تقرير الاداه
ComboFix 08-10-21.03 - ReKoOo 10/22/2008 15:54:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.634 [GMT 3:00]
Running from: I:\Documents and Settings\ReKoOo\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
I:\Documents and Settings\ReKoOo\Application Data\.#
I:\Documents and Settings\ReKoOo\Application Data\.#\MBX@6E8@3A39D0.###
I:\Documents and Settings\ReKoOo\Application Data\.#\MBX@6E8@3A39E0.###
I:\Documents and Settings\ReKoOo\s\RKVWJ.NAB
I:\Program Files\FunWebProducts
I:\WINDOWS\system32\kakle.dll
I:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 12:59 --------- d-----w I:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-22 12:58 --------- d-----w I:\Program Files\microsoft frontpage
2008-10-22 12:57 4,464 --sha-w I:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-22 12:57 376,864 --sha-w I:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-22 12:57 24,232 --sha-w I:\WINDOWS\system32\drivers\fidbox.idx
2008-10-22 12:57 2,695,200 --sha-w I:\WINDOWS\system32\drivers\fidbox.dat
2008-10-22 10:54 90,112 ----a-w I:\WINDOWS\system32\ssvideo.dll
2008-10-22 10:53 778,240 ----a-w I:\WINDOWS\system32\ALOAudioCompress2.dll
2008-10-22 10:53 18,595,840 ----a-w I:\WINDOWS\system32\coredata.dll
2008-10-22 10:53 1,128,128 ----a-w I:\WINDOWS\system32\NMSDVDXU.dll
2008-10-22 10:04 --------- d-----w I:\Program Files\Microsoft Silverlight
2008-10-17 18:59 --------- d-----w I:\Program Files\AV Vcs 6.0 GOLD
2008-10-17 14:42 --------- d-----w I:\Program Files\MyCentria
2008-10-17 11:34 --------- d-----w I:\Program Files\UltraISO
2008-10-17 11:34 --------- d-----w I:\Program Files\Common Files\EZB Systems
2008-10-15 13:46 403,968 ----a-w I:\WINDOWS\system32\ALOWMAFile2.dll
2008-10-13 13:44 --------- d-----w I:\Program Files\Circle Developement
2008-10-12 10:43 --------- d-----w I:\Program Files\Registry Fast
2008-10-10 13:14 --------- d-----w I:\Program Files\Folder Lock
2008-10-10 10:48 180,064 ----a-w I:\WINDOWS\system32\WinVd32.sys
2008-10-10 10:48 16,384 ----a-w I:\WINDOWS\system32\WinFl32.sys
2008-10-10 10:46 --------- d-----w I:\Program Files\Folder Lock 6
2008-10-09 06:59 1,245,184 ----a-w I:\WINDOWS\system32\bkll.dll
2008-10-09 05:40 --------- d-----w I:\Documents and Settings\ReKoOo\Application Data\cleaner
2008-10-08 10:39 --------- d-----w I:\Program Files\Internet Download Manager
2008-10-08 10:36 --------- d-----w I:\Documents and Settings\ReKoOo\Application Data\IDM
2008-10-08 07:14 --------- d-----w I:\Documents and Settings\ReKoOo\Application Data\DMCache
2008-10-06 14:16 --------- d-----w I:\Program Files\MoMe MsN
2008-10-06 10:09 --------- d-----w I:\Program Files\MSECache
2008-10-06 07:00 --------- d-----w I:\Documents and Settings\ReKoOo\Application Data\USBSafelyRemove
2008-10-06 06:59 --------- d-----w I:\Program Files\USB Safely Remove
2008-10-05 18:30 --------- d---a-w I:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 11:41 --------- d-----w I:\Documents and Settings\ReKoOo\Application Data\AntsSoft
2008-10-04 11:22 --------- d-----w I:\Program Files\SWFText
2008-10-04 10:42 --------- d-----w I:\Documents and Settings\ReKoOo\Application Data\U3
2008-10-03 17:41 6,066,176 ------w I:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-02 04:54 --------- d-----w I:\Program Files\Hotspot Shield
2008-10-01 07:51 --------- d-----w I:\Program Files\AnchorFree
2008-09-29 05:32 --------- d-----w I:\Program Files\Abourasheed
2008-09-29 05:30 --------- d-----w I:\Documents and Settings\ReKoOo\Application Data\Thinstall
2008-09-27 07:10 --------- d-----w I:\Program Files\IEPro
2008-09-25 01:38 --------- d-----w I:\Program Files\MSNTools
2008-09-24 02:28 356,352 ----a-w I:\WINDOWS\eSellerateEngine.dll
2008-09-24 02:27 --------- d-----w I:\Program Files\Common Files\DeskShare Shared
2008-09-22 09:42 --------- d-----w I:\Program Files\Deskshare
2008-09-16 00:58 --------- d-----w I:\Program Files\LibUSB-Win32-0.1.10.1
2008-09-15 12:12 1,846,400 ----a-w I:\WINDOWS\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w I:\WINDOWS\system32\dllcache\win32k.sys
2008-09-14 08:02 86,016 ----a-w I:\WINDOWS\system32\RO1FC7.tmp
2008-09-14 08:02 8,192 ----a-w I:\WINDOWS\system32\RO1FBF.tmp
2008-09-14 08:02 8,192 ----a-w I:\WINDOWS\system32\RO1FB7.tmp
2008-09-14 08:02 45,056 ----a-w I:\WINDOWS\system32\RO1F9F.tmp
2008-09-14 08:02 4,751,360 ----a-w I:\WINDOWS\system32\RO1FA7.tmp
2008-09-14 08:02 36,864 ----a-w I:\WINDOWS\system32\RO1F9C.tmp
2008-09-14 08:02 315,392 ----a-w I:\WINDOWS\system32\RO1FAC.tmp
2008-09-14 08:02 3,858,432 ----a-w I:\WINDOWS\system32\RO1FC4.tmp
2008-09-14 08:02 249,856 ----a-w I:\WINDOWS\system32\RO1FBC.tmp
2008-09-14 08:02 249,856 ----a-w I:\WINDOWS\system32\RO1FB4.tmp
2008-09-14 08:02 24,576 ----a-w I:\WINDOWS\system32\RO1FAF.tmp
2008-09-14 08:02 22,753,280 ----a-w I:\WINDOWS\system32\RO1FA4.tmp
2008-09-14 06:59 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-09-14 06:58 --------- d-----w I:\Program Files\Sega
2008-09-08 10:41 333,824 ----a-w I:\WINDOWS\system32\drivers\srv.sys
2008-09-08 10:41 333,824 ------w I:\WINDOWS\system32\dllcache\srv.sys
2008-09-07 17:22 --------- d-----w I:\Program Files\Microsoft.NET
2008-09-07 17:22 --------- d-----w I:\Program Files\Microsoft ActiveSync
2008-09-05 20:30 241,704 ------w I:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-09-05 20:29 917,032 ------w I:\WINDOWS\system32\dllcache\WgaTray.exe
2008-09-03 15:36 --------- d-----w I:\Program Files\Messenger Plus! Live
2008-09-01 17:45 --------- d-----w I:\Documents and Settings\ReKoOo\Application Data\uniblue
2008-09-01 16:40 --------- dc-h--w I:\Documents and Settings\All Users\Application Data\{D994735B-8DC6-4AEE-B720-704A4EC0402E}
2008-09-01 16:39 --------- d-----w I:\Program Files\Uniblue
2008-09-01 16:35 --------- d-----w I:\Program Files\Reference Assemblies
2008-09-01 16:35 --------- d-----w I:\Program Files\MSBuild
2008-08-31 23:29 --------- d-----w I:\Program Files\Common Files\InstallShield
2008-08-31 23:25 --------- d-----w I:\Program Files\Megaware
2008-08-27 08:24 3,593,216 ------w I:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w I:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w I:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-24 12:39 --------- d-----w I:\Program Files\Acoustica Shared Effects
2008-08-24 12:39 --------- d-----w I:\Program Files\Acoustica Mixcraft
2008-08-24 12:36 --------- d-----w I:\Documents and Settings\ReKoOo\Application Data\COWON
2008-08-23 05:56 635,848 ------w I:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w I:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-23 00:25 --------- d-----w I:\Program Files\Common Files\SWF Studio
2008-08-14 10:11 2,189,184 ------w I:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 10:09 2,145,280 ----a-w I:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:09 2,145,280 ------w I:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 10:04 138,496 ------w I:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:33 2,066,048 ------w I:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:33 2,023,936 ----a-w I:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:33 2,023,936 ------w I:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-31 07:41 68,616 ----a-w I:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 07:41 238,088 ----a-w I:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 07:40 509,448 ----a-w I:\WINDOWS\system32\XAudio2_2.dll
2008-07-29 18:10 73,720 ----a-w I:\WINDOWS\system32\dxva2.dll
2008-07-29 18:10 493,048 ----a-w I:\WINDOWS\system32\evr.dll
2008-07-29 18:10 26,112 ----a-w I:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 17:35 326,160 ----a-w I:\WINDOWS\system32\PresentationHost.exe
2008-07-29 16:59 781,344 ----a-w I:\WINDOWS\system32\PresentationNative_v0300.dll
.
------- Sigcheck -------
02/03/2008 11:51 PM 1840128 f0d1a9d147e3722c4636fbb74a76723e I:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\ctfmon.exe" [01/26/2008 06:57 AM 15360]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [07/28/2008 05:51 PM 5724184]
"AFProg"="I:\Program Files\AnchorFree\bin\ctrl\AFController.exe" [11/20/2006 11:19 AM 81920]
"USB Safely Remove"="I:\Program Files\USB Safely Remove\USBSafelyRemove.exe" [04/25/2008 07:34 PM 1122816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="I:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/16/2008 04:22 PM 185896]
"!AVG Anti-Spyware"="I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [11/03/2007 05:50 AM 6731312]
"CheckRegDefragService"="I:\PROGRA~1\REGIST~2\rbcs.exe" [09/22/2004 11:18 PM 299520]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"AVP"="I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"SigmatelSysTrayApp"="stsystra.exe" [03/23/2005 02:20 AM 339968 I:\WINDOWS\stsystra.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [01/26/2008 06:58 AM 110592 I:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [01/26/2008 06:57 AM 15360]
I:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - I:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "I:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 10:19 PM 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"I:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"I:\\Program Files\\IEPro\\MiniDM.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;I:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R2 WinFl32;WinFl32;I:\WINDOWS\system32\WinFl32.sys [10/10/2008 01:48 PM 16384]
R2 WinVd32;WinVd32;I:\WINDOWS\system32\WinVd32.sys [10/10/2008 01:48 PM 180064]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;I:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;I:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM 24592]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;I:\WINDOWS\system32\drivers\libusb0.sys [03/09/2005 08:50 PM 33792]
R3 tapvpn;TAP VPN Adapter;I:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-CheckRegDefragService - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - I:\Documents and Settings\ReKoOo\Application Data\Mozilla\Firefox\Profiles\8ettd3ah.default\
FF -: plugin - I:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - I:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-22 15:59:50
Windows 5.1.2600 Service Pack 3, v.5657 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
I:\WINDOWS\system32\ati2evxx.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\Program Files\Hotspot Shield\bin\openvpnas.exe
I:\WINDOWS\system32\libusbd-nt.exe
I:\WINDOWS\system32\searchindexer.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\searchprotocolhost.exe
I:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 10/22/2008 16:01:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-22 13:01:31
Pre-Run: 133,038,149,632 bytes free
Post-Run: 132,981,473,280 bytes free
206 --- E O F --- 2008-10-22 00:00:26
تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:02:03 م, on 22/10/2008
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\Program Files\Hotspot Shield\bin\openvpnas.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\libusbd-nt.exe
I:\WINDOWS\system32\SearchIndexer.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\WINDOWS\stsystra.exe
I:\WINDOWS\system32\rundll32.exe
I:\PROGRA~1\REGIST~2\rbcs.exe
I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Windows Desktop Search\WindowsSearch.exe
I:\WINDOWS\system32\SearchProtocolHost.exe
I:\WINDOWS\explorer.exe
I:\Documents and Settings\ReKoOo\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.229.50.7:3127
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - I:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - I:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - I:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - I:\Program Files\Common Files\Products\FMCapt.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - I:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CheckRegDefragService] "I:\PROGRA~1\REGIST~2\rbcs.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AFProg] I:\Program Files\AnchorFree\bin\ctrl\AFController.exe
O4 - HKCU\..\Run: [USB Safely Remove] I:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = I:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Flash and Media Capture حفظ &ملفات الوسائط بـ - res://I:\Program Files\Common Files\Products\FMCapt.dll/savemedia.htm
O8 - Extra context menu item: Flash and Media Capture حفظ ال&صور بـ - res://I:\Program Files\Common Files\Products\FMCapt.dll/saveimg.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - I:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - I:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - I:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - I:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{45099B96-1002-415C-9C18-8E7B54DC28B2}: NameServer = 10.6.176.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - I:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - I:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) -
- I:\WINDOWS\system32\libusbd-nt.exe
--
End of file - 6724 bytes
k: