|
مشاكل عصيبه بالجهاز تقريرين
التقرير الأول كومبو فيكس
ComboFix 10-12-14.05 - fujitsu- 12/16/2010 14:50:24.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2009.1454 [GMT 3:00] Running from: c:\documents and settings\fujitsu-\My Documents\Downloads\Programs\ComboFix.ex e AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) ))))))))) . c:\windows\system32\1.txt . ((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 ))))))))))))))))))))))))))))))) . 2010-12-16 11:26 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll 2010-12-16 11:26 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm 2010-12-16 11:26 . 2010-12-16 11:26 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-12-16 11:25 . 2010-12-16 11:25 -------- d-----w- c:\program files\AviSynth 2.5 2010-12-16 11:24 . 2010-12-16 11:25 -------- d-----w- c:\program files\Pure Codec 2010-12-16 11:13 . 2010-12-16 11:23 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\BSplayer 2010-12-13 12:22 . 2010-12-13 12:25 -------- d-----w- c:\program files\CamStudio 2010-12-12 20:23 . 2010-12-12 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe 2010-12-12 17:02 . 2010-12-12 17:02 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-12-10 22:46 . 2010-12-10 22:55 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\TeamViewer 2010-12-10 22:46 . 2010-12-10 22:46 -------- d-----w- c:\program files\TeamViewer 2010-12-10 22:01 . 2010-12-10 22:01 -------- d--h--w- c:\windows\PIF 2010-12-10 18:52 . 2010-12-10 18:52 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\www.doom9.net 2010-12-08 18:43 . 2010-12-08 19:07 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\WMTools Downloaded Files 2010-12-08 18:43 . 2010-12-08 18:43 65536 ----a-r- c:\documents and settings\fujitsu-\Application Data\Microsoft\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941ARA}\ARPPRODUCTICON.exe 2010-12-07 13:34 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dl l 2010-12-07 13:31 . 2010-12-07 13:33 -------- dc-h--w- c:\windows\ie8 2010-12-07 11:00 . 2010-12-07 11:00 -------- d-----w- c:\program files\Common Files\Java 2010-12-07 11:00 . 2010-12-07 11:00 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-12-07 11:00 . 2010-12-07 11:00 -------- d-----w- c:\program files\Java 2010-12-07 10:25 . 2010-12-07 10:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-12-05 19:41 . 2010-12-05 19:41 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\Transcend 2010-12-05 19:16 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll 2010-12-04 11:31 . 2010-12-04 11:31 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Western Digital 2010-12-03 10:41 . 2010-12-03 10:42 -------- d-----w- c:\program files\Aegisub 2010-11-30 16:20 . 2010-11-30 16:20 -------- d-----w- c:\program files\CCleaner 2010-11-30 13:53 . 2010-11-30 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff 2010-11-30 13:27 . 2010-11-30 13:27 388096 ----a-r- c:\documents and settings\fujitsu-\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-11-30 10:55 . 2010-11-30 10:56 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Deployment 2010-11-29 21:47 . 2010-11-29 21:47 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Tific 2010-11-29 21:42 . 2010-11-29 21:42 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\Tific 2010-11-29 21:42 . 2010-11-29 21:42 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Symantec 2010-11-29 21:32 . 2010-11-29 21:33 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-11-28 18:45 . 2010-11-28 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings 2010-11-28 09:57 . 2009-08-06 16:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-11-28 09:57 . 2009-08-06 16:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-11-27 15:33 . 2010-11-27 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2010-11-27 15:33 . 2010-11-27 15:33 -------- d-----w- c:\program files\Messenger Plus! Live 2010-11-27 15:31 . 2010-11-27 15:31 -------- d-----w- c:\program files\Microsoft 2010-11-27 15:30 . 2010-11-27 15:30 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-11-27 15:30 . 2010-11-27 15:31 -------- d-----w- c:\program files\Windows Live 2010-11-26 16:09 . 2010-12-03 10:45 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\Aegisub 2010-11-25 21:36 . 2010-11-26 23:09 -------- d-----w- c:\windows\system32\XPSViewer 2010-11-25 21:35 . 2010-11-25 21:35 -------- d-----w- c:\program files\Reference Assemblies 2010-11-25 21:35 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x8 6\filterpipelineprintproc.dll 2010-11-25 21:35 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll 2010-11-25 09:40 . 2010-11-25 09:40 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Mozilla 2010-11-24 22:09 . 2010-11-24 22:09 -------- d-----w- c:\program files\AVG 2010-11-24 16:52 . 2010-11-24 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-11-24 15:02 . 2010-11-24 15:02 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\Malwarebytes 2010-11-24 15:01 . 2010-11-24 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-24 11:23 . 2010-11-24 11:23 -------- d-----w- c:\program files\Trend Micro 2010-11-23 21:12 . 2010-11-23 23:45 -------- d-----w- c:\program files\uTorrent 2010-11-23 11:13 . 2010-11-29 21:45 -------- d-----w- c:\program files\Atheros 2010-11-23 11:13 . 2008-06-27 13:40 1315776 ----a-w- c:\windows\system32\athw.sys 2010-11-23 11:13 . 2010-11-23 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros 2010-11-23 09:58 . 2008-09-23 21:00 338560 ------w- c:\windows\system32\drivers\rtl8187B.sys 2010-11-23 09:58 . 2008-09-23 21:00 338560 ------w- c:\windows\system\rtl8187B.sys 2010-11-23 09:58 . 2010-11-23 09:58 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver 2010-11-22 16:29 . 2005-05-31 10:12 385024 ------w- c:\windows\system32\athcfg11.dll 2010-11-22 16:29 . 2005-05-31 10:10 77824 ------w- c:\windows\system32\athcfg11res.dll 2010-11-22 16:13 . 2007-01-11 10:20 194304 ----a-r- c:\windows\system32\drivers\RTL8187.sys 2010-11-22 16:11 . 2010-11-22 16:11 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-11-22 16:11 . 2007-02-01 07:36 306560 ------r- c:\windows\system32\drivers\rtl8185.sys 2010-11-22 16:11 . 2006-11-15 13:23 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys 2010-11-22 16:11 . 2010-11-23 07:41 -------- d-----w- c:\program files\REALTEK PCI&Cardbus Wireless LAN Driver and Utility 2010-11-22 16:11 . 2010-11-22 16:27 -------- d-----w- c:\windows\system32\REALTEK PCI&Cardbus Wireless LAN Driver and Utility 2010-11-22 16:06 . 2010-12-08 18:19 -------- d-----w- C:\temp 2010-11-22 16:06 . 2004-10-21 23:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\ctor.dll 2010-11-22 16:06 . 2004-10-21 23:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\iscript.dll 2010-11-22 16:06 . 2004-10-21 23:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\iuser.dll 2010-11-22 16:06 . 2004-10-21 23:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\DotNetInstaller.exe 2010-11-22 16:06 . 2004-10-21 23:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\iKernel.dll 2010-11-22 16:06 . 2010-11-22 16:06 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\iGdi.dll 2010-11-22 16:06 . 2010-11-22 16:06 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\setup.dll 2010-11-22 07:44 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-11-20 13:22 . 2010-12-02 21:06 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\vlc 2010-11-20 06:12 . 2010-12-16 11:21 -------- d-----w- c:\program files\FreeTime 2010-11-20 05:40 . 2010-11-20 05:40 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\CyberLink 2010-11-18 13:12 . 2010-11-29 17:00 -------- d-----w- C:\Hotspot Shield 2010-11-18 12:59 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-11-18 12:59 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-11-18 12:58 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dl l 2010-11-18 12:54 . 2010-11-18 12:54 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\WNR 2010-11-17 20:07 . 2010-11-30 16:25 -------- d-----w- c:\windows\system32\LogFiles 2010-11-17 16:31 . 2010-11-17 16:31 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\DivX 2010-11-17 15:23 . 2010-11-17 15:23 -------- d-----w- c:\windows\system32\scripting 2010-11-17 15:23 . 2010-11-17 15:23 -------- d-----w- c:\windows\system32\en 2010-11-17 15:23 . 2010-11-17 15:23 -------- d-----w- c:\windows\system32\bits 2010-11-17 15:23 . 2010-11-17 15:23 -------- d-----w- c:\windows\l2schemas 2010-11-17 14:41 . 2010-11-17 14:41 -------- d-sh--w- c:\documents and settings\fujitsu-\IECompatCache 2010-11-17 14:40 . 2010-11-17 14:40 -------- d-sh--w- c:\documents and settings\fujitsu-\PrivacIE 2010-11-17 14:40 . 2010-11-17 14:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-11-17 14:39 . 2010-11-17 14:39 -------- d-sh--w- c:\documents and settings\fujitsu-\IETldCache 2010-11-17 14:36 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-11-17 14:36 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-11-17 14:36 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dl l 2010-11-17 13:55 . 2010-11-17 15:21 -------- d-----w- c:\windows\ServicePackFiles 2010-11-17 13:54 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-11-17 13:32 . 2004-08-03 19:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys 2010-11-17 13:32 . 2004-08-03 19:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys 2010-11-17 13:32 . 2004-08-03 19:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys 2010-11-17 13:32 . 2004-08-03 19:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys 2010-11-17 13:32 . 2004-08-03 19:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys 2010-11-17 13:32 . 2004-08-03 19:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys 2010-11-17 13:32 . 2004-08-03 19:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys 2010-11-17 13:32 . 2004-08-03 19:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys 2010-11-17 13:32 . 2004-08-03 19:41 404990 ------w- c:\windows\system32\drivers\slntamr.sys 2010-11-17 13:32 . 2004-08-03 19:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys 2010-11-17 13:32 . 2004-08-03 19:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys 2010-11-17 13:31 . 2004-08-03 19:41 13776 ------w- c:\windows\system32\drivers\recagent.sys 2010-11-17 13:31 . 2004-08-03 19:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys 2010-11-17 13:31 . 2004-08-03 19:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys 2010-11-17 13:31 . 2004-08-03 19:41 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys 2010-11-17 13:31 . 2004-08-03 19:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys 2010-11-17 13:31 . 2004-08-03 19:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys 2010-11-17 13:31 . 2004-08-03 19:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys 2010-11-17 13:31 . 2004-08-03 19:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys 2010-11-17 13:31 . 2004-08-03 19:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys 2010-11-17 13:31 . 2004-08-03 19:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys 2010-11-17 12:51 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-11-17 12:51 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-11-17 12:51 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-11-17 12:44 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys 2010-11-17 12:30 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) )))))))))))) . 2010-12-11 08:00 . 2009-12-05 11:42 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-12-07 18:40 . 2009-05-29 21:37 183808 ----a-w- c:\windows\system32\xvidvfw.dll 2010-12-07 18:22 . 2009-05-29 21:31 810496 ----a-w- c:\windows\system32\xvidcore.dll 2010-11-15 17:00 . 2010-11-15 17:00 90112 ----a-w- c:\windows\system32\agsaami.dll 2010-11-15 17:00 . 2010-11-15 17:00 610304 ----a-w- c:\windows\system32\agsaamg.dll 2010-11-15 17:00 . 2010-11-15 17:00 372736 ----a-w- c:\windows\system32\agsaamc.dll 2010-11-15 17:00 . 2010-11-15 17:00 2535424 ----a-w- c:\windows\system32\agsaamj.dll 2010-11-15 17:00 . 2010-11-15 17:00 1986560 ----a-w- c:\windows\system32\akll.dll 2010-11-15 17:00 . 2010-11-15 17:00 196608 ----a-w- c:\windows\system32\maag.dll 2010-11-15 17:00 . 2010-11-15 17:00 1245184 ----a-w- c:\windows\system32\bkll.dll 2010-11-15 17:00 . 2010-11-15 17:00 1212416 ----a-w- c:\windows\system32\ckll.dll 2010-11-15 17:00 . 2010-11-15 17:00 823296 ----a-w- c:\windows\system32\agsaamh.dll 2010-11-15 17:00 . 2010-11-15 17:00 671869 ----a-w- c:\windows\system32\agsaame.dll 2010-11-15 17:00 . 2010-11-15 17:00 643072 ----a-w- c:\windows\system32\agsaamd.dll 2010-11-15 17:00 . 2010-11-15 17:00 638976 ----a-w- c:\windows\system32\agsaamb.dll 2010-11-15 17:00 . 2010-11-15 17:00 360448 ----a-w- c:\windows\system32\agsaamf.ocx 2010-11-15 17:00 . 2010-11-15 17:00 315392 ----a-w- c:\windows\system32\agsaama.dll 2010-11-15 17:00 . 2010-11-15 17:00 237568 ----a-w- c:\windows\system32\lame_enc.dll 2010-11-15 17:00 . 2010-11-15 17:00 53760 ----a-w- c:\windows\system\ppacklib.dll 2010-11-15 16:29 . 2010-11-15 16:29 251 ----a-w- c:\windows\xUninstall.bat 2010-11-15 16:22 . 2010-11-15 16:22 315392 ----a-w- c:\windows\HideWin.exe 2010-09-22 19:19 . 2010-09-22 19:19 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys 2010-09-22 19:19 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2010-09-18 09:23 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2001-08-23 09:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2001-08-23 09:00 953856 ----a-w- c:\windows\system32\mfc40u.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) )))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-29 3945808] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-29 468856] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-21 3179952] "Google Update"="c:\documents and settings\fujitsu-\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-30 136176] "JFSW2Launch"="c:\documents and settings\fujitsu-\Application Data\Transcend\JFSW2\JFSW2Launch.exe" [2010-03-25 176128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops .cpl" [2008-04-14 110592] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartu pUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5Service Manager.exe" [2010-02-22 406992] "SrLoader"="c:\program files\Super Rabbit\MagicSet\SrLoader.exe" [2009-09-27 269504] [HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2008-04-14 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\Alcmtr] 2005-05-03 15:43 69632 ----a-w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\AlcWzrd] 2006-05-04 13:26 2808832 ----a-w- c:\windows\alcwzrd.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\BluetoothAuthe nticationAgent] 2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 08:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\HotKeysCmds] 2008-07-17 11:30 178712 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\IgfxTray] 2008-07-17 11:31 150040 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\msnmsgr] 2010-11-29 21:33 3945808 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\NeroFilterChec k] 2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\RTHDCPL] 2008-03-26 13:14 16859136 ----a-w- c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\SMSERIAL] 2010-11-30 10:15 671744 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\SoundMan] 2006-07-21 13:14 86016 ----a-w- c:\windows\SoundMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\se curity center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\fujitsu-\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Internet Download Manager\\IDMan.exe"= "c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"= "c:\\Program Files\\CCleaner\\uninst.exe"= "c:\\Program Files\\InstallShield Installation Information\\{28006915-2739-4EBE-B5E8-49B25D32EB33}\\setup.exe"= "c:\\Program Files\\Hotspot Shield\\bin\\openvpntray.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe" = "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer. exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_ Service.exe"= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\11 08000.005\symds.sys [02/12/2010 09:32 م 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N IS\1108000.005\symefa.sys [02/12/2010 09:32 م 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions \BASHDefs\20101123.003\BHDrvx86.sys [23/11/2010 05:20 ص 691248] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS \1108000.005\cchpx86.sys [02/12/2010 09:32 م 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1 108000.005\ironx86.sys [02/12/2010 09:32 م 116784] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAP Pkt.sys [22/11/2010 07:11 م 38144] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [02/12/2010 09:32 م 126392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/11/2010 12:52 ص 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions \IPSDefs\20101213.001\IDSXpx86.sys [16/12/2010 02:57 ص 341944] R3 JMCR;JMCR;c:\windows\system32\drivers\jm cr.sys [11/04/2008 05:55 م 84240] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?] S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8 187.sys [22/11/2010 07:13 م 194304] S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Dr ivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 01:37 م 517096] . Contents of the 'Scheduled Tasks' folder 2010-12-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TOSHIBA-fujitsu-.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartu putility.exe [2010-12-12 00:44] 2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-299502267-839522115-1003Core.job - c:\documents and settings\fujitsu-\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-30 10:56] 2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-299502267-839522115-1003UA.job - c:\documents and settings\fujitsu-\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-30 10:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.sa/ uInternet Settings,ProxyOverride = local IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm LSP: c:\windows\system32\idmmbc.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe **************************************** ********************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-16 14:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 **************************************** ********************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\ Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):cc,67,9e,2e,62,d0,02,9f, 99,69,f9,1e,40,4e,11,a4,40,60,e2,fb,85, d3,d3,c0,9f,cd,40,44,95,dd,d0,21,2f,0a,2 3,c0,92,68,f5,4d,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system3 2\\Macromed\\Flash\\FlashUtil10i_ActiveX .exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flas h\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{aa577517-7613-4fc5-a74c-87716d6dbbfd}] @Denied: (Full) (Everyone) "Model"=dword:00000146 "Therad"=dword:00000009 [HKEY_LOCAL_MACHINE\software\Classes\Inte rface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Inte rface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Inte rface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1724) c:\windows\system32\idmmbc.dll . Completion time: 2010-12-16 14:56:39 ComboFix-quarantined-files.txt 2010-12-16 11:56 ComboFix2.txt 2010-12-07 21:52 Pre-Run: 16,813,154,304 bytes free Post-Run: 17,071,046,656 bytes free - - End Of File - - 22F660A23E71C0800548E615BC3023D0 التقرير الثاني هاجيك ذس Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:58:46 م, on 16/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\verclsid.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,ProxyOverride = local O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper Shim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_pl ugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAge nt O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartu pUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5Service Manager.exe" -launchedbylogin O4 - HKLM\..\Run: [SrLoader] C:\Program Files\Super Rabbit\MagicSet\SrLoader.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\fujitsu-\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [JFSW2Launch] C:\Documents and Settings\fujitsu-\Application Data\Transcend\JFSW2\JFSW2Launch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.d ll O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.d ll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.D LL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing) O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 7504 bytes أكثر... |
| الساعة الآن 02:53 PM |
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
منتديات بلاك بيري
mjawshy.net
المجاوشي للتقنية المتقدمة