جهازي اتوقع فيه فيروس (( تقريري مرفق ))

  • بادئ الموضوع بادئ الموضوع ned(11)ved
  • تاريخ البدء تاريخ البدء
  • المشاهدات 971
ned(11)ved

ned(11)ved

زيزوومى فضى
إنضم
17 يناير 2008
المشاركات
3,417
مستوى التفاعل
617
النقاط
945
غير متصل
شاك ان جهازي فيه فايروس
هذا التقرير
كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10, on 2009-03-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Wyyo\wyyo.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo125.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\RASHED\سطح المكتب\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.87:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: is-R5FA0.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Wyyo Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo125.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7483 bytes
 

توقيع : ned(11)ved
ترتيب حسب التاريخ ترتيب حسب الأصوات

اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
اخوي ماله علاقة تقرير الهاي جاك اذا شاك بجهازك اعمله فحص بالانتي فايروس وشوف النتيجة
 
توقيع : الرجل الحائر
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
هذا التقرير بالاداه
كود: 
ComboFix 09-03-10.03 - RASHED 03/11/2009 21:34:02.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1256.1.1025.18.2046.1431 [GMT 3:00]
Running from: c:\documents and settings\RASHED\سطح المكتب\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)
 * Created a new restore point
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\agsaame.dll
c:\windows\system32\ALOAudioFile2.dll
c:\windows\system32\ALOAVIFile.dll
c:\windows\system32\ALOQuickTimeFile.dll
c:\windows\system32\ALOVideoCoreM.dll
c:\windows\system32\ALOWMAFile2.dll
c:\windows\system32\kakle.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\uacinit.dll

.
(((((((((((((((((((((((((   Files Created from 2009-02-11 to 2009-03-11  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 18:32	---------	d-----w	c:\documents and settings\RASHED\Application Data\Zoom Player
2009-03-11 18:31	---------	d-----w	c:\program files\Common Files\Akamai
2009-03-11 18:30	---------	d-----w	c:\documents and settings\RASHED\Application Data\uTorrent
2009-03-11 16:59	---------	d-----w	c:\documents and settings\RASHED\Application Data\DMCache
2009-03-11 10:40	---------	d-----w	c:\program files\Wyyo
2009-03-11 10:40	---------	d-----w	c:\documents and settings\All Users\Application Data\Wyyo
2009-03-11 10:25	34,996,192	--sha-w	c:\windows\system32\drivers\fidbox.dat
2009-03-10 18:27	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-10 18:27	---------	d-----w	c:\program files\NextSecurity.NET
2009-03-10 18:27	---------	d-----w	c:\program files\Common Files\InstallShield
2009-03-09 21:53	---------	d-----w	c:\documents and settings\RASHED\Application Data\Thinstall
2009-03-09 21:53	---------	d-----w	c:\documents and settings\All Users\Application Data\Hot Lava Games
2009-03-07 19:52	98,304	----a-w	c:\windows\system32\viscomtran.dll
2009-03-07 19:50	---------	d-----w	c:\program files\Ozone
2009-03-06 21:07	---------	d-----w	c:\program files\LeeGTs Games
2009-03-06 21:07	---------	d-----w	c:\documents and settings\All Users\Application Data\Gogii
2009-03-06 19:30	---------	d-----w	c:\program files\Konami
2009-03-06 17:30	32	--sha-w	c:\windows\system32\drivers\fidbox.idx
2009-03-06 17:02	---------	d-----w	c:\documents and settings\RASHED\Application Data\POP Peeper
2009-03-06 16:24	---------	d-----w	c:\program files\POP Peeper
2009-03-06 16:04	---------	d-----w	c:\documents and settings\RASHED\Application Data\IDM
2009-03-05 09:01	---------	d-----w	c:\program files\Registry Easy
2009-03-04 17:22	---------	d-----w	c:\documents and settings\All Users\Application Data\MonteCristo
2009-03-04 16:30	---------	d-----w	c:\program files\MyFreeWeather
2009-03-04 10:36	---------	d-----w	c:\program files\MyLanViewer
2009-03-03 19:25	---------	d-----w	c:\program files\psconvert
2009-02-28 23:55	---------	d-----w	c:\program files\CBS Software
2009-02-27 21:48	---------	d-----w	c:\documents and settings\All Users\Application Data\Agnitum
2009-02-27 20:38	---------	d-----w	c:\program files\FormatFactory
2009-02-27 15:57	---------	d-----w	c:\program files\Chicken Village
2009-02-26 22:26	---------	d-----w	c:\documents and settings\RASHED\Application Data\VitySoft
2009-02-26 22:11	---------	d-----w	c:\program files\Chicken Chase
2009-02-26 20:12	---------	d-----w	c:\documents and settings\RASHED\Application Data\****cafe
2009-02-25 17:15	---------	d-----w	c:\program files\****cafe
2009-02-25 17:15	---------	d-----w	c:\documents and settings\All Users\Application Data\****cafe
2009-02-25 16:39	---------	d-----w	c:\program files\ArabFlashPlayer60
2009-02-22 21:40	---------	d-----w	c:\program files\Green Valley Fun on the Farm
2009-02-22 21:40	---------	d-----w	c:\documents and settings\All Users\Application Data\Intenium
2009-02-22 21:32	---------	d-----w	c:\program files\Burger Shop
2009-02-21 20:00	---------	d-----w	c:\program files\Defender of the Crown Heroes Live Forever
2009-02-20 14:16	---------	d-----w	c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-02-20 14:15	---------	d-----w	c:\program files\Patriot Games
2009-02-20 11:18	4,949	---ha-w	c:\documents and settings\RASHED\run2.exe
2009-02-20 11:18	4,749	---ha-w	c:\documents and settings\RASHED\run1.exe
2009-02-19 13:04	---------	d-----w	c:\program files\8848Soft
2009-02-19 13:02	---------	d-----w	c:\program files\VeryPDF PDF2Word v3.0
2009-02-19 12:51	---------	d-----w	c:\program files\PDF-Convert
2009-02-19 11:26	110,304	----a-w	c:\windows\system32\drivers\ACEDRV09.sys
2009-02-19 11:26	---------	d-----w	c:\program files\HandballManager2007
2009-02-17 20:39	128,840	----a-w	c:\windows\system32\****cafe.scr
2009-02-16 22:13	---------	d-----w	c:\program files\K-Lite Codec Pack
2009-02-16 22:13	---------	d-----w	c:\program files\DScaler5
2009-02-16 20:16	---------	d-----w	c:\program files\ZqWare
2009-02-13 17:50	---------	d-----w	c:\documents and settings\RASHED\Application Data\Skip-Bo
2009-02-13 17:32	---------	d-----w	c:\program files\BFG
2009-02-13 15:43	---------	d-----w	c:\program files\ReflexiveArcade
2009-02-13 15:34	---------	d-----w	c:\program files\SKIP BO Castaway Caper
2009-02-13 14:46	---------	d-----w	c:\program files\uTorrent
2009-02-12 21:33	---------	d-----w	c:\documents and settings\All Users\Application Data\DriverCure
2009-02-12 20:10	---------	d-----w	c:\program files\Magic Encyclopedia First Story
2009-02-12 20:02	---------	d-----w	c:\program files\Call of Atlantis
2009-02-12 19:59	---------	d-----w	c:\program files\Mortimer Beckett and the Time Paradox
2009-02-12 19:53	---------	d-----w	c:\program files\Natalie Brooks The Treasures of the Lost Kingdom
2009-02-12 19:53	---------	d-----w	c:\documents and settings\RASHED\Application Data\Friday's games
2009-02-12 19:50	---------	d-----w	c:\program files\Hidden Relics
2009-02-12 15:56	---------	d-----w	c:\program files\Mah Jomino
2009-02-12 13:18	---------	d-----w	c:\program files\The KMPlayer1431
2009-02-09 20:43	---------	d-----w	c:\program files\Total Video Converter
2009-02-09 19:38	---------	d-----w	c:\program files\Any Media to MP3 Converter
2009-02-09 19:34	---------	d-----w	c:\program files\Alo RM Converter
2009-02-09 19:11	---------	d-----w	c:\program files\Sony
2009-02-09 19:11	---------	d-----w	c:\documents and settings\RASHED\Application Data\Sony
2009-02-09 19:10	---------	d-----w	c:\program files\Sony Setup
2009-02-09 18:56	67,584	----a-w	c:\windows\system32\ff_vfw.dll
2009-02-06 20:29	---------	d-----w	c:\program files\Common Files\Adobe
2009-02-05 21:58	---------	d-----w	c:\program files\Marvell
2009-02-05 21:45	---------	d-----w	c:\documents and settings\RASHED\Application Data\DriverCure
2009-02-05 21:44	306,432	----a-w	c:\windows\system32\TuneUpDefragService.exe
2009-02-05 21:44	---------	d-----w	c:\program files\TuneUp Utilities 2008
2009-02-05 21:44	---------	d-----w	c:\program files\ParetoLogic
2009-02-05 21:44	---------	d-----w	c:\program files\Common Files\ParetoLogic
2009-02-05 21:44	---------	d-----w	c:\documents and settings\RASHED\Application Data\TuneUp Software
2009-02-05 21:44	---------	d-----w	c:\documents and settings\All Users\Application Data\ParetoLogic
2009-02-05 21:43	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-02-05 21:43	---------	d-----w	c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-05 21:43	---------	d-----w	c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-02-05 10:10	---------	d-----w	c:\program files\Unlocker
2009-02-04 17:32	---------	d-----w	c:\documents and settings\RASHED\Application Data\Media Player Classic
2009-02-03 19:06	410,984	----a-w	c:\windows\system32\deploytk.dll
2009-02-03 19:06	---------	d-----w	c:\program files\Java
2009-02-03 18:42	---------	d-----w	c:\documents and settings\All Users\Application Data\McAfee
2009-02-03 18:41	---------	d-----w	c:\program files\McAfee
2009-02-03 18:41	---------	d-----w	c:\program files\Common Files\McAfee
2009-02-03 18:41	---------	d-----w	c:\program files\Common Files\Cisco Systems
2009-02-03 18:39	---------	d-----w	c:\program files\RealMedia
2009-02-03 18:39	---------	d-----w	c:\program files\CD Audio Reader Filter
2009-02-03 18:38	---------	d-----w	c:\program files\SHOUTcast Source
2009-02-03 18:38	---------	d-----w	c:\program files\DSP-worx
2009-02-03 18:36	---------	d-----w	c:\program files\DAEMON Tools Lite
2009-02-03 18:33	---------	d-----w	c:\program files\Common Files\Java
2008-09-29 05:07	22,576	----a-w	c:\program files\mozilla firefox\components\Scriptff.dll
.

(((((((((((((((((((((((((((((   SnapShot@Fri 03-06-2009_23.20.37.56   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-06 21:07:33	25,214	----a-r	c:\windows\Installer\{105236A3-2053-4656-A7F6-22198EBE9B46}\controlPanelIcon.exe
+ 2009-03-08 10:45:35	331,776	----a-w	c:\windows\system32\agsaama.dll
+ 2009-03-08 10:45:35	538,624	----a-w	c:\windows\system32\agsaamb.dll
- 2009-02-09 19:34:03	372,736	----a-w	c:\windows\system32\agsaamc.dll
+ 2009-03-08 10:45:35	372,736	----a-w	c:\windows\system32\agsaamc.dll
+ 2009-03-08 10:45:35	544,256	----a-w	c:\windows\system32\agsaamd.dll
- 2009-02-09 19:34:03	610,304	----a-w	c:\windows\system32\agsaamg.dll
+ 2009-03-08 10:45:35	753,664	----a-w	c:\windows\system32\agsaamg.dll
+ 2009-03-08 10:45:35	626,688	----a-w	c:\windows\system32\agsaamh.dll
- 2009-02-09 19:34:03	90,112	----a-w	c:\windows\system32\agsaami.dll
+ 2009-03-08 10:45:35	90,112	----a-w	c:\windows\system32\agsaami.dll
- 2009-02-09 19:34:03	2,535,424	----a-w	c:\windows\system32\agsaamj.dll
+ 2009-03-08 10:45:36	2,846,720	----a-w	c:\windows\system32\agsaamj.dll
- 2009-02-09 19:34:03	1,986,560	----a-w	c:\windows\system32\akll.dll
+ 2009-03-07 19:52:34	1,986,560	----a-w	c:\windows\system32\akll.dll
+ 2009-03-08 10:45:28	778,240	----a-w	c:\windows\system32\ALOAudioCompress2.dll
+ 2009-03-08 10:45:28	2,846,720	----a-w	c:\windows\system32\ALOAudioCompress3.dll
+ 2009-03-08 10:45:28	90,112	----a-w	c:\windows\system32\ALOAudioFormatSettings3.dll
+ 2009-03-08 10:45:28	780,288	----a-w	c:\windows\system32\ALOVideoCompress.dll
+ 2009-03-08 10:45:28	188,416	----a-w	c:\windows\system32\ALOVideoFile.dll
+ 2009-03-08 10:45:29	215,552	----a-w	c:\windows\system32\ALOWMVFile.dll
- 2009-02-09 19:34:03	1,245,184	----a-w	c:\windows\system32\bkll.dll
+ 2009-03-08 10:45:29	1,245,184	----a-w	c:\windows\system32\bkll.dll
- 2009-02-09 19:34:03	1,212,416	----a-w	c:\windows\system32\ckll.dll
+ 2009-03-07 19:52:35	1,212,416	----a-w	c:\windows\system32\ckll.dll
+ 2006-07-28 22:22:58	51,712	----a-w	c:\windows\system32\coodest.dll
+ 2009-03-07 19:52:23	18,595,840	----a-w	c:\windows\system32\coredata.dll
+ 2009-03-07 19:52:36	344,064	----a-w	c:\windows\system32\dkll.dll
+ 2004-12-06 17:08:24	32,768	----a-w	c:\windows\system32\drivers\nspacket.sys
+ 2006-11-06 12:30:38	262,144	----a-w	c:\windows\system32\lame_enc.dll
- 2009-02-09 19:34:04	196,608	----a-w	c:\windows\system32\maag.dll
+ 2009-03-07 19:52:36	196,608	----a-w	c:\windows\system32\maag.dll
+ 2009-03-07 19:52:24	1,128,128	----a-w	c:\windows\system32\NMSDVDXU.dll
+ 2005-05-19 00:17:26	40,960	----a-w	c:\windows\system32\osenxpsuite2005.dll
- 2009-03-06 20:16:09	52,754	----a-w	c:\windows\system32\perfc001.dat
+ 2009-03-11 10:42:09	52,754	----a-w	c:\windows\system32\perfc001.dat
- 2009-03-06 20:16:09	52,764	----a-w	c:\windows\system32\perfc009.dat
+ 2009-03-11 10:42:09	52,764	----a-w	c:\windows\system32\perfc009.dat
- 2009-03-06 20:16:09	318,370	----a-w	c:\windows\system32\perfh001.dat
+ 2009-03-11 10:42:09	318,370	----a-w	c:\windows\system32\perfh001.dat
- 2009-03-06 20:16:09	380,350	----a-w	c:\windows\system32\perfh009.dat
+ 2009-03-11 10:42:09	380,350	----a-w	c:\windows\system32\perfh009.dat
+ 2009-03-07 19:52:25	90,112	----a-w	c:\windows\system32\ssvideo.dll
+ 2009-03-07 19:52:27	18,599,936	----a-w	c:\windows\system32\videoencode.dll
+ 2009-03-07 19:52:29	6,963,712	----a-w	c:\windows\system32\videotrans.dll
+ 2009-03-07 19:52:29	1,462,272	----a-w	c:\windows\system32\viscom3gpenc.dll
+ 2009-03-07 19:52:29	1,454,080	----a-w	c:\windows\system32\viscomamrenc.dll
+ 2009-03-07 19:52:29	94,208	----a-w	c:\windows\system32\viscomaudiodata.dll
+ 2009-03-07 19:52:29	110,592	----a-w	c:\windows\system32\viscomaudioencoder.dll
+ 2009-03-07 19:52:32	18,628,608	----a-w	c:\windows\system32\viscomavi.dll
+ 2009-03-07 19:52:32	1,462,272	----a-w	c:\windows\system32\viscomdata1.dll
+ 2009-03-07 19:52:32	1,454,080	----a-w	c:\windows\system32\viscomdata2.dll
+ 2009-03-07 19:52:32	1,470,464	----a-w	c:\windows\system32\viscomdata3.dll
+ 2009-03-07 19:52:32	118,784	----a-w	c:\windows\system32\viscomflvdec.dll
+ 2009-03-07 19:52:32	1,462,272	----a-w	c:\windows\system32\viscomflvenc.dll
+ 2009-03-07 19:52:32	86,016	----a-w	c:\windows\system32\viscomframe.dll
+ 2009-03-07 19:52:33	1,470,464	----a-w	c:\windows\system32\viscomm4aenc.dll
+ 2009-03-07 19:52:33	602,112	----a-w	c:\windows\system32\viscomqtde.dll
+ 2009-03-07 19:52:33	147,456	----a-w	c:\windows\system32\viscomqtenc.dll
+ 2009-03-07 19:52:33	118,784	----a-w	c:\windows\system32\viscomrmenc.dll
+ 2009-03-07 19:52:33	48,640	----a-w	c:\windows\system32\viscomsamplerate.dll
+ 2009-03-07 19:52:33	81,920	----a-w	c:\windows\system32\viscomwave.dll
+ 2009-03-11 10:37:35	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_348.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [08/16/2007 04:19 PM 5728112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [03/14/2008 04:00 AM 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [09/29/2008 08:07 AM 124240]
"Microsoft WinUpdate"="c:\windows\system32\msupdte.exe" [BU]
"SoundMan"="SOUNDMAN.EXE" [01/12/2005 02:31 AM 73728 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [08/25/2004 02:25 PM 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [04/23/2007 07:54 AM 12451]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [08/03/2004 11:59 PM 44544]
"nltide_3"="advpack.dll" [08/04/2004 01:55 AM 99840 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChange*********"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChange*********"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^ATI CATALYST System Tray.lnk]
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^****cafe.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\****cafe.lnk
backup=c:\windows\pss\****cafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^RASHED^قائمة ابدأ^البرامج^بدء التشغيل^****cafe.lnk]
path=c:\documents and settings\RASHED\قائمة ابدأ\البرامج\بدء التشغيل\****cafe.lnk
backup=c:\windows\pss\****cafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]0saskda]
--a------ 07/06/2004 03:03 PM 1486336 c:\program files\1st Security Agent\newadmin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 08/25/2004 02:25 PM 28672 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 11/30/2004 09:10 PM 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 01:56 AM 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 12/29/2007 12:43 PM 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 03/14/2008 04:00 AM 136512 c:\program files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 08/16/2007 04:19 PM 5728112 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Myweather]
--a------ 01/23/2009 01:51 AM 1585152 c:\program files\MyFreeWeather\MyWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 11:50 AM 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 06/17/2008 04:00 PM 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 08/11/2008 08:31 AM 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
--a------ 02/03/2009 08:50 PM 593920 c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 02/03/2009 10:06 PM 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4632:TCP"= 4632:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"4547:TCP"= 4547:TCP:Akamai NetSession Interface
"3677:TCP"= 3677:TCP:Akamai NetSession Interface
"3593:TCP"= 3593:TCP:Akamai NetSession Interface
"2448:TCP"= 2448:TCP:Akamai NetSession Interface
"3083:TCP"= 3083:TCP:Akamai NetSession Interface
"4009:TCP"= 4009:TCP:Akamai NetSession Interface
"2286:TCP"= 2286:TCP:Akamai NetSession Interface
"2619:TCP"= 2619:TCP:Akamai NetSession Interface
"4507:TCP"= 4507:TCP:Akamai NetSession Interface
"1320:TCP"= 1320:TCP:Akamai NetSession Interface
"2260:TCP"= 2260:TCP:Akamai NetSession Interface
"4120:TCP"= 4120:TCP:Akamai NetSession Interface
"3686:TCP"= 3686:TCP:Akamai NetSession Interface
"2690:TCP"= 2690:TCP:Akamai NetSession Interface
"1991:TCP"= 1991:TCP:Akamai NetSession Interface
"4675:TCP"= 4675:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"2314:TCP"= 2314:TCP:Akamai NetSession Interface
"1585:TCP"= 1585:TCP:Akamai NetSession Interface
"1792:TCP"= 1792:TCP:Akamai NetSession Interface
"1739:TCP"= 1739:TCP:Akamai NetSession Interface
"4373:TCP"= 4373:TCP:Akamai NetSession Interface
"1398:TCP"= 1398:TCP:Akamai NetSession Interface
"4589:TCP"= 4589:TCP:Akamai NetSession Interface
"2063:TCP"= 2063:TCP:Akamai NetSession Interface
"2524:TCP"= 2524:TCP:Akamai NetSession Interface
"4815:TCP"= 4815:TCP:Akamai NetSession Interface
"3642:TCP"= 3642:TCP:Akamai NetSession Interface
"4859:TCP"= 4859:TCP:Akamai NetSession Interface
"4109:TCP"= 4109:TCP:Akamai NetSession Interface
"1301:TCP"= 1301:TCP:Akamai NetSession Interface
"2694:TCP"= 2694:TCP:Akamai NetSession Interface
"4193:TCP"= 4193:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"2985:TCP"= 2985:TCP:Akamai NetSession Interface
"4035:TCP"= 4035:TCP:Akamai NetSession Interface
"2163:TCP"= 2163:TCP:Akamai NetSession Interface
"4733:TCP"= 4733:TCP:Akamai NetSession Interface
"2808:TCP"= 2808:TCP:Akamai NetSession Interface
"2410:TCP"= 2410:TCP:Akamai NetSession Interface
"4336:TCP"= 4336:TCP:Akamai NetSession Interface
"2746:TCP"= 2746:TCP:Akamai NetSession Interface
"3999:TCP"= 3999:TCP:Akamai NetSession Interface
"1769:TCP"= 1769:TCP:Akamai NetSession Interface
"4808:TCP"= 4808:TCP:Akamai NetSession Interface
"3658:TCP"= 3658:TCP:Akamai NetSession Interface
"4837:TCP"= 4837:TCP:Akamai NetSession Interface
"2594:TCP"= 2594:TCP:Akamai NetSession Interface
"4081:TCP"= 4081:TCP:Akamai NetSession Interface
"1384:TCP"= 1384:TCP:Akamai NetSession Interface
"3534:TCP"= 3534:TCP:Akamai NetSession Interface
"2046:TCP"= 2046:TCP:Akamai NetSession Interface
"1747:TCP"= 1747:TCP:Akamai NetSession Interface
"4368:TCP"= 4368:TCP:Akamai NetSession Interface
"3902:TCP"= 3902:TCP:Akamai NetSession Interface
"2171:TCP"= 2171:TCP:Akamai NetSession Interface
"4043:TCP"= 4043:TCP:Akamai NetSession Interface
"1197:TCP"= 1197:TCP:Akamai NetSession Interface
"3350:TCP"= 3350:TCP:Akamai NetSession Interface
"3334:TCP"= 3334:TCP:Akamai NetSession Interface
"1561:TCP"= 1561:TCP:Akamai NetSession Interface
"3537:TCP"= 3537:TCP:Akamai NetSession Interface
"3364:TCP"= 3364:TCP:Akamai NetSession Interface
"2327:TCP"= 2327:TCP:Akamai NetSession Interface
"3281:TCP"= 3281:TCP:Akamai NetSession Interface
"3832:TCP"= 3832:TCP:Akamai NetSession Interface
"1582:TCP"= 1582:TCP:Akamai NetSession Interface
"4289:TCP"= 4289:TCP:Akamai NetSession Interface
"2313:TCP"= 2313:TCP:Akamai NetSession Interface
"4494:TCP"= 4494:TCP:Akamai NetSession Interface
"2815:TCP"= 2815:TCP:Akamai NetSession Interface
"1185:TCP"= 1185:TCP:Akamai NetSession Interface
"3532:TCP"= 3532:TCP:Akamai NetSession Interface
"2277:TCP"= 2277:TCP:Akamai NetSession Interface
"1173:TCP"= 1173:TCP:Akamai NetSession Interface
"4613:TCP"= 4613:TCP:Akamai NetSession Interface
"3048:TCP"= 3048:TCP:Akamai NetSession Interface
"1426:TCP"= 1426:TCP:Akamai NetSession Interface
"4857:TCP"= 4857:TCP:Akamai NetSession Interface
"3164:TCP"= 3164:TCP:Akamai NetSession Interface
"2737:TCP"= 2737:TCP:Akamai NetSession Interface
"3964:TCP"= 3964:TCP:Akamai NetSession Interface
"4660:TCP"= 4660:TCP:Akamai NetSession Interface
"2122:TCP"= 2122:TCP:Akamai NetSession Interface
"3343:TCP"= 3343:TCP:Akamai NetSession Interface
"1731:TCP"= 1731:TCP:Akamai NetSession Interface
"2482:TCP"= 2482:TCP:Akamai NetSession Interface
"3807:TCP"= 3807:TCP:Akamai NetSession Interface
"2966:TCP"= 2966:TCP:Akamai NetSession Interface
"1445:TCP"= 1445:TCP:Akamai NetSession Interface
"4856:TCP"= 4856:TCP:Akamai NetSession Interface
"3485:TCP"= 3485:TCP:Akamai NetSession Interface
"1701:TCP"= 1701:TCP:Akamai NetSession Interface
"4799:TCP"= 4799:TCP:Akamai NetSession Interface
"1801:TCP"= 1801:TCP:Akamai NetSession Interface
"2696:TCP"= 2696:TCP:Akamai NetSession Interface
"4545:TCP"= 4545:TCP:Akamai NetSession Interface
"4385:TCP"= 4385:TCP:Akamai NetSession Interface
"2331:TCP"= 2331:TCP:Akamai NetSession Interface
"1984:TCP"= 1984:TCP:Akamai NetSession Interface
"3861:TCP"= 3861:TCP:Akamai NetSession Interface
"2844:TCP"= 2844:TCP:Akamai NetSession Interface
"4643:TCP"= 4643:TCP:Akamai NetSession Interface
"1098:TCP"= 1098:TCP:Akamai NetSession Interface
"1174:TCP"= 1174:TCP:Akamai NetSession Interface
"3251:TCP"= 3251:TCP:Akamai NetSession Interface
"4736:TCP"= 4736:TCP:Akamai NetSession Interface
"1698:TCP"= 1698:TCP:Akamai NetSession Interface
"2766:TCP"= 2766:TCP:Akamai NetSession Interface
"3946:TCP"= 3946:TCP:Akamai NetSession Interface
"3278:TCP"= 3278:TCP:Akamai NetSession Interface
"1929:TCP"= 1929:TCP:Akamai NetSession Interface
"3896:TCP"= 3896:TCP:Akamai NetSession Interface
"1524:TCP"= 1524:TCP:Akamai NetSession Interface
"2599:TCP"= 2599:TCP:Akamai NetSession Interface
"3868:TCP"= 3868:TCP:Akamai NetSession Interface
"4776:TCP"= 4776:TCP:Akamai NetSession Interface
"2578:TCP"= 2578:TCP:Akamai NetSession Interface
"2807:TCP"= 2807:TCP:Akamai NetSession Interface
"2349:TCP"= 2349:TCP:Akamai NetSession Interface
"3649:TCP"= 3649:TCP:Akamai NetSession Interface
"1615:TCP"= 1615:TCP:Akamai NetSession Interface
"2297:TCP"= 2297:TCP:Akamai NetSession Interface
"4119:TCP"= 4119:TCP:Akamai NetSession Interface
"3448:TCP"= 3448:TCP:Akamai NetSession Interface
"4031:TCP"= 4031:TCP:Akamai NetSession Interface
"3725:TCP"= 3725:TCP:Akamai NetSession Interface
"3063:TCP"= 3063:TCP:Akamai NetSession Interface
"2000:TCP"= 2000:TCP:Akamai NetSession Interface
"2060:TCP"= 2060:TCP:Akamai NetSession Interface
"3497:TCP"= 3497:TCP:Akamai NetSession Interface
"1926:TCP"= 1926:TCP:Akamai NetSession Interface
"4718:TCP"= 4718:TCP:Akamai NetSession Interface
"3720:TCP"= 3720:TCP:Akamai NetSession Interface
"3153:TCP"= 3153:TCP:Akamai NetSession Interface
"1606:TCP"= 1606:TCP:Akamai NetSession Interface
"3282:TCP"= 3282:TCP:Akamai NetSession Interface
"1243:TCP"= 1243:TCP:Akamai NetSession Interface
"1760:TCP"= 1760:TCP:Akamai NetSession Interface
"2225:TCP"= 2225:TCP:Akamai NetSession Interface
"4767:TCP"= 4767:TCP:Akamai NetSession Interface
"4233:TCP"= 4233:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"1530:TCP"= 1530:TCP:Akamai NetSession Interface
"4025:TCP"= 4025:TCP:Akamai NetSession Interface
"1465:TCP"= 1465:TCP:Akamai NetSession Interface
"1770:TCP"= 1770:TCP:Akamai NetSession Interface
"4196:TCP"= 4196:TCP:Akamai NetSession Interface
"3354:TCP"= 3354:TCP:Akamai NetSession Interface
"3131:TCP"= 3131:TCP:Akamai NetSession Interface
"3601:TCP"= 3601:TCP:Akamai NetSession Interface
"2414:TCP"= 2414:TCP:Akamai NetSession Interface
"1120:TCP"= 1120:TCP:Akamai NetSession Interface
"2036:TCP"= 2036:TCP:Akamai NetSession Interface
"3733:TCP"= 3733:TCP:Akamai NetSession Interface
"3293:TCP"= 3293:TCP:Akamai NetSession Interface
"3650:TCP"= 3650:TCP:Akamai NetSession Interface
"4012:TCP"= 4012:TCP:Akamai NetSession Interface
"4384:TCP"= 4384:TCP:Akamai NetSession Interface
"1839:TCP"= 1839:TCP:Akamai NetSession Interface
"2137:TCP"= 2137:TCP:Akamai NetSession Interface
"3338:TCP"= 3338:TCP:Akamai NetSession Interface
"4924:TCP"= 4924:TCP:Akamai NetSession Interface
"3579:TCP"= 3579:TCP:Akamai NetSession Interface
"1722:TCP"= 1722:TCP:Akamai NetSession Interface
"4722:TCP"= 4722:TCP:Akamai NetSession Interface
"4258:TCP"= 4258:TCP:Akamai NetSession Interface
"2015:TCP"= 2015:TCP:Akamai NetSession Interface
"4173:TCP"= 4173:TCP:Akamai NetSession Interface
"3678:TCP"= 3678:TCP:Akamai NetSession Interface
"3753:TCP"= 3753:TCP:Akamai NetSession Interface
"4827:TCP"= 4827:TCP:Akamai NetSession Interface
"4105:TCP"= 4105:TCP:Akamai NetSession Interface
"3453:TCP"= 3453:TCP:Akamai NetSession Interface
"1922:TCP"= 1922:TCP:Akamai NetSession Interface
"3691:TCP"= 3691:TCP:Akamai NetSession Interface
"1379:TCP"= 1379:TCP:Akamai NetSession Interface
"1281:TCP"= 1281:TCP:Akamai NetSession Interface
"2004:TCP"= 2004:TCP:Akamai NetSession Interface
"3017:TCP"= 3017:TCP:Akamai NetSession Interface
"3569:TCP"= 3569:TCP:Akamai NetSession Interface
"1419:TCP"= 1419:TCP:Akamai NetSession Interface
"3248:TCP"= 3248:TCP:Akamai NetSession Interface
"2995:TCP"= 2995:TCP:Akamai NetSession Interface
"1681:TCP"= 1681:TCP:Akamai NetSession Interface
"4330:TCP"= 4330:TCP:Akamai NetSession Interface
"4407:TCP"= 4407:TCP:Akamai NetSession Interface
"2775:TCP"= 2775:TCP:Akamai NetSession Interface
"2055:TCP"= 2055:TCP:Akamai NetSession Interface
"4355:TCP"= 4355:TCP:Akamai NetSession Interface
"1199:TCP"= 1199:TCP:Akamai NetSession Interface
"3813:TCP"= 3813:TCP:Akamai NetSession Interface
"2975:TCP"= 2975:TCP:Akamai NetSession Interface
"3956:TCP"= 3956:TCP:Akamai NetSession Interface
"4078:TCP"= 4078:TCP:Akamai NetSession Interface
"3086:TCP"= 3086:TCP:Akamai NetSession Interface
"2543:TCP"= 2543:TCP:Akamai NetSession Interface
"3163:TCP"= 3163:TCP:Akamai NetSession Interface
"2864:TCP"= 2864:TCP:Akamai NetSession Interface
"3002:TCP"= 3002:TCP:Akamai NetSession Interface
"1464:TCP"= 1464:TCP:Akamai NetSession Interface
"2242:TCP"= 2242:TCP:Akamai NetSession Interface
"1347:TCP"= 1347:TCP:Akamai NetSession Interface
"3317:TCP"= 3317:TCP:Akamai NetSession Interface
"1341:TCP"= 1341:TCP:Akamai NetSession Interface
"1964:TCP"= 1964:TCP:Akamai NetSession Interface
"1923:TCP"= 1923:TCP:Akamai NetSession Interface
"2558:TCP"= 2558:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"4184:TCP"= 4184:TCP:Akamai NetSession Interface
"2924:TCP"= 2924:TCP:Akamai NetSession Interface
"2478:TCP"= 2478:TCP:Akamai NetSession Interface
"4901:TCP"= 4901:TCP:Akamai NetSession Interface
"3774:TCP"= 3774:TCP:Akamai NetSession Interface
"3272:TCP"= 3272:TCP:Akamai NetSession Interface
"3062:TCP"= 3062:TCP:Akamai NetSession Interface
"2579:TCP"= 2579:TCP:Akamai NetSession Interface
"2378:TCP"= 2378:TCP:Akamai NetSession Interface
"4426:TCP"= 4426:TCP:Akamai NetSession Interface
"3858:TCP"= 3858:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"1142:TCP"= 1142:TCP:Akamai NetSession Interface
"4561:TCP"= 4561:TCP:Akamai NetSession Interface
"2536:TCP"= 2536:TCP:Akamai NetSession Interface
"4690:TCP"= 4690:TCP:Akamai NetSession Interface
"2409:TCP"= 2409:TCP:Akamai NetSession Interface
"2413:TCP"= 2413:TCP:Akamai NetSession Interface
"1364:TCP"= 1364:TCP:Akamai NetSession Interface
"1150:TCP"= 1150:TCP:Akamai NetSession Interface
"1240:TCP"= 1240:TCP:Akamai NetSession Interface
"3990:TCP"= 3990:TCP:Akamai NetSession Interface
"2883:TCP"= 2883:TCP:Akamai NetSession Interface
"2200:TCP"= 2200:TCP:Akamai NetSession Interface
"4015:TCP"= 4015:TCP:Akamai NetSession Interface
"3457:TCP"= 3457:TCP:Akamai NetSession Interface
"3418:TCP"= 3418:TCP:Akamai NetSession Interface
"1093:TCP"= 1093:TCP:Akamai NetSession Interface
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"1265:TCP"= 1265:TCP:Akamai NetSession Interface
"1590:TCP"= 1590:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"3137:TCP"= 3137:TCP:Akamai NetSession Interface
"1458:TCP"= 1458:TCP:Akamai NetSession Interface
"1520:TCP"= 1520:TCP:Akamai NetSession Interface
"4103:TCP"= 4103:TCP:Akamai NetSession Interface
"1645:TCP"= 1645:TCP:Akamai NetSession Interface
"4065:TCP"= 4065:TCP:Akamai NetSession Interface
"1405:TCP"= 1405:TCP:Akamai NetSession Interface
"3953:TCP"= 3953:TCP:Akamai NetSession Interface
"4621:TCP"= 4621:TCP:Akamai NetSession Interface
"2194:TCP"= 2194:TCP:Akamai NetSession Interface
"2281:TCP"= 2281:TCP:Akamai NetSession Interface
"2110:TCP"= 2110:TCP:Akamai NetSession Interface
"3227:TCP"= 3227:TCP:Akamai NetSession Interface
"3587:TCP"= 3587:TCP:Akamai NetSession Interface
"4541:TCP"= 4541:TCP:Akamai NetSession Interface
"4087:TCP"= 4087:TCP:Akamai NetSession Interface
"2725:TCP"= 2725:TCP:Akamai NetSession Interface
"2285:TCP"= 2285:TCP:Akamai NetSession Interface
"4222:TCP"= 4222:TCP:Akamai NetSession Interface
"3743:TCP"= 3743:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"1916:TCP"= 1916:TCP:Akamai NetSession Interface
"4356:TCP"= 4356:TCP:Akamai NetSession Interface
"4746:TCP"= 4746:TCP:Akamai NetSession Interface

R1 is-3VRVTdrv;is-3VRVTdrv;c:\windows\system32\drivers\72669148.sys [2009-03-06 148496]
R1 is-R5FA0drv;is-R5FA0drv;c:\windows\system32\drivers\66913234.sys [2009-03-06 148496]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-02-19 110304]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-02-18 67904]
R2 Wyyo Service;Wyyo Service;c:\documents and settings\All Users\Application Data\Wyyo\wyyo125.exe [2009-03-11 54752]
R3 SKYNET;B2C2 Broadband Receiver PCI Adapter;c:\windows\system32\drivers\SkyNET.sys [2009-02-03 438776]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-02-18 64432]
S3 NSPacket;NextSecurity Packet Driver;c:\windows\system32\drivers\nspacket.sys [2009-03-10 32768]
S3 uti3nzq2;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uti3nzq2.sys --> c:\windows\system32\Drivers\uti3nzq2.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WYYO_SERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
*******s of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [01/08/2008 01:31 PM]

2009-03-05 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [02/26/2009 01:48 AM]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 212.93.193.87:8080
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\RASHED\Application Data\Mozilla\Firefox\Profiles\bxsb4h4f.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.www.mozilla.com/en-US/firefox/3.0.1/firstrun/
FF - prefs.js: network.proxy.ftp - 212.93.193.87
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 212.93.193.87
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 212.93.193.87
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 212.93.193.87
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 212.93.193.87
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\RASHED\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 21:36:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3497.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3497.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 03/11/2009 21:37:53
ComboFix-quarantined-files.txt  2009-03-11 18:37:50
ComboFix2.txt  2009-03-06 20:21:19
ComboFix3.txt  2009-02-14 11:04:11

Pre-Run: 51,175,510,016 bytes free
Post-Run: 51,198,611,456 bytes free

688
 
توقيع : ned(11)ved
تأييد 0
تماام
تقرير هايجاك جديد الان
 
تأييد 0
لم افهم ردك
 
توقيع : ned(11)ved
تأييد 0
احتاج تقرير هايجاك جديد
نفس الاول :)
 
تأييد 0
هذا التقرير الجديد

كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:48 م, on 11/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Wyyo\wyyo.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo125.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\RASHED\سطح المكتب\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.87:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: is-R5FA0.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Wyyo Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo125.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7385 bytes
 
توقيع : ned(11)ved
تأييد 0
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز واعمل له تحديث ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
 
تأييد 0
فحص كامل الهاردسكات او c فقط
اذا بنفحص كل شي نرك غدا لان الدعوه بتطول اذا بيفحص كل شي
 
توقيع : ned(11)ved
تأييد 0
افحص السي فقط
 
تأييد 0
هذا التقرير
كود: 
Malwarebytes' Anti-Malware 1.34
Database version: 1837
Windows 5.1.2600 Service Pack 2

12/03/2009 05:27:52 م
mbam-log-2009-03-12 (17-27-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 106535
Time elapsed: 18 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
توقيع : ned(11)ved
تأييد 0
الان اعمل تقرير هايجاك اخير
 
تأييد 0
الان تغير كل شي
رحت حق واحد عنده فايروس ckvo
وانتقل عن طريق usb
انا مو عاجبني الويندوز اكسبي سيرفيس باك 2 بركب سيرفس باك 1 او سيرفر 2003
افضل لي وخفيفه وسريعه وهذا اللي ادور عليه
 
توقيع : ned(11)ved
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى