.. جـهـازي يـعـيد تشـغيـل نفسـه .. هـل من حـل ؟

[مقاوم]

بسم الله الرحمن الرحيم
السلام عليـكم ورحمة الله تعالى وبركاتـه وبـعد ..

كـل عام وأنتم بخيـر بعد الزحمة وتقبل الله من الجميـع العمل الصالح :q:

يعلم الله مدى ثقتي فيكم وفي حبكم لمساعدة منهم بحاجةٍ لها وأنا سبق وأن تعرضت لمشاكل في الحاسب لم أجد حلاً لها إلا في هذا الصرح الكبير ..

منذ ُ أن اشتريت هذا الجهاز وأنا أعاني من مشكلة " عويصة :?: " وهي أنه يعيد تشغيل نفسه .. بتوضيح أكثر .. عندما أكون منهمكا ً في العمل على الحاسب مثلا ً كبرنامج الفوتوشوب أو التصفح أو أي شيء آخر .. فجأة يبدأ في التعليق ثم يعيد تشغيل نفسه .. فأرجوكم هـل هنالك حل .. فأنا تعبت من إعادة أعمالي خصوصاً التي تستغرق وقتاً طويلا ً في أداءها ..

شاكراً ومقدرا ً لكم .. :b:​

 

[AbOdy]

وعليكم السلام

وانت بخير يا الغلاا

لاهنت قم بعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

 

[مقاوم]

تفضل ياعزيزي ..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:38 ص, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Hasib\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\برامج\موجد الهاي جاك\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hasib\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 7262 bytes

 

[Run]

احذف

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

طريقه الحذف

​

​

ثم ادخل على ازاله واظافه البرامج واحذف جميع التولبارات مثال GoogleToolbar

ثم ارفق تقرير اخر

 

[HooOoom]

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعدها اعملي اعادة تشغيل




وسوي تقارير من جديد




(1)

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log

لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

 

[مقاوم]

منصور الشمري

تفضل "

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:07:37 ص, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Hasib\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
H:\برامج\موجد الهاي جاك\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hasib\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 6380 bytes



///////////////////////////////////

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تقرير الهايجاك في الأعلى .. أما بالنسبة للتقرير بتاع الـ ComboFix .. تفضل :



ComboFix 08-12-15.01 - Hasib 12/16/2008 1:59:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1015.574 [GMT 3:00]
Running from: c:\documents and settings\Hasib\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
H:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 23:02 --------- d-----w c:\documents and settings\Hasib\Application Data\DMCache
2008-12-15 22:53 6,184 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-15 22:53 573,472 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-15 22:52 --------- d-----w c:\program files\Google
2008-12-15 22:35 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-15 18:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 22:49 30,656 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-14 22:49 3,383,328 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-10 13:36 --------- d-----w c:\program files\MSN Messenger
2008-12-08 19:25 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-08 19:25 --------- d-----w c:\program files\AVN Products
2008-12-08 19:25 --------- d-----w c:\program files\AviSynth 2.5
2008-12-07 03:32 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-06 21:42 --------- d-----w c:\program files\Digital Element
2008-12-02 13:43 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-27 20:51 --------- d-----w c:\documents and settings\Hasib\Application Data\theimagingfactory
2008-11-27 18:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 16:40 --------- d-----w c:\program files\Bonjour
2008-11-27 04:06 --------- d-----w c:\program files\Multilizer 6
2008-11-27 04:06 --------- d-----w c:\documents and settings\Hasib\Application Data\IDM
2008-11-26 20:25 --------- d-----w c:\program files\DCETools
2008-11-26 17:50 --------- d-----w c:\program files\Vertus Fluid Mask 3
2008-11-26 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-22 02:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-22 02:21 --------- d-----w c:\documents and settings\All Users\Application Data\Axis Readme Second Bat
2008-11-21 20:18 --------- d-----w c:\program files\MessengerPlus! 3
2008-11-21 16:50 --------- d-----w c:\program files\Windows Live
2008-11-21 16:50 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-21 16:50 --------- d-----w c:\program files\Adverts
2008-11-21 16:33 --------- d-----w c:\program files\Windows Installer Clean Up
2008-11-21 16:32 --------- d-----w c:\program files\MSECACHE
2008-11-21 14:52 --------- d-----w c:\program files\Adobe Media Player
2008-11-21 14:49 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-21 14:44 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-19 10:58 --------- d-----w c:\program files\Internet Download Manager
2008-11-15 11:31 --------- d-----w c:\program files\alnassrclub
2008-11-15 11:30 --------- d-----w c:\program files\Stepok's Gigital Beauty
2008-11-14 02:53 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-11-14 02:51 --------- d-----w c:\program files\Microsoft
2008-11-14 02:18 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-13 23:21 --------- d-----w c:\program files\CCleaner
2008-11-13 23:18 --------- d-----w c:\program files\Your Uninstaller 2008
2008-11-13 23:15 --------- d-----w c:\documents and settings\Hasib\Application Data\URSoft
2008-11-13 22:57 --------- d-----w c:\program files\CyberLink
2008-11-13 22:55 --------- d-----w c:\documents and settings\Hasib\Application Data\COWON
2008-11-13 22:02 --------- d-----w c:\documents and settings\Hasib\Application Data\Media Player Classic
2008-11-06 22:23 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-04 12:01 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-31 02:45 --------- d-----w c:\documents and settings\Hasib\Application Data\vlc
2008-10-30 20:31 --------- d-----w c:\program files\Kaspersky Lab
2008-10-30 20:29 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-30 08:18 16,608 ----a-w c:\windows\gdrv.sys
2008-10-30 08:16 315,392 ----a-w c:\windows\HideWin.exe
2008-10-30 08:04 --------- d-----w c:\program files\Intel
2008-10-30 07:59 --------- d-----w c:\program files\Common Files\Ahead
2008-10-30 07:55 --------- d-----w c:\program files\Nero
2008-10-30 07:53 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-10-30 07:52 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-30 07:52 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-30 07:52 --------- d-----w c:\program files\Common Files\xing shared
2008-10-30 07:52 --------- d-----w c:\program files\Common Files\Real
2008-10-30 07:50 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-10-30 07:49 --------- d-----w c:\program files\Java
2008-10-30 07:49 --------- d-----w c:\program files\Common Files\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@Fri 11-14-2008_ 0.23.28.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-03 09:49:31 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-16 20:24:09 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 20:24:09 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 20:24:09 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 20:24:09 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 20:24:09 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 20:24:09 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 20:24:09 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 20:24:09 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 20:24:09 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 20:24:09 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 20:24:09 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 20:24:09 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 20:24:10 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 20:24:10 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 20:24:10 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 20:24:10 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 20:24:10 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 20:24:10 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 20:24:10 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 20:24:10 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 20:24:10 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 20:24:10 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 20:24:11 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 20:24:11 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 20:24:11 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2008-04-14 00:12:24 103,936 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
+ 2007-07-27 06:41:48 231,288 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
+ 2007-07-27 06:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
+ 2008-04-14 00:12:09 1,053,184 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
+ 2008-04-14 00:12:58 2,109,440 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
+ 2008-04-14 00:12:07 246,814 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954708$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954708$\spuninst\updspapi.dll
+ 2008-04-14 00:12:08 712,704 -c----w c:\windows\$NtUninstallKB954708$\windowscodecs.dll
+ 2008-04-14 00:12:08 346,112 -c----w c:\windows\$NtUninstallKB954708$\windowscodecsext.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
+ 2008-04-14 00:12:38 60,416 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
+ 2008-04-14 00:11:54 285,184 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
+ 2008-10-04 17:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2008-10-04 17:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-10-06 08:48:50 267,568 ----a-w c:\windows\Downloaded Program Files\sysreqlab_srl.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 10:54:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-12-10 13:36:59 29,926 ----a-r c:\windows\Installer\{B3FB6C13-AEC8-4FC8-8B96-919BAB1F2FC7}\MsblIco.Exe
+ 2002-09-17 21:45:00 119,808 ----a-w c:\windows\lsb_un20.exe
+ 2004-06-16 23:32:40 372,736 ----a-w c:\windows\Resources\Themes\Royale\Shell\NormalColor\ShellStyle.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-05-25 23:19:00 351,232 ----a-w c:\windows\system32\avisynth.dll
- 2008-11-07 04:11:57 14,848 ----a-w c:\windows\system32\BASSMOD.dll
+ 2008-11-27 18:09:38 14,848 ----a-w c:\windows\system32\BASSMOD.dll
- 2008-11-07 00:37:44 16,384 ----a-w c:\windows\system32\config\systemprofile\s\index.dat
+ 2008-12-15 10:44:03 16,384 ----a-w c:\windows\system32\config\systemprofile\s\index.dat
- 2008-11-07 00:37:44 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-15 10:44:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-11-29 10:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll
+ 2004-05-26 13:37:34 719,872 ----a-w c:\windows\system32\devil.dll
+ 2008-07-25 08:34:36 683,520 ----a-w c:\windows\system32\divx.dll
- 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2007-07-30 16:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 11:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-08-26 07:24:28 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 00:12:24 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 00:11:20 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 10:54:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-16 23:08:40 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-09-05 20:30:42 241,704 -c----w c:\windows\system32\dllcache\wgaLogon.dll
+ 2008-09-05 20:29:58 917,032 -c----w c:\windows\system32\dllcache\WgaTray.exe
- 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 00:12:09 1,053,184 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 03:11:46 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2008-04-14 00:12:58 2,109,440 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-11-07 13:45:32 2,174,976 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2007-07-30 16:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 11:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 16:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 11:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 16:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 11:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-30 16:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 11:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-30 16:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 11:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-30 16:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 11:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2006-02-28 09:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe
+ 2006-02-28 09:41:22 53,248 ----a-w c:\windows\system32\dnssd.dll
+ 2008-07-25 08:34:54 81,920 ----a-w c:\windows\system32\dpl100.dll
+ 2008-07-08 10:54:02 148,496 ----a-w c:\windows\system32\drivers\18762776.sys
+ 2008-07-08 10:54:02 148,496 ----a-w c:\windows\system32\drivers\78546928.sys
+ 2008-07-08 10:54:02 148,496 ----a-w c:\windows\system32\drivers\95546000.sys
+ 2002-12-10 06:11:42 6,852 ----a-w c:\windows\system32\drivers\Vcs.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-06-12 18:36:38 7,680 ----a-w c:\windows\system32\ff_vfw.dll
- 2008-11-06 08:26:42 334,664 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-26 19:56:54 3,922,168 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-26 19:57:10 663,728 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2004-05-04 08:53:40 1,645,320 ----a-w c:\windows\system32\gdiplus.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\jsproxy.dll
- 2008-03-20 15:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.DLL
+ 2008-09-05 20:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
- 2008-04-14 00:12:24 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 00:11:20 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-10-30 07:47:20 48,749 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-27 18:49:14 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 10:54:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-16 23:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2003-02-28 15:26:26 947,472 ----a-w c:\windows\system32\msjava.dll
+ 2008-07-31 07:16:54 947,472 ----a-w c:\windows\system32\msjava.dll
- 2008-08-26 07:24:30 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-07-23 16:50:52 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
- 2007-10-18 15:31:46 51,224 ----a-w c:\windows\system32\sirenacm.dll
+ 2008-09-08 21:03:46 51,712 ----a-w c:\windows\system32\sirenacm.dll
+ 2008-10-16 11:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 11:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-07-06 08:26:42 77,312 ----a-w c:\windows\system32\TWAIN_32.DLL
+ 2007-07-06 08:26:42 48,560 ----a-w c:\windows\system32\TWUNK_16.EXE
+ 2007-07-06 08:26:42 69,632 ----a-w c:\windows\system32\TWUNK_32.EXE
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
+ 2007-09-04 16:56:10 164,352 ----a-w c:\windows\system32\unrar.dll
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-09-05 20:30:42 241,704 ------w c:\windows\system32\WgaLogon.dll
+ 2008-09-05 20:29:58 917,032 ------w c:\windows\system32\WgaTray.exe
- 2008-04-14 00:12:08 712,704 ------w c:\windows\system32\windowscodecs.dll
+ 2008-07-11 08:55:41 712,704 ------w c:\windows\system32\windowscodecs.dll
- 2008-04-14 00:12:08 346,112 ------w c:\windows\system32\windowscodecsext.dll
+ 2008-07-11 08:55:41 347,648 ------w c:\windows\system32\windowscodecsext.dll
- 2008-04-14 00:12:09 1,053,184 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 03:11:46 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2008-04-14 00:12:58 2,109,440 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-07 13:45:32 2,174,976 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-01-10 12:15:30 755,027 ----a-w c:\windows\system32\xvidcore.dll
+ 2008-01-10 12:16:20 159,839 ----a-w c:\windows\system32\xvidvfw.dll
+ 2004-01-25 16:18:44 217,088 ----a-w c:\windows\system32\yv12vfw.dll
+ 2005-09-22 19:48:08 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-22 19:48:08 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 19:48:06 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-12-01 19:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 19:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 19:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2008-09-05 13:04:52 287,744 ----a-w c:\windows\WLXPGSS.SCR
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 03:12 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [11/19/2008 01:58 PM 2607616]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [04/14/2008 03:12 AM 1695232]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"Google Update"="c:\documents and settings\Hasib\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [11/30/2008 11:21 PM 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM 132496]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [10/30/2008 10:52 AM 185896]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [11/21/2008 11:18 PM 190024]
"RTHDCPL"="RTHDCPL.EXE" [02/13/2008 09:31 AM 16857600 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 03:12 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 04/14/2008 03:12 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 10/30/2008 10:52 AM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 07/21/2006 11:14 AM 86016 c:\windows\SoundMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2008-04-18 13696]
R1 is-NML93drv;is-NML93drv;c:\windows\system32\DRIVERS\18762776.sys [2008-11-21 148496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S1 is-8V5G2drv;is-8V5G2drv;c:\windows\system32\DRIVERS\95546000.sys [2008-12-05 148496]
S1 is-EHTRUdrv;is-EHTRUdrv;c:\windows\system32\DRIVERS\29015397.sys []
S1 is-TJ5K6drv;is-TJ5K6drv;c:\windows\system32\DRIVERS\78546928.sys [2008-12-15 148496]
S2 vcs;vcs;\??\e:\نامج_لتغيير_صوتك_على_الماسنجر\برنامج لتغيير صوتك على الماسنجر\vcs.sys []
.
s of the 'Scheduled Tasks' folder
2008-12-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Hasib\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [11/30/2008 11:21 PM]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-16 02:01:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 12/16/2008 2:03:25
ComboFix-quarantined-files.txt 2008-12-15 23:02:57
ComboFix2.txt 2008-11-13 21:26:04
Pre-Run: 17,769,996,288 bytes free
Post-Run: 17,845,448,704 bytes free
507 --- E O F --- 2008-12-12 00:04:22





.. ماذا الآن ؟
​

 

[MOZY_55]

السلام عليكم ورحمة الله وبركاتة
اخي العزيز قد يكون العطل من الهاردسك بسبب الانقطاع الكهربائي المباشر
اذهب الى ابدأ >>تشغيل واكتب>>chkdsk وانتضر حتى تنتهي
هذه الطريقة تصلح اخطاء الهاردسك
تقبل مروري
​

 

[Run]

مقاوم ما حذفت القيمه ؟

 

[مقاوم]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تم عمل ما طلبته ياعزيزي .. وشاكر لك نصحك واجتهادك

 

[مقاوم]

مقاوم ما حذفت القيمه ؟

معك حق .. أعتقدت أني حذفتها ..


هذا التقرير بـعـد الحذف ..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:20:29 ص, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Hasib\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\برامج\موجد الهاي جاك\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hasib\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 6451 bytes







آسـف على الازعاج :q:

 

[Run]

الان تمام

تنظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

​

​

 

[مقاوم]

جزاك الله خير أخوي منصـور .. وإن شاء الله مايرجع هـ الجهاز لعادتـه ..

شكرا ً ياولد ديرتي k:

 

[KoNaMi]

احذف التالي حبيب قلبي

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

بعدين احذف الانترنت داونلود مانجر ونزله بعد ماتخلص تنظيف الجهاز


ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

​

ثم نزل هذه الاداة واتبع الشرح التالي​

​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

التوافق : ويندوز اكسبي فقط ​

​

​

​

شرح الاستخدام ,,,,,,​

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )​

​

​

​

​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

​

​

​

​

الحين نزل من جديد الانترنت داونلود مانجر

وسوي تقرير جديد للهاجيك

​

 

[KoNaMi]

الان تمام

تنظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

​

​

المعذرة منك اخوي منصور ماشفت ردك

المعذرة ياغالي
​

 

[مقاوم]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

هـل اقوم بما طلبت في ردك الأول ؟​

 

[KoNaMi]

اسنتى الين يخلص الغالي منصور

بعدين اذا ماتحلت المشكلة طبق الي ذكرته

بالتوفيق قلبي
​

 

[مقاوم]

اوكي ..