وعليكم السلام ورحمه الله
انا اقولك
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
اعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
بعد كذا نكمل التنظيف من الفايروسات المتبقيه
تفضل زادك الله فضلا ً ونورا
هذا
الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45, on 06/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\PC Washer\PC Turbo Memory.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\Documents and Settings\aaa\سطح المكتب\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Turbo Memory] C:\Program Files\PC Washer\PC Turbo Memory.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifeNB.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
Files\ieSpell\wikipedia.HTM
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll (file missing)
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [!ANetSpeeder] NetSpeeder
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{704F9A73-07C9-4ED1-9A9C-D48ECDAA9EC0}: NameServer = 10.6.9.12 10.6.9.11
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7008 bytes
ماعليش ترى الوينرار عندي اعطبه البرنامج
ماصار يشتغل والا كان اضغط الـ txt
وهذا اللوق
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\aaa\Application Data\dach100.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 10:33 385,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-06 10:33 3,444 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-06 07:44 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-06 07:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-06 07:42 2,050,080 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-06 07:42 18,144 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-06 06:22 30,615 ----a-w c:\windows\java\x.exe
2008-11-06 06:17 --------- d-----w c:\program files\Common Files\BinarySense
2008-11-06 06:10 --------- d-----w c:\documents and settings\aaa\Application Data\DMCache
2008-11-05 19:59 --------- d-----w c:\documents and settings\aaa\Application Data\BinarySense
2008-11-05 15:57 --------- d-----w c:\program files\PixGrabber Free
2008-11-05 15:57 --------- d-----w c:\documents and settings\aaa\Application Data\PixGrabber
2008-11-05 14:21 --------- d-----w c:\program files\Common Files\xing shared
2008-11-05 14:21 --------- d-----w c:\program files\Common Files\Real
2008-11-05 12:25 --------- d-----w c:\documents and settings\aaa\Application Data\SoftInform
2008-11-04 15:00 7,168 ----a-w c:\windows\system32\drivers\utq0nze4.sys
2008-11-04 14:46 --------- d-----w c:\program files\Windows Installer Clean Up
2008-11-04 14:46 --------- d-----w c:\program files\MSECACHE
2008-11-03 21:51 --------- d-----w c:\program files\Internet Download Manager
2008-11-03 20:47 --------- d-----w c:\program files\ColorPicker v2.06
2008-11-03 19:02 --------- d-----w c:\documents and settings\aaa\Application Data\IDM
2008-11-01 22:51 --------- d-----w c:\program files\Zmei Mail Sender
2008-11-01 22:51 --------- d-----w c:\program files\PC Shower 2009
2008-11-01 22:51 --------- d-----w c:\documents and settings\aaa\Application Data\SlipStream
2008-11-01 22:51 --------- d-----w c:\documents and settings\aaa\Application Data\cleaner
2008-11-01 22:18 --------- d-----w c:\program files\PC Washer
2008-11-01 21:20 --------- d-----w c:\program files\Zone Labs
2008-11-01 21:16 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-01 20:45 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-01 20:44 --------- d-----w c:\program files\Kaspersky Lab
2008-11-01 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-31 18:29 --------- d-----w c:\program files\iVocalize Web Conference 4
2008-10-29 13:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 13:31 --------- d-----w c:\program files\ONSPEED
2008-10-29 13:05 --------- d-----w c:\program files\Real Alternative
2008-10-29 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-10-28 20:15 --------- d-----w c:\documents and settings\aaa\Application Data\Reasonable Software House Ltd
2008-10-28 13:41 --------- d-----w c:\program files\LtUcx
2008-10-28 01:11 --------- d-----w c:\documents and settings\aaa\Application Data\AltrixSoft
2008-10-27 23:59 --------- d-----w c:\program files\Macromedia
2008-10-27 01:12 --------- d-----w c:\documents and settings\aaa\Application Data\Apple Computer
2008-10-26 21:25 --------- d-----w c:\program files\Ashampoo
2008-10-26 17:52 --------- d-----w c:\program files\Java
2008-10-26 17:43 --------- d-----w c:\program files\Common Files\Java
2008-10-25 23:33 --------- d-----w c:\program files\IObit
2008-10-25 02:24 720,896 ----a-w c:\windows\iun6002.exe
2008-10-25 02:24 --------- d-----w c:\program files\Abadisoft
2008-10-25 02:17 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-25 02:17 249,856 ------w c:\windows\Setup1.exe
2008-10-24 23:41 --------- d-----w c:\program files\DFX
2008-10-24 23:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-24 18:28 --------- d-----w c:\program files\Anti Trojan Elite
2008-10-24 15:16 --------- d-----w c:\documents and settings\aaa\Application Data\Thinstall
2008-10-24 15:03 --------- d-----w c:\program files\mpegable
2008-10-23 11:13 --------- d-----w c:\program files\Memory Improve Master
2008-10-23 07:57 --------- d-----w c:\program files\Glary Utilities
2008-10-23 07:57 --------- d-----w c:\program files\Common Files\Download Manager
2008-10-23 07:15 5,850,615 ----a-w c:\windows\system32\APMC.exe
2008-10-22 22:42 --------- d-----w c:\program files\Invisible Browsing
2008-10-21 23:48 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-20 23:56 --------- d-----w c:\program files\FreshDevices
2008-10-20 07:08 159,829 ----a-w c:\windows\Marsu-Fix Uninstaller.exe
2008-10-20 06:51 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-20 06:31 14,037 ----a-w c:\windows\system32\drivers\mdc8021x.sys
2008-10-20 06:31 --------- d-----w c:\program files\Intel
2008-10-20 06:28 --------- d-----w c:\program files\acer
2008-10-20 06:27 --------- d-----w c:\program files\Synaptics
2008-10-20 05:26 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-10-20 02:34 --------- d-----w c:\program files\ESET
2008-10-20 00:44 --------- d-----w c:\documents and settings\aaa\Application Data\CyberScrub
2008-10-19 05:16 --------- d-----w c:\program files\SWiSH Max2
2008-10-18 22:54 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-18 21:44 --------- d-----w c:\program files\HistoryKill 2008
2008-10-18 21:01 --------- d-----w c:\program files\Wireless WEP Key Password Spy
2008-10-18 18:00 --------- d-----w c:\program files\PcBoost
2008-10-18 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-18 03:47 --------- d-----w c:\program files\Hard Drive Inspector
2008-10-17 06:28 --------- dc-h--w c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2008-10-17 06:28 --------- d-----w c:\program files\OJOsoft
2008-10-17 06:28 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-17 05:49 --------- d-----w c:\program files\WinMerge
2008-10-17 04:44 --------- d-----w c:\program files\WinASO
2008-10-14 01:15 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-11 12:23 --------- d-----w c:\program files\Xara
2008-10-11 12:23 --------- d-----w c:\program files\Common Files\Xara
2008-10-10 13:43 --------- d-----w c:\program files\Uniblue
2008-10-09 11:25 1,221,008 ----a-w c:\windows\system32\zpeng25.dll
2008-10-08 21:36 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-08 17:40 --------- d-----w c:\program files\Wise Registry Cleaner 3 Pro
2008-10-08 12:14 --------- d-----w c:\documents and settings\aaa\Application Data\GRETECH
2008-10-08 12:13 --------- d-----w c:\program files\GRETECH
2008-10-08 11:53 --------- d-----w c:\documents and settings\aaa\Application Data\Nokia
2008-10-07 19:38 --------- d-----w c:\documents and settings\aaa\Application Data\PC Suite
2008-10-07 19:37 --------- d-----w c:\program files\DIFX
2008-10-05 16:50 --------- d-----w c:\program files\Mix-FX
2008-10-01 03:16 155,995 ----a-w c:\windows\java\Packages\6377Z535.ZIP
2008-09-30 19:58 262,144 ----a-w c:\windows\system32\supermenuhook.dll
2008-09-28 17:19 --------- d-----w c:\program files\AML Products
2008-09-28 03:22 --------- d-----w c:\program files\Mobily Connect Card
2008-09-27 07:14 --------- d-----w c:\program files\Common Files\Common Share
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [08/16/2007 04:19 PM 5728112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [10/09/2008 02:25 PM 981904]
"Turbo Memory"="c:\program files\PC Washer\PC Turbo Memory.exe" [08/29/2008 09:25 AM 860160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/05/2008 05:19 PM 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-19 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoPopUpsOnBoot"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
"NoAutoUpdate"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoToolbarsCustomize"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
03/03/2004 04:48 PM 110592 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^SnagIt 9.lnk]
backup=c:\windows\pss\SnagIt 9.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\aaa\\سطح المكتب\\LeapFTP1.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R1 is-IEODTdrv;is-IEODTdrv;c:\windows\system32\DRIVERS\28986283.sys [07/08/2008 01:54 PM 148496]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\DRIVERS\SMBHC.sys [09/19/2001 03:00 PM 6784]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [06/03/2008 10:12 AM 87264]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [05/15/2008 10:08 AM 104192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\DRIVERS\SMBBATT.sys [08/04/2004 01:08 AM 16128]
S3 tapvpn;TAP VPN Adapter;c:\windows\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM 27136]
*Newly Created Service* - IS-IEODTDRV
.
s of the 'Scheduled Tasks' folder
2008-11-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [09/17/2008 04:35 PM]
2008-10-10 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [09/10/2008 06:22 PM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Window Title = Microsoft Internet Explorer
R1 -: HKCU-Internet Settings,ProxyServer = 212.98.142.154:80
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Lookup on Merriam Webster -
files\ieSpell\Merriam Webster.HTM
O8 -: Lookup on Wikipedia -
files\ieSpell\wikipedia.HTM
O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
c:\windows\Downloaded Program Files\ewidoOnlineScan.dll
O16 -: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.112/imscp/talks3n.cab
c:\windows\Downloaded Program Files\talks.inf
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\imcv1.dll
c:\windows\Downloaded Program Files\IMCSec.dll
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 11/06/2008 13:40:02
ComboFix-quarantined-files.txt 2008-11-06 10:40:00
ComboFix2.txt 2008-09-23 17:59:05
Pre-Run: 16,841,818,112 bytes free
Post-Run: 16,886,079,488 bytes free
219 --- E O F --- 2008-10-09 12:10:49
k:
