لخبراء برنامج RegDoctor

[سنى الجرح]

أخواني الأعزاء

انا جهازي بدى يعلق مع العلم ان جهازي غير محمل برامج كثيره

قلت اجبر برنامج RegDoctor

ولكن لما جربته يطلع لي خطاء عددها 656 ولكن للأسف بعد ما اضغط على الإصلاح يقول اني انتهيت ولما اعيد الكشف يطلع لي نفس الأخطاء

فكيف اقدر احلها ولا عاد يخرجها مره أخرى

 

[البرونز]

اعمل فحص لجهازك بهذا البرنامج
وضع التقرير في ردك القادم إن شاء الله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[سنى الجرح]

هذا التقرير استاذي العزيز البرونز

Logfile of HijackThis v1.99.1
Scan saved at 09:26:21 ص, on 14/12/08
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\RegDoctor\RegDoctor.exe
C:\Program Files\Salaat Time\SalaatTime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Zaid\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [RegDoctor] C:\Program Files\RegDoctor\RegDoctor.exe -Quick
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: إدراج إلى ملف PDF الموجود حالياً - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحويل إلى Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: تحويل التحديد إلى Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: تحويل التحديد إلى ملف PDF الموجود حالياً - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: تحويل الروابط المحددة إلى ملف PDF الموجود حالياً - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: تحويل الروابط المحددة إلى Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: تحويل مصدر الرابط إلى Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: تحويل مصدر الرابط إلى ملف PDF الموجود حالياً - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: SQL Server (VAIO_VEDB) (MSSQL$VAIO_VEDB) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

[البرونز]

هل جهازك محمول ( Laptop )

------------------------

حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أوقف برنامج الحماية لديك >>>>>> مهمة جداً هذه النقطة


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes

بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك

وبشكل تلقائي يعاد تشغيل جهازك >>> قد لايعمل إعادة تشغيل فهو يختلف من جهاز لأخر

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه

انتظر حتى يظهر لك تقرير ضعه في ردك القادم

ثم اعد تشغيل الجهاز وأخبرني بالنتائج

 

[سنى الجرح]

هذا التقرير الي ظهر لي عزيزي البرونز

ولقد ارفقته لك اخي العزيز لأني اجد بعض الرابط تغيرت بعد لصقها في المربع
_________________________________________________________
ComboFix 08-12-14.04 - Zaid 12/15/2008 18:18:01.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1256.1.1033.18.2038.883 [GMT 10:00]
Running from: c:\users\Zaid\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 08:16 6,736 ----a-w c:\windows\system32\drivers\PROCEXP90.SYS
2008-12-14 12:25 --------- d-----w c:\programdata\Babylon
2008-12-13 03:14 --------- d-----w c:\users\Zaid\AppData\Roaming\EndNote
2008-12-12 13:42 --------- d-----w c:\program files\RegDoctor
2008-12-12 02:51 --------- d-----w c:\users\Zaid\AppData\Roaming\Avant Profiles
2008-12-09 23:57 --------- d-----w c:\program files\Windows Mail
2008-12-09 23:41 --------- d-----w c:\programdata\Microsoft Help
2008-12-09 11:49 --------- d-----w c:\programdata\Symantec
2008-12-08 23:59 --------- d-----w c:\users\Zaid\AppData\Roaming\Webcammax
2008-12-08 23:59 --------- d-----w c:\programdata\WebcamMax
2008-12-08 23:59 --------- d-----w c:\program files\WebcamMax
2008-12-08 05:08 --------- d-----w c:\program files\Norton 360
2008-12-08 03:56 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-08 03:48 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-12-08 03:48 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-08 03:48 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-08 03:48 --------- d-----w c:\program files\Symantec
2008-12-08 02:11 --------- d-----w c:\users\Zaid\AppData\Roaming\Symantec
2008-12-04 04:25 --------- d-----w c:\programdata\FLEXnet
2008-12-04 04:25 --------- d-----w c:\program files\Salaat Time
2008-12-04 04:25 --------- d-----w c:\program files\Protector Suite QL
2008-12-04 04:25 --------- d-----w c:\program files\Microsoft Works
2008-12-04 04:25 --------- d-----w c:\program files\Common Files\Skype
2008-12-03 11:09 --------- d-----w c:\programdata\Apple Computer
2008-12-03 11:09 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 11:09 --------- d-----w c:\program files\iTunes
2008-12-03 11:09 --------- d-----w c:\program files\iPod
2008-12-03 11:09 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 11:07 --------- d-----w c:\program files\QuickTime
2008-12-03 10:55 --------- d-----w c:\program files\Safari
2008-12-01 10:34 --------- d-----w c:\programdata\Messenger Plus!
2008-11-30 13:41 --------- d-----w c:\users\Zaid\AppData\Roaming\Datalayer
2008-11-30 02:08 --------- d-----w c:\program files\Avant Browser
2008-11-27 15:00 --------- d-----w c:\program files\NSS
2008-11-27 11:45 --------- d-----w c:\users\Zaid\AppData\Roaming\PC Suite
2008-11-26 09:24 --------- d-----w c:\program files\BitComet
2008-11-25 07:39 --------- d-----w c:\users\Zaid\AppData\Roaming\Babylon
2008-11-23 15:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-11-23 15:23 --------- d-----w c:\programdata\Nokia
2008-11-23 15:20 --------- d-----w c:\program files\Nokia
2008-11-23 15:16 --------- d-----w c:\program files\Common Files\Nokia
2008-11-23 15:15 --------- d-----w c:\programdata\Installations
2008-11-23 14:51 --------- d-----w c:\users\Zaid\AppData\Roaming\Nokia
2008-11-23 07:15 --------- d-----w c:\program files\Common Files\Webroot Shared
2008-11-23 07:14 --------- d-----w c:\users\Zaid\AppData\Roaming\Webroot
2008-11-23 07:14 --------- d-----w c:\programdata\Webroot
2008-11-23 07:14 --------- d-----w c:\program files\Webroot
2008-11-15 09:23 --------- d-----w c:\program files\JetAudio
2008-11-13 05:33 --------- d-----w c:\users\Zaid\AppData\Roaming\Skype
2008-11-13 02:40 --------- d-----w c:\users\Zaid\AppData\Roaming\skypePM
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-29 00:06 --------- d-----w c:\users\Zaid\AppData\Roaming\Corel
2008-10-29 00:00 --------- d-----w c:\program files\Babylon
2008-10-28 23:58 --------- d-----w c:\program files\MessengerDiscovery
2008-10-25 09:28 --------- d-----w c:\program files\Opera
2008-10-24 23:41 --------- d-----w c:\program files\EndNote X1
2008-10-24 23:41 --------- d-----w c:\program files\Common Files\Thomson ResearchSoft
2008-10-24 23:41 --------- d-----w c:\program files\Common Files\Risxtd
2008-10-22 07:17 --------- d-----w c:\program files\Common Files\COWON
2008-06-29 11:27 174 --sha-w c:\program files\desktop.ini
2008-06-27 10:36 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-06-27 10:36 56 ---ha-w c:\programdata\ezsidmv.dat
2008-06-27 04:24 1,132,112 ----a-w c:\users\All Users\pswi_preloaded.exe
2008-06-27 04:24 1,132,112 ----a-w c:\programdata\pswi_preloaded.exe
2008-06-30 03:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-08-28 06:40 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-28 06:40 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2008-08-28 06:40 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\s\index.dat
2006-10-12 03:09 94,208 --sha-w c:\windows\System32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
10/31/2008 12:24 PM 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
10/31/2008 12:24 PM 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
10/31/2008 12:24 PM 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
01/06/2007 06:41 AM 2857984 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
01/06/2007 06:41 AM 2857984 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [08/26/2007 07:38 PM 13443072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [03/24/2007 01:06 PM 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [03/24/2007 01:05 PM 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [03/24/2007 01:06 PM 133912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [11/04/2008 10:30 AM 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [11/20/2008 01:20 PM 290088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [10/17/2008 03:52 PM 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [02/27/2008 12:50 AM 988512]
"RegDoctor"="c:\program files\RegDoctor\RegDoctor.exe" [08/14/2007 01:38 PM 2256896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
01/06/2007 06:28 AM 90112 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
04/24/2007 10:19 AM 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^معجل بدء تشغيل Adobe Acrobat.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\معجل بدء تشغيل Adobe Acrobat.lnk
backup=c:\windows\pss\معجل بدء تشغيل Adobe Acrobat.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Zaid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=c:\users\Zaid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=c:\windows\pss\Microsoft Office Groove.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Zaid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Zaid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 10/23/2006 01:24 AM 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 06/06/2005 11:46 PM 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 10/01/2008 12:57 PM 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 02/14/2008 08:02 PM 3165920 c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3900 Series]
--a------ 02/21/2006 02:00 PM 131072 c:\windows\System32\spool\drivers\w32x86\3\E_FATIBEP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 08/24/2007 07:00 AM 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 04/17/2007 12:06 PM 321656 c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 11/20/2008 01:20 PM 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 02/07/2007 04:21 PM 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oovoo.exe]
--a------ 08/04/2008 04:26 PM 13494064 c:\program files\ooVoo\ooVoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 06/15/2006 12:36 PM 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 06/27/2006 04:21 PM 1449984 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
--a------ 01/06/2007 06:07 AM 49168 c:\program files\Protector Suite QL\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickBooks Simple Start]
--a------ 01/31/2007 02:59 PM 371712 c:\program files\Intuit\SimpleStartEntice\entice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 11/04/2008 10:30 AM 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 02/07/2007 04:24 PM 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 01/19/2008 05:33 PM 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 09/23/2008 02:17 PM 21755688 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 05/04/2007 04:40 AM 77824 c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 03/08/2007 12:38 PM 835584 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 10/07/2008 06:23 PM 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
--a------ 03/07/2007 08:22 AM 36864 c:\program files\Sony\VAIO Center Access Bar\VCAB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
--a------ 04/03/2007 09:49 AM 411768 c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
--a------ 03/14/2007 10:13 AM 2322432 c:\program files\Sony\VAIO Security Center\VSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 12/07/2006 10:08 AM 577536 c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 11/26/2007 02:47 PM 1206600 c:\program files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 01/19/2008 05:38 PM 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 04/07/2007 04:18 AM 4423680 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 04/07/2007 04:18 AM 1822720 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E09F9724-6709-44D5-9E5C-9F487084DE3E}"= UDP:c:\program files\Sony\FreePlayer\LFPC3\LFPC3.exe:Free Player
"{3DFE13BF-F56B-4141-A63D-B60BE300CC4B}"= TCP:c:\program files\Sony\FreePlayer\LFPC3\LFPC3.exe:Free Player
"{2555D83A-032C-4937-AC45-8C8C2FA89F9B}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{61AF6540-D333-4D87-9FC5-184506603E21}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{82361504-6737-432D-8098-AF13E7F6F410}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5ED37ACE-1469-48A5-A34B-4465C278B7AC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13F1E6EA-2E14-4DAC-8612-21EA47D013DE}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{759E4015-20EE-4581-9CE9-A280C2376CE4}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{00FD3AEE-AA4A-4B8B-84C1-3E2487B4353E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AB78C979-410C-4DD4-A3CE-E8C567429B3E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C4A90734-95E1-4F05-BAE3-18D94EF55E88}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{C663E306-EE41-4248-9BD5-8F13054B0DA5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44FD06DB-22C4-4FD1-873A-BC2A3CF89195}"= UDP:9420:Red Swoosh
"{8366A028-149F-40E2-BBCD-99F20B7C956F}"= TCP:5000:Red Swoosh
"{C0834D84-ADBD-4B85-8862-7D082F6B89C4}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{736DCE23-B3C3-4020-BF90-25098E3AAF93}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{F5E9F005-CF5B-441A-ADC7-0D2AB75392B5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D22E69C2-3493-438B-9CE8-E9DC0E919660}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{24AB365F-F256-4F67-96A5-E51C6BF834FC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A4C7B75A-57FA-4D4B-9B12-7976B8E63C0B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3ABF1D6A-017F-4181-8DDC-BB5C428AA97C}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{D42A460C-A8C6-4E78-9E85-081958723FF2}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{5AC776B6-8673-4A84-8F36-E44A9959D400}"= UDP:443oVoo TCP المنفذ 443
"{020D916A-38AB-4262-BCBE-6A372E1232AA}"= TCP:443oVoo UDP المنفذ 443
"{27A7DB0E-BD99-4F7D-8133-06703F701AB5}"= UDP:37674oVoo TCP المنفذ 37674
"{12EB7E66-5984-4337-93A2-A826DBBEC966}"= TCP:37674oVoo UDP المنفذ 37674
"{B1BC3E27-C589-4122-A464-4222B6413907}"= TCP:37675oVoo UDP المنفذ 37675
"{5D7946FC-A795-459B-A486-9E8811F00E35}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B2B244F6-8405-4EB3-8422-5B9285AF00B3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F903CE55-2A5E-4B8B-8A2F-69C84EEDCB90}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6A16B082-C800-4D9A-A47B-5DD9B7F19E75}"= UDP:20151:BitComet 20151 TCP
"{740B0CCE-C13C-47F0-9C13-55507129B8E2}"= TCP:20151:BitComet 20151 UDP
"{50D5C3B0-49BC-478F-8B7A-04ECFB616118}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DF94AEC2-1A5D-46A9-9206-F45CFEE18B6C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{FC39B4BF-ABA8-4CEC-BFD0-8A3286EEAC20}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{C9FC1E49-9971-4D2A-B199-623DB94EBA6C}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:File Transfer Program
"TCP Query User{6622B0A4-51E8-40E3-B040-DACD19C5B145}c:\\users\\zaid\\appdata\\local\\temp\\lmi75bc.tmp\\lmi_rescue.exe"= UDP:c:\users\zaid\appdata\local\temp\lmi75bc.tmp\lmi_rescue.exe:LogMeIn Rescue
"UDP Query User{4D05BACF-7120-45A7-8531-A8E6E9362B45}c:\\users\\zaid\\appdata\\local\\temp\\lmi75bc.tmp\\lmi_rescue.exe"= TCP:c:\users\zaid\appdata\local\temp\lmi75bc.tmp\lmi_rescue.exe:LogMeIn Rescue
"{E87F5FA4-DB36-4183-8499-7041748D6DFA}"= UDP:c:\users\Zaid\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{CAB88067-B3D2-4B97-87FE-F9D7BDE2507D}"= TCP:c:\users\Zaid\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081212.001\IDSvix86.sys [2008-12-13 270384]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CAMTHWDM.sys [2008-12-09 941784]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-19 149352]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB [2008-02-26 29183504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-01-04 11032]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-11-23 598856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-08 99376]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-05-04 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-05-04 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2007-05-04 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-05-04 807424]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-13 23888]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\Image Converter 3\ICScsiSV.exe [2008-06-27 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;"c:\program files\Sony\Image Converter 3\IcVzMonLauncher.exe" [2008-06-27 67760]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2008-06-27 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Collection (HTTP);"c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2008-06-27 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48292ec5-944a-11dd-a935-001167748c3b}]
\shell\Auto\command - sunny.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sunny.exe

*Newly Created Service* - COMHOST
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-Sweeper - c:\program files\History Sweeper\sweeper.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: إدراج إلى ملف PDF الموجود حالياً - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: تحويل إلى Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: تحويل التحديد إلى Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: تحويل التحديد إلى ملف PDF الموجود حالياً - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: تحويل الروابط المحددة إلى ملف PDF الموجود حالياً - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: تحويل الروابط المحددة إلى Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: تحويل مصدر الرابط إلى Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: تحويل مصدر الرابط إلى ملف PDF الموجود حالياً - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\Zaid\AppData\Roaming\Mozilla\Firefox\Profiles\fz4syoz0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://arabia.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.arabia.msn.com/results.aspx?mkt=En-En&FORM=MIMWA1&q=
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-15 18:28:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(5524)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\authui.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\PSIService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\conime.exe
c:\combofix\hidec.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 12/15/2008 18:35:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-15 08:33:37

Pre-Run: 90,023,165,952 bytes free
Post-Run: 89,577,512,960 bytes free

413 --- E O F --- 2008-12-11 04:11:13

​

 

[سنى الجرح]

للرفع

 

[البرونز]

طيب اعمل تقرير هايجك جديد الله لايهينك

وأسف جداً على التأخير

 

[سنى الجرح]

تفضل اخوي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

محمله على الملف ذا لأن بعض الكلمات لا تكون ظاهرة

 

[KoNaMi]

طيب حبيب قلبي الين يجي الغالي البرونز

الحين اديني تقرير للهاجيك
​

 

[سنى الجرح]

أخوي حمود التقرير موجود حمل الملف

لأني انا حملته على ملف مضغوط لأن بعض الأشياء عند النسخ والصق تتغير

 

[سنى الجرح]

وينكم اخونا البرونز

 

[fahd]

بخصوص برنامج RegDoctor

هل هو Portable يعمل بدون تنصيب

إذا كان جوابك بنعم
فأن السبب من طريقة صنعه Portable

والحل هو :

أن تنصبه على جهازك بشكل عادي

 

[سنى الجرح]

أخوي فهد

أهو منصب على الجهاز وكامل