- بادئ الموضوع بساتين
- تاريخ البدء
- 1,033
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
وعليكم السلام
==============
==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد
0
ComboFix 08-10-04.07 - user 10/05/2008 13:34:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.526 [GMT 3:00]
Running from: C:\Documents and Settings\user\??? ??????\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 10:38 --------- d-----w C:\Documents and Settings\user\Application Data\DMCache
2008-10-05 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-05 10:37 229,408 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-05 10:37 19,092 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-05 10:37 1,903,136 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-05 10:37 1,864 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-05 10:27 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent
2008-10-05 10:03 --------- d-----w C:\Program Files\Circle Developement
2008-10-05 06:53 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-10-05 04:34 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-10-05 04:34 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-10-05 04:17 --------- d-----w C:\Documents and Settings\user\Application Data\IDM
2008-10-05 03:55 --------- d-----w C:\Program Files\uTorrent
2008-10-05 03:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zoom Player
2008-10-05 03:06 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-05 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-05 03:01 --------- d-----w C:\Program Files\WinSnap
2008-10-05 03:00 --------- d-----w C:\Program Files\Zoom Player
2008-10-05 02:55 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-10-05 02:11 --------- d-----w C:\Documents and Settings\user\Application Data\Thinstall
2008-10-05 02:07 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-05 01:46 --------- d-----w C:\Documents and Settings\user\Application Data\Media Player Classic
2008-10-05 00:31 --------- d-----w C:\Documents and Settings\user\Application Data\DivX
2008-10-04 23:48 --------- d-----w C:\Program Files\All-in-1 Mobile Video Convert
2008-10-04 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-10-04 11:08 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-10-04 11:05 --------- d-----w C:\Program Files\VIA
2008-10-04 11:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 11:02 --------- d-----w C:\Program Files\S3
2008-10-04 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-04 10:53 --------- d-----w C:\Program Files\Microsoft Works
2008-10-04 10:52 --------- d-----w C:\Program Files\MSBuild
2008-10-04 10:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-04 10:35 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-10-04 10:35 172,032 ------w C:\WINDOWS\Setup1.exe
2008-10-04 10:35 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-10-04 10:35 --------- d-----w C:\Program Files\FairStars Audio Converter
2008-10-04 10:34 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-10-04 10:34 --------- d-----w C:\Program Files\Nokia
2008-10-04 10:34 --------- d-----w C:\Program Files\mpegable
2008-10-04 10:34 --------- d-----w C:\Program Files\Common Files\Nokia
2008-10-04 10:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-04 10:33 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-04 10:33 --------- d-----w C:\Program Files\DivX
2008-10-04 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-04 10:32 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-04 10:32 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-04 10:32 --------- d-----w C:\Program Files\Real
2008-10-04 10:32 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-04 10:32 --------- d-----w C:\Program Files\Common Files\Real
2008-10-04 10:31 --------- d-----w C:\Program Files\JetAudio
2008-10-04 10:31 --------- d-----w C:\Program Files\CyberLink
2008-10-04 10:31 --------- d-----w C:\Program Files\Common Files\COWON
2008-10-04 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-04 10:30 155,995 ----a-w C:\WINDOWS\java\Packages\H7P7PFPN.ZIP
2008-10-04 10:30 --------- d-----w C:\Program Files\Windows Live
2008-10-04 10:30 --------- d-----w C:\Program Files\MSN Messenger
2008-10-04 10:30 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-04 10:28 --------- d-----w C:\Program Files\Macromedia
2008-10-04 10:28 --------- d-----w C:\Documents and Settings\user\Application Data\ACD Systems
2008-10-04 10:27 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-10-04 10:27 --------- d-----w C:\Program Files\ACD Systems
2008-10-04 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-04 10:26 --------- d-----w C:\Program Files\GameHouse
2008-10-04 10:25 --------- d-----w C:\Program Files\HighwayPursuit
2008-10-04 10:25 --------- d-----w C:\Program Files\FunPause Atlantis
2008-10-04 10:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-04 10:23 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-10-04 10:22 --------- d-----w C:\Program Files\Common Files\Ahead
2008-10-04 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-10-04 10:19 --------- d-----w C:\Program Files\Nero
2008-10-04 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-10-04 09:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/29/2008 09:26 PM 2610608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/04/2008 01:32 PM 185896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [05/11/2007 10:47 AM 790528]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"VTTimer"="VTTimer.exe" [09/21/2006 11:36 AM 53248 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [02/06/2007 02:30 AM 176128 C:\WINDOWS\system32\S3Trayp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 05/15/2007 03:55 PM 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 09/29/2006 09:58 PM 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 03/01/2007 03:57 PM 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 09/18/2006 11:08 AM 29696 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 05/15/2007 03:55 PM 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [03/26/2007 10:26 AM 16896]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [03/29/2007 06:36 AM 9216]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [03/26/2007 10:26 AM 52224]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [04/17/2007 06:58 AM 42496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM 24592]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [03/05/2007 04:54 AM 709632]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [08/04/2004 01:31 AM 36224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-zzz_ImInstaller_Magentic - C:\Documents and Settings\user\Local Settings\Temp\ImInstaller\Magentic\magentic_install.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
O8 -: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-05 13:39:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 10/05/2008 13:43:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-05 10:43:45
Pre-Run: 22,989,950,976 bytes free
Post-Run: 23,045,136,384 bytes free
197
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.526 [GMT 3:00]
Running from: C:\Documents and Settings\user\??? ??????\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 10:38 --------- d-----w C:\Documents and Settings\user\Application Data\DMCache
2008-10-05 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-05 10:37 229,408 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-05 10:37 19,092 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-05 10:37 1,903,136 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-05 10:37 1,864 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-05 10:27 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent
2008-10-05 10:03 --------- d-----w C:\Program Files\Circle Developement
2008-10-05 06:53 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-10-05 04:34 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-10-05 04:34 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-10-05 04:17 --------- d-----w C:\Documents and Settings\user\Application Data\IDM
2008-10-05 03:55 --------- d-----w C:\Program Files\uTorrent
2008-10-05 03:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zoom Player
2008-10-05 03:06 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-05 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-05 03:01 --------- d-----w C:\Program Files\WinSnap
2008-10-05 03:00 --------- d-----w C:\Program Files\Zoom Player
2008-10-05 02:55 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-10-05 02:11 --------- d-----w C:\Documents and Settings\user\Application Data\Thinstall
2008-10-05 02:07 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-05 01:46 --------- d-----w C:\Documents and Settings\user\Application Data\Media Player Classic
2008-10-05 00:31 --------- d-----w C:\Documents and Settings\user\Application Data\DivX
2008-10-04 23:48 --------- d-----w C:\Program Files\All-in-1 Mobile Video Convert
2008-10-04 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-10-04 11:08 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-10-04 11:05 --------- d-----w C:\Program Files\VIA
2008-10-04 11:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 11:02 --------- d-----w C:\Program Files\S3
2008-10-04 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-04 10:53 --------- d-----w C:\Program Files\Microsoft Works
2008-10-04 10:52 --------- d-----w C:\Program Files\MSBuild
2008-10-04 10:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-04 10:35 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-10-04 10:35 172,032 ------w C:\WINDOWS\Setup1.exe
2008-10-04 10:35 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-10-04 10:35 --------- d-----w C:\Program Files\FairStars Audio Converter
2008-10-04 10:34 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-10-04 10:34 --------- d-----w C:\Program Files\Nokia
2008-10-04 10:34 --------- d-----w C:\Program Files\mpegable
2008-10-04 10:34 --------- d-----w C:\Program Files\Common Files\Nokia
2008-10-04 10:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-04 10:33 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-04 10:33 --------- d-----w C:\Program Files\DivX
2008-10-04 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-04 10:32 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-04 10:32 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-04 10:32 --------- d-----w C:\Program Files\Real
2008-10-04 10:32 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-04 10:32 --------- d-----w C:\Program Files\Common Files\Real
2008-10-04 10:31 --------- d-----w C:\Program Files\JetAudio
2008-10-04 10:31 --------- d-----w C:\Program Files\CyberLink
2008-10-04 10:31 --------- d-----w C:\Program Files\Common Files\COWON
2008-10-04 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-04 10:30 155,995 ----a-w C:\WINDOWS\java\Packages\H7P7PFPN.ZIP
2008-10-04 10:30 --------- d-----w C:\Program Files\Windows Live
2008-10-04 10:30 --------- d-----w C:\Program Files\MSN Messenger
2008-10-04 10:30 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-04 10:28 --------- d-----w C:\Program Files\Macromedia
2008-10-04 10:28 --------- d-----w C:\Documents and Settings\user\Application Data\ACD Systems
2008-10-04 10:27 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-10-04 10:27 --------- d-----w C:\Program Files\ACD Systems
2008-10-04 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-04 10:26 --------- d-----w C:\Program Files\GameHouse
2008-10-04 10:25 --------- d-----w C:\Program Files\HighwayPursuit
2008-10-04 10:25 --------- d-----w C:\Program Files\FunPause Atlantis
2008-10-04 10:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-04 10:23 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-10-04 10:22 --------- d-----w C:\Program Files\Common Files\Ahead
2008-10-04 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-10-04 10:19 --------- d-----w C:\Program Files\Nero
2008-10-04 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-10-04 09:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/29/2008 09:26 PM 2610608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/04/2008 01:32 PM 185896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [05/11/2007 10:47 AM 790528]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"VTTimer"="VTTimer.exe" [09/21/2006 11:36 AM 53248 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [02/06/2007 02:30 AM 176128 C:\WINDOWS\system32\S3Trayp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 05/15/2007 03:55 PM 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 09/29/2006 09:58 PM 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 03/01/2007 03:57 PM 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 09/18/2006 11:08 AM 29696 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 05/15/2007 03:55 PM 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [03/26/2007 10:26 AM 16896]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [03/29/2007 06:36 AM 9216]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [03/26/2007 10:26 AM 52224]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [04/17/2007 06:58 AM 42496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM 24592]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [03/05/2007 04:54 AM 709632]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [08/04/2004 01:31 AM 36224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-zzz_ImInstaller_Magentic - C:\Documents and Settings\user\Local Settings\Temp\ImInstaller\Magentic\magentic_install.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O8 -: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-05 13:39:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 10/05/2008 13:43:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-05 10:43:45
Pre-Run: 22,989,950,976 bytes free
Post-Run: 23,045,136,384 bytes free
197
توقيع : بساتين
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:08 م, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6260 bytes
Scan saved at 01:45:08 م, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6260 bytes
توقيع : بساتين
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
ما شاء الله جهازك عثل :d: يا عثل :hh:
بس عندك كم قيمة احذفهم
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
بس عندك كم قيمة احذفهم
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وبعدين ركب ملف الأعدادت للكاسبر
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وبعدين ركب ملف الأعدادت للكاسبر
رابط تحميلها
كاسبر انترنت سيكورتي فقط
باسورد فك الضغط
شرح التركيب
بعد ما تركب ملف الأعدادات اعمل سكااان (( فحص )) كاااامل للجهاز
واخبرنا بالنتيجه
كاسبر انترنت سيكورتي فقط
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
باسورد فك الضغط
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح التركيب
بعد ما تركب ملف الأعدادات اعمل سكااان (( فحص )) كاااامل للجهاز
واخبرنا بالنتيجه
توقيع : AbOdy
تأييد
0
