1. إستبعاد الملاحظة
  2. الإدارة العامة

    صفحة منتديات زيزووم للأمن والحماية

  3. الإدارة العامة

    الصفحة الرسمية لمنتديات زيزووم للأمن والحماية الفيس بوك

  4. الإدارة العامة

    الصفحة الرسمية لمنتديات زيزووم للأمن والحماية التلكرام

يطئ في التصفح

الموضوع في 'منتدى مشاكـل وحلول الحـاسب' بواسطة mmkcco, بتاريخ ‏سبتمبر 19, 2009.

  1. mmkcco

    mmkcco زيزوومي جديد

    إنضم إلينا في:
    ‏سبتمبر 17, 2008
    المشاركات:
    26
    الإعجابات :
    0
    نقاط الجائزة:
    20
    الجنس:
    ذكر
    الإقامة:
    iraq
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP


    بدءا كل عام وانتم بالف خير اعاده الله عليكم باليمن والايمان
    قد تم طلب وضع التقرير الاتي لتحديد سبب طيء الحاسبه من قبل احد الاخوان
    ComboFix 09-09-18.02 - Admin 09/20/2009 3:00.1.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1256.964.1033.18.1023.545 [GMT 3:00]
    Running from: c:\documents and settings\Admin\Desktop\prog\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
    FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\ALCMTR.EXE
    c:\windows\Installer\3edcc1.msi
    c:\windows\system32\AutoRun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
    .

    2009-09-18 19:47 . 2009-09-18 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
    2009-09-16 17:25 . 2009-09-16 17:25 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\windows\system32\xircom
    2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\windows\system32\wbem\snmp
    2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\program files\microsoft frontpage
    2009-09-16 16:09 . 2008-08-25 08:36 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
    2009-09-16 16:09 . 2008-08-25 08:36 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
    2009-09-16 16:09 . 2008-08-25 08:36 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
    2009-09-16 16:09 . 2008-06-02 12:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
    2009-09-16 16:08 . 2009-09-16 16:10 -------- d-----w- c:\program files\Spyware Doctor
    2009-09-16 16:08 . 2009-09-16 16:08 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools
    2009-09-16 16:08 . 2009-09-16 16:08 -------- d-----w- c:\documents and settings\Admin\Application Data\TrojanHunter
    2009-09-16 16:06 . 2009-09-16 16:12 -------- d-----w- c:\program files\TrojanHunter 5.1
    2009-09-16 16:01 . 2009-09-16 18:47 -------- d-----w- c:\program files\Spy Cleaner Gold
    2009-09-16 16:01 . 2009-09-16 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
    2009-09-12 15:13 . 2009-09-12 15:13 -------- d-----w- C:\LightC
    2009-09-11 00:00 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2009-09-09 21:18 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
    2009-09-09 21:15 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2009-09-07 16:11 . 2009-09-07 16:11 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
    2009-09-06 23:09 . 2009-09-06 23:09 -------- d-----w- c:\documents and settings\nono\Local Settings\Application Data\HP
    2009-09-06 23:09 . 2009-09-06 23:09 -------- d-----w- c:\documents and settings\nono\Application Data\HP
    2009-09-06 12:40 . 2009-09-06 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2009-09-05 20:41 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
    2009-09-05 20:33 . 2008-06-12 14:23 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
    2009-09-05 20:33 . 2008-06-12 14:23 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
    2009-09-05 20:33 . 2008-06-12 14:23 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
    2009-09-05 20:33 . 2008-06-12 14:23 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
    2009-09-05 20:33 . 2008-06-12 14:23 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
    2009-09-05 01:52 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
    2009-09-05 01:52 . 2009-06-25 08:41 147456 ------w- c:\windows\system32\dllcache\schannel.dll
    2009-09-05 01:52 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
    2009-09-05 01:52 . 2009-06-25 08:41 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
    2009-09-05 01:52 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
    2009-09-05 01:04 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
    2009-09-05 01:04 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
    2009-09-05 01:04 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2009-09-05 01:04 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2009-09-05 01:04 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
    2009-09-05 01:04 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
    2009-09-05 00:59 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
    2009-09-05 00:59 . 2009-06-03 19:12 1291264 ------w- c:\windows\system32\dllcache\quartz.dll
    2009-09-05 00:56 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
    2009-09-05 00:51 . 2008-06-17 19:02 8461312 ------w- c:\windows\system32\dllcache\shell32.dll
    2009-09-05 00:46 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
    2009-09-05 00:45 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-09-05 00:36 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
    2009-09-05 00:36 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
    2009-09-05 00:36 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
    2009-09-05 00:36 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
    2009-09-05 00:36 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
    2009-09-05 00:36 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
    2009-09-05 00:36 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
    2009-09-05 00:36 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
    2009-09-05 00:36 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
    2009-09-05 00:36 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-09-05 00:36 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-09-05 00:36 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-09-05 00:23 . 2008-12-11 12:33 333952 ------w- c:\windows\system32\dllcache\srv.sys
    2009-09-05 00:22 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
    2009-09-05 00:05 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2009-09-05 00:05 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
    2009-09-04 17:28 . 2009-09-04 17:28 -------- d-----w- c:\documents and settings\Admin\Application Data\HP
    2009-09-04 17:26 . 2009-09-04 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
    2009-09-04 17:25 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
    2009-09-04 17:25 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
    2009-09-04 17:25 . 2009-09-04 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
    2009-09-04 17:25 . 2007-03-30 15:07 267864 ----a-r- c:\windows\system32\hpzids01.dll
    2009-09-04 17:25 . 2007-03-28 11:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
    2009-09-04 17:25 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
    2009-09-04 17:24 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2009-09-04 17:24 . 2007-03-17 16:11 675840 ----a-r- c:\windows\system32\hpowiax3.dll
    2009-09-04 17:24 . 2007-03-17 16:11 303104 ----a-r- c:\windows\system32\hpovst10.dll
    2009-09-04 17:24 . 2007-03-17 16:11 569344 ----a-r- c:\windows\system32\hpotscl3.dll
    2009-09-04 17:24 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
    2009-09-04 17:24 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
    2009-09-04 17:23 . 2009-09-04 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
    2009-09-04 17:22 . 2009-09-04 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2009-09-04 17:22 . 2009-09-04 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2009-09-04 17:21 . 2009-09-04 17:21 -------- d-----w- c:\program files\Common Files\HP
    2009-09-04 17:21 . 2009-09-04 17:21 -------- d-----w- c:\program files\Hewlett-Packard
    2009-09-04 17:21 . 2009-09-04 17:21 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2009-09-04 17:20 . 2009-09-04 17:23 -------- d-----w- c:\program files\HP
    2009-09-04 17:18 . 2009-09-04 17:26 156631 ----a-w- c:\windows\hpoins14.dat
    2009-09-04 17:18 . 2007-06-05 23:07 2000 ------w- c:\windows\hpomdl14.dat
    2009-09-04 17:18 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2009-09-04 17:16 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2009-09-04 12:58 . 2009-09-17 22:09 -------- d-----w- c:\documents and settings\nono\Tracing
    2009-09-04 12:56 . 2009-09-04 12:56 -------- d-----w- c:\documents and settings\nono\Local Settings\Application Data\Yahoo
    2009-09-04 12:55 . 2009-09-04 12:55 -------- d-sh--w- c:\documents and settings\nono\PrivacIE
    2009-09-04 12:23 . 2009-09-04 12:23 -------- d-sh--w- c:\documents and settings\nono\IETldCache
    2009-09-04 11:51 . 2009-06-25 08:41 56832 ------w- c:\windows\system32\dllcache\secur32.dll
    2009-09-04 11:51 . 2009-03-21 14:06 989696 ------w- c:\windows\system32\dllcache\kernel32.dll
    2009-09-04 11:34 . 2009-09-04 11:34 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
    2009-09-04 11:31 . 2009-09-04 11:31 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
    2009-09-04 11:29 . 2009-09-04 11:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-09-04 11:29 . 2009-09-04 11:29 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
    2009-09-04 11:27 . 2009-09-04 11:27 -------- d-----w- c:\windows\ie8updates
    2009-09-04 11:27 . 2009-09-11 01:27 -------- d--h--w- c:\windows\$hf_mig$
    2009-09-04 11:25 . 2009-09-04 11:27 -------- dc-h--w- c:\windows\ie8
    2009-09-04 11:19 . 2008-12-16 12:30 354304 ------w- c:\windows\system32\dllcache\winhttp.dll
    2009-09-04 11:08 . 2009-09-04 11:11 -------- d-----w- C:\3dee8fa2c3e2f42aa8d5cf0c04c8
    2009-09-04 11:08 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
    2009-09-04 11:08 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2009-09-04 11:08 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2009-09-04 11:08 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-09-04 11:08 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2009-09-04 11:08 . 2009-07-03 17:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2009-09-04 11:06 . 2009-09-04 11:06 -------- d-----w- C:\e206b6fd5ec5eb16a94ba4
    2009-09-03 23:32 . 2009-09-03 23:32 -------- d-----w- c:\documents and settings\Admin\Application Data\ImTOO Software Studio
    2009-09-03 16:33 . 2009-09-03 16:33 -------- d-----w- c:\documents and settings\nono\Local Settings\Application Data\Opera
    2009-09-03 16:33 . 2009-09-03 16:33 275552 ----a-w- c:\documents and settings\nono\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-03 16:32 . 2009-09-03 16:32 -------- d-----w- c:\documents and settings\nono\Application Data\Windows Sidebar Styler
    2009-09-03 00:35 . 2009-09-03 00:35 -------- d-----w- c:\program files\Common Files\xing shared
    2009-09-03 00:35 . 2009-09-03 00:35 -------- d-----w- c:\program files\Common Files\Real
    2009-09-03 00:35 . 2009-09-03 00:35 -------- d-----w- c:\program files\Real
    2009-09-03 00:21 . 2009-09-03 00:21 -------- d-----w- c:\documents and settings\Admin\CSB
    2009-09-03 00:21 . 2009-09-03 00:25 -------- d-----w- c:\program files\Chinese Symbol Studio
    2009-09-03 00:09 . 2009-09-03 00:09 -------- d-----w- c:\documents and settings\Admin\Application Data\GlobalSCAPE
    2009-09-02 23:57 . 2009-09-02 23:57 -------- d-----w- c:\program files\ImTOO
    2009-09-02 23:37 . 2009-09-02 23:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Downloaded Installations
    2009-09-02 23:31 . 2004-10-03 14:41 167936 ----a-w- c:\windows\system32\Engine3D.dll
    2009-09-02 23:18 . 2009-09-07 16:28 -------- d-----w- c:\documents and settings\Guest\Tracing
    2009-09-02 14:59 . 2009-09-02 14:59 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Google
    2009-09-01 23:33 . 2009-09-01 23:33 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Opera

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-09 10:49 . 2009-08-28 21:45 -------- d-----w- c:\program files\Windows Sidebar
    2009-09-01 11:04 . 2009-08-28 22:31 275552 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-31 23:41 . 2009-08-31 23:40 -------- d-----w- c:\program files\QuickWiz
    2009-08-31 23:41 . 2009-08-31 23:40 -------- d-----w- c:\program files\Common Files\GuruNet Shared
    2009-08-31 13:20 . 2009-08-28 22:23 -------- d-----w- c:\program files\MSBuild
    2009-08-29 13:07 . 2009-08-29 13:07 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Sidebar Styler
    2009-08-28 22:59 . 2009-08-28 22:59 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-08-28 22:59 . 2009-08-28 22:59 -------- d-----w- c:\program files\Java
    2009-08-28 22:59 . 2009-08-28 22:59 -------- d-----w- c:\program files\Opera
    2009-08-28 22:57 . 2009-08-28 22:49 -------- d-----w- c:\program files\Common Files\Adobe
    2009-08-28 22:50 . 2009-08-28 22:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2009-08-28 22:31 . 2009-08-28 22:31 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Sidebar Styler
    2009-08-28 22:31 . 2009-08-28 22:09 -------- d-----w- c:\program files\Styler
    2009-08-28 22:31 . 2009-08-28 22:31 -------- d-----w- c:\documents and settings\Admin\Application Data\Styler
    2009-08-28 22:31 . 2009-08-28 21:47 -------- d-----w- c:\program files\VistaExperience.org
    2009-08-28 22:29 . 2009-08-28 22:29 -------- d-----w- c:\program files\Stanimir Stoyanov
    2009-08-28 22:29 . 2008-04-14 12:00 5660672 ----a-w- c:\windows\system32\logonuiX.exe
    2009-08-28 22:29 . 2009-08-28 22:29 -------- d-----w- c:\program files\WinCustomize
    2009-08-28 22:29 . 2009-08-28 22:29 -------- d-----w- c:\program files\Common Files\Stardock
    2009-08-28 22:28 . 2009-08-28 22:28 -------- d---a-w- c:\program files\Stardock
    2009-08-28 22:23 . 2009-08-28 22:23 -------- d-----w- c:\program files\Reference Assemblies
    2009-08-28 22:20 . 2009-08-28 22:20 -------- d-----w- c:\program files\Drive Space Indicator
    2009-08-28 22:14 . 2009-08-28 22:14 -------- d-----w- c:\program files\Alky for Applications
    2009-08-28 22:11 . 2009-08-28 22:11 -------- d-----w- c:\program files\Windows Media Connect 2
    2009-08-28 22:09 . 2009-08-28 22:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 20:43 . 2009-02-08 23:40 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-03 17:09 . 2009-02-08 23:40 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-26 12:11 . 2009-02-08 23:39 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:41 . 2009-02-08 23:39 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:41 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:41 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:41 . 2009-02-08 23:39 136704 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:41 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 10:28 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    .

    ------- Sigcheck -------

    [-] 2009-02-08 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

    [-] 2004-08-03 . 9A41E77AF64CA976E6F61B55401CBEBB . 1110528 . . [6.00.2900.2180] . . c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-08-29 209153]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]
    "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

    c:\documents and settings\Admin\Start Menu\Programs\Startup\
    Styler.lnk - c:\documents and settings\Admin\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-8-29 15086]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Qs Black Shine Blue.wsstyles [2008-5-20 210081]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyDocs"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyDocs"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\windows\system32\logonuiX.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    2005-12-21 05:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    "AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "DriveSpace"=c:\program files\Drive Space Indicator\DrvSpace.exe
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "nwiz"=nwiz.exe /install
    "LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    "RTHDCPL"=RTHDCPL.EXE
    "Alcmtr"=ALCMTR.EXE
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [8/29/2009 2:20 AM 97608]
    R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [8/29/2009 2:20 AM 388865]
    R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [8/29/2009 2:20 AM 194817]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/29/2009 2:20 AM 108289]
    R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [8/29/2009 2:20 AM 434945]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/1/2009 6:35 PM 55152]
    R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [8/29/2009 2:20 AM 69632]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/16/2009 7:09 PM 356920]
    S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/29/2009 2:03 AM 603904]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
    RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-19 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

    2009-09-18 c:\windows\Tasks\WebReg Deskjet F2100 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 18:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyServer = socks=
    IE: Download with ImTOO Download YouTube Video - c:\program files\ImTOO\Download YouTube Video\upod_link.HTM
    IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-20 03:04
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1004)
    c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

    - - - - - - - > 'lsass.exe'(1060)
    c:\program files\Avira\AntiVir Desktop\avsda.dll
    .
    Completion time: 2009-09-20 3:05
    ComboFix-quarantined-files.txt 2009-09-20 00:05

    Pre-Run: 70,244,876,288 bytes free
    Post-Run: 70,304,260,096 bytes free

    309 --- E O F --- 2009-09-12 00:00
     
  2. albavary_13

    albavary_13 زيزوومي نشيط

    إنضم إلينا في:
    ‏أكتوبر 20, 2008
    المشاركات:
    101
    الإعجابات :
    0
    نقاط الجائزة:
    120
    الإقامة:
    المدينة المنورة
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows Vista
    حمل هذا البرنامج
    http://www.hijackthis.de/downloads/HJTInstall.exe
    شغل البرنامج ==> واضغط على
    Do a system scan and save log
    لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم


     
    آخر تعديل بواسطة المشرف: ‏مايو 12, 2014
  3. mmkcco

    mmkcco زيزوومي جديد

    إنضم إلينا في:
    ‏سبتمبر 17, 2008
    المشاركات:
    26
    الإعجابات :
    0
    نقاط الجائزة:
    20
    الجنس:
    ذكر
    الإقامة:
    iraq
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:21:41 AM, on 9/20/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Styler\Styler.exe
    C:\Program Files\Windows Sidebar\Sidebar.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Program Files\Windows Sidebar\Sidebar.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\QuickWiz\EasyLingo\ELINGO.EXE
    C:\Program Files\Common Files\GuruNet Shared\agtserv.exe
    C:\Program Files\QuickWiz\EasyLingo\wdtspeak.exe
    C:\Documents and Settings\Admin\My Documents\mre\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-2052111302-261903793-1606980848-1005\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'noor')
    O4 - HKUS\S-1-5-21-2052111302-261903793-1606980848-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'noor')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Styler.lnk = ?
    O4 - Global Startup: Qs Black Shine Blue.wsstyles
    O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
    O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
    O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
    O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

    --
    End of file - 7998 bytes
     
  4. albavary_13

    albavary_13 زيزوومي نشيط

    إنضم إلينا في:
    ‏أكتوبر 20, 2008
    المشاركات:
    101
    الإعجابات :
    0
    نقاط الجائزة:
    120
    الإقامة:
    المدينة المنورة
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows Vista


    [URL]http://www.spywarefri.dk/downloads1/mbam-setup.exe[/URL]


    ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير


    [URL="http://up.zyzoom.org/uploads/images/zyzoom-3217b04352.png"][IMG]http://up.zyzoom.org/uploads/images/zyzoom-3217b04352.png[/IMG][/URL]


    وبعد انتهاء الفحص اعمل التالي


    [URL="http://up.zyzoom.org/uploads/images/zyzoom-e4c8201db0.png"][IMG]http://up.zyzoom.org/uploads/images/zyzoom-e4c8201db0.png[/IMG][/URL]


    انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

    ولو طول اصبر عليه ^_^
     

مشاركة هذه الصفحة

جاري تحميل الصفحة...