مشلة بصفحة Cid

ا

ابو سلطااان

زيزوومي جديد
إنضم
2 أبريل 2008
المشاركات
82
مستوى التفاعل
0
النقاط
80
الموقع الالكتروني
www.zyzoom.org
غير متصل
السلام عليكم ورحمة الله وبركاته

اخواني اواجه مشكلة تطلع لي فجأة صفحة انترنت ويطلع مكتوب فيها cid

من لديه حل للمشكلة ارجو افادتي وشكرا جزيلا لكم ..

هذي الصوره

i384_.PNG
 

توقيع : ابو سلطااان
ترتيب حسب التاريخ ترتيب حسب الأصوات
الله يحييك اخوي
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
شكرا لك اخوي ماكس
وهذا التقرير
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users.WINDOWS\Application Data\Grid Blue Memo Site\DALE TEST.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Meow01] C:\DOCUME~1\sa.LA\APPLIC~1\plusmeal\copy second proc.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
 
توقيع : ابو سلطااان
تأييد 0
التقرير ناقص اخي

اعد نسخه بشكل صحيح
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:50, on 29/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sa.LA\My Documents\Downloads\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users.WINDOWS\Application Data\Grid Blue Memo Site\DALE TEST.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Meow01] C:\DOCUME~1\sa.LA\APPLIC~1\plusmeal\copy second proc.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
--
End of file - 5666 bytes
 
توقيع : ابو سلطااان
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
ComboFix 09-03-29.04 - sa 03/30/2009 19:07:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.447.159 [GMT 3:00]
Running from: c:\documents and settings\sa.LA\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 16:12 5,791,776 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-30 16:12 213,280 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-30 16:08 --------- d-----w c:\documents and settings\sa.LA\Application Data\DMCache
2009-03-30 15:02 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2009-03-29 21:32 82,832 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-29 21:32 24,932 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-28 12:27 --------- d-----w c:\documents and settings\sa.LA\Application Data\XemiComputers
2009-03-27 03:26 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-27 03:26 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-22 10:47 --------- d-----w c:\program files\Fahess_Activation
2009-03-22 10:47 --------- d-----w c:\program files\Common Files\Motive
2009-03-22 10:47 --------- d-----w c:\documents and settings\sa.LA\Application Data\Motive
2009-03-22 10:46 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Motive
2009-03-19 07:28 --------- d-----w c:\program files\Circle Developement
2009-03-15 16:50 --------- d-----w c:\documents and settings\sa.LA\Application Data\plusmeal
2009-03-15 16:50 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Grid Blue Memo Site
2009-03-15 16:48 --------- d-----w c:\program files\plusmeal
2009-03-15 16:47 --------- d-----w c:\program files\MSN Messenger
2009-03-15 16:47 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-15 16:40 --------- d-----w c:\program files\Windows Live
2009-03-15 16:25 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-15 16:08 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-14 09:38 --------- d-----w c:\documents and settings\sa.LA\Application Data\IDM
2009-03-13 13:23 --------- d-----w c:\program files\Internet Download Manager
2009-03-13 09:15 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-03-13 09:11 --------- d-----w c:\program files\MSBuild
2009-03-13 09:11 --------- d-----w c:\program files\Microsoft Works
2009-03-12 06:59 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Messenger Plus!
2009-03-12 05:59 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-03-12 05:58 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-12 05:58 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-12 05:41 --------- d-----w c:\documents and settings\sa.LA\Application Data\cleaner1
2009-03-12 03:43 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
2009-03-12 03:40 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-12 03:40 --------- d-----w c:\documents and settings\sa.LA\Application Data\Uniblue
2009-03-12 03:40 --------- d-----w c:\documents and settings\sa.LA\Application Data\Media Player Classic
2009-03-12 03:39 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-12 03:34 155,995 ----a-w c:\windows\java\Packages\WKIQS3N5.ZIP
2009-03-11 14:50 35,731 ----a-w C:\irunin.dat
2009-03-11 14:47 --------- d-----w c:\documents and settings\sa\Application Data\IDM
2009-03-11 14:47 --------- d-----w c:\documents and settings\sa\Application Data\DMCache
2009-03-11 11:20 --------- d-----w c:\program files\Keyboard
2009-03-10 20:09 --------- d-----w c:\documents and settings\sa\Application Data\Media Player Classic
2009-03-10 15:59 --------- d-----w c:\documents and settings\sa\Application Data\Uniblue
2009-03-10 12:48 --------- d-----w c:\program files\Real
2009-03-10 12:48 --------- d-----w c:\program files\Common Files\xing shared
2009-03-10 12:47 --------- d-----w c:\program files\Common Files\Real
2009-03-10 12:47 --------- d-----w c:\documents and settings\sa\Application Data\plusmeal
2009-03-09 18:48 --------- d-----w c:\program files\microsoft frontpage
2009-03-09 11:38 --------- d-----w c:\program files\HP
2009-03-08 18:45 --------- d-----w c:\program files\CONEXANT
2009-03-08 18:18 --------- d-----w c:\program files\Uniblue
2009-03-08 18:18 --------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue
2009-03-08 17:15 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-03-08 17:01 --------- d-----w c:\documents and settings\Administrator\Application Data\AvaFind Data
2009-03-08 16:54 --------- d-----w c:\program files\Kaspersky Lab
2009-03-08 15:24 --------- d-----w c:\program files\zaker
2009-03-08 15:24 --------- d-----w c:\program files\Serah
2009-03-08 15:24 --------- d-----w c:\program files\saleheen
2009-03-08 15:24 --------- d-----w c:\program files\Resize Pictures Plus
2009-03-08 15:24 --------- d-----w c:\program files\Quran
2009-03-08 15:24 --------- d-----w c:\program files\PhotoBrush
2009-03-08 15:24 --------- d-----w c:\program files\MegaView
2009-03-08 15:24 --------- d-----w c:\program files\Inpaint
2009-03-08 15:24 --------- d-----w c:\program files\IconWorkshop
2009-03-08 15:24 --------- d-----w c:\program files\Flash Player Plus
2009-03-08 15:24 --------- d-----w c:\program files\Flash Player 9
2008-12-17 11:03 206,256 ----a-w c:\windows\system32\idmmbc.dll
.
((((((((((((((((((((((((((((( snapshot@Thu 03-12-2009_ 8.40.31.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-20 12:44:04 379,704 ----a-w c:\windows\Downloaded Program Files\MsnPUpld.dll
+ 2006-06-20 12:44:02 117,560 ----a-w c:\windows\Downloaded Program Files\PURen-us.dll
+ 2009-03-15 16:27:23 58,945 ----a-r c:\windows\Installer\{11C04DD7-27C6-43D3-86AA-728BAE4609AF}\wlmail.exe
+ 2009-03-13 09:15:33 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-13 09:15:35 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-13 09:15:33 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-13 09:15:33 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-13 09:15:34 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-13 09:15:35 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-13 09:15:35 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-13 09:15:34 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-13 09:15:34 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-13 09:15:34 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-13 09:15:35 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-13 09:15:33 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-12 12:22:26 217,864 ----a-r c:\windows\Installer\{90120000-006E-0401-0000-0000000FF1CE}\misc.exe
+ 2009-03-13 09:05:11 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-03-15 16:45:48 29,926 ----a-r c:\windows\Installer\{B3FB6C13-AEC8-4FC8-8B96-919BAB1F2FC7}\MsblIco.Exe
- 2000-08-31 05:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 05:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2009-01-16 16:17:04 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-01-16 14:19:40 202,168 ------w c:\windows\system32\Adobe\Director\swdir.dll
+ 2009-01-16 14:19:58 67,000 ----a-w c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2009-01-16 16:17:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-01-16 15:58:24 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-01-16 16:17:46 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-01-16 15:45:12 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-01-16 15:45:12 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-01-16 15:45:12 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-01-16 15:54:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-01-16 16:16:22 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-01-16 16:18:16 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-01-16 16:25:14 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe
+ 2009-01-16 16:16:08 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-01-16 16:16:06 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-01-16 15:45:12 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 07:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2009-03-12 04:58:12 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-13 12:08:14 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-12 04:58:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-13 12:08:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-12 04:58:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-13 12:08:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-03 20:01:26 25,856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
+ 2004-08-03 19:58:46 15,104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
+ 2006-04-12 10:04:39 21,568 ----a-r c:\windows\system32\drivers\HPZius12.sys
- 2007-06-27 14:31:58 186,640 ----a-w c:\windows\system32\drivers\klif.sys
+ 2009-03-12 05:59:14 194,320 ----a-w c:\windows\system32\drivers\klif.sys
+ 2004-08-03 20:01:26 25,856 ----a-w c:\windows\system32\drivers\usbprint.sys
+ 2004-08-03 19:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2006-10-26 11:10:08 1,190,688 ----a-w c:\windows\system32\FM20.DLL
+ 2006-10-26 11:10:06 33,088 ----a-w c:\windows\system32\FM20ENU.DLL
- 2009-03-12 04:57:53 151,584 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-13 12:08:08 357,752 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2006-04-12 10:02:34 598,016 ----a-r c:\windows\system32\hpotscl2.dll
+ 2006-04-12 10:02:34 254,026 ----a-r c:\windows\system32\hpovst09.dll
+ 2006-04-12 10:02:35 659,456 ----a-r c:\windows\system32\hpowiax2.dll
+ 2006-04-12 10:04:42 282,624 ----a-r c:\windows\system32\HPZc3212.dll
+ 2006-01-03 17:12:04 77,824 ----a-r c:\windows\system32\HPZIDS01.dll
+ 2006-04-10 11:03:00 48,128 ----a-w c:\windows\system32\hpzll054.dll
+ 2006-10-26 10:45:04 207,360 ----a-w c:\windows\system32\INKED.DLL
+ 2006-10-26 16:56:10 32,592 ----a-w c:\windows\system32\msonpmon.dll
+ 2006-07-24 07:50:38 125,744 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 2009-03-27 03:26:53 278,528 ----a-w c:\windows\system32\pncrt.dll
+ 2009-03-27 03:26:56 6,656 ----a-w c:\windows\system32\pndx5016.dll
+ 2009-03-27 03:26:56 5,632 ----a-w c:\windows\system32\pndx5032.dll
+ 2009-03-27 03:27:16 185,944 ----a-w c:\windows\system32\rmoc3260.dll
+ 2006-07-24 07:50:40 39,728 ----a-w c:\windows\system32\SCP32.DLL
+ 2007-01-19 09:53:04 51,056 ----a-w c:\windows\system32\sirenacm.dll
+ 2006-01-24 05:22:10 1,392,640 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2006-03-14 11:49:44 659,528 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2005-09-19 11:17:06 274,944 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpfie054.dll
+ 2005-11-17 18:53:52 7,134,720 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpfig054.dll
+ 2005-09-19 11:17:24 79,872 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpfrs054.dll
+ 2006-04-10 11:02:40 248,320 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpz3a054.dll
+ 2006-04-10 11:03:10 1,360,384 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpz3r054.dll
+ 2006-04-10 11:02:36 309,760 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzev054.dll
+ 2006-04-10 11:02:30 735,744 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzle054.dll
+ 2006-04-10 11:02:40 74,752 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzpr054.dll
+ 2006-04-10 10:44:04 563,200 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzss054.dll
+ 2006-04-10 10:19:20 3,650,048 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzst054.dll
+ 2006-04-10 11:02:36 2,572,288 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzui054.dll
+ 2006-10-26 16:56:16 864,080 ----a-w c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2006-10-26 16:56:14 67,408 ----a-w c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2004-08-04 09:26:48 264,704 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2004-08-04 09:25:54 196,608 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2004-08-04 09:25:02 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-01-24 05:22:10 1,392,640 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpbcfgre.dll
+ 2006-03-14 11:49:44 659,528 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpcdmc32.dll
+ 2005-09-19 11:17:06 274,944 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpfie054.dll
+ 2005-11-17 18:53:52 7,134,720 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpfig054.dll
+ 2005-09-19 11:17:24 79,872 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpfrs054.dll
+ 2006-04-10 11:02:40 248,320 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpz3a054.dll
+ 2006-04-10 11:03:10 1,360,384 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpz3r054.dll
+ 2006-04-10 11:02:36 309,760 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzev054.dll
+ 2006-04-10 11:02:30 735,744 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzle054.dll
+ 2006-04-10 11:02:40 74,752 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzpr054.dll
+ 2006-04-10 10:44:04 563,200 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzss054.dll
+ 2006-04-10 10:19:20 3,650,048 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzst054.dll
+ 2006-04-10 11:02:36 2,572,288 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\hpzui054.dll
+ 2004-08-04 09:26:48 264,704 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\UNIDRV.DLL
+ 2004-08-04 09:25:54 196,608 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\UNIDRVUI.DLL
+ 2004-08-04 09:25:02 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\UNIRES.DLL
+ 2006-10-26 16:56:16 864,080 ----a-w c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2006-10-26 16:56:14 67,408 ----a-w c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2006-04-10 11:02:32 74,240 ----a-w c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
+ 2006-10-26 16:56:12 33,104 ----a-w c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2006-07-24 07:50:40 47,920 ----a-w c:\windows\system32\VBAME.DLL
+ 2006-10-26 10:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
+ 2006-10-26 10:40:34 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-06-05 11:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 11:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 11:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-10-26 10:40:36 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2006-10-26 10:40:36 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 10:40:36 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 10:40:36 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 10:40:36 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 10:40:36 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 10:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 10:40:36 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 10:40:36 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 10:40:36 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 10:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 10:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 10:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 10:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 10:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 10:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [12/31/2002 03:00 PM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/10/2008 12:29 AM 932864]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"Meow01"="c:\docume~1\sa.LA\APPLIC~1\plusmeal\copy second proc.exe" [03/15/2009 07:48 PM 839680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [12/31/2002 03:00 PM 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [12/31/2002 03:00 PM 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [12/31/2002 03:00 PM 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [12/31/2002 03:00 PM 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"memo site kind that"="c:\documents and settings\All Users.WINDOWS\Application Data\Grid Blue Memo Site\DALE TEST.exe" [03/30/2009 06:02 PM 860160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/27/2009 06:26 AM 185896]
"VTTimer"="VTTimer.exe" [09/21/2006 08:36 AM 53248 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [08/27/2007 11:03 AM 200704 c:\windows\system32\VTTrayp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [12/31/2002 03:00 PM 15360]
c:\documents and settings\sa.LA\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]
R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);c:\windows\system32\drivers\ZD1211U.sys [2009-03-11 248320]
.
Contents of the 'Scheduled Tasks' folder
2009-03-30 c:\windows\Tasks\AA84DD25909B5341.job
- c:\docume~1\sa.la\applic~1\plusmeal\Meetmagsgpl.exe [03/15/2009 07:50 PM]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Active Desktop Calendar - c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: E???? ??E?? FLV E?C??E Internet Download Manager
IE: E???? C??? E?C??E Internet Download Manager
IE: E???? E?C??E Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: E???? C??? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: E???? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-30 19:12:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1248)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1304)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
Completion time: 03/30/2009 19:14:54
ComboFix-quarantined-files.txt 2009-03-30 16:14:51
ComboFix2.txt 2009-03-12 05:41:36
Pre-Run: 32,296,251,392 bytes free
Post-Run: 32,289,087,488 bytes free
309
 
توقيع : ابو سلطااان
تأييد 0
حدد التالي بالهايجاك واحذفه

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users.WINDOWS\Application Data\Grid Blue Memo Site\DALE TEST.exe

O4 - HKCU\..\Run: [Meow01] C:\DOCUME~1\sa.LA\APPLIC~1\plusmeal\copy second proc.exe

طريقة الحذف

mg%20(3).png


mg%20(4).png



ثم نزل هذه الاداة واتبع الشرح التالي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
 
تأييد 0
شكرا لك اخوي ماكس وجزاك الله خير ..

اتبعت خطواتك .. وإن شاء الله انها انحلت المشكلة ..

شكرا جزيلا لتجاوبك ..
 
توقيع : ابو سلطااان
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى