مشكلة رسالة مزعجة أثناء التشغيل ؟

س

سلطان العتيبي

زيزوومي جديد
إنضم
2 نوفمبر 2008
المشاركات
9
مستوى التفاعل
0
النقاط
0
غير متصل
السلام عليكم .. كيف حالكم إخواني ..؟

عندي مشكلة أثناء تشغيل الجهاز .. تظهر لي هالرساله
uqmnnkljofh5.gif


ولما أضغط أوكي تظهر لي الرساله الثانية

f9ahz184yf5h.gif


أبي منكم حل الله لايهينكم ومعنى هالرسالتين .. أخوكم بحاجتكم ..:f:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
لا زم تدخل سيدي الويندوز
 
توقيع : v.i.p
تأييد 0
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
ألف شكر أخواني ..
أخوي هشام هذا ماوجد بالمفكره

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:47 ص, on 30/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UOH1KOAY\Zyzoom_HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4001
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4A067394-BE5E-44A3-91ED-D75510E065D0} - C:\WINDOWS\system32\urqQJBSM.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [20b38b8e] rundll32.exe "C:\WINDOWS\system32\vwxlkkvk.dll",b
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows Automatic Update] C:\RECYCLER\S-1-5-21-0513865492-1138350740-965674697-5795\mwau.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\WINDOWS\system32\inf\rundll33.exe C:\WINDOWS\xccdf16_090131a.dll xccd16
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
--
End of file - 8119 bytes

والحل طال عمرك
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
وهذا التقرير أخوي MAAX

ComboFix 09-03-29.02 - Administrator 03/30/2009 14:21:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.758.449 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090329-0] *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\systeminfo.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 11:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-26 11:03 --------- d-----w c:\program files\Freewire
2009-03-22 17:36 --------- d-----w c:\program files\Kelk 2000
2009-03-22 16:51 --------- d-----w c:\program files\Common Files\Adobe
2009-03-21 16:38 --------- d-----w c:\program files\SWiSHmax
2009-03-21 13:52 --------- d-----w c:\program files\Common Files\Vbox
2009-03-21 13:51 --------- d-----w c:\program files\Macromedia
2009-03-18 14:21 --------- d-----w c:\documents and settings\Administrator\Application Data\QuickScan
2009-03-11 09:54 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-11 09:53 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-03-10 10:16 --------- d-----w c:\program files\Hotspot_Shield
2009-03-10 10:16 --------- d-----w c:\program files\Conduit
2009-03-08 18:39 --------- d-----w c:\program files\MSN Messenger
2009-03-08 18:39 --------- d-----w c:\program files\MessengerDiscovery
2009-02-24 23:45 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-24 23:45 --------- d-----w c:\program files\Circle Developement
2009-02-13 18:08 344,064 ----a-w c:\windows\system32\dkll.dll
2009-02-13 18:08 196,608 ----a-w c:\windows\system32\maag.dll
2009-02-13 18:08 1,986,560 ----a-w c:\windows\system32\akll.dll
2009-02-13 18:08 1,212,416 ----a-w c:\windows\system32\ckll.dll
2009-02-13 18:08 --------- d-----w c:\program files\Ozone
2009-02-10 14:41 17,829 ----a-w c:\windows\system32\drivers\hosts
2009-02-09 21:37 --------- d-----w c:\program files\Google
2009-02-09 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-02-09 21:31 --------- d-----w c:\documents and settings\Administrator\Application Data\GRETECH
2009-02-09 14:15 1,846,144 ----a-w c:\windows\system32\win32k.sys
2009-02-05 22:50 --------- d-----w c:\program files\Wondershare
2009-02-04 09:01 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-02-03 19:09 --------- d-----w c:\documents and settings\Administrator\Application Data\AdobeUM
2009-02-03 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-02-03 10:31 --------- d-----w c:\documents and settings\Administrator\Application Data\Motive
2009-02-03 10:30 --------- d-----w c:\program files\FAHESS
2009-02-03 10:30 --------- d-----w c:\program files\Common Files\Motive
2009-01-26 18:24 294,912 ----a-w c:\windows\HideWin.exe
2009-01-26 18:12 155,995 ----a-w c:\windows\java\Packages\H3PFVZHF.ZIP
2009-01-26 18:06 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-01-26 18:06 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-05 07:12 144,896 ----a-w c:\windows\system32\schannel.dll
.
((((((((((((((((((((((((((((( SnapShot@Mon 03-30-2009_14.06.24.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-30 10:45:27 40,316 ----a-w c:\windows\system32\perfc001.dat
+ 2009-03-30 11:19:44 40,316 ----a-w c:\windows\system32\perfc001.dat
- 2009-03-30 10:45:27 40,326 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-30 11:19:44 40,326 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-30 10:45:27 251,946 ----a-w c:\windows\system32\perfh001.dat
+ 2009-03-30 11:19:44 251,946 ----a-w c:\windows\system32\perfh001.dat
- 2009-03-30 10:45:27 311,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-30 11:19:44 311,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-30 11:14:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 11:56 AM 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/10/2009 12:37 AM 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [01/26/2009 09:06 PM 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM 132496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [06/08/2005 06:02 AM 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [06/08/2005 05:59 AM 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [06/08/2005 06:03 AM 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [06/11/2005 02:51 PM 53248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [02/06/2009 12:08 AM 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM 49152]
"FAHESS_McciTrayApp"="c:\program files\FAHESS\McciTrayApp.exe" [04/16/2008 11:54 AM 1459200]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [03/30/2007 03:18 PM 503808]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 05:07 PM 61952 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [08/09/2005 10:17 AM 14743552 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 11:56 AM 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-26 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 577597]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\matrix31290.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~tmpa.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~tmpb.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~tmpc.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-26 20560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ba93062-ec5f-11dd-a5a8-0013ceec67e8}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:4001
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-30 14:23:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 03/30/2009 14:25:37
ComboFix-quarantined-files.txt 2009-03-30 11:25:26
ComboFix2.txt 2009-03-30 11:07:17
Pre-Run: 20,458,795,008 bytes free
Post-Run: 20,445,335,552 bytes free
166 --- E O F --- 2009-03-20 11:50:46
 
تأييد 0
أرفق تقرير هايجاك جديد ,,
 
توقيع : Corporation
تأييد 0
هذا التقرير ...


ComboFix 09-03-29.02 - Administrator 03/31/2009 21:57:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.758.464 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090331-0] *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 17:20 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-26 11:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-26 11:03 --------- d-----w c:\program files\Freewire
2009-03-22 17:36 --------- d-----w c:\program files\Kelk 2000
2009-03-22 16:51 --------- d-----w c:\program files\Common Files\Adobe
2009-03-21 16:38 --------- d-----w c:\program files\SWiSHmax
2009-03-21 13:52 --------- d-----w c:\program files\Common Files\Vbox
2009-03-21 13:51 --------- d-----w c:\program files\Macromedia
2009-03-18 14:21 --------- d-----w c:\documents and settings\Administrator\Application Data\QuickScan
2009-03-11 09:54 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-11 09:53 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-03-10 10:16 --------- d-----w c:\program files\Hotspot_Shield
2009-03-10 10:16 --------- d-----w c:\program files\Conduit
2009-03-08 18:39 --------- d-----w c:\program files\MSN Messenger
2009-03-08 18:39 --------- d-----w c:\program files\MessengerDiscovery
2009-02-24 23:45 --------- d-----w c:\program files\Circle Developement
2009-02-13 18:08 344,064 ----a-w c:\windows\system32\dkll.dll
2009-02-13 18:08 196,608 ----a-w c:\windows\system32\maag.dll
2009-02-13 18:08 1,986,560 ----a-w c:\windows\system32\akll.dll
2009-02-13 18:08 1,212,416 ----a-w c:\windows\system32\ckll.dll
2009-02-13 18:08 --------- d-----w c:\program files\Ozone
2009-02-10 14:41 17,829 ----a-w c:\windows\system32\drivers\hosts
2009-02-09 21:37 --------- d-----w c:\program files\Google
2009-02-09 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-02-09 21:31 --------- d-----w c:\documents and settings\Administrator\Application Data\GRETECH
2009-02-09 14:15 1,846,144 ----a-w c:\windows\system32\win32k.sys
2009-02-05 22:50 --------- d-----w c:\program files\Wondershare
2009-02-04 09:01 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-02-03 19:09 --------- d-----w c:\documents and settings\Administrator\Application Data\AdobeUM
2009-02-03 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-02-03 10:31 --------- d-----w c:\documents and settings\Administrator\Application Data\Motive
2009-02-03 10:30 --------- d-----w c:\program files\FAHESS
2009-02-03 10:30 --------- d-----w c:\program files\Common Files\Motive
2009-01-26 18:24 294,912 ----a-w c:\windows\HideWin.exe
2009-01-26 18:12 155,995 ----a-w c:\windows\java\Packages\H3PFVZHF.ZIP
2009-01-26 18:06 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-01-26 18:06 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-20 22:31 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-05 07:12 144,896 ----a-w c:\windows\system32\schannel.dll
.
((((((((((((((((((((((((((((( SnapShot@Mon 03-30-2009_14.06.24.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-24 04:48:07 49,152 ----a-w c:\windows\$hf_mig$\KB904942\SP2QFE\wdigest.dll
+ 2005-10-12 23:08:42 14,560 ----a-w c:\windows\$hf_mig$\KB904942\spmsg.dll
+ 2005-10-12 23:08:42 213,216 ----a-w c:\windows\$hf_mig$\KB904942\spuninst.exe
+ 2005-10-12 23:08:42 22,752 ----a-w c:\windows\$hf_mig$\KB904942\update\spcustom.dll
+ 2005-10-12 23:08:43 712,928 ----a-w c:\windows\$hf_mig$\KB904942\update\update.exe
+ 2005-10-12 23:08:46 369,376 ----a-w c:\windows\$hf_mig$\KB904942\update\updspapi.dll
+ 2006-07-14 15:52:22 121,856 ----a-w c:\windows\$hf_mig$\KB915865\SP2QFE\xmllite.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\windows\$hf_mig$\KB915865\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\windows\$hf_mig$\KB915865\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\windows\$hf_mig$\KB915865\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w c:\windows\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w c:\windows\$hf_mig$\KB915865\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:35 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:35 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:35 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:35 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:35 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:35 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:35 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:35 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 16:21:28 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:38 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:38 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:39 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:39 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:39 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:41 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:41 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:41 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:42 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:42 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:42 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:42 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:43 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:43 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:43 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 00:57:33 14,560 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 00:57:38 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 00:57:32 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 00:57:56 712,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 00:58:46 369,376 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2008-12-20 23:45:53 124,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\advpack.dll
+ 2008-12-20 23:45:54 347,136 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtmsft.dll
+ 2008-12-20 23:45:54 214,528 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtrans.dll
+ 2008-12-20 23:45:54 132,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\extmgr.dll
+ 2008-12-20 23:45:54 63,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\icardie.dll
+ 2008-12-19 09:41:51 70,656 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ie4uinit.exe
+ 2008-12-20 23:45:54 153,088 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakeng.dll
+ 2008-12-20 23:45:54 230,400 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieaksie.dll
+ 2008-12-19 05:24:02 161,792 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dat
+ 2008-12-20 23:45:55 380,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dll
+ 2008-12-20 23:45:55 388,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iedkcs32.dll
+ 2008-12-20 23:45:58 6,068,736 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieframe.dll
+ 2008-12-20 23:45:58 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iernonce.dll
+ 2008-12-20 23:45:58 267,776 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iertutil.dll
+ 2008-12-19 09:41:52 13,824 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieudinit.exe
+ 2008-12-19 05:25:30 634,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
+ 2008-12-20 23:45:59 27,648 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\jsproxy.dll
+ 2008-12-20 23:45:59 459,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeeds.dll
+ 2008-12-20 23:45:59 52,224 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeedsbs.dll
+ 2009-01-16 16:14:08 3,596,288 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
+ 2008-12-20 23:46:03 477,696 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtmled.dll
+ 2008-12-20 23:46:03 193,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msrating.dll
+ 2008-12-20 23:46:04 671,232 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mstime.dll
+ 2008-12-20 23:46:04 102,912 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\occache.dll
+ 2008-12-20 23:46:04 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\pngfilt.dll
+ 2008-12-20 23:46:04 105,984 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\url.dll
+ 2008-12-20 23:46:05 1,163,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\urlmon.dll
+ 2008-12-20 23:46:05 233,472 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\webcheck.dll
+ 2008-12-20 23:46:06 827,904 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
+ 2007-03-06 00:57:34 14,560 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spmsg.dll
+ 2007-03-06 00:57:39 213,216 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spuninst.exe
+ 2007-03-06 00:57:32 22,752 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\spcustom.dll
+ 2007-03-06 00:57:56 712,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\update.exe
+ 2007-03-06 00:58:46 369,376 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\updspapi.dll
+ 2006-05-25 07:29:04 213,216 -c----w c:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 07:29:04 371,424 -c----w c:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-24 09:32:48 213,216 -c----w c:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 09:32:48 371,424 -c----w c:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2005-10-12 23:08:42 213,216 -c----w c:\windows\$NtUninstallKB904942$\spuninst\spuninst.exe
+ 2005-10-12 23:08:46 369,376 -c----w c:\windows\$NtUninstallKB904942$\spuninst\updspapi.dll
+ 2004-08-04 08:55:58 49,152 -c----w c:\windows\$NtUninstallKB904942$\wdigest.dll
+ 2004-08-03 20:55:34 28,672 -c----w c:\windows\$NtUninstallKB914440$\custsat.dll
+ 2005-10-12 23:08:33 213,216 -c----w c:\windows\$NtUninstallKB914440$\spuninst\spuninst.exe
+ 2005-10-12 23:08:36 369,376 -c----w c:\windows\$NtUninstallKB914440$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w c:\windows\$NtUninstallKB915865$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w c:\windows\$NtUninstallKB915865$\spuninst\updspapi.dll
+ 2004-08-04 08:55:32 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2004-08-04 08:55:32 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2004-08-04 08:55:34 35,328 -c--a-w c:\windows\ie7\corpol.dll
+ 2006-06-02 19:32:25 33,792 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-10-16 10:37:23 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-10-16 10:37:23 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-10-16 10:37:23 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2004-08-03 20:55:38 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2004-08-04 08:56:16 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2004-08-04 08:55:38 139,264 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2004-08-04 08:55:38 216,064 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2001-09-19 12:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2004-08-04 08:55:38 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-10-15 09:45:01 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2004-08-04 08:55:38 81,920 -c--a-w c:\windows\ie7\ieencode.dll
+ 2008-10-16 10:37:24 250,880 -c--a-w c:\windows\ie7\iepeers.dll
+ 2004-08-04 08:55:38 48,128 -c--a-w c:\windows\ie7\iernonce.dll
+ 2004-08-04 08:55:38 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2004-08-03 20:56:16 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2004-08-04 08:55:38 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-10-16 10:37:24 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2007-12-18 14:41:00 450,560 -c--a-w c:\windows\ie7\jscript.dll
+ 2008-10-16 10:37:26 16,384 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2004-08-04 08:55:40 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2004-08-04 08:56:22 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-12-12 17:33:22 3,081,216 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-10-16 10:37:26 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2004-08-04 08:53:52 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2001-09-19 12:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-10-16 10:37:24 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-10-16 10:37:24 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2004-08-04 08:55:46 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2008-10-16 10:37:24 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-09-27 14:23:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-09-27 14:21:34 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 14:42:02 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 14:42:02 369,376 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2004-08-04 08:55:54 48,640 -c--a-w c:\windows\ie7\url.dll
+ 2008-10-16 10:37:27 614,912 -c--a-w c:\windows\ie7\urlmon.dll
+ 2007-12-18 14:41:00 417,792 -c--a-w c:\windows\ie7\vbscript.dll
+ 2004-08-03 20:55:54 848,384 -c--a-w c:\windows\ie7\vgx.dll
+ 2004-08-04 08:55:58 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-10-16 10:37:25 657,920 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-08-13 15:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 15:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 15:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 15:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-13 15:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 15:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 15:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 15:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 14:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-02-12 13:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 09:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 15:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-13 15:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 15:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-13 15:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 15:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 15:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 15:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-13 15:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-13 15:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 15:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 15:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 15:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 15:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 15:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 15:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 00:57:38 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 00:58:46 369,376 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-08-13 15:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 15:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 15:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 15:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-26 07:57:14 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-08-26 07:57:14 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll.000
+ 2008-08-26 07:57:14 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-08-26 07:57:14 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll.000
+ 2008-08-26 07:57:14 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-08-26 07:57:14 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll.000
+ 2008-08-26 07:57:14 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-08-26 07:57:14 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-08-26 07:57:14 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll.000
+ 2008-08-25 08:35:50 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-08-26 07:57:14 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-08-26 07:57:14 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dat
+ 2008-08-26 07:57:15 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-08-26 07:57:15 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll.000
+ 2008-08-26 07:57:15 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-03 16:58:14 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-03 16:58:14 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll.000
+ 2008-08-26 07:57:16 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-08-26 07:57:17 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-08-26 07:57:17 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll.000
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe.000
+ 2008-08-26 07:57:17 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-08-26 07:57:18 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-08-26 07:57:18 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll.000
+ 2008-08-26 07:57:18 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-08-26 07:57:18 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll.000
+ 2008-08-27 11:27:20 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-08-27 11:27:20 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll.000
+ 2008-08-26 07:57:19 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-08-26 07:57:19 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll.000
+ 2008-08-26 07:57:19 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-08-26 07:57:20 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-08-26 07:57:20 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-08-26 07:57:20 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2008-08-26 07:57:20 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll.000
+ 2007-03-06 00:57:39 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 00:58:46 369,376 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:57:20 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-08-26 07:57:20 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll.000
+ 2008-08-26 07:57:21 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-08-26 07:57:21 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll.000
+ 2008-08-26 07:57:21 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-08-26 07:57:21 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll.000
+ 2008-08-26 07:57:21 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2008-08-26 07:57:21 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll.000
- 2002-02-18 04:35:32 6,550 ----a-w c:\windows\jautoexp.dat
+ 2003-02-28 13:35:26 6,550 ----a-w c:\windows\jautoexp.dat
+ 2009-03-31 16:55:26 2,678 ----a-w c:\windows\java\Packages\Data\7BTF7FB1.DAT
+ 2009-03-31 16:55:26 2,678 ----a-w c:\windows\java\Packages\Data\B5VDF57Z.DAT
+ 2009-03-31 16:55:26 2,678 ----a-w c:\windows\java\Packages\Data\IOKUIL7J.DAT
+ 2009-03-31 16:55:29 2,678 ----a-w c:\windows\java\Packages\Data\M3JNTNTJ.DAT
+ 2009-03-31 16:55:39 2,678 ----a-w c:\windows\java\Packages\Data\WGNTRXVD.DAT
+ 2006-06-02 19:32:25 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w c:\windows\network diagnostic\xpnetdiag.exe
- 2002-02-18 07:23:10 46,352 ----a-w c:\windows\setdebug.exe
+ 2003-02-28 15:26:30 46,352 ----a-w c:\windows\setdebug.exe
- 2004-08-04 08:55:32 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 15:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2004-08-04 08:55:32 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 22:30:52 124,928 ----a-w c:\windows\system32\advpack.dll
- 2002-02-18 07:23:06 49,424 ----a-w c:\windows\system32\clspack.exe
+ 2003-02-28 15:26:26 49,424 ----a-w c:\windows\system32\clspack.exe
- 2004-08-04 08:55:32 61,440 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 15:39:20 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2004-08-04 08:55:32 99,840 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 22:30:52 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2004-08-03 20:55:34 28,672 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 15:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
- 2008-10-16 10:37:23 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 22:30:52 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 10:37:23 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 22:30:53 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 10:37:23 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 22:30:53 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2004-08-03 20:55:38 38,912 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 15:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2008-12-20 22:30:53 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2004-08-04 08:56:16 34,304 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:08:41 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 08:55:38 139,264 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 22:30:53 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 08:55:38 216,064 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 22:30:53 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2001-09-19 12:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-12-20 22:30:54 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 08:55:38 323,584 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 22:30:54 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-15 09:45:01 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 15:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2004-08-04 08:55:38 81,920 -c--a-w c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 15:45:18 78,336 -c--a-w c:\windows\system32\dllcache\ieencode.dll
+ 2008-12-20 22:30:58 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 10:37:24 250,880 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 15:54:10 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 08:55:38 48,128 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 22:30:59 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 22:30:59 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2004-08-04 08:55:38 62,976 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 15:39:12 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-03 20:56:16 93,184 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2004-08-04 08:55:38 35,840 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 15:36:06 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2008-10-16 10:37:24 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 15:39:02 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2007-12-18 14:41:00 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 15:38:04 491,520 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-10-16 10:37:26 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 22:31:01 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 08:55:40 22,016 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 15:44:18 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2008-12-20 22:31:01 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 22:31:01 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 08:56:22 29,184 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 15:32:30 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2008-12-12 17:33:22 3,081,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 18:01:16 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 10:37:26 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 22:31:06 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 08:53:52 56,832 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 15:01:12 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2001-09-19 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 15:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2008-10-16 10:37:24 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 22:31:06 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 10:37:24 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 22:31:07 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 08:55:46 96,256 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 22:31:08 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 10:37:24 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 22:31:08 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 08:55:54 48,640 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 22:31:08 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-10-16 10:37:27 614,912 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:31:09 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2007-12-18 14:41:00 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 15:54:10 413,696 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2004-08-03 20:55:54 848,384 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2007-08-13 15:54:10 765,952 -c--a-w c:\windows\system32\dllcache\VGX.dll
- 2004-08-04 08:55:58 49,152 -c--a-w c:\windows\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:50 49,152 -c--a-w c:\windows\system32\dllcache\wdigest.dll
- 2004-08-04 08:55:58 276,480 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 22:31:09 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 10:37:25 657,920 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 22:31:10 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2002-02-18 04:34:48 313,856 ----a-w c:\windows\system32\dx3j.dll
+ 2003-02-28 13:34:42 313,856 ----a-w c:\windows\system32\dx3j.dll
- 2008-10-16 10:37:23 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 22:30:52 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 10:37:23 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 22:30:53 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 10:37:23 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 22:30:53 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-12-20 22:30:53 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2006-06-29 05:05:44 26,112 ------w c:\windows\system32\idndl.dll
- 2004-08-04 08:56:16 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:08:41 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2004-08-04 08:55:38 139,264 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 22:30:53 153,088 ------w c:\windows\system32\ieakeng.dll
- 2004-08-04 08:55:38 216,064 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 22:30:53 230,400 ------w c:\windows\system32\ieaksie.dll
- 2001-09-19 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-12-20 22:30:54 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2004-08-04 08:55:38 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 22:30:54 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2004-08-04 08:55:38 81,920 ----a-w c:\windows\system32\ieencode.dll
+ 2007-08-13 15:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll
+ 2008-12-20 22:30:58 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 10:37:24 250,880 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 15:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-04 08:55:38 48,128 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 22:30:59 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-12-20 22:30:59 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2004-08-04 08:55:38 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 15:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 15:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2004-08-04 08:55:38 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 15:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2008-10-16 10:37:24 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 15:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2002-02-18 07:22:56 187,152 ----a-w c:\windows\system32\javacypt.dll
+ 2003-02-28 15:26:16 187,152 ----a-w c:\windows\system32\javacypt.dll
- 2002-02-18 07:22:56 139,536 ----a-w c:\windows\system32\javaee.dll
+ 2003-02-28 15:26:18 139,536 ----a-w c:\windows\system32\javaee.dll
- 2002-02-18 07:22:56 63,248 ----a-w c:\windows\system32\javaprxy.dll
+ 2003-02-28 15:26:18 63,248 ----a-w c:\windows\system32\javaprxy.dll
- 2002-02-18 07:22:58 404,752 ----a-w c:\windows\system32\javart.dll
+ 2003-02-28 15:26:18 404,752 ----a-w c:\windows\system32\javart.dll
- 2002-02-18 07:23:08 15,120 ----a-w c:\windows\system32\jdbgmgr.exe
+ 2003-02-28 15:26:30 15,120 ----a-w c:\windows\system32\jdbgmgr.exe
- 2002-02-18 07:22:58 171,280 ----a-w c:\windows\system32\jit.dll
+ 2003-02-28 15:26:20 171,280 ----a-w c:\windows\system32\jit.dll
- 2007-12-18 14:41:00 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-08-13 15:38:04 491,520 ----a-w c:\windows\system32\jscript.dll
- 2008-10-16 10:37:26 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 22:31:01 27,648 ------w c:\windows\system32\jsproxy.dll
- 2002-02-18 07:23:08 172,304 ----a-w c:\windows\system32\jview.exe
+ 2003-02-28 15:26:30 172,304 ----a-w c:\windows\system32\jview.exe
- 2004-08-04 08:55:40 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 15:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
+ 2009-02-25 09:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2002-02-18 07:23:00 154,384 ----a-w c:\windows\system32\msawt.dll
+ 2003-02-28 15:26:20 154,384 ----a-w c:\windows\system32\msawt.dll
+ 2008-12-20 22:31:01 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 22:31:01 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 15:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2004-08-04 08:56:22 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 15:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-12-12 17:33:22 3,081,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 18:01:16 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 10:37:26 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 22:31:06 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2004-08-04 08:53:52 56,832 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 15:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2002-02-18 07:23:04 945,936 ----a-w c:\windows\system32\msjava.dll
+ 2003-02-28 15:26:26 947,472 ----a-w c:\windows\system32\msjava.dll
- 2002-02-18 07:23:04 21,264 ----a-w c:\windows\system32\msjdbc10.dll
+ 2003-02-28 15:26:26 21,264 ----a-w c:\windows\system32\msjdbc10.dll
- 2001-09-19 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 15:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-10-16 10:37:24 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 22:31:06 193,024 ------w c:\windows\system32\msrating.dll
- 2008-10-16 10:37:24 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 22:31:07 671,232 ------w c:\windows\system32\mstime.dll
+ 2006-06-28 14:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2006-06-29 05:05:44 23,552 ------w c:\windows\system32\normaliz.dll
- 2004-08-04 08:55:46 96,256 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 22:31:08 102,912 ------w c:\windows\system32\occache.dll
- 2009-03-30 10:45:27 40,316 ----a-w c:\windows\system32\perfc001.dat
+ 2009-03-31 18:35:00 40,316 ----a-w c:\windows\system32\perfc001.dat
- 2009-03-30 10:45:27 40,326 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-31 18:35:00 40,326 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-30 10:45:27 251,946 ----a-w c:\windows\system32\perfh001.dat
+ 2009-03-31 18:35:00 251,946 ----a-w c:\windows\system32\perfh001.dat
- 2009-03-30 10:45:27 311,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-31 18:35:00 311,938 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-16 10:37:24 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 22:31:08 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 11:18:09 17,784 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:34:18 17,784 ------w c:\windows\system32\spmsg.dll
- 2005-02-25 03:34:29 22,752 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-09-06 14:42:02 22,752 ----a-w c:\windows\system32\spupdsvc.exe
- 2004-08-04 08:55:54 48,640 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 22:31:08 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 10:37:27 614,912 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 22:31:09 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2007-12-18 14:41:00 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2007-08-13 15:54:10 413,696 ----a-w c:\windows\system32\vbscript.dll
- 2002-02-18 07:23:06 286,992 ----a-w c:\windows\system32\vmhelper.dll
+ 2003-02-28 15:26:26 286,992 ----a-w c:\windows\system32\vmhelper.dll
- 2004-08-04 08:55:58 49,152 ----a-w c:\windows\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w c:\windows\system32\wdigest.dll
- 2004-08-04 08:55:58 276,480 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 22:31:09 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 15:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2002-02-18 07:23:10 171,792 ----a-w c:\windows\system32\wjview.exe
+ 2003-02-28 15:26:32 171,792 ----a-w c:\windows\system32\wjview.exe
+ 2006-07-14 15:51:51 121,856 ------w c:\windows\system32\xmllite.dll
+ 2009-03-31 18:29:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_658.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 11:56 AM 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [02/10/2009 12:37 AM 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [01/26/2009 09:06 PM 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM 132496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [06/08/2005 06:02 AM 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [06/08/2005 05:59 AM 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [06/08/2005 06:03 AM 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [06/11/2005 02:51 PM 53248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [02/06/2009 12:08 AM 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM 49152]
"FAHESS_McciTrayApp"="c:\program files\FAHESS\McciTrayApp.exe" [04/16/2008 11:54 AM 1459200]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [03/30/2007 03:18 PM 503808]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 05:07 PM 61952 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [08/09/2005 10:17 AM 14743552 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 11:56 AM 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-26 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 577597]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\matrix31290.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~tmpa.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~tmpb.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\~tmpc.exe]
"Debugger"=c:\windows\system32\alg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-26 20560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ba93062-ec5f-11dd-a5a8-0013ceec67e8}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:4001
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-31 21:59:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 03/31/2009 22:01:10
ComboFix-quarantined-files.txt 2009-03-31 19:00:56
ComboFix2.txt 2009-03-30 11:25:38
ComboFix3.txt 2009-03-30 11:07:17
Pre-Run: 19,991,183,360 bytes free
Post-Run: 20,062,060,544 bytes free
595 --- E O F --- 2009-03-31 18:27:59
 
تأييد 0
hesham77 قال:
حمل هذا البرنامج



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
أنقر للتوسيع...
:smile:
 
التعديل الأخير بواسطة المشرف:
تأييد 0
وهذا التقرير أخوي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:51:34 م, on 03/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\Administrator\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4001
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
--
End of file - 8170 bytes
 
تأييد 0
حدد التالي واحذفه

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

طريقة الحذف

mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
 
تأييد 0
أخوي MAAX أشكر على إهتمامك ...

أختفت الرسالة الأولى .. ولم تختفي هذه

f9ahz184yf5h.gif


الحل .... طال عمرك ..؟
 
تأييد 0
اعمل تقرير هايجاك جديد
وهل تستخدم الفايرفوكس او اي اضافات للمسنجر ؟
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى