يطئ في التصفح

M

mmkcco

زيزوومي جديد
إنضم
17 سبتمبر 2008
المشاركات
26
مستوى التفاعل
0
النقاط
20
الإقامة
iraq
غير متصل
بدءا كل عام وانتم بالف خير اعاده الله عليكم باليمن والايمان
قد تم طلب وضع التقرير الاتي لتحديد سبب طيء الحاسبه من قبل احد الاخوان
ComboFix 09-09-18.02 - Admin 09/20/2009 3:00.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.964.1033.18.1023.545 [GMT 3:00]
Running from: c:\documents and settings\Admin\Desktop\prog\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ALCMTR.EXE
c:\windows\Installer\3edcc1.msi
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-09-18 19:47 . 2009-09-18 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-09-16 17:25 . 2009-09-16 17:25 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\windows\system32\xircom
2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-16 17:20 . 2009-09-16 17:20 -------- d-----w- c:\program files\microsoft frontpage
2009-09-16 16:09 . 2008-08-25 08:36 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-09-16 16:09 . 2008-08-25 08:36 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-09-16 16:09 . 2008-08-25 08:36 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-09-16 16:09 . 2008-06-02 12:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-09-16 16:08 . 2009-09-16 16:10 -------- d-----w- c:\program files\Spyware Doctor
2009-09-16 16:08 . 2009-09-16 16:08 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools
2009-09-16 16:08 . 2009-09-16 16:08 -------- d-----w- c:\documents and settings\Admin\Application Data\TrojanHunter
2009-09-16 16:06 . 2009-09-16 16:12 -------- d-----w- c:\program files\TrojanHunter 5.1
2009-09-16 16:01 . 2009-09-16 18:47 -------- d-----w- c:\program files\Spy Cleaner Gold
2009-09-16 16:01 . 2009-09-16 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
2009-09-12 15:13 . 2009-09-12 15:13 -------- d-----w- C:\LightC
2009-09-11 00:00 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 21:18 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-09-09 21:15 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-09-07 16:11 . 2009-09-07 16:11 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-09-06 23:09 . 2009-09-06 23:09 -------- d-----w- c:\documents and settings\nono\Local Settings\Application Data\HP
2009-09-06 23:09 . 2009-09-06 23:09 -------- d-----w- c:\documents and settings\nono\Application Data\HP
2009-09-06 12:40 . 2009-09-06 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-05 20:41 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-09-05 20:33 . 2008-06-12 14:23 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2009-09-05 20:33 . 2008-06-12 14:23 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2009-09-05 20:33 . 2008-06-12 14:23 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2009-09-05 20:33 . 2008-06-12 14:23 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2009-09-05 20:33 . 2008-06-12 14:23 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-09-05 01:52 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-09-05 01:52 . 2009-06-25 08:41 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2009-09-05 01:52 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-09-05 01:52 . 2009-06-25 08:41 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-05 01:52 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-09-05 01:04 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-09-05 01:04 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-09-05 01:04 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-09-05 01:04 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-09-05 01:04 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-09-05 01:04 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-09-05 00:59 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2009-09-05 00:59 . 2009-06-03 19:12 1291264 ------w- c:\windows\system32\dllcache\quartz.dll
2009-09-05 00:56 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-09-05 00:51 . 2008-06-17 19:02 8461312 ------w- c:\windows\system32\dllcache\shell32.dll
2009-09-05 00:46 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-09-05 00:45 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-09-05 00:36 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-09-05 00:36 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-09-05 00:36 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-09-05 00:36 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-09-05 00:36 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-09-05 00:36 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-05 00:36 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-09-05 00:36 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-09-05 00:36 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-05 00:36 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-05 00:36 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-05 00:36 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-05 00:23 . 2008-12-11 12:33 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-09-05 00:22 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-09-05 00:05 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-05 00:05 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-09-04 17:28 . 2009-09-04 17:28 -------- d-----w- c:\documents and settings\Admin\Application Data\HP
2009-09-04 17:26 . 2009-09-04 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-09-04 17:25 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-09-04 17:25 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-09-04 17:25 . 2009-09-04 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-04 17:25 . 2007-03-30 15:07 267864 ----a-r- c:\windows\system32\hpzids01.dll
2009-09-04 17:25 . 2007-03-28 11:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2009-09-04 17:25 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-09-04 17:24 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-04 17:24 . 2007-03-17 16:11 675840 ----a-r- c:\windows\system32\hpowiax3.dll
2009-09-04 17:24 . 2007-03-17 16:11 303104 ----a-r- c:\windows\system32\hpovst10.dll
2009-09-04 17:24 . 2007-03-17 16:11 569344 ----a-r- c:\windows\system32\hpotscl3.dll
2009-09-04 17:24 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-09-04 17:24 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-09-04 17:23 . 2009-09-04 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-09-04 17:22 . 2009-09-04 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-09-04 17:22 . 2009-09-04 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-04 17:21 . 2009-09-04 17:21 -------- d-----w- c:\program files\Common Files\HP
2009-09-04 17:21 . 2009-09-04 17:21 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-04 17:21 . 2009-09-04 17:21 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-04 17:20 . 2009-09-04 17:23 -------- d-----w- c:\program files\HP
2009-09-04 17:18 . 2009-09-04 17:26 156631 ----a-w- c:\windows\hpoins14.dat
2009-09-04 17:18 . 2007-06-05 23:07 2000 ------w- c:\windows\hpomdl14.dat
2009-09-04 17:18 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-04 17:16 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-04 12:58 . 2009-09-17 22:09 -------- d-----w- c:\documents and settings\nono\Tracing
2009-09-04 12:56 . 2009-09-04 12:56 -------- d-----w- c:\documents and settings\nono\Local Settings\Application Data\Yahoo
2009-09-04 12:55 . 2009-09-04 12:55 -------- d-sh--w- c:\documents and settings\nono\PrivacIE
2009-09-04 12:23 . 2009-09-04 12:23 -------- d-sh--w- c:\documents and settings\nono\IETldCache
2009-09-04 11:51 . 2009-06-25 08:41 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2009-09-04 11:51 . 2009-03-21 14:06 989696 ------w- c:\windows\system32\dllcache\kernel32.dll
2009-09-04 11:34 . 2009-09-04 11:34 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2009-09-04 11:31 . 2009-09-04 11:31 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2009-09-04 11:29 . 2009-09-04 11:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-04 11:29 . 2009-09-04 11:29 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2009-09-04 11:27 . 2009-09-04 11:27 -------- d-----w- c:\windows\ie8updates
2009-09-04 11:27 . 2009-09-11 01:27 -------- d--h--w- c:\windows\$hf_mig$
2009-09-04 11:25 . 2009-09-04 11:27 -------- dc-h--w- c:\windows\ie8
2009-09-04 11:19 . 2008-12-16 12:30 354304 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-09-04 11:08 . 2009-09-04 11:11 -------- d-----w- C:\3dee8fa2c3e2f42aa8d5cf0c04c8
2009-09-04 11:08 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-04 11:08 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-04 11:08 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-09-04 11:08 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-04 11:08 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-04 11:08 . 2009-07-03 17:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-09-04 11:06 . 2009-09-04 11:06 -------- d-----w- C:\e206b6fd5ec5eb16a94ba4
2009-09-03 23:32 . 2009-09-03 23:32 -------- d-----w- c:\documents and settings\Admin\Application Data\ImTOO Software Studio
2009-09-03 16:33 . 2009-09-03 16:33 -------- d-----w- c:\documents and settings\nono\Local Settings\Application Data\Opera
2009-09-03 16:33 . 2009-09-03 16:33 275552 ----a-w- c:\documents and settings\nono\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 16:32 . 2009-09-03 16:32 -------- d-----w- c:\documents and settings\nono\Application Data\Windows Sidebar Styler
2009-09-03 00:35 . 2009-09-03 00:35 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-03 00:35 . 2009-09-03 00:35 -------- d-----w- c:\program files\Common Files\Real
2009-09-03 00:35 . 2009-09-03 00:35 -------- d-----w- c:\program files\Real
2009-09-03 00:21 . 2009-09-03 00:21 -------- d-----w- c:\documents and settings\Admin\CSB
2009-09-03 00:21 . 2009-09-03 00:25 -------- d-----w- c:\program files\Chinese Symbol Studio
2009-09-03 00:09 . 2009-09-03 00:09 -------- d-----w- c:\documents and settings\Admin\Application Data\GlobalSCAPE
2009-09-02 23:57 . 2009-09-02 23:57 -------- d-----w- c:\program files\ImTOO
2009-09-02 23:37 . 2009-09-02 23:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Downloaded Installations
2009-09-02 23:31 . 2004-10-03 14:41 167936 ----a-w- c:\windows\system32\Engine3D.dll
2009-09-02 23:18 . 2009-09-07 16:28 -------- d-----w- c:\documents and settings\Guest\Tracing
2009-09-02 14:59 . 2009-09-02 14:59 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Google
2009-09-01 23:33 . 2009-09-01 23:33 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 10:49 . 2009-08-28 21:45 -------- d-----w- c:\program files\Windows Sidebar
2009-09-01 11:04 . 2009-08-28 22:31 275552 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 23:41 . 2009-08-31 23:40 -------- d-----w- c:\program files\QuickWiz
2009-08-31 23:41 . 2009-08-31 23:40 -------- d-----w- c:\program files\Common Files\GuruNet Shared
2009-08-31 13:20 . 2009-08-28 22:23 -------- d-----w- c:\program files\MSBuild
2009-08-29 13:07 . 2009-08-29 13:07 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Sidebar Styler
2009-08-28 22:59 . 2009-08-28 22:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-28 22:59 . 2009-08-28 22:59 -------- d-----w- c:\program files\Java
2009-08-28 22:59 . 2009-08-28 22:59 -------- d-----w- c:\program files\Opera
2009-08-28 22:57 . 2009-08-28 22:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-28 22:50 . 2009-08-28 22:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-28 22:31 . 2009-08-28 22:31 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Sidebar Styler
2009-08-28 22:31 . 2009-08-28 22:09 -------- d-----w- c:\program files\Styler
2009-08-28 22:31 . 2009-08-28 22:31 -------- d-----w- c:\documents and settings\Admin\Application Data\Styler
2009-08-28 22:31 . 2009-08-28 21:47 -------- d-----w- c:\program files\VistaExperience.org
2009-08-28 22:29 . 2009-08-28 22:29 -------- d-----w- c:\program files\Stanimir Stoyanov
2009-08-28 22:29 . 2008-04-14 12:00 5660672 ----a-w- c:\windows\system32\logonuiX.exe
2009-08-28 22:29 . 2009-08-28 22:29 -------- d-----w- c:\program files\WinCustomize
2009-08-28 22:29 . 2009-08-28 22:29 -------- d-----w- c:\program files\Common Files\Stardock
2009-08-28 22:28 . 2009-08-28 22:28 -------- d---a-w- c:\program files\Stardock
2009-08-28 22:23 . 2009-08-28 22:23 -------- d-----w- c:\program files\Reference Assemblies
2009-08-28 22:20 . 2009-08-28 22:20 -------- d-----w- c:\program files\Drive Space Indicator
2009-08-28 22:14 . 2009-08-28 22:14 -------- d-----w- c:\program files\Alky for Applications
2009-08-28 22:11 . 2009-08-28 22:11 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-28 22:09 . 2009-08-28 22:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 20:43 . 2009-02-08 23:40 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2009-02-08 23:40 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 12:11 . 2009-02-08 23:39 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:41 . 2009-02-08 23:39 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:41 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:41 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:41 . 2009-02-08 23:39 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:41 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 10:28 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

------- Sigcheck -------

[-] 2009-02-08 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-03 . 9A41E77AF64CA976E6F61B55401CBEBB . 1110528 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-08-29 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
Styler.lnk - c:\documents and settings\Admin\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-8-29 15086]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Qs Black Shine Blue.wsstyles [2008-5-20 210081]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 05:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"DriveSpace"=c:\program files\Drive Space Indicator\DrvSpace.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [8/29/2009 2:20 AM 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [8/29/2009 2:20 AM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [8/29/2009 2:20 AM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/29/2009 2:20 AM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [8/29/2009 2:20 AM 434945]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/1/2009 6:35 PM 55152]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [8/29/2009 2:20 AM 69632]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/16/2009 7:09 PM 356920]
S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/29/2009 2:03 AM 603904]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-09-18 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 18:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = socks=
IE: Download with ImTOO Download YouTube Video - c:\program files\ImTOO\Download YouTube Video\upod_link.HTM
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-09-20 03:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'lsass.exe'(1060)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-09-20 3:05
ComboFix-quarantined-files.txt 2009-09-20 00:05

Pre-Run: 70,244,876,288 bytes free
Post-Run: 70,304,260,096 bytes free

309 --- E O F --- 2009-09-12 00:00
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
 Do a system scan and save log
 لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم


 
التعديل الأخير بواسطة المشرف:
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:41 AM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Windows Sidebar\Sidebar.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Sidebar\Sidebar.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickWiz\EasyLingo\ELINGO.EXE
C:\Program Files\Common Files\GuruNet Shared\agtserv.exe
C:\Program Files\QuickWiz\EasyLingo\wdtspeak.exe
C:\Documents and Settings\Admin\My Documents\mre\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2052111302-261903793-1606980848-1005\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'noor')
O4 - HKUS\S-1-5-21-2052111302-261903793-1606980848-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'noor')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Qs Black Shine Blue.wsstyles
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7998 bytes
 
تأييد 0


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

ولو طول اصبر عليه ^_^
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى