غير متصل
-
تصميم إيهــاب مصطفى
حصري برنامج AVG Internet Security v25.4.10068.933 نسخة اوفلاين مفعلة مسبقا تنصيب وتفعيل صامت لغاية 2028 تصميم إيهــاب مصطفى
Windows 11 23H2 24H2 (22631.5409)(26100.4188) Aio Multi Update May 2025 تصميم Ramy Badraan
WinRAR - أداة متكاملة لتحميل وتثبيت وتفعيل WinRAR7.11 اخر اصدار تلقائيًا وبثلاث لغات) تصميم Ramy Badraan
متصفح القوة والسرعة Google Chrome 116.0.5845.97 Stable تصميم Ramy Badraan
الأسطوانة العربية** Ar Windows 10-11 (2019-2021-2024) IoT Enterprise LTSC (x64) Update April 2025 تصميم Ramy Badraan
Windows Video Converter 2025 v9.9.9.17 برنامج تحويل وتحرير الفيديو الكل في واحد تصميم Ramy Badraan
27.00.0300 XYplorer Pro لإدارة الملفات والمجلدات والبحث عنها بسرعة تصميم Ramy Badraan
ويندوز 11 اندكس برو -عربي إنكليزي فرنسي من غير متطلبات ومفعلWindows11PRO_24H2(Ar-En-Fr)26100.3909-Activ_NO TPM تصميم Ramy Badraan
Foxit PDF Editor 2025 .1.0.27937 تصميم Ramy Badraan
CoolUtils Total Doc Converter 5.1.0.364 Repack & Portable لتحويل الملفات الكتابية إلى عدة صيغ تصميم Ramy Badraan
Cisdem Video Compressor 2.2.0 برنامج لضغط الفيديوهات مع المحافظة على الجودة قدر الإمكان - مع التفعيل تصميم Ramy Badraan
تعال سجل Internet Download Manager باسمك -تفعيل تحديث مع IDM Activation Assistant v1.0 تصميم Ramy Badraan
PDF-XChange Editor Plus+PRO v10.6.0.396 تصميم Ramy Badraan
Office 2013-2024 C2R Install + Lite v7.7.7.7 r26 | Install Office and Activate لتحميل وتفعيل الأوفيس تصميم Ramy Badraan
برنامج الحماية الرهيب Webroot Secure Anywhere CE 25.2 والتفعيل بسيريال لمدة 700 يوم تصميم Ramy Badraan
العملاق الأندونيسي Smadav Pro 2025 v15.4 كامل ومحدث مع التفعيل الحصري تصميم Ramy Badraan
Zyzoom Driver Booster Tool - عملاق جلب التعريفات Iobit Driver Booster فى اصداره النهائى مفعل - تنصيب صامت) تصميم Ramy Badraan
Zyzoom Process Lasso Tool - Wise Care 365 Pro 7.2.4.697 RePack & Portable البرنامج الشامل للصيانة وإصلاح النظام) تصميم Ramy Badraan
TechsmithSnagit 25.1.0.6239 x64 Silent Install عملاق تصوير الشاشة وعمل الشروحات تصميم Ramy Badraan
Glary Utilities Pro 6.24.0.28 RePack & Portable لصيانة النظام وتنظيفه من الملفات التالفة تصميم Ramy Badraan
Zyzoom Process Lasso Tool - عملاق تسريع المعالج وتنظيم العمليات فى اصداره الاخير - تنصيب صامت) 
- بادئ الموضوع boob77
- تاريخ البدء
بعد حفظ الاداه على سطح المكتب
وتشغيلها تظهر هذه الرساله
هلا فيك يالغالي
الرسالة تقول ما تقدر تسمي الاداة بالاسم الثاني ,, اذا كنت تباا تغير الاسم
لا تغيره خلهاا مثل ماهي
وتاكد عند حفظ الاداة ان الاسم ما يتغير .
anascoo
زيزوومى مميز
غير متصلالسلام عليكم
طبعا نزلت الاداء وهذا التقرير
ComboFix 08-09-20.05 - D.Ahlam 09/23/2008 16:41:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.219 [GMT -7:00]
Running from: C:\Documents and Settings\D.Ahlam\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DFD100015.bat
C:\DFD100062.bat
C:\DFD100125.bat
C:\DFD104187.bat
C:\DFD104437.bat
C:\DFD104687.bat
C:\DFD649093.bat
C:\DFD672125.bat
C:\DFD675406.bat
C:\DFD677093.bat
C:\DFD678296.bat
C:\DFD679765.bat
C:\DFD683765.bat
C:\DFD684921.bat
C:\DFD686218.bat
C:\DFD686859.bat
C:\DFD687296.bat
C:\DFD69062.bat
C:\DFD69843.bat
C:\DFD72015.bat
C:\DFD72140.bat
C:\DFD72437.bat
C:\DFD72578.bat
C:\DFD73000.bat
C:\DFD73125.bat
C:\DFD93468.bat
C:\DFD93812.bat
C:\DFD93875.bat
C:\DFD94031.bat
C:\DFD96437.bat
C:\DFD96468.bat
C:\DFD96656.bat
C:\DFD96750.bat
C:\DFD96875.bat
C:\DFD97531.bat
C:\DFD98156.bat
C:\DFD98453.bat
C:\DFD98531.bat
C:\DFD99359.bat
C:\DFD99500.bat
C:\DFD99593.bat
C:\DFD99828.bat
C:\Documents and Settings\acc\ravmonlog
C:\Documents and Settings\Administrator\Application Data\rhcrgjj0el9a
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\D.Ahlam\Application Data\rhcrgjj0el9a
C:\Documents and Settings\D.Ahlam\Application Data\shcpgjj0el9a
C:\Documents and Settings\tola.ISLAMIC-B76338B\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk
C:\Documents and Settings\tola.ISLAMIC-B76338B\Application Data\rhcrgjj0el9a
C:\Documents and Settings\tola.ISLAMIC-B76338B\Application Data\shcpgjj0el9a
C:\Documents and Settings\tola.ISLAMIC-B76338B\Desktop\PCPrivacyCleaner.lnk
C:\Program Files\PCPrivacyCleaner
C:\Program Files\Web Technologies
C:\Program Files\Web Technologies\wcu.exe
C:\WINDOWS\BM97b9163d.txt
C:\WINDOWS\s.ini
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\anbpwegv.ini
C:\WINDOWS\system32\aypoukrk.ini
C:\WINDOWS\system32\blphcvgjj0el9a.scr
C:\WINDOWS\system32\exggeycp.ini
C:\WINDOWS\system32\exkhixew.ini
C:\WINDOWS\system32\hcswyirk.ini
C:\WINDOWS\system32\ikvglxgv.ini
C:\WINDOWS\system32\innvcryu.ini
C:\WINDOWS\system32\kdybs.exe
C:\WINDOWS\system32\kvljffoq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhmggycr.ini
C:\WINDOWS\system32\muqyxopa.ini
C:\WINDOWS\system32\mvvtnedf.ini
C:\WINDOWS\system32\oqcecbxr.ini
C:\WINDOWS\system32\qljimdke.ini
C:\WINDOWS\system32\sywbxgqf.ini
C:\WINDOWS\system32\uaucoixm.ini
C:\WINDOWS\system32\ufufwqfo.ini
C:\WINDOWS\system32\vfmpkvbj.ini
C:\WINDOWS\system32\wypdkbko.ini
G:\RECYCLER\desktop.ini
C:\Documents and Settings\d ehlam\Desktop\Raila Odinga.gif . . . . failed to delete
C:\Documents and Settings\D.Ahlam\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk . . . . failed to delete
C:\Documents and Settings\D.Ahlam\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk . . . . failed to delete
C:\Documents and Settings\D.Ahlam\s\d.ahlam@ad.yieldmanager[2].txt . . . . failed to delete
C:\Documents and Settings\D.Ahlam\Favorites\Error Cleaner.url . . . . failed to delete
C:\Documents and Settings\D.Ahlam\Favorites\Privacy Protector.url . . . . failed to delete
C:\Documents and Settings\D.Ahlam\Favorites\Spyware&Malware Protection.url . . . . failed to delete
C:\Documents and Settings\D.Ahlam\Start Menu\Programs\Startup\.lnk . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CLBDRIVER
-------\Service_clbdriver
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 04:32 995,383 ----a-w C:\MFC42.DLL
2010-12-30 04:32 266,293 ----a-w C:\MSVCRT.DLL
2010-09-30 17:41 57,344 ----a-w C:\trseng6.dll
2008-09-23 23:55 74,528 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-23 23:54 4,351,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-23 23:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-09-23 23:48 8,960 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-23 23:48 62,000 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-23 10:04 --------- d-----w C:\Documents and Settings\D.Ahlam\Application Data\MegauploadToolbar
2008-09-22 19:02 --------- d-----w C:\Program Files\Symantec
2008-09-22 13:06 --------- d-----w C:\Documents and Settings\D.Ahlam\Application Data\ZTEEVDO
2008-09-22 10:22 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-22 08:15 --------- d-----w C:\Documents and Settings\D.Ahlam\Application Data\AVGTOOLBAR
2008-09-22 08:12 --------- d-----w C:\Program Files\mDSL
2008-09-22 06:49 --------- d-----w C:\Documents and Settings\D.Ahlam\Application Data\Media Player Classic
2008-09-22 06:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-09-22 06:47 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-21 23:56 2,165 --sha-w C:\WINDOWS\system32\FLVvCfhk.ini2
2008-09-21 23:28 --------- d-----w C:\Program Files\shcpgjj0el9a
2008-09-21 23:27 --------- d-----w C:\Program Files\rhcrgjj0el9a
2008-09-21 22:24 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-09-21 22:23 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-21 22:23 --------- d-----w C:\Program Files\AVG
2008-09-21 22:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-07-29 06:15 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-29 06:15 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-26 23:15 --------- d-----w C:\Documents and Settings\tola.ISLAMIC-B76338B\Application Data\MEGAUPLOADTOOLBAR
2008-07-23 05:25 1,852,974 --sha-w C:\WINDOWS\system32\gmybwfwx.tmp
2007-02-15 14:08 34,488 ----a-w C:\Documents and Settings\acc\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 577597]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 1 (0x1)
"NoSetFolders"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="Userinit.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [09/21/2008 03:23 PM 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [09/21/2008 03:23 PM 231704]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [09/20/2006 11:23 AM 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;C:\WINDOWS\system32\DRIVERS\ewusbser.sys [09/20/2006 11:23 AM 65152]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\ZTEUsbser.sys [02/06/2007 10:21 AM 97920]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\b.com
\Shell\explore\Command - E:\b.com
\Shell\open\Command - E:\b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03b528c6-ca5a-11dc-be91-001560bf1d90}]
\Shell\AutoRun\command - H:\b.com
\Shell\explore\Command - H:\b.com
\Shell\open\Command - H:\b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b64ac0a-e897-11dc-beaf-001560bf1d90}]
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycler\svchost.exe
\shell\open\command - G:\.\Recycler\svchost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{406f60ee-007c-11dd-bedd-001560bf1d90}]
\Shell\AutoRun\command - G:\b.com
\Shell\explore\Command - G:\b.com
\Shell\open\Command - G:\b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6dd8bfd-6e87-11dd-bfc2-0014a5a4af4c}]
\shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycler\svchost.exe
\shell\open\command - G:\.\Recycler\svchost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d841e9f3-6628-11dd-bfab-0014a5a4af4c}]
\Shell\AutoRun\command - G:\b.com
\Shell\explore\Command - G:\b.com
\Shell\open\Command - G:\b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e54c0d23-664a-11dd-bfaf-0014a5a4af4c}]
\Shell\AutoRun\command - G:\f0.cmd
\Shell\explore\Command - G:\f0.cmd
\Shell\open\Command - G:\f0.cmd
.
- - - - ORPHANS REMOVED - - - -
BHO-{06A1F910-762A-4660-B534-55B82571851C} - C:\WINDOWS\system32\mlJAqrPJ.dll
BHO-{439E7B8C-45E6-4917-BC97-C75A7EAEA889} - C:\WINDOWS\system32\khfCvVLF.dll
BHO-{C396242E-B6B6-4B05-A755-72938F31ACB0} - C:\WINDOWS\kgqfweltnfv.dll
Toolbar-{136717A3-DA9A-4322-997B-25D0843942F8} - C:\WINDOWS\nqgpedlr.dll
ShellExecuteHooks-{06A1F910-762A-4660-B534-55B82571851C} - C:\WINDOWS\system32\mlJAqrPJ.dll
Notify-mlJAqrPJ - mlJAqrPJ.dll
Notify-NavLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\D.Ahlam\Application Data\Mozilla\Firefox\Profiles\kyc21ael.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 16:53:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aeaudio]
"ImagePath"="system32\drivers\aeaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\AGRSM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg8wd]
"ImagePath"="C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]
"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]
"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVP]
"ImagePath"="\"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe\" -r"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl5.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bcm4sbxp]
"ImagePath"="system32\DRIVERS\bcm4sbxp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="C:\WINDOWS\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\btaudio]
"ImagePath"="system32\drivers\btaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTDriver]
"ImagePath"="system32\DRIVERS\btport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTKRNL]
"ImagePath"="system32\DRIVERS\btkrnl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\btwdins]
"ImagePath"="C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTWDNDIS]
"ImagePath"="system32\DRIVERS\btwdndis.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTWUSB]
"ImagePath"="System32\Drivers\btwusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\D01C7~1.AHL\LOCALS~1\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Filter]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Index]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="C:\WINDOWS\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwcdcmdm0]
"ImagePath"="system32\DRIVERS\ewusbmdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbapp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbser]
"ImagePath"="system32\DRIVERS\ewusbser.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ialm]
"ImagePath"="system32\DRIVERS\ialmnt5.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="C:\WINDOWS\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kl1]
"ImagePath"="system32\drivers\kl1.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klif]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\klif.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klim5]
"ImagePath"="system32\DRIVERS\klim5.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McAfeeFramework]
"ImagePath"="\"C:\Program Files\McAfee\Common Framework\FrameworkService.exe\" /ServiceStart"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]
"ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mferkdk]
"ImagePath"="\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="C:\WINDOWS\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="C:\WINDOWS\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="C:\WINDOWS\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm]
"ImagePath"="system32\drivers\smwdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SONYPVU1]
"ImagePath"="system32\DRIVERS\SONYPVU1.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SoundMAX Agent Service (default)]
"ImagePath"="C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="C:\WINDOWS\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{EDB116D0-3219-4EAC-B2C5-AB41064036E7}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="C:\WINDOWS\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="C:\WINDOWS\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="C:\WINDOWS\system32\mspmsnsv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="C:\WINDOWS\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zteusbser]
"ImagePath"="system32\DRIVERS\ZTEUsbser.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0DB26D91-FD15-47FE-9760-87F65EFCEA7C}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{3184267C-C782-4A42-B051-94AD9F7545A2}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{3FDBF009-3EEA-4B24-8591-AC1E31152435}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B97A7FBA-D080-464C-AC89-88CEC70F0A7F}]
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 09/23/2008 16:57:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-23 23:57:33
Pre-Run: 8,277,835,776 bytes free
Post-Run: 8,875,671,552 bytes free
761 --- E O F --- 2008-09-22 12:37:57anascoo
زيزوومى مميز
غير متصلوهذا تقرير الاداء الثانية
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\D.Ahlam\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.27.130.2:80
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: (no name) - {06A1F910-762A-4660-B534-55B82571851C} - C:\WINDOWS\system32\mlJAqrPJ.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {439E7B8C-45E6-4917-BC97-C75A7EAEA889} - C:\WINDOWS\system32\khfCvVLF.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: QXK Olive - {C396242E-B6B6-4B05-A755-72938F31ACB0} - C:\WINDOWS\kgqfweltnfv.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: nqgpedlr - {136717A3-DA9A-4322-997B-25D0843942F8} - C:\WINDOWS\nqgpedlr.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdybs.exe] C:\WINDOWS\system32\kdybs.exe
O4 - HKLM\..\Run: [lphcvgjj0el9a] C:\WINDOWS\system32\lphcvgjj0el9a.exe
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [948a25a1] rundll32.exe "C:\WINDOWS\system32\rcyggmhm.dll",b
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System\dumprep.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF26014.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\DSC01750
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .lnk = ?
O4 - Startup: .lnk = ?
O4 - Startup: 0000.lnk = ?
O4 - Startup: 2{}.lnk = ?
O4 - Startup: .lnk = ?
O4 - Startup: 0000.lnk = ?
O4 - Startup: 7een.maysra.dvd.1.lnk = ?
O4 - Startup: autorun.lnk = ?
O4 - Startup: DSC00402.lnk = ?
O4 - Startup: DSC00418.lnk = ?
O4 - Startup: DSC00424.lnk = ?
O4 - Startup: DSC00474.lnk = ?
O4 - Startup: DSC00859.lnk = ?
O4 - Startup: DSC01738.lnk = ?
O4 - Startup: DSC01739.lnk = ?
O4 - Startup: DSC01740.lnk = ?
O4 - Startup: DSC01750.lnk = ?
O4 - Startup: DSC01756.lnk = ?
O4 - Startup: DSC01761.lnk = ?
O4 - Startup: DSC01762.lnk = ?
O4 - Startup: New Microsoft Word Document.lnk = ?
O4 - Startup: nideiect.lnk = ?
O4 - Startup: Pinball.lnk = ?
O4 - Startup: Raila Odinga.lnk = ?
O4 - Startup: SQL.lnk = ?
O4 - Startup: ~WRL0005.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: mlJAqrPJ - mlJAqrPJ.dll (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6864 bytes
كرمش
زيزوومى فعال
غير متصلمبدع ماشاء الله
ألف شكر
abu_youssef
المـــــــدير العـــــام
طـــاقم الإدارة★★ نجم المنتدى ★★نجم الشهركبار الشخصياتفريق دعم البرامج العامة- إنضم
- 15 فبراير 2008
- المشاركات
- 39,071
- مستوى التفاعل
- 69,982
- النقاط
- 12,970
- الإقامة
- www.zyzoom.org
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
توقيع : abu_youssef
مشكوووووووووووووووووووووووووووووووووووووووووووور
يا عيني عليك والله البرامج هذي بجهاز ثاني عندنا ولا هي راضيه تروح
وقالوا لازم فورمات لكن الحمد لله زانت اللحين
الف الف شكر
الله يجزاك خير انت وكل من يقف خلف هذا المنتدىالله يعطيك الف عااااااااااااااااافية
كانت عندي مشكلة في تثبيت السيرفر باك 3 للاكس بي وشاغلتني ونزلت موضوع فقط لوجدود حل لها
وجربت جميع انواع البرامج لحل هذة المشكلة دون فائدة
لكن الحمد لله جربت البرنامجين لمجرد الحرص والحمد لله انتهت مشكلة تثبيت التحديث للسيرفر باك 3
جزاك الله الف خير6flah
زيزوومى محترف
غير متصل
الله يعافيك اخوي واسف تاخرت بالرد
لا تختار شي خل البرنامج يخلص فحص بالاول بعدين اختار remove
بيض الله وجهك ولا ننحرم منك يـا{ boob77 }
على البرنامج من جد أتحذف قلعتهم لا بارك الله فيهم على الفايروس هذا
قلت خلاص بروح أفرمت الجهاز لكن البركة أخونا { boob77 }
وهذا ألناتج إللي طلع
Malwarebytes' Anti-Malware 1.28
Database version: 1231
Windows 5.1.2600 Service Pack 2
06/10/2008 03:47:43
mbam-log-2008-10-06 (03-47-21).txt
Scan type: Full Scan (C:\|D:\|)
s scanned: 91622
Time elapsed: 35 minute(s), 36 second(s)
Memory Processes Infected: 5
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 11
Registry Data Items Infected: 14
Folders Infected: 2
Files Infected: 19
Memory Processes Infected:
C:\WINDOWS\system32\algg.exe (Trojan.BHO) -> No action taken.
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> No action taken.
Memory Modules Infected:
C:\WINDOWS\system32\oanlvs.dll (Trojan.Zlob) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\vrlwarning.warningbho (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\vrlwarning.warningbho.1 (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0ba3e00d-b660-46e6-a2db-2672ee82dc98} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0dcd4f35-9fd5-420b-a9aa-fed0e2aecee0} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper s\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper s\{0dcd4f35-9fd5-420b-a9aa-fed0e2aecee0} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\virusrl2009 (Rogue.AVLab) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusrl2009 (Rogue.AVLab) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.Antivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.Antivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
Folders Infected:
C:\Program Files\UAV (Rogue.UltimateAntivirus) -> No action taken.
C:\WINDOWS\system32\590075 (Trojan.BHO) -> No action taken.
Files Infected:
C:\WINDOWS\system32\algg.exe (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\oanlvs.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> No action taken.
C:\WINDOWS\system32\590075\590075.dll (Trojan.BHO) -> No action taken.
C:\Program Files\UAV\uav.cpl (Rogue.UltimateAntivirus) -> No action taken.
C:\Program Files\UAV\uav.ooo (Rogue.UltimateAntivirus) -> No action taken.
C:\Program Files\UAV\uav1.dat (Rogue.UltimateAntivirus) -> No action taken.
C:\WINDOWS\system32\WAV.cpl (Rogue.WindowsAntivirus2008) -> No action taken.
C:\WINDOWS\system32\AAV.cpl (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\ZAI\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\ZAI\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\ZAI\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\ZAI\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\ZAI\Favorites\Antivirus Scan.url (Rogue.Link) -> No action taken.
