مشكلة في المتصفح وبطء في الاب توب

oooahmedooo · 8 ديسمبر 2008

السلام عليكم ورحمة اللة وبركاتة
المشكلة الاولى:
عندي مشكلة في الاب توب عندما اتصفح الانترنت تظهر لي رسالة Erorr و لاما اضغط على send to او do not send يغلق المتصفح (Internet Explorer 7) عندي

المشكلة الثانية:
عندي بطء في الاب توب وهاذى تقريرhijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:11 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Denied XP\SvrADXP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Access Denied XP\ADXPSS.exe
C:\Program Files\Access Denied XP\newlaunch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\GetModule\GetModule31.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
G:\AD GR\أدوات تابعة\IEFix.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\runonce.exe
C:\WINDOWS\system32\mshta.exe
G:\AD GR\أدوات تابعة\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Inbox\CToolbar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\Documents and Settings\Abc\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mc-isa.muscatcollege.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DVA Storm - {52676F4A-D830-4513-BE81-3A0C28B32C2F} - C:\WINDOWS\lgmxvpatkmb.dll (file missing)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtUKcdCT.dll (file missing)
O2 - BHO: (no name) - {7CAB59B4-55A3-4737-9FD5-B93C6430BF78} - C:\WINDOWS\system32\xsnlxrpx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {B0D8410E-8550-4A4E-B242-0C438CF8A877} - C:\WINDOWS\system32\khfdeBSl.dll
O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: (no name) - {fe138f75-68cf-407a-861a-1d6d13f658e0} - C:\WINDOWS\system32\kagavuva.dll
O3 - Toolbar: &Inbox.com Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Abc\Desktop\Office\SNWAT\install_sbd_en.exe
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ADXPSS] "C:\Program Files\Access Denied XP\ADXPSS.exe"
O4 - HKLM\..\Run: [ADXP_Launcher] "C:\Program Files\Access Denied XP\newlaunch.exe"
O4 - HKLM\..\Run: [d412ecc8] rundll32.exe "C:\WINDOWS\system32\lycjcpdg.dll",b
O4 - HKLM\..\Run: [lifuvanuro] Rundll32.exe "C:\WINDOWS\system32\zulalahu.dll",s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: [IE - 03] fixmapi.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [GetModule31] C:\Program Files\GetModule\GetModule31.exe
O4 - HKUS\S-1-5-19\..\Run: [lifuvanuro] Rundll32.exe "C:\WINDOWS\system32\zulalahu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lifuvanuro] Rundll32.exe "C:\WINDOWS\system32\zulalahu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\WINDOWS\system32\soremeno.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: ad_note - C:\WINDOWS\SYSTEM32\note_ad.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: vtUKcdCT - C:\WINDOWS\
O23 - Service: Access Denied XP Service (ADXPService) - Ivan Mayrakov - C:\Program Files\Access Denied XP\SvrADXP.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 13082 bytes

واتمى المساعدة من الاخوان باسرع وقت

السّاجد لله · 8 ديسمبر 2008

اعمل التالي حسب الترتيب خيو

1

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

ارفع علامة الصح من امام كل القيم ذات اللاحقة
C:/program File

ما عدا الانتي فايروس الخاص بك
والمثال هنا على الكاسبر وانت قيس على جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم وافق على اعادة التغشيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

3

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم

Demo-dash · 8 ديسمبر 2008

تم التحرير ,, سبقنا الغالي هشام :king:
يالله عن اذنكم اجل

السّاجد لله · 8 ديسمبر 2008

demo-dash قال:
تم التحرير ,, سبقنا الغالي هشام :king:
يالله عن اذنكم اجل

ما عاش الي يسبق استاذه الحبيب الغالي وكل الهلا فيك حبيبي شادي
اكيد انت الاولى

Demo-dash · 8 ديسمبر 2008

الله يعطيك العافيه والصحه والقوه يااستاذنا هشام وكل عام وانت بالف خير وصحه وسلامه حبيبي الغالي

عساك ع القوه يارب ,, انا مضطر اطلع ,, لي رجعه غدا ان شاء الله :king:

Corporation · 8 ديسمبر 2008

Corporation · 8 ديسمبر 2008

تم التحرير أيضاً :q:

مع أني تعبت لين جمعت لك الحلول :er:

عين العقل استآذي هشام برآمج بدء التشغيل القيم المصابة كثير :d:

بنتابعكم

السّاجد لله · 8 ديسمبر 2008

ولا يهمك اخوي كومباك انت كمل مع الاخ وتقبل ودي وتقديري

متابع من بعيد

Corporation · 8 ديسمبر 2008

أبشر وأن زليت بشئ مني والأ منآك :d:

> الفزعة

:q:

oooahmedooo · 8 ديسمبر 2008

اخواني الاعضاء هذا التقرير الاول لي ComboFix:

ComboFix 08-12-07.01 - 2008-12-08 19:31:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.968.1033.18.522 [GMT 4:00]
Running from: c:\documents and settings\Abc\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Abc\Application Data\gadcom
c:\documents and settings\Abc\Application Data\GetModule
c:\documents and settings\Abc\Application Data\GetModule\dicik.gz
c:\documents and settings\Abc\Application Data\GetModule\kwdik.gz
c:\documents and settings\Abc\Application Data\GetModule\ofadik.gz
c:\documents and settings\Abc\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\GetModule
c:\program files\GetModule\GetModule31.exe
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\windows\adaway.lic
c:\windows\kmra7.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\dbxDgrevCheck.dll
c:\windows\system32\gdpcjcyl.ini
c:\windows\system32\kagavuva.dll
c:\windows\system32\kakle.dll
c:\windows\system32\khfdeBSl.dll
c:\windows\system32\lSBedfhk.ini
c:\windows\system32\lSBedfhk.ini2
c:\windows\system32\lycjcpdg.dll
c:\windows\system32\soremeno.dll
c:\windows\system32\winitn.dll
c:\windows\system32\wpv271228549770.cpx
c:\windows\system32\xsnlxrpx.dll
c:\windows\system32\zulalahu.dll
c:\windows\Tasks\nrzzjclp.job
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.
2008-12-08 12:06 . 2008-12-08 12:40 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-08 12:06 . 2008-12-08 12:40 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-08 12:04 . 2008-12-08 19:36 1,750,816 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-08 12:04 . 2008-12-08 19:27 23,240 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-08 12:04 . 2008-12-08 19:36 21,024 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-08 12:04 . 2008-12-08 19:27 2,660 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-08 11:33 . 2008-12-08 12:04 <DIR> d-------- c:\windows\LastGood
2008-12-07 01:13 . 2008-12-07 01:13 0 --a------ c:\windows\mozver.dat
2008-12-07 01:06 . 2008-12-07 01:06 <DIR> d-------- c:\windows\LastGood.Tmp
2008-12-01 13:51 . 2008-12-01 13:51 244 --ah----- C:\sqmnoopt12.sqm
2008-12-01 13:51 . 2008-12-01 13:51 232 --ah----- C:\sqmdata12.sqm
2008-12-01 13:47 . 2008-12-01 13:47 244 --ah----- C:\sqmnoopt11.sqm
2008-12-01 13:47 . 2008-12-01 13:47 232 --ah----- C:\sqmdata11.sqm
2008-12-01 13:46 . 2008-12-01 13:46 244 --ah----- C:\sqmnoopt10.sqm
2008-12-01 13:46 . 2008-12-01 13:46 232 --ah----- C:\sqmdata10.sqm
2008-11-28 22:27 . 2007-03-08 08:20 282,624 -ra------ c:\windows\system32\HPZc3212.dll
2008-11-25 22:23 . 2008-11-25 22:23 254,814 --a------ C:\g.hetto_gear_design.bmp
2008-11-25 18:54 . 2008-11-25 18:54 <DIR> d-------- c:\program files\Doremisoft
2008-11-25 11:39 . 2008-12-08 19:36 196,622 --ahs---- c:\windows\oprocess.gxl
2008-11-25 11:39 . 2008-12-08 19:28 3,506 -r-hs---- c:\windows\naccess.gxl
2008-11-25 11:39 . 2008-11-25 18:12 234 -r-hs---- c:\windows\madmin.gxl
2008-11-25 11:38 . 2008-11-25 11:39 <DIR> d-------- c:\program files\Access Denied XP
2008-11-25 11:38 . 2008-11-25 11:38 138,240 --a------ c:\windows\system32\adGINA.dll
2008-11-25 11:38 . 2008-11-25 11:38 8,192 --a------ c:\windows\system32\proc_ad.dll
2008-11-25 11:38 . 2008-11-25 11:38 6,656 --a------ c:\windows\system32\note_ad.dll
2008-11-25 11:38 . 2008-11-25 11:38 5,120 --a------ c:\windows\system32\LangADXP.dll
2008-11-24 23:15 . 2008-11-24 23:15 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-24 23:15 . 2008-11-24 23:15 1,409 --a------ c:\windows\QTFont.for
2008-11-21 10:28 . 2008-12-01 14:42 6,430 --a------ c:\windows\system32\%LocalXml%
2008-11-21 01:58 . 2008-11-21 01:58 987,136 --a------ c:\windows\system32\agsaamh.dll
2008-11-21 01:58 . 2008-11-21 01:58 331,776 --a------ c:\windows\system32\agsaama.dll
2008-11-21 01:57 . 2008-11-21 01:57 <DIR> d-------- c:\program files\Akram
2008-11-13 22:30 . 2008-11-13 22:30 <DIR> d-------- c:\program files\Smallvideosoft
2008-11-13 22:30 . 2008-11-20 21:04 <DIR> d-------- C:\Mp3 Output
2008-11-13 22:30 . 2008-11-25 18:46 4,762,112 --a------ c:\windows\system32\NCMedia.dll
2008-11-13 22:30 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 15:28 --------- d-----w c:\documents and settings\Abc\Application Data\Orbit
2008-12-08 15:21 --------- d-----w c:\program files\Inbox
2008-12-08 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-08 08:40 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-12-08 08:04 --------- d-----w c:\program files\Kaspersky Lab
2008-12-08 08:02 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-08 07:24 --------- d-----w c:\program files\Orbitdownloader
2008-12-07 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-06 21:06 --------- d-----w c:\program files\Conduit
2008-11-25 16:28 155,648 ----a-r c:\windows\system32\NeroCheck.exe
2008-11-20 21:58 90,112 ----a-w c:\windows\system32\agsaami.dll
2008-11-20 21:58 610,304 ----a-w c:\windows\system32\agsaamg.dll
2008-11-20 21:58 372,736 ----a-w c:\windows\system32\agsaamc.dll
2008-11-20 21:58 237,568 ----a-w c:\windows\system32\lame_enc.dll
2008-11-20 21:58 2,535,424 ----a-w c:\windows\system32\agsaamj.dll
2008-11-20 21:58 196,608 ----a-w c:\windows\system32\maag.dll
2008-11-20 21:58 1,986,560 ----a-w c:\windows\system32\akll.dll
2008-11-20 21:58 1,245,184 ----a-w c:\windows\system32\bkll.dll
2008-11-20 21:58 1,212,416 ----a-w c:\windows\system32\ckll.dll
2008-11-20 19:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 18:50 --------- d-----w c:\documents and settings\Abc\Application Data\alot
2008-11-05 10:49 --------- d-----w c:\program files\True Sword 5
2008-11-05 06:49 --------- d-----w c:\program files\HP
2008-11-05 06:49 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-05 06:47 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-05 06:37 --------- d-----w c:\program files\XULPlayer
2008-10-16 11:55 --------- d-----w c:\documents and settings\Abc\Application Data\True Sword
2008-10-16 07:25 --------- d-----w c:\program files\Google
2008-06-07 12:23 586 ----a-w c:\program files\setup.reg
2008-05-09 07:30 1,663 ----a-w c:\windows\inf\COM97.tmp
2008-04-30 11:45 49,934 ----a-w c:\program files\release_notes_kis8.0_en.htm
2008-04-25 14:46 70,992 ----a-w c:\program files\setup.exe
2008-04-25 14:44 34,232,320 ----a-w c:\program files\kis.en.msi
2008-04-16 19:38 1,663 ----a-w c:\windows\inf\COME5.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-16 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2008-11-25 155648]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-22 185896]
"ADXPSS"="c:\program files\Access Denied XP\ADXPSS.exe" [2008-11-25 5632]
"ADXP_Launcher"="c:\program files\Access Denied XP\newlaunch.exe" [2008-11-25 8704]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 1744896]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-07-21 1703112]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ad_note]
2008-11-25 11:38 6656 c:\windows\system32\note_ad.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Abc^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Abc\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 18:43 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-02-08 18:36 227856 c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 01:22 3739648 c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-05-12 14:31 118784 c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-12-17 03:32 761945 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2005-04-11 15:26 65536 c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2005-11-30 16:25 73728 c:\program files\Toshiba\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHSP.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
R2 ADXPService;Access Denied XP Service;c:\program files\Access Denied XP\SvrADXP.exe [2008-11-25 8704]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2008-07-19 50944]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
S3 aic32p;aic32p;\??\c:\windows\system32\drivers\mmlieq.sys []
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\DRIVERS\sffp_mmc.sys [2008-09-18 10240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{119aabf0-f31d-11dc-bacf-00a0d13feb07}]
\Shell\AutoRun\command - H:\svchos.exe
\Shell\Explore\Command - H:\svchos.exe
\Shell\Open\Command - H:\svchos.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15913860-eccc-11dc-babd-00a0d13feb07}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b240f41-1e5b-11dd-bb6a-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b2410a9-1e5b-11dd-bb6a-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b2411af-1e5b-11dd-bb6a-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{337c1a99-edcb-11dc-bac0-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{357de0dd-d6d4-11dc-ba90-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439bb0ca-41c3-11dd-bbb3-00037af26b89}]
\Shell\AutoRun\command - F:\sysinfo.exe
\Shell\explore\command - F:\sysinfo.exe
\Shell\open\command - F:\sysinfo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{449b00d2-868a-11da-a583-00a0d1df1b4d}]
\Shell\AutoRun\command - browser.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4731a105-19a3-11dd-bb59-00037af26b89}]
\Shell\Auto\command - G:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b2755a8-d93c-11dc-ba96-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b2758bb-d93c-11dc-ba96-00037af26b89}]
\Shell\Autoplay\Command - smss.exe
\Shell\AutoRun\command - smss.exe
\Shell\Explore\Command - smss.exe
\Shell\Open\Command - smss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e6332bf-d145-11dc-953d-00a0d13feb07}]
\Shell\AutoRun\command - F:\i.cmd
\Shell\explore\Command - F:\i.cmd
\Shell\open\Command - F:\i.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a4bd52f-e9a8-11dc-bab5-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a4bd671-e9a8-11dc-bab5-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a4bd6e3-e9a8-11dc-bab5-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a4bd78d-e9a8-11dc-bab5-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{742fe63d-a105-11dd-bc8a-0013025320e4}]
\Shell\AutoRun\command - F:\DAT.exe
\Shell\explore\Command - F:\DAT.exe
\Shell\open\Command - F:\DAT.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a989865a-e437-11dc-baa8-00a0d13feb07}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98986e3-e437-11dc-baa8-00a0d13feb07}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adede7f1-f95f-11dc-badb-00037af26b89}]
\Shell\Auto\command - F:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8491848-c209-11dc-9c8c-00a0d13feb07}]
\Shell\AutoRun\command - F:\OnSpcLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca0cc666-3884-11dd-bba4-00037af26b89}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3877f74-fd42-11dc-baea-00a0d13feb07}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d84a3e10-bf86-11dd-bcbb-0013025320e4}]
\Shell\AutoRun\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\dark.exe
\Shell\open\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\dark.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d84ce279-d79a-11dc-ba92-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd9ea020-ce59-11dc-953c-00037af26b89}]
\Shell\AutoRun\command - g:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\dark.exe
\Shell\open\command - g:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\dark.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8dde6a3-eff4-11dc-bac3-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9fd66c1-f4d1-11dc-bad1-00037af26b89}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{7CAB59B4-55A3-4737-9FD5-B93C6430BF78} - c:\windows\system32\xsnlxrpx.dll
BHO-{B0D8410E-8550-4A4E-B242-0C438CF8A877} - c:\windows\system32\khfdeBSl.dll
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
BHO-{fe138f75-68cf-407a-861a-1d6d13f658e0} - c:\windows\system32\kagavuva.dll
HKCU-Run-GetModule31 - c:\program files\GetModule\GetModule31.exe
HKLM-Run-BMN - c:\program files\Common Files\TrustedAntivirus\bm.exe dm=http://trustedantivirus.com ad=http://trustedantivirus.com
HKLM-Run-lifuvanuro - c:\windows\system32\zulalahu.dll
HKLM-RunOnce-c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_all_windows_Activation.com - c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_all_windows_Activation.com
HKLM-RunOnce-c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\Zyzoom_all_windows_Activation.com - c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\Zyzoom_all_windows_Activation.com
HKLM-RunOnce-c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\AutoPlay\Docs\Zyzoom_all_windows_Activation.com - c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\AutoPlay\Docs\Zyzoom_all_windows_Activation.com
HKLM-RunOnce-c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\AutoPlay\Docs\Zyzoom_all_windows_Activation.com - c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\AutoPlay\Docs\Zyzoom_all_windows_Activation.com
HKLM-RunOnce-c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\AutoPlay\Docs\Zyzoom_all_windows_Activation.com - c:\docume~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\AutoPlay\Docs\Zyzoom_all_windows_Activation.com
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)
Notify-NavLogon - (no file)
Notify-vtUKcdCT - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-AFProg - c:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
MSConfigStartUp-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.om/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local;<local>
uInternet Settings,ProxyServer = mc-isa.muscatcollege.edu:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Inbox Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Inbox\ctbr.dll
c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\NeroVersionCheckerControl.ocx
O16 -: {680285A8-96D3-43DA-9D3D-51DD987D0B77}
hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
c:\windows\Downloaded Program Files\NeroVersionCheckerControl.inf
FireFox -: Profile - c:\documents and settings\Abc\Application Data\Mozilla\Firefox\Profiles\fjdhpule.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-08 19:36:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1488)
c:\windows\system32\adGina.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\note_ad.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1544)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
- - - - - - - > 'Explorer.exe'(1184)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
c:\windows\system32\proc_ad.dll
c:\windows\system32\TDispVol.dll
.
Completion time: 2008-12-08 19:40:10
ComboFix-quarantined-files.txt 2008-12-08 15:40:05
Pre-Run: 17,898,942,464 bytes free
Post-Run: 17,825,644,544 bytes free
391 --- E O F --- 2008-09-26 10:30:05

وهذ تقرير HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:52 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Denied XP\SvrADXP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Access Denied XP\ADXPSS.exe
C:\Program Files\Access Denied XP\newlaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Abc\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mc-isa.muscatcollege.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Inbox.com Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ADXPSS] "C:\Program Files\Access Denied XP\ADXPSS.exe"
O4 - HKLM\..\Run: [ADXP_Launcher] "C:\Program Files\Access Denied XP\newlaunch.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - Winlogon Notify: ad_note - C:\WINDOWS\SYSTEM32\note_ad.dll
O23 - Service: Access Denied XP Service (ADXPService) - Ivan Mayrakov - C:\Program Files\Access Denied XP\SvrADXP.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 10833 bytes

Corporation · 8 ديسمبر 2008

أخوي العزيز

تم حذف مآ يقآرب 30 فآيروس :d:

وأعتقد أنك مآطبقت خطوة أخوي الغالي هشام وهي التقليل من برآمج بدء التشغيل

لأن الفيروسات تكثر في هالمكآن وتقلع من بدآية أقلاع الجهاز :d:

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

ارفع علامة الصح من امام كل القيم ذات اللاحقة
C:/program File

ما عدا الانتي فايروس الخاص بك
والمثال هنا على الكاسبر وانت قيس على جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم وافق على اعادة التغشيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعدها أرجع حمل هالأدآة

للتنظيف من الدعائيات

شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

عندي مشكلة في موقع التحليل

طبق الأتي وجـآآري الفحص

:q:

Corporation · 8 ديسمبر 2008

بعد تطبيق الأتي

أمشي معي خطوة خطوة

في قيم أنا تقآضيت عنها بخليها للأخر

أحذف القيم التآلية

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O8 - Extra context menu item: Inbox Search - tbr:iemenu

O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Access Denied XP Service (ADXPService) - Ivan Mayrakov - C:\Program Files\Access Denied XP\SvrADXP.exe

وبذلك تكون تمت عملية الحذف

بعدها حمل هذه الأدآة

ثم استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدها أرجع أرفق تقرير هأي جآك جديد

وأن شاء الله ما تنقث من كثرة التقارير

Corporation · 8 ديسمبر 2008

السموحة شباب مظطر أطلع :d:

وأخوي ترى أنتظرتك تأخرت :hh:

جونـآ ضيوف :q:

وان شاء الله الأخوآن وأخوي هشام ما رآح يقصرون ويآك :b:

Demo-dash · 8 ديسمبر 2008

COMPAQ99 قال:
السموحة شباب مظطر أطلع :d:

وأخوي ترى أنتظرتك تأخرت :hh:

جونـآ ضيوف :q:

وان شاء الله الأخوآن وأخوي هشام ما رآح يقصرون ويآك :b:

ايه انا ماطلعت قبل شويه الى عشان الضيوف ,,
الله يوفقك محل ماتروح ’’
تعقيب بسيط ,,

هذه القيمه لاتحذف

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = mc-isa.muscatcollege.edu:8080

لأنها تبع اتصاله بالنت ,, لو حذفها ماراح يكون فيه نت ,,
ونسيب الباقي لهشام الله يعطيك العافيه وطوله العمر :king:

السّاجد لله · 8 ديسمبر 2008

انا قادم ابشروا بما يسركم احباب قلبي ههههههه

الاخ صاحب المشكلة وش صار معك ؟؟؟

oooahmedooo · 9 ديسمبر 2008

عذرا شباب انا انشغلت بلامس و هذا تقرير hijackthis و اشكركم على الجهود المبذولة وكل عام وانتم بخير

k:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:24, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Denied XP\SvrADXP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Abc\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mc-isa.muscatcollege.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Inbox.com Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\AutoPlay\Docs\Zyzoom_all_windows_Activation.com"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - Winlogon Notify: ad_note - C:\WINDOWS\SYSTEM32\note_ad.dll
O23 - Service: Access Denied XP Service (ADXPService) - Ivan Mayrakov - C:\Program Files\Access Denied XP\SvrADXP.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 7711 bytes

Demo-dash · 9 ديسمبر 2008

عن اذن الاخوان الغير متواجدين

احذف

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll

O3 - Toolbar: &Inbox.com Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_0\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"

O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_1\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"

O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_2\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"

O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_3\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"

O4 - HKLM\..\RunOnce: ["C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"] "C:\DOCUME~1\Abc\LOCALS~1\Temp\ir_ext_temp_4\A utoP lay\Docs\Zyzoom_all_windows_Activation.com"

O8 - Extra context menu item: Inbox Search - tbr:iemenu

O20 - Winlogon Notify: ad_note - C:\WINDOWS\SYSTEM32\note_ad.dll

طريقة الحذف

ثم احذف هالبرنامج Access Denied XP واذهب الى اضافه وازاله البرامج واحذف اي google toolbar ان تواجدت واحذف اي تولبار ايضا

ثم

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

قولنا ايش الاوضاع + تقرير هاي جاك جديد

زيزوومى فعال

زيزوومى فضى

توقيع : السّاجد لله

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى فضى

توقيع : السّاجد لله

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى فضى

توقيع : Corporation

زيزوومى فضى

توقيع : Corporation

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : Corporation

زيزوومى فعال

زيزوومى فضى

توقيع : Corporation

زيزوومى فضى

توقيع : Corporation

زيزوومى فضى

توقيع : Corporation

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فعال

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash