user\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-04 00:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-07-03 0:20
ComboFix-quarantined-files.txt 2009-07-03 21:19
Pre-Run: 19,913,232,384 bytes free
Post-Run: 20,109,889,536 bytes free
307 --- E O F --- 2009-06-11 09:17​
 

توقيع : عـاشـق وهـم
ترتيب حسب التاريخ ترتيب حسب الأصوات
اهلا بك

عندك اصابات وانا اخوك

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
سم يالغلا هذا التقرير


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:41 ص, on 04/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:5555
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6588 bytes​
 
توقيع : عـاشـق وهـم
تأييد 0
سم الله عدوينك

التقرير سليم

فقط من اضافة وازاله البرامج احذف اي Toolbar موجدود عندك

موفق
 
توقيع : AbOdy
تأييد 0
abody قال:
سم الله عدوينك

التقرير سليم

فقط من اضافة وازاله البرامج احذف اي toolbar موجدود عندك

موفق
أنقر للتوسيع...


ما استخدمها يالغالي

يعطيك الف عافيه اخوي


بس حبيت اسأل


الاصابات في التقرير االاول

ممكن اعرف كيف طريقة تحليل التقرير ؟؟


ولا عليك امر اخوى

وبارك الله فيك
.
.
 
توقيع : عـاشـق وهـم
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى