الجهاز بيطئ + نسخ الملفات للسي دي

[وليد القحطاني]

السلام عليكم

عندي مشكلتين الله يرضى عليكم

المشكلة الاولى الجهاز كان اول سريع معي وماشي زي الحلاوة
لكن فجأة صار بطيئ , وإذا ظغطت كلك يمين عشان احدث
مايفتح إلا متأخر !


المشكلة الثانية اللي هي انا كنت انسخ اغاني عن طريق الريل بلير والاحراق السريع
لكن مانفع .
انا سمعت عن تنظيف العدسة ؟ كيف انظفها ووين هي موجودة ؟


تحياتي ​

 

[وليد القحطاني]

وينكم ياشباب ؟

 

[صمت السكوت]

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم




وبخصوص تنظيف العدسه
افضل طريقه بمنديل على العدسه نفسها تجدها لما تفتح السيدي بالنصف تقريبا باغلب الاجهزه صغيره جدا مثل الكرستال تقريبا

 

[وليد القحطاني]

جاري فتح البرنامجين ورفع التقرير
ولاهنت يالذيب

 

[وليد القحطاني]

..

تقرير البرنامج الأول

combofix 08-11-16.05 - al-kc 11/17/2008 23:38:33.4 - ntfsx86
microsoft windows xp professional 5.1.2600.2.1256.1.1025.18.1189 [gmt 3:00]
running from: C:\documents and settings\al-kc\سطح المكتب\combofix.exe
* created a new restore point
warning -this machine does not have the recovery console installed !!
.
((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\nq0cq.cmd
c:\windows\system32\agsaame.dll
c:\windows\system32\aloaudiofile2.dll
c:\windows\system32\aloavifile.dll
c:\windows\system32\aloquicktimefile.dll
c:\windows\system32\alovideocorem.dll
c:\windows\system32\alowmafile2.dll
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\ckvo1.dll
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
c:\xih9.cmd
c:\yannh.cmd
d:\autorun.inf
d:\nq0cq.cmd
d:\xih9.cmd
d:\yannh.cmd
.
((((((((((((((((((((((((( files created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 20:44 9,504 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-17 20:44 12,626,464 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-17 20:40 3,980 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-17 20:40 178,412 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-17 20:06 85,504 --sh--r c:\windows\system32\gasretyw0.dll
2008-11-17 18:02 --------- d-----w c:\documents and settings\al-kc\application data\utorrent
2008-11-17 17:51 --------- d-----w c:\program files\common files\delet
2008-11-17 10:07 85,504 --sh--r c:\windows\system32\gasretyw1.dll
2008-11-17 10:07 106,174 --sh--r c:\windows\system32\kamsoft.exe
2008-11-16 21:49 106,363 --sh--r c:\0w.com
2008-11-16 14:04 --------- d-----w c:\documents and settings\al-kc\application data\greatcamp
2008-11-16 14:03 --------- d-----w c:\documents and settings\all users\application data\ball mapi owns ping
2008-11-16 14:02 --------- d-----w c:\documents and settings\all users\application data\memo save stupid creative
2008-11-16 14:01 --------- d-----w c:\program files\greatcamp
2008-11-14 21:57 98,304 ----a-w c:\windows\system32\viscomtran.dll
2008-11-14 21:56 344,064 ----a-w c:\windows\system32\dkll.dll
2008-11-14 21:56 196,608 ----a-w c:\windows\system32\maag.dll
2008-11-14 21:56 18,595,840 ----a-w c:\windows\system32\coredata.dll
2008-11-14 21:56 1,986,560 ----a-w c:\windows\system32\akll.dll
2008-11-14 21:56 1,212,416 ----a-w c:\windows\system32\ckll.dll
2008-11-14 21:56 --------- d-----w c:\program files\ozone
2008-11-14 19:32 85,504 --sh--r c:\windows\system32\gasretyw2.dll
2008-11-14 11:43 99,381 --sh--r c:\lky.exe
2008-11-13 00:40 99,461 --sh--r c:\whi.com
2008-11-11 03:33 --------- d-----w c:\program files\common files\xing shared
2008-11-11 03:33 --------- d-----w c:\program files\common files\real
2008-11-11 03:32 --------- d-----w c:\program files\google
2008-11-10 21:56 --------- d-----w c:\program files\gabest
2008-11-08 15:41 108,973 --sh--r c:\sq.com
2008-11-08 09:08 --------- d-----w c:\documents and settings\al-kc\application data\nero
2008-11-03 04:24 --------- d-----w c:\documents and settings\all users\application data\jollybear
2008-11-03 03:43 --------- d-----w c:\program files\valve
2008-11-03 03:43 --------- d-----w c:\program files\counter-strike source
2008-10-29 23:34 --------- d-----w c:\program files\yahoo!
2008-10-29 15:36 --------- d-----w c:\program files\common files\installshield
2008-10-29 15:35 --------- d--h--w c:\program files\installshield installation information
2008-10-29 15:35 --------- d-----w c:\program files\cyberlink
2008-10-29 09:16 --------- d-----w c:\program files\videolan
2008-10-28 21:12 --------- d-----w c:\program files\nokia
2008-10-28 20:53 --------- d-----w c:\program files\kaspersky lab
2008-10-28 20:46 --------- d-----w c:\documents and settings\all users\application data\kaspersky lab
2008-10-28 11:18 --------- d-----w c:\documents and settings\all users\application data\kaspersky lab setup files
2008-10-28 00:32 1,782 ----a-w c:\windows\system32\tmp.reg
2008-10-27 19:42 --------- d-----w c:\documents and settings\al-kc\application data\cleaner
2008-10-23 23:09 --------- d-----w c:\program files\internet download manager
2008-10-23 23:08 --------- d-----w c:\documents and settings\al-kc\application data\idm
2008-10-23 22:11 --------- d-----w c:\documents and settings\al-kc\application data\dmcache
2008-10-07 23:07 --------- d-----w c:\program files\paltalk messenger
2008-10-07 23:07 --------- d-----w c:\documents and settings\al-kc\application data\paltalk
2008-10-06 01:59 --------- d-----w c:\documents and settings\al-kc\application data\cyberscrub
2008-10-05 02:42 --------- d-----w c:\documents and settings\all users\application data\cafe
2008-09-23 19:05 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-09-23 19:05 --------- d-----w c:\program files\real
2008-09-23 09:43 --------- d-----w c:\program files\k-lite codec pack
2008-09-23 09:36 823,296 ----a-w c:\windows\is-jli2j.exe
2008-09-23 09:28 --------- d-----w c:\documents and settings\al-kc\application data\media player classic
2008-09-23 09:27 823,296 ----a-w c:\windows\is-c2ov8.exe
2008-09-22 21:08 --------- d-----w c:\program files\utorrent
2008-09-21 02:50 --------- d-----w c:\documents and settings\all users\application data\avira
2008-09-20 00:27 --------- d-----w c:\documents and settings\all users\application data\messenger plus!
2008-09-18 23:07 --------- d-----w c:\program files\windows live
2008-09-18 23:07 --------- d-----w c:\program files\msn messenger
2008-09-18 23:07 --------- d-----w c:\program files\messenger plus! Live
2008-09-18 23:07 --------- d-----w c:\program files\circle developement
2008-09-18 11:07 --------- d-----w c:\program files\common files\adobe
2008-09-18 11:04 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-09-18 11:03 --------- d-----w c:\documents and settings\all users\application data\cyberlink
2008-09-18 10:59 73,216 ----a-w c:\windows\st6unst.exe
2008-09-18 10:59 172,032 ------w c:\windows\setup1.exe
2008-09-18 10:59 --------- d-----w c:\program files\acd
2008-09-18 10:03 --------- d-----w c:\program files\microsoft.net
2008-09-18 10:03 --------- d-----w c:\program files\microsoft works
2008-09-18 09:06 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@fri 10-24-2008_13.36.23.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-24 04:48:07 49,152 ----a-w c:\windows\$hf_mig$\kb904942\sp2qfe\wdigest.dll
+ 2005-10-12 23:08:33 14,560 ----a-w c:\windows\$hf_mig$\kb904942\spmsg.dll
+ 2005-10-12 23:08:33 213,216 ----a-w c:\windows\$hf_mig$\kb904942\spuninst.exe
+ 2005-10-12 23:08:33 22,752 ----a-w c:\windows\$hf_mig$\kb904942\update\spcustom.dll
+ 2005-10-12 23:08:34 712,928 ----a-w c:\windows\$hf_mig$\kb904942\update\update.exe
+ 2005-10-12 23:08:36 369,376 ----a-w c:\windows\$hf_mig$\kb904942\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\advpack.dll
+ 2008-08-26 09:08:35 347,136 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\dxtmsft.dll
+ 2008-08-26 09:08:35 214,528 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\dxtrans.dll
+ 2008-08-26 09:08:35 132,608 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\extmgr.dll
+ 2008-08-26 09:08:35 63,488 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\ie4uinit.exe
+ 2008-08-26 09:08:35 153,088 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\ieakeng.dll
+ 2008-08-26 09:08:35 230,400 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\ieapfltr.dat
+ 2008-08-26 09:08:35 380,928 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\ieapfltr.dll
+ 2008-08-26 09:08:35 388,608 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\iedkcs32.dll
+ 2008-10-03 16:21:28 6,068,224 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\ieframe.dll
+ 2008-08-26 09:08:38 44,544 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\iernonce.dll
+ 2008-08-26 09:08:38 267,776 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\iexplore.exe
+ 2008-08-26 09:08:39 27,648 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\jsproxy.dll
+ 2008-08-26 09:08:39 459,264 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\msfeeds.dll
+ 2008-08-26 09:08:39 52,224 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\msfeedsbs.dll
+ 2008-08-26 09:08:41 3,594,752 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\mshtml.dll
+ 2008-08-26 09:08:41 477,696 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\mshtmled.dll
+ 2008-08-26 09:08:41 193,024 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\msrating.dll
+ 2008-08-26 09:08:42 671,232 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\mstime.dll
+ 2008-08-26 09:08:42 102,912 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\occache.dll
+ 2008-08-26 09:08:42 44,544 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\pngfilt.dll
+ 2008-08-26 09:08:42 105,984 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\url.dll
+ 2008-08-26 09:08:43 1,162,752 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\urlmon.dll
+ 2008-08-26 09:08:43 233,472 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\webcheck.dll
+ 2008-08-26 09:08:43 827,904 ----a-w c:\windows\$hf_mig$\kb956390-ie7\sp2qfe\wininet.dll
+ 2007-03-06 00:57:33 14,560 ----a-w c:\windows\$hf_mig$\kb956390-ie7\spmsg.dll
+ 2007-03-06 00:57:38 213,216 ----a-w c:\windows\$hf_mig$\kb956390-ie7\spuninst.exe
+ 2007-03-06 00:57:32 22,752 ----a-w c:\windows\$hf_mig$\kb956390-ie7\update\spcustom.dll
+ 2007-03-06 00:57:56 712,928 ----a-w c:\windows\$hf_mig$\kb956390-ie7\update\update.exe
+ 2007-03-06 00:58:46 369,376 ----a-w c:\windows\$hf_mig$\kb956390-ie7\update\updspapi.dll
+ 2005-10-12 23:08:33 213,216 -c----w c:\windows\$ntuninstallkb904942$\spuninst\spuninst.exe
+ 2005-10-12 23:08:36 369,376 -c----w c:\windows\$ntuninstallkb904942$\spuninst\updspapi.dll
+ 2004-08-03 21:55:58 49,152 -c----w c:\windows\$ntuninstallkb904942$\wdigest.dll
+ 2004-08-03 21:55:34 28,672 -c----w c:\windows\$ntuninstallkb914440$\custsat.dll
+ 2005-10-12 23:08:33 213,216 -c----w c:\windows\$ntuninstallkb914440$\spuninst\spuninst.exe
+ 2005-10-12 23:08:36 369,376 -c----w c:\windows\$ntuninstallkb914440$\spuninst\updspapi.dll
- 2008-09-18 10:00:16 166,912 ----a-r c:\windows\installer\{350c97b7-3d7c-4ee8-baa9-00bcb3d54227}\places.exe
+ 2008-10-29 10:15:39 166,912 ----a-r c:\windows\installer\{350c97b7-3d7c-4ee8-baa9-00bcb3d54227}\places.exe
+ 2008-10-28 21:12:53 49,152 ----a-r c:\windows\installer\{4d6183c0-005c-4b1f-8261-4b0f71f1c4a5}\newshortcut1.exe
+ 2006-06-02 19:32:25 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w c:\windows\network diagnostic\xpnetdiag.exe
+ 2008-11-14 21:56:57 53,760 ----a-w c:\windows\system\ppacklib.dll
+ 2008-11-14 23:22:45 331,776 ----a-w c:\windows\system32\agsaama.dll
+ 2008-11-14 23:22:45 538,624 ----a-w c:\windows\system32\agsaamb.dll
+ 2008-11-14 23:22:45 372,736 ----a-w c:\windows\system32\agsaamc.dll
+ 2008-11-14 23:22:45 544,256 ----a-w c:\windows\system32\agsaamd.dll
+ 2008-11-14 23:22:45 753,664 ----a-w c:\windows\system32\agsaamg.dll
+ 2008-11-14 23:22:45 626,688 ----a-w c:\windows\system32\agsaamh.dll
+ 2008-11-14 23:22:45 90,112 ----a-w c:\windows\system32\agsaami.dll
+ 2008-11-14 23:22:45 2,846,720 ----a-w c:\windows\system32\agsaamj.dll
+ 2008-11-14 23:22:42 778,240 ----a-w c:\windows\system32\aloaudiocompress2.dll
+ 2008-11-14 23:22:42 2,846,720 ----a-w c:\windows\system32\aloaudiocompress3.dll
+ 2008-11-14 23:22:42 90,112 ----a-w c:\windows\system32\aloaudioformatsettings3.dll
+ 2008-11-14 23:22:42 780,288 ----a-w c:\windows\system32\alovideocompress.dll
+ 2008-11-14 23:22:42 188,416 ----a-w c:\windows\system32\alovideofile.dll
+ 2008-11-14 23:22:42 215,552 ----a-w c:\windows\system32\alowmvfile.dll
+ 2008-11-14 23:22:42 1,245,184 ----a-w c:\windows\system32\bkll.dll
+ 2003-12-14 13:47:20 692,224 ----a-w c:\windows\system32\ciaressvr20.dll
+ 2003-02-23 21:45:14 40,960 ----a-w c:\windows\system32\ciasubclssvr.dll
+ 2003-12-12 14:41:30 53,248 ----a-w c:\windows\system32\ciaxpregsvr20.dll
- 2008-10-24 06:42:17 16,384 ----a-w c:\windows\system32\config\systemprofile\s\index.dat
+ 2008-10-28 13:27:27 16,384 ----a-w c:\windows\system32\config\systemprofile\s\index.dat
- 2008-10-24 06:42:17 32,768 ----a-w c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
+ 2008-10-28 13:27:27 32,768 ----a-w c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
- 2008-10-24 06:42:17 32,768 ----a-w c:\windows\system32\config\systemprofile\local settings\temporary internet files\.ie5\index.dat
+ 2008-10-28 13:27:27 32,768 ----a-w c:\windows\system32\config\systemprofile\local settings\temporary internet files\.ie5\index.dat
+ 2006-07-28 22:22:58 51,712 ----a-w c:\windows\system32\coodest.dll
+ 2008-11-12 01:39:23 1,632 ----a-w c:\windows\system32\d3d8caps.dat
- 2008-10-23 11:24:07 1,744 ----a-w c:\windows\system32\d3d9caps.dat
+ 2008-11-13 00:50:10 1,744 ----a-w c:\windows\system32\d3d9caps.dat
+ 2004-08-03 20:10:40 17,024 -c--a-w c:\windows\system32\dllcache\bthenum.sys
+ 2004-08-03 19:58:40 100,992 -c--a-w c:\windows\system32\dllcache\bthpan.sys
+ 2004-08-03 21:40:14 273,792 -c--a-w c:\windows\system32\dllcache\bthport.sys
+ 2004-08-03 20:10:36 18,944 -c--a-w c:\windows\system32\dllcache\bthusb.sys
+ 2001-08-17 10:52:30 18,688 -c--a-w c:\windows\system32\dllcache\cdaudio.sys
- 2004-08-03 21:55:34 28,672 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2006-06-02 19:32:25 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2004-08-03 21:55:38 21,504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
+ 2001-08-17 11:02:20 9,600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
+ 2008-08-26 07:57:14 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-08-26 07:57:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-03 16:58:14 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-08-26 07:57:17 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-03 21:56:18 152,064 -c--a-w c:\windows\system32\dllcache\irftp.exe
+ 2004-08-03 21:55:40 26,624 -c--a-w c:\windows\system32\dllcache\irmon.dll
+ 2001-08-17 11:55:56 6,144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
+ 2001-08-17 11:55:56 6,144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
+ 2001-08-17 11:55:56 5,632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
+ 2001-08-17 11:55:56 6,144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
+ 2004-08-03 21:45:44 14,720 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
+ 2001-08-17 19:36:18 8,704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
+ 2001-08-17 19:36:18 8,192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
+ 2001-09-18 10:38:38 12,160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
+ 2008-08-26 07:57:18 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:57:18 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-03 20:10:40 59,648 -c--a-w c:\windows\system32\dllcache\rfcomm.sys
- 2004-08-03 21:55:58 49,152 -c--a-w c:\windows\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:50 49,152 -c--a-w c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-03 21:56:00 8,192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
+ 2004-08-03 20:10:40 17,024 ----a-w c:\windows\system32\drivers\bthenum.sys
+ 2004-08-03 19:58:40 100,992 ----a-w c:\windows\system32\drivers\bthpan.sys
+ 2004-08-03 21:40:14 273,792 ----a-w c:\windows\system32\drivers\bthport.sys
+ 2004-08-03 20:10:36 18,944 ----a-w c:\windows\system32\drivers\bthusb.sys
- 2001-09-19 12:00:00 18,688 ----a-w c:\windows\system32\drivers\cdaudio.sys
+ 2001-08-17 10:52:30 18,688 ----a-w c:\windows\system32\drivers\cdaudio.sys
+ 2001-08-17 11:02:20 9,600 ----a-w c:\windows\system32\drivers\hidusb.sys
+ 2004-08-03 21:45:44 14,720 ----a-w c:\windows\system32\drivers\kbdhid.sys
- 2008-04-16 11:23:44 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
+ 2006-02-13 13:24:10 20,699 ----a-w c:\windows\system32\drivers\kl1.sys
+ 2006-03-21 08:46:52 44,555 ----a-w c:\windows\system32\drivers\klick.sys
- 2008-09-21 11:09:04 213,008 ----a-w c:\windows\system32\drivers\klif.sys
+ 2008-10-28 20:53:38 170,256 ----a-w c:\windows\system32\drivers\klif.sys
+ 2006-04-24 13:22:44 45,352 ----a-w c:\windows\system32\drivers\klin.sys
+ 2006-02-15 17:59:12 15,496 ----a-w c:\windows\system32\drivers\klop.sys
+ 2001-09-18 10:38:38 12,160 ----a-w c:\windows\system32\drivers\mouhid.sys
+ 2004-08-03 20:10:40 59,648 ----a-w c:\windows\system32\drivers\rfcomm.sys
+ 2004-08-03 21:55:38 21,504 ----a-w c:\windows\system32\hidserv.dll
- 2007-08-13 15:39:10 13,312 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2004-08-03 21:56:18 152,064 ----a-w c:\windows\system32\irftp.exe
+ 2004-08-03 21:55:40 26,624 ----a-w c:\windows\system32\irmon.dll
+ 2001-08-17 11:55:56 6,144 ----a-w c:\windows\system32\kbd101b.dll
+ 2001-08-17 11:55:56 6,144 ----a-w c:\windows\system32\kbd101c.dll
+ 2001-08-17 11:55:56 5,632 ----a-w c:\windows\system32\kbd103.dll
+ 2001-08-17 11:55:56 6,144 ----a-w c:\windows\system32\kbd106.dll
+ 2001-08-17 19:36:18 8,704 ----a-w c:\windows\system32\kbdjpn.dll
+ 2001-08-17 19:36:18 8,192 ----a-w c:\windows\system32\kbdkor.dll
- 2008-04-25 15:22:24 206,088 ----a-w c:\windows\system32\klogon.dll
+ 2006-03-24 16:08:14 28,778 ----a-w c:\windows\system32\klogon.dll
+ 2003-08-07 12:01:50 237,568 ----a-w c:\windows\system32\lame_enc.dll
+ 2002-01-05 03:48:16 974,848 ----a-w c:\windows\system32\mfc70.dll
+ 2003-03-19 10:19:58 1,060,864 ----a-w c:\windows\system32\mfc71.dll
+ 2008-10-07 09:19:42 16,721,856 ----a-w c:\windows\system32\mrt.exe
+ 2002-01-05 02:40:20 487,424 ----a-w c:\windows\system32\msvcp70.dll
+ 2002-01-05 08:37:28 344,064 ----a-w c:\windows\system32\msvcr70.dll
+ 2008-11-14 21:57:01 1,128,128 ----a-w c:\windows\system32\nmsdvdxu.dll
+ 2005-05-19 00:17:26 40,960 ----a-w c:\windows\system32\osenxpsuite2005.dll
- 2008-10-24 10:23:36 41,076 ----a-w c:\windows\system32\perfc001.dat
+ 2008-11-15 23:12:48 41,076 ----a-w c:\windows\system32\perfc001.dat
- 2008-10-24 10:23:36 40,972 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 23:12:48 40,972 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-24 10:23:36 254,326 ----a-w c:\windows\system32\perfh001.dat
+ 2008-11-15 23:12:48 254,326 ----a-w c:\windows\system32\perfh001.dat
- 2008-10-24 10:23:36 314,644 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 23:12:48 314,644 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-18 22:51:20 278,528 ----a-w c:\windows\system32\pncrt.dll
+ 2008-11-11 03:32:47 278,528 ----a-w c:\windows\system32\pncrt.dll
- 2008-10-18 22:51:22 6,656 ----a-w c:\windows\system32\pndx5016.dll
+ 2008-11-11 03:32:48 6,656 ----a-w c:\windows\system32\pndx5016.dll
- 2008-10-18 22:51:23 5,632 ----a-w c:\windows\system32\pndx5032.dll
+ 2008-11-11 03:32:48 5,632 ----a-w c:\windows\system32\pndx5032.dll
+ 2003-05-21 22:50:42 73,793 ----a-w c:\windows\system32\rmbin\codecs\atrc.dll
+ 2004-04-05 20:04:30 548,919 ----a-w c:\windows\system32\rmbin\codecs\colorcvt.dll
+ 2004-04-05 20:05:10 65,602 ----a-w c:\windows\system32\rmbin\codecs\cook.dll
+ 2004-07-02 13:33:30 102,464 ----a-w c:\windows\system32\rmbin\codecs\drv1.dll
+ 2004-07-02 13:33:30 176,195 ----a-w c:\windows\system32\rmbin\codecs\drv2.dll
+ 2004-07-02 13:33:30 327,749 ----a-w c:\windows\system32\rmbin\codecs\drvc.dll
+ 2005-01-19 13:45:56 376,899 ----a-w c:\windows\system32\rmbin\codecs\erv2.dll
+ 2004-04-05 20:07:04 266,306 ----a-w c:\windows\system32\rmbin\codecs\erv3.dll
+ 2004-04-05 20:08:06 479,298 ----a-w c:\windows\system32\rmbin\codecs\erv4.dll
+ 2004-04-05 20:05:38 548,940 ----a-w c:\windows\system32\rmbin\codecs\raac.dll
+ 2004-04-05 20:05:34 155,702 ----a-w c:\windows\system32\rmbin\codecs\ralf.dll
+ 2004-04-05 20:05:20 102,465 ----a-w c:\windows\system32\rmbin\codecs\sipr.dll
+ 2002-12-06 10:02:58 49,152 ----a-w c:\windows\system32\rmbin\plugins\auth3260.dll
+ 2002-12-06 10:02:58 40,960 ----a-w c:\windows\system32\rmbin\plugins\basc3260.dll
+ 2004-04-05 20:06:28 262,204 ----a-w c:\windows\system32\rmbin\plugins\rmwrtr.dll
+ 2002-12-06 10:02:58 45,056 ----a-w c:\windows\system32\rmbin\plugins\rn5a3260.dll
+ 2002-12-06 10:02:58 61,440 ----a-w c:\windows\system32\rmbin\plugins\sdpp3260.dll
+ 2004-04-05 20:08:10 61,493 ----a-w c:\windows\system32\rmbin\plugins\smplfsys.dll
+ 2002-12-06 10:02:58 272,896 ----a-w c:\windows\system32\rmbin\pncrt.dll
+ 2004-04-05 20:01:02 53,341 ----a-w c:\windows\system32\rmbin\tools\audiofmtconverter.dll
+ 2004-04-05 20:01:08 49,235 ----a-w c:\windows\system32\rmbin\tools\audiolimiter.dll
+ 2004-04-05 20:04:14 65,634 ----a-w c:\windows\system32\rmbin\tools\audiolosslesscodec.dll
+ 2004-04-05 20:01:16 53,327 ----a-w c:\windows\system32\rmbin\tools\audiometer.dll
+ 2004-04-05 20:01:22 327,767 ----a-w c:\windows\system32\rmbin\tools\audioresampler.dll
+ 2004-04-05 19:59:18 856,132 ----a-w c:\windows\system32\rmbin\tools\encsession.dll
+ 2002-12-06 10:02:58 36,864 ----a-w c:\windows\system32\rmbin\tools\enlv3260.dll
+ 2004-04-05 20:01:28 53,325 ----a-w c:\windows\system32\rmbin\tools\eventpack.dll
+ 2004-04-05 19:59:38 53,321 ----a-w c:\windows\system32\rmbin\tools\mediasink.dll
+ 2004-04-05 20:01:42 57,443 ----a-w c:\windows\system32\rmbin\tools\mpeg4audiopacketizer.dll
+ 2004-02-24 06:19:38 548,864 ----a-w c:\windows\system32\rmbin\tools\rmme3260.dll
+ 2004-04-05 20:02:18 86,110 ----a-w c:\windows\system32\rmbin\tools\rmsessionformat.dll
+ 2004-02-24 06:19:38 356,352 ----a-w c:\windows\system32\rmbin\tools\rmto3260.dll
+ 2004-04-05 20:00:30 241,736 ----a-w c:\windows\system32\rmbin\tools\rmwriter.dll
+ 2004-04-05 20:03:42 69,718 ----a-w c:\windows\system32\rmbin\tools\rnaudiocodec.dll
+ 2004-04-05 20:03:48 77,920 ----a-w c:\windows\system32\rmbin\tools\rnaudiopacketizer.dll
+ 2004-04-05 20:04:00 106,582 ----a-w c:\windows\system32\rmbin\tools\rnvideocodec.dll
+ 2004-04-05 20:01:46 49,249 ----a-w c:\windows\system32\rmbin\tools\videocolorconverter.dll
+ 2004-04-05 20:01:54 45,139 ----a-w c:\windows\system32\rmbin\tools\videolumaadj.dll
- 2008-10-18 22:51:55 185,952 ----a-w c:\windows\system32\rmoc3260.dll
+ 2008-11-11 03:33:00 185,952 ----a-w c:\windows\system32\rmoc3260.dll
- 2006-09-06 14:43:16 14,048 ------w c:\windows\system32\spmsg.dll
+ 2007-03-06 00:57:33 14,560 ------w c:\windows\system32\spmsg.dll
- 2006-09-06 14:43:16 22,752 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-09-06 14:42:02 22,752 ----a-w c:\windows\system32\spupdsvc.exe
+ 2008-11-14 21:57:01 90,112 ----a-w c:\windows\system32\ssvideo.dll
- 2007-09-04 16:56:10 164,352 ----a-w c:\windows\system32\unrar.dll
+ 2002-10-15 22:54:04 153,088 ----a-w c:\windows\system32\unrar.dll
+ 1998-04-23 21:00:00 368,912 ----a-w c:\windows\system32\vbar332.dll
+ 2008-11-14 21:57:01 19,456 ----a-w c:\windows\system32\videocore.dll
+ 2008-11-14 21:57:03 18,599,936 ----a-w c:\windows\system32\videoencode.dll
+ 2008-11-14 21:57:03 452,608 ----a-w c:\windows\system32\videoformat.dll
+ 2008-11-14 21:57:03 6,963,712 ----a-w c:\windows\system32\videotrans.dll
+ 2008-11-14 21:57:03 1,462,272 ----a-w c:\windows\system32\viscom3gpenc.dll
+ 2008-11-14 21:57:03 1,454,080 ----a-w c:\windows\system32\viscomamrenc.dll
+ 2008-11-14 21:57:03 94,208 ----a-w c:\windows\system32\viscomaudiodata.dll
+ 2008-11-14 21:57:03 110,592 ----a-w c:\windows\system32\viscomaudioencoder.dll
+ 2008-11-14 21:57:06 18,628,608 ----a-w c:\windows\system32\viscomavi.dll
+ 2008-11-14 21:57:07 1,462,272 ----a-w c:\windows\system32\viscomdata1.dll
+ 2008-11-14 21:57:08 1,454,080 ----a-w c:\windows\system32\viscomdata2.dll
+ 2008-11-14 21:57:08 1,470,464 ----a-w c:\windows\system32\viscomdata3.dll
+ 2008-11-14 21:57:08 118,784 ----a-w c:\windows\system32\viscomflvdec.dll
+ 2008-11-14 21:57:08 1,462,272 ----a-w c:\windows\system32\viscomflvenc.dll
+ 2008-11-14 21:57:08 86,016 ----a-w c:\windows\system32\viscomframe.dll
+ 2008-11-14 21:57:08 1,470,464 ----a-w c:\windows\system32\viscomm4aenc.dll
+ 2008-11-14 21:57:08 602,112 ----a-w c:\windows\system32\viscomqtde.dll
+ 2008-11-14 21:57:08 147,456 ----a-w c:\windows\system32\viscomqtenc.dll
+ 2008-11-14 21:57:08 118,784 ----a-w c:\windows\system32\viscomrmenc.dll
+ 2008-11-14 21:57:08 48,640 ----a-w c:\windows\system32\viscomsamplerate.dll
+ 2008-11-14 21:57:09 81,920 ----a-w c:\windows\system32\viscomwave.dll
+ 2002-12-11 08:19:32 368,640 ----a-w c:\windows\system32\vobsub.dll
- 2004-08-03 21:55:58 49,152 ----a-w c:\windows\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w c:\windows\system32\wdigest.dll
+ 2001-03-01 05:28:02 311,568 ----a-w c:\windows\system32\wmv8dmod.dll
+ 2004-08-10 23:22:26 828,152 ----a-w c:\windows\system32\wmv9dmod.dll
+ 2004-08-03 21:56:00 8,192 ----a-w c:\windows\system32\wshirda.dll
+ 2006-10-09 20:12:20 417,792 ------w c:\windows\system32\xpsp3res.dll
.
-- snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
[hkey_current_user\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 am 15360]
"okay jugs"="c:\docume~1\al-kc\applic~1\greatc~1\bib bleh barb.exe" [11/16/2008 05:01 pm 550400]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"kis"="c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe" [03/24/2006 07:09 pm 139367]
"tkbellexe"="c:\program files\common files\real\update_ob\realsched.exe" [11/11/2008 06:32 am 185896]
"owns ping ante admin"="c:\documents and settings\all users\application data\ball mapi owns ping\plus browse.exe" [11/17/2008 11:44 pm 3091456]
"bluetoothauthenticationagent"="bthprops.cpl" [08/04/2004 12:56 am 110592 c:\windows\system32\bthprops.cpl]
c:\docume~1\alluse~1\a007~1\7d39~1\d51d~1\
«©م، ¢¬نïé adobe reader.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe [2005-09-24 29696]
[hkey_local_machine\software\microsoft\security center]
"antivirusdisablenotify"=dword:00000001
"updatesdisablenotify"=dword:00000001
"antivirusoverride"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantivirus]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\program files\\msn messenger\\msnmsgr.exe"=
"c:\\program files\\msn messenger\\livecall.exe"=
"c:\\documents and settings\\all users\\application data\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"=
"c:\\program files\\utorrent\\utorrent.exe"=
"%windir%\\network diagnostic\\xpnetdiag.exe"=
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"9420:tcp"= 9420:tcp:akamai network manager
"5000:udp"= 5000:udp:akamai network manager
s3 avpsys;avpsys;\??\c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{429ed70e-9f83-11dd-a299-000e2e83a07c}]
\shell\autorun\command - g:\xih9.cmd
\shell\explore\command - g:\xih9.cmd
\shell\open\command - g:\xih9.cmd
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{60673290-aa1f-11dd-a25d-000e2e83a07c}]
\shell\autorun\command - g:\xih9.cmd
\shell\explore\command - g:\xih9.cmd
\shell\open\command - g:\xih9.cmd
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9052525-9a03-11dd-a293-000e2e83a07c}]
\shell\autorun\command - h:\xih9.cmd
\shell\explore\command - h:\xih9.cmd
\shell\open\command - h:\xih9.cmd
.
S of the 'scheduled tasks' folder
2008-11-17 c:\windows\tasks\b57a984394310d87.job
- c:\docume~1\al-kc\applic~1\greatc~1\inside 01 store.exe [11/16/2008 05:04 pm]
2008-11-17 c:\windows\tasks\pcbugdoctoral-kc.job
- c:\program files\pcbugdoctor\pcbugdoctor.exe []
.
- - - - orphans removed - - - -
hkcu-run-ccleaner - c:\program files\ccleaner\ccleaner.exe
hklm-run-stupid creative poll axis - c:\documents and settings\all users\application data\memo save stupid creative\site send.exe

**************************************************************************
catchme 0.3.1367 w2k/xp/vista - rootkit/stealth malware detector by gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2008-11-17 23:44:19
windows 5.1.2600 service pack 2 ntfs
scanning hidden processes ...
Scanning hidden autostart entries ...
Scanning hidden files ...
Scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ other running processes ------------------------
.
C:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\rundll32.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 11/17/2008 23:49:24 - machine was rebooted
combofix-quarantined-files.txt 2008-11-17 20:49:16
combofix2.txt 2008-10-25 17:39:32
combofix3.txt 2008-10-24 11:20:06
combofix4.txt 2008-10-24 10:37:33
pre-run: 31,351,296,000 bytes free
post-run: 31,236,046,848 bytes free
434

..

تقرير الهايجاك

logfile of trend micro hijackthis v2.0.2
scan saved at 23:49:41, on 17/11/2008
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\svchost.exe
c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe
c:\windows\system32\rundll32.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\windows\system32\ctfmon.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\explorer.exe
c:\windows\system32\notepad.exe
c:\documents and settings\al-kc\سطح المكتب\zyzoom_hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,default_search_url =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r1 - hklm\software\microsoft\internet explorer\main,search page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

r3 - urlsearchhook: Yahoo! Toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - (no file)
o2 - bho: Acroiehlprobj class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o4 - hklm\..\run: [kis] "c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe"
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [owns ping ante admin] c:\documents and settings\all users\application data\ball mapi owns ping\plus browse.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [okay jugs] c:\docume~1\al-kc\applic~1\greatc~1\bib bleh barb.exe
o4 - global startup: سرعة تشغيل adobe reader.lnk = c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
o8 - extra context menu item: &تصدير إلى microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
o8 - extra context menu item: Add to kaspersky anti-banner - c:\program files\kaspersky lab\kaspersky internet security 6.0\\ie_banner_deny.htm
o9 - extra button: Web anti-virus - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - c:\program files\kaspersky lab\kaspersky internet security 6.0\scieplugin.dll
o9 - extra button: بحث - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o23 - service: Kaspersky internet security 6.0 (avp) - kaspersky lab - c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe
--
end of file - 3389 bytes

 

[وليد القحطاني]

خلود وينك الله يهديك !!

 

[وليد القحطاني]

والله ماتوقعتها منكم
الله لا يسامحكم بس