مشاكل عصيبه بالجهاز تقريرين

التقرير الأول كومبو فيكس

ComboFix 10-12-14.05 - fujitsu- 12/16/2010 1424.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2009.1454 [GMT 3:00]
Running from: c:\documents and settings\fujitsu-\My Documents\Downloads\Programs\ComboFix.ex e
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
c:\windows\system32\1.txt
.
((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
.
2010-12-16 11:26 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-16 11:26 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-12-16 11:26 . 2010-12-16 11:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-12-16 11:25 . 2010-12-16 11:25 -------- d-----w- c:\program files\AviSynth 2.5
2010-12-16 11:24 . 2010-12-16 11:25 -------- d-----w- c:\program files\Pure Codec
2010-12-16 11:13 . 2010-12-16 11:23 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\BSplayer
2010-12-13 12:22 . 2010-12-13 12:25 -------- d-----w- c:\program files\CamStudio
2010-12-12 20:23 . 2010-12-12 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-12-12 17:02 . 2010-12-12 17:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-10 22:46 . 2010-12-10 22:55 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\TeamViewer
2010-12-10 22:46 . 2010-12-10 22:46 -------- d-----w- c:\program files\TeamViewer
2010-12-10 22:01 . 2010-12-10 22:01 -------- d--h--w- c:\windows\PIF
2010-12-10 18:52 . 2010-12-10 18:52 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\www.doom9.net
2010-12-08 18:43 . 2010-12-08 19:07 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\WMTools Downloaded Files
2010-12-08 18:43 . 2010-12-08 18:43 65536 ----a-r- c:\documents and settings\fujitsu-\Application Data\Microsoft\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941ARA}\ARPPRODUCTICON.exe
2010-12-07 13:34 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dl l
2010-12-07 13:31 . 2010-12-07 13:33 -------- dc-h--w- c:\windows\ie8
2010-12-07 11:00 . 2010-12-07 11:00 -------- d-----w- c:\program files\Common Files\Java
2010-12-07 11:00 . 2010-12-07 11:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-07 11:00 . 2010-12-07 11:00 -------- d-----w- c:\program files\Java
2010-12-07 10:25 . 2010-12-07 10:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-05 19:41 . 2010-12-05 19:41 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\Transcend
2010-12-05 19:16 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-12-04 11:31 . 2010-12-04 11:31 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Western Digital
2010-12-03 10:41 . 2010-12-03 10:42 -------- d-----w- c:\program files\Aegisub
2010-11-30 16:20 . 2010-11-30 16:20 -------- d-----w- c:\program files\CCleaner
2010-11-30 13:53 . 2010-11-30 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff
2010-11-30 13:27 . 2010-11-30 13:27 388096 ----a-r- c:\documents and settings\fujitsu-\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-30 10:55 . 2010-11-30 10:56 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Deployment
2010-11-29 21:47 . 2010-11-29 21:47 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Tific
2010-11-29 21:42 . 2010-11-29 21:42 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\Tific
2010-11-29 21:42 . 2010-11-29 21:42 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Symantec
2010-11-29 21:32 . 2010-11-29 21:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-11-28 18:45 . 2010-11-28 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-11-28 09:57 . 2009-08-06 16:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-28 09:57 . 2009-08-06 16:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-27 15:33 . 2010-11-27 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-11-27 15:33 . 2010-11-27 15:33 -------- d-----w- c:\program files\Messenger Plus! Live
2010-11-27 15:31 . 2010-11-27 15:31 -------- d-----w- c:\program files\Microsoft
2010-11-27 15:30 . 2010-11-27 15:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-11-27 15:30 . 2010-11-27 15:31 -------- d-----w- c:\program files\Windows Live
2010-11-26 16:09 . 2010-12-03 10:45 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\Aegisub
2010-11-25 21:36 . 2010-11-26 23:09 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-25 21:35 . 2010-11-25 21:35 -------- d-----w- c:\program files\Reference Assemblies
2010-11-25 21:35 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x8 6\filterpipelineprintproc.dll
2010-11-25 21:35 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-11-25 09:40 . 2010-11-25 09:40 -------- d-----w- c:\documents and settings\fujitsu-\Local Settings\Application Data\Mozilla
2010-11-24 22:09 . 2010-11-24 22:09 -------- d-----w- c:\program files\AVG
2010-11-24 16:52 . 2010-11-24 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-11-24 15:02 . 2010-11-24 15:02 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\Malwarebytes
2010-11-24 15:01 . 2010-11-24 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-24 11:23 . 2010-11-24 11:23 -------- d-----w- c:\program files\Trend Micro
2010-11-23 21:12 . 2010-11-23 23:45 -------- d-----w- c:\program files\uTorrent
2010-11-23 11:13 . 2010-11-29 21:45 -------- d-----w- c:\program files\Atheros
2010-11-23 11:13 . 2008-06-27 13:40 1315776 ----a-w- c:\windows\system32\athw.sys
2010-11-23 11:13 . 2010-11-23 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-11-23 09:58 . 2008-09-23 21:00 338560 ------w- c:\windows\system32\drivers\rtl8187B.sys
2010-11-23 09:58 . 2008-09-23 21:00 338560 ------w- c:\windows\system\rtl8187B.sys
2010-11-23 09:58 . 2010-11-23 09:58 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2010-11-22 16:29 . 2005-05-31 10:12 385024 ------w- c:\windows\system32\athcfg11.dll
2010-11-22 16:29 . 2005-05-31 10:10 77824 ------w- c:\windows\system32\athcfg11res.dll
2010-11-22 16:13 . 2007-01-11 10:20 194304 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2010-11-22 16:11 . 2010-11-22 16:11 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-22 16:11 . 2007-02-01 07:36 306560 ------r- c:\windows\system32\drivers\rtl8185.sys
2010-11-22 16:11 . 2006-11-15 13:23 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2010-11-22 16:11 . 2010-11-23 07:41 -------- d-----w- c:\program files\REALTEK PCI&Cardbus Wireless LAN Driver and Utility
2010-11-22 16:11 . 2010-11-22 16:27 -------- d-----w- c:\windows\system32\REALTEK PCI&Cardbus Wireless LAN Driver and Utility
2010-11-22 16:06 . 2010-12-08 18:19 -------- d-----w- C:\temp
2010-11-22 16:06 . 2004-10-21 23:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\ctor.dll
2010-11-22 16:06 . 2004-10-21 23:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\iscript.dll
2010-11-22 16:06 . 2004-10-21 23:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\iuser.dll
2010-11-22 16:06 . 2004-10-21 23:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\DotNetInstaller.exe
2010-11-22 16:06 . 2004-10-21 23:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\iKernel.dll
2010-11-22 16:06 . 2010-11-22 16:06 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\iGdi.dll
2010-11-22 16:06 . 2010-11-22 16:06 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime \10\50\Intel32\setup.dll
2010-11-22 07:44 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-20 13:22 . 2010-12-02 21:06 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\vlc
2010-11-20 06:12 . 2010-12-16 11:21 -------- d-----w- c:\program files\FreeTime
2010-11-20 05:40 . 2010-11-20 05:40 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\CyberLink
2010-11-18 13:12 . 2010-11-29 17:00 -------- d-----w- C:\Hotspot Shield
2010-11-18 12:59 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-18 12:59 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-18 12:58 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dl l
2010-11-18 12:54 . 2010-11-18 12:54 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\WNR
2010-11-17 20:07 . 2010-11-30 16:25 -------- d-----w- c:\windows\system32\LogFiles
2010-11-17 16:31 . 2010-11-17 16:31 -------- d-----w- c:\documents and settings\fujitsu-\Application Data\DivX
2010-11-17 15:23 . 2010-11-17 15:23 -------- d-----w- c:\windows\system32\scripting
2010-11-17 15:23 . 2010-11-17 15:23 -------- d-----w- c:\windows\system32\en
2010-11-17 15:23 . 2010-11-17 15:23 -------- d-----w- c:\windows\system32\bits
2010-11-17 15:23 . 2010-11-17 15:23 -------- d-----w- c:\windows\l2schemas
2010-11-17 14:41 . 2010-11-17 14:41 -------- d-sh--w- c:\documents and settings\fujitsu-\IECompatCache
2010-11-17 14:40 . 2010-11-17 14:40 -------- d-sh--w- c:\documents and settings\fujitsu-\PrivacIE
2010-11-17 14:40 . 2010-11-17 14:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-17 14:39 . 2010-11-17 14:39 -------- d-sh--w- c:\documents and settings\fujitsu-\IETldCache
2010-11-17 14:36 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-17 14:36 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-17 14:36 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dl l
2010-11-17 13:55 . 2010-11-17 15:21 -------- d-----w- c:\windows\ServicePackFiles
2010-11-17 13:54 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-17 13:32 . 2004-08-03 19:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-11-17 13:32 . 2004-08-03 19:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-11-17 13:32 . 2004-08-03 19:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-11-17 13:32 . 2004-08-03 19:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-11-17 13:32 . 2004-08-03 19:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-11-17 13:32 . 2004-08-03 19:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-11-17 13:32 . 2004-08-03 19:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2010-11-17 13:32 . 2004-08-03 19:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2010-11-17 13:32 . 2004-08-03 19:41 404990 ------w- c:\windows\system32\drivers\slntamr.sys
2010-11-17 13:32 . 2004-08-03 19:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2010-11-17 13:32 . 2004-08-03 19:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2010-11-17 13:31 . 2004-08-03 19:41 13776 ------w- c:\windows\system32\drivers\recagent.sys
2010-11-17 13:31 . 2004-08-03 19:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2010-11-17 13:31 . 2004-08-03 19:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-11-17 13:31 . 2004-08-03 19:41 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2010-11-17 13:31 . 2004-08-03 19:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2010-11-17 13:31 . 2004-08-03 19:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2010-11-17 13:31 . 2004-08-03 19:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2010-11-17 13:31 . 2004-08-03 19:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-11-17 13:31 . 2004-08-03 19:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-11-17 13:31 . 2004-08-03 19:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-11-17 12:51 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-17 12:51 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-17 12:51 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-17 12:44 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-17 12:30 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2010-12-11 08:00 . 2009-12-05 11:42 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-07 18:40 . 2009-05-29 21:37 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-07 18:22 . 2009-05-29 21:31 810496 ----a-w- c:\windows\system32\xvidcore.dll
2010-11-15 17:00 . 2010-11-15 17:00 90112 ----a-w- c:\windows\system32\agsaami.dll
2010-11-15 17:00 . 2010-11-15 17:00 610304 ----a-w- c:\windows\system32\agsaamg.dll
2010-11-15 17:00 . 2010-11-15 17:00 372736 ----a-w- c:\windows\system32\agsaamc.dll
2010-11-15 17:00 . 2010-11-15 17:00 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2010-11-15 17:00 . 2010-11-15 17:00 1986560 ----a-w- c:\windows\system32\akll.dll
2010-11-15 17:00 . 2010-11-15 17:00 196608 ----a-w- c:\windows\system32\maag.dll
2010-11-15 17:00 . 2010-11-15 17:00 1245184 ----a-w- c:\windows\system32\bkll.dll
2010-11-15 17:00 . 2010-11-15 17:00 1212416 ----a-w- c:\windows\system32\ckll.dll
2010-11-15 17:00 . 2010-11-15 17:00 823296 ----a-w- c:\windows\system32\agsaamh.dll
2010-11-15 17:00 . 2010-11-15 17:00 671869 ----a-w- c:\windows\system32\agsaame.dll
2010-11-15 17:00 . 2010-11-15 17:00 643072 ----a-w- c:\windows\system32\agsaamd.dll
2010-11-15 17:00 . 2010-11-15 17:00 638976 ----a-w- c:\windows\system32\agsaamb.dll
2010-11-15 17:00 . 2010-11-15 17:00 360448 ----a-w- c:\windows\system32\agsaamf.ocx
2010-11-15 17:00 . 2010-11-15 17:00 315392 ----a-w- c:\windows\system32\agsaama.dll
2010-11-15 17:00 . 2010-11-15 17:00 237568 ----a-w- c:\windows\system32\lame_enc.dll
2010-11-15 17:00 . 2010-11-15 17:00 53760 ----a-w- c:\windows\system\ppacklib.dll
2010-11-15 16:29 . 2010-11-15 16:29 251 ----a-w- c:\windows\xUninstall.bat
2010-11-15 16:22 . 2010-11-15 16:22 315392 ----a-w- c:\windows\HideWin.exe
2010-09-22 19:19 . 2010-09-22 19:19 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2010-09-22 19:19 . 2010-01-08 23:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-09-18 09:23 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 09:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 09:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-29 3945808]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-29 468856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-21 3179952]
"Google Update"="c:\documents and settings\fujitsu-\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-30 136176]
"JFSW2Launch"="c:\documents and settings\fujitsu-\Application Data\Transcend\JFSW2\JFSW2Launch.exe" [2010-03-25 176128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops .cpl" [2008-04-14 110592]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartu pUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5Service Manager.exe" [2010-02-22 406992]
"SrLoader"="c:\program files\Super Rabbit\MagicSet\SrLoader.exe" [2009-09-27 269504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\Alcmtr]
2005-05-03 15:43 69632 ----a-w- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\AlcWzrd]
2006-05-04 13:26 2808832 ----a-w- c:\windows\alcwzrd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\BluetoothAuthe nticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 08:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\HotKeysCmds]
2008-07-17 11:30 178712 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\IgfxTray]
2008-07-17 11:31 150040 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\msnmsgr]
2010-11-29 21:33 3945808 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\NeroFilterChec k]
2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\RTHDCPL]
2008-03-26 13:14 16859136 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\SMSERIAL]
2010-11-30 10:15 671744 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\SoundMan]
2006-07-21 13:14 86016 ----a-w- c:\windows\SoundMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\se curity center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\fujitsu-\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\CCleaner\\uninst.exe"=
"c:\\Program Files\\InstallShield Installation Information\\{28006915-2739-4EBE-B5E8-49B25D32EB33}\\setup.exe"=
"c:\\Program Files\\Hotspot Shield\\bin\\openvpntray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe" =
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer. exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_ Service.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\11 08000.005\symds.sys [02/12/2010 09:32 م 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N IS\1108000.005\symefa.sys [02/12/2010 09:32 م 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions \BASHDefs\20101123.003\BHDrvx86.sys [23/11/2010 05:20 ص 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS \1108000.005\cchpx86.sys [02/12/2010 09:32 م 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1 108000.005\ironx86.sys [02/12/2010 09:32 م 116784]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAP Pkt.sys [22/11/2010 07:11 م 38144]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [02/12/2010 09:32 م 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/11/2010 12:52 ص 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions \IPSDefs\20101213.001\IDSXpx86.sys [16/12/2010 02:57 ص 341944]
R3 JMCR;JMCR;c:\windows\system32\drivers\jm cr.sys [11/04/2008 05:55 م 84240]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8 187.sys [22/11/2010 07:13 م 194304]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Dr ivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 01:37 م 517096]
.
Contents of the 'Scheduled Tasks' folder
2010-12-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TOSHIBA-fujitsu-.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartu putility.exe [2010-12-12 00:44]
2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-299502267-839522115-1003Core.job
- c:\documents and settings\fujitsu-\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-30 10:56]
2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-299502267-839522115-1003UA.job
- c:\documents and settings\fujitsu-\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-30 10:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe

**************************************** **********************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 14:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************** **********************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\ Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):cc,67,9e,2e,62,d0,02,9f, 99,69,f9,1e,40,4e,11,a4,40,60,e2,fb,85,
d3,d3,c0,9f,cd,40,44,95,dd,d0,21,2f,0a,2 3,c0,92,68,f5,4d,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system3 2\\Macromed\\Flash\\FlashUtil10i_ActiveX .exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flas h\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{aa577517-7613-4fc5-a74c-87716d6dbbfd}]
@Denied: (Full) (Everyone)
"Model"=dword:00000146
"Therad"=dword:00000009
[HKEY_LOCAL_MACHINE\software\Classes\Inte rface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Inte rface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Inte rface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1724)
c:\windows\system32\idmmbc.dll
.
Completion time: 2010-12-16 14:56:39
ComboFix-quarantined-files.txt 2010-12-16 11:56
ComboFix2.txt 2010-12-07 21:52
Pre-Run: 16,813,154,304 bytes free
Post-Run: 17,071,046,656 bytes free
- - End Of File - - 22F660A23E71C0800548E615BC3023D0


التقرير الثاني هاجيك ذس

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:58:46 م, on 16/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\verclsid.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper Shim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_pl ugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAge nt
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartu pUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5Service Manager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SrLoader] C:\Program Files\Super Rabbit\MagicSet\SrLoader.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\fujitsu-\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [JFSW2Launch] C:\Documents and Settings\fujitsu-\Application Data\Transcend\JFSW2\JFSW2Launch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.d ll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.d ll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.D LL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 7504 bytes






أكثر...