مشكلة الجهاز لآ يقبل الريستارت

أ

أبوعوض

زيزوومى فعال
إنضم
29 ديسمبر 2008
المشاركات
216
مستوى التفاعل
3
النقاط
280
الإقامة
in Riyadh
غير متصل
السلام عليكم ..

لدي مشكلة عدم إعادة تشغيل الجهاز أو حتى تسجيل الخروج .. فقط متاح التبديل بين المستخدمين وقد تغيرت إلى الطريقة الكلاسيكية المملة :no: مع انه بلوحة التحكم بخيارات (حسابات الستخدمين) بالطريقة العادية ..!!

طبعا المشكلة حدثت بعد أن ثبت ثيم ويندوز 7 واسم الثيم (Seven Remix XP)

فما حل هذه المشكلة علما بأني قد حاولت بكم طريقة ولم أصل إلى نتيجة

ومن ناحية استعادة النظام فليس لدي أي نقاط استعادة :cr:

تحياتي لكل الزيزوميين :king:





ملآحظة : الآن مسحت الثيم من إزالة البرامج وطلب ريستارت ومو راضي يعيد ...
 

توقيع : أبوعوض
ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام


حمل هذا الآداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
أتمنى منك الصبر حتى يتم تحليل التقرير
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
Logfile of HijackThis v1.99.1
Scan saved at 09:56:39 م, on 18/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\user\My Documents\Downloads\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O3 - Toolbar: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: إ&عدادات Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b0b75e056d4c) (gupdate1c9b0b75e056d4c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
توقيع : أبوعوض
تأييد 0
اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
شغلت الأداة وعملت شغلها والحمد لله انها مسحت المطلوب ومع ذلك فلآ أدري هل انتهينا ؟؟

التقرير كالتالي :
ComboFix 09-04-19.01 - user 04/18/2009 22:45.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.3326.2562 [GMT 3:00]
Running from: c:\documents and settings\user\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Application Data\.#
c:\documents and settings\user\Application Data\Microsoft\SystemCertificates\Request
c:\documents and settings\user\Application Data\QUAD Backups
c:\documents and settings\user\Start Menu\Programs\QUAD Utilities
c:\documents and settings\user\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
c:\documents and settings\user\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
c:\documents and settings\user\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\program files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\HLVDD.DLL
c:\windows\system32\msvcsv60.dll
c:\windows\system32\zip32.dll
c:\windows\vpeforhc.dll
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-18 18:01 . 2009-04-18 18:01 218624 ----a-w c:\windows\system32\uxtheme.dll.niwrad
2009-04-18 11:05 . 2009-04-18 11:09 1374 ----a-w c:\windows\imsins.BAK
2009-04-18 07:08 . 2009-04-18 07:08 -------- d-sh--w c:\documents and settings\user2\PrivacIE
2009-04-18 06:55 . 2009-04-18 06:55 -------- d-sh--w C:\FOUND.003
2009-04-18 01:28 . 2009-04-18 01:28 77728 ----a-w c:\windows\system32\drivers\snapman.sys
2009-04-18 01:28 . 2009-04-18 01:28 37888 ----a-w c:\windows\system32\setupnt.dll
2009-04-18 01:28 . 2009-04-18 01:28 118784 ----a-w c:\windows\system32\snapapi.dll
2009-04-17 22:26 . 2009-04-17 22:26 -------- d-----w c:\windows\MyFreeWeather
2009-04-17 21:15 . 2003-06-25 13:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-04-17 21:15 . 2002-06-21 12:09 160217 ----a-w c:\windows\system32\PowerToysLicense.rtf
2009-04-17 18:28 . 2009-04-17 20:36 51 ----a-w c:\windows\Sam10_E.INI
2009-04-17 18:28 . 2007-04-18 19:07 53248 ----a-w c:\windows\system32\mgxasio2.dll
2009-04-17 18:28 . 2006-03-31 11:57 430080 ----a-w c:\windows\system32\MXRestore.exe
2009-04-17 18:27 . 2007-04-27 06:43 120200 ----a-w c:\windows\system32\DLLDEV32i.dll
2009-04-17 18:24 . 2009-04-17 18:24 -------- d-----w c:\windows\system32\MAGIX
2009-04-17 16:29 . 2004-08-03 21:56 514560 ----a-w c:\windows\system32\logonui.exe.niwrad
2009-04-17 16:29 . 2008-08-14 09:58 2136064 ----a-w c:\windows\system32\ntoskrnl.exe.niwrad
2009-04-17 16:29 . 2008-08-14 09:22 2015744 ----a-w c:\windows\system32\ntkrnlpa.exe.niwrad
2009-04-17 16:27 . 2001-08-23 12:00 187904 ----a-w c:\windows\system32\main.cpl.niwrad
2009-04-17 16:27 . 2004-08-03 21:56 68608 ----a-w c:\windows\system32\joy.cpl.niwrad
2009-04-17 16:27 . 2004-08-03 21:56 129536 ----a-w c:\windows\system32\intl.cpl.niwrad
2009-04-17 16:27 . 2009-03-08 01:34 1469440 ----a-w c:\windows\system32\inetcpl.cpl.niwrad
2009-04-17 16:27 . 2004-08-03 21:56 155136 ----a-w c:\windows\system32\hdwwiz.cpl.niwrad
2009-04-17 16:27 . 2004-08-03 21:56 135168 ----a-w c:\windows\system32\desk.cpl.niwrad
2009-04-17 16:27 . 2008-04-14 00:12 8461312 ----a-w c:\windows\system32\shell32.dll.niwrad
2009-04-17 16:27 . 2004-08-03 21:56 218624 ----a-w c:\windows\system32\uxtheme.dll.backup
2009-04-17 06:50 . 2009-04-17 06:50 -------- d-sh--w c:\documents and settings\user2\IETldCache
2009-04-17 02:05 . 2009-04-17 02:05 -------- d-sh--w c:\documents and settings\user\PrivacIE
2009-04-17 02:05 . 2009-04-17 02:05 -------- d-sh--w c:\documents and settings\user\IECompatCache
2009-04-17 02:02 . 2009-04-17 02:02 -------- d-sh--w c:\documents and settings\user\IETldCache
2009-04-17 02:02 . 2009-04-17 02:02 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-17 01:59 . 2009-04-17 01:59 -------- d-----w c:\windows\ie8updates
2009-04-17 01:57 . 2009-04-17 01:57 -------- d--h--w c:\windows\ie8
2009-04-17 01:55 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-04-16 14:07 . 2002-08-16 12:15 65536 ----a-w c:\windows\unleap.exe
2009-04-15 22:17 . 2008-09-12 10:44 206256 ----a-w c:\windows\system32\idmmbc.dll
2009-04-15 21:20 . 2009-04-15 21:20 -------- d-----w c:\documents and settings\user\Application Data\Godlike
2009-04-15 19:43 . 2009-04-15 19:43 -------- d-----w c:\documents and settings\user2\Application Data\Malwarebytes
2009-04-15 18:39 . 2009-04-15 18:39 -------- d-----w c:\documents and settings\user\Application Data\ONSPEED_TOOLBAR
2009-04-15 18:39 . 2008-07-24 01:53 114688 ----a-w c:\windows\sliprt.dll
2009-04-15 09:07 . 2009-04-15 09:07 -------- d-----w c:\documents and settings\user\Application Data\ATI
2009-04-15 09:07 . 2009-04-15 09:07 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-14 21:05 . 2009-04-14 21:05 1555 ----a-w c:\windows\ata live update.ini
2009-04-13 11:51 . 2002-10-02 06:57 13532 ----a-w c:\windows\system32\drivers\SjyPkt.sys
2009-04-12 16:45 . 2009-04-12 16:45 -------- d-----w c:\documents and settings\user2\Application Data\Uniblue
2009-04-12 09:03 . 2009-04-12 09:03 -------- d--h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-04-12 05:30 . 2009-04-12 05:30 -------- d--h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-04-12 05:16 . 2006-04-06 06:49 118784 ------w c:\windows\system32\fppr232.dll
2009-04-12 05:03 . 2009-04-12 05:03 -------- d--h--r C:\AHCache
2009-04-12 04:42 . 2009-04-12 04:42 -------- d-----w c:\windows\system32\lt-lt
2009-04-11 15:51 . 2009-04-11 15:51 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-04-11 11:31 . 2009-04-11 11:31 -------- d-----w C:\ATI
2009-04-11 11:31 . 2008-12-25 14:32 3721664 ----a-w c:\windows\system32\drivers\RtKHDMI.sys
2009-04-11 11:31 . 2008-09-19 14:48 1200128 ----a-w c:\windows\RtkUpd.exe
2009-04-11 06:50 . 2009-04-11 11:15 1150976 ----a-w c:\windows\system\dewon2.mdb
2009-04-11 06:50 . 2009-04-11 06:50 -------- d-----w c:\windows\Crystal
2009-04-11 06:25 . 2009-04-11 06:25 -------- d-----w c:\documents and settings\user\Application Data\Podmailing
2009-04-11 05:22 . 2009-04-11 05:22 -------- d-----w c:\windows\system32\ar-SA
2009-04-11 05:21 . 2009-04-11 05:21 -------- d-----w c:\windows\system32\XPSViewer
2009-04-11 05:20 . 2006-06-29 10:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-10 23:43 . 2009-04-10 23:43 -------- d-----w c:\documents and settings\user\Application Data\Malwarebytes
2009-04-10 23:43 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-10 23:43 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 23:43 . 2009-04-10 23:43 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 22:31 . 2009-04-10 22:31 -------- d-----w c:\documents and settings\user\Application Data\Free Download Manager
2009-04-10 22:31 . 2009-04-10 22:31 -------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-04-10 16:17 . 2009-04-10 16:17 -------- d-----w c:\documents and settings\user2\Application Data\IObit
2009-04-10 16:14 . 2009-04-10 16:14 -------- d-----w c:\documents and settings\user2\Application Data\Sony
2009-04-10 16:12 . 2009-04-10 16:12 -------- d-----w c:\documents and settings\user2\Local Settings\Application Data\Adobe
2009-04-10 16:12 . 2009-04-10 16:12 -------- d-----w c:\documents and settings\user2\Local Settings\Application Data\Mozilla
2009-04-10 13:58 . 2009-04-10 13:58 -------- d-----w c:\documents and settings\user\Application Data\IObit
2009-04-09 13:12 . 2009-02-06 10:29 2142720 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-09 13:12 . 2009-02-06 09:49 2020864 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-09 13:12 . 2008-08-14 09:58 2136064 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-09 13:12 . 2008-08-14 09:22 2015744 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-09 13:03 . 2008-10-24 11:10 453632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-09 10:49 . 2009-04-09 10:49 -------- d-sh--w C:\Recycled
2009-04-07 10:43 . 2008-12-18 12:02 1249334 ----a-w c:\windows\system32\cxlibw-1-6.dll
2009-04-07 10:43 . 2008-12-18 12:02 86728 ----a-w c:\windows\system32\msxml6r.dll
2009-04-07 10:31 . 2009-04-07 10:31 -------- d-----w c:\documents and settings\user2\Application Data\FastStone
2009-04-07 10:31 . 2009-04-07 10:31 -------- d-----w c:\documents and settings\user2\Application Data\SlipStream
2009-04-07 10:31 . 2009-04-07 10:31 -------- d-----w c:\documents and settings\user2\Application Data\ONSPEED_TOOLBAR
2009-04-07 07:20 . 2009-04-07 07:20 -------- d-----w c:\documents and settings\user\Application Data\FastStone
2009-04-07 06:51 . 2009-04-07 06:51 -------- d-----w c:\documents and settings\user\Application Data\SlipStream
2009-04-06 22:57 . 2009-04-06 22:57 -------- d-----w c:\documents and settings\mozy
2009-04-06 22:57 . 2009-04-06 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-04-06 22:57 . 2009-04-06 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-04-06 22:33 . 2004-08-03 20:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-06 22:33 . 2004-08-03 20:01 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-06 22:32 . 2009-04-06 22:34 129137 ----a-w c:\windows\HPHins15.dat
2009-04-06 22:32 . 2007-08-28 21:32 2885 ------w c:\windows\hphmdl15.dat
2009-04-04 18:53 . 2009-04-04 18:53 -------- d-----w c:\documents and settings\user2\Local Settings\Application Data\Apple
2009-04-04 18:53 . 2009-04-04 18:53 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-03 00:04 . 2009-04-03 00:04 -------- d-----w c:\documents and settings\user2\Local Settings\Application Data\Windows Live Writer
2009-04-03 00:04 . 2009-04-03 00:04 -------- d-----w c:\documents and settings\user2\Application Data\Windows Live Writer
2009-04-02 23:27 . 2005-01-12 08:19 456536 ----a-w c:\windows\system32\XCEEDZIP.DLL
2009-04-02 23:27 . 2004-09-28 08:13 526184 ----a-w c:\windows\system32\XceedCry.dll
2009-04-02 23:27 . 2004-08-11 12:55 110602 ----a-w c:\windows\system32\xcdsfx32.bin
2009-04-02 23:27 . 2004-03-08 21:00 132880 ----a-w c:\windows\system32\Msinet.ocx
2009-04-02 09:44 . 2009-04-02 09:44 -------- d-----w c:\documents and settings\user\Application Data\uTorrent
2009-04-01 18:55 . 2009-04-01 18:55 -------- d-----w c:\documents and settings\user2\Application Data\Media Player Classic
2009-04-01 16:06 . 2009-04-01 16:06 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Help
2009-03-30 21:04 . 2009-04-09 13:07 4856 ----a-w c:\windows\system32\drivers\B5CDBD64.bin
2009-03-30 21:02 . 2009-04-17 18:04 32 ----a-w c:\windows\system32\drivers\mshcmd.sys.
2009-03-30 21:01 . 2009-04-09 13:09 259584 ----a-w c:\windows\system32\drivers\XHASP.sys
2009-03-30 20:56 . 2001-01-16 10:02 409088 ----a-w c:\windows\system32\AbstFarsiX.ocx
2009-03-30 20:51 . 2003-02-05 16:45 613888 ----a-w c:\windows\system32\ZWEffect.dll
2009-03-30 20:51 . 1998-06-23 21:30 164144 ----a-w c:\windows\system32\Comct232.ocx
2009-03-30 20:51 . 2003-03-08 18:08 892928 ----a-w c:\windows\system32\SinaKlcid.dll
2009-03-30 20:51 . 2001-05-22 14:44 241664 ----a-w c:\windows\system32\SinaHLcid.dll
2009-03-30 20:51 . 2009-03-30 20:51 -------- d-----w c:\windows\system32\Patt
2009-03-30 20:51 . 2009-04-18 11:17 8405015 ----a-w c:\windows\TempFile
2009-03-30 20:51 . 2005-07-28 05:18 685056 ----a-w c:\windows\system32\drivers\hardlock.sys
2009-03-30 20:50 . 2005-09-06 15:06 28672 ----a-w c:\windows\system32\hlduinst.exe
2009-03-30 20:50 . 2001-09-28 16:00 164864 ----a-w c:\windows\system32\UNWISE.EXE
2009-03-30 20:50 . 2005-10-12 16:49 3063808 ----a-w c:\windows\system32\hinstd.dll
2009-03-30 20:50 . 2005-09-28 11:24 2164411 ----a-w c:\windows\system32\haspds_windows.dll
2009-03-30 17:50 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-03-30 16:07 . 2006-04-06 06:43 303104 ------w c:\windows\system32\fppmon2.dll
2009-03-30 11:41 . 2009-03-30 11:41 -------- d-----w c:\documents and settings\user\Application Data\4shared Uploader
2009-03-30 09:20 . 2009-03-30 09:20 -------- d-----w c:\documents and settings\user\Application Data\phpDesigner 2008
2009-03-30 07:26 . 2009-03-30 07:26 -------- d-----w c:\documents and settings\user2\Local Settings\Application Data\Google
2009-03-30 05:20 . 2009-03-30 05:20 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-03-29 22:26 . 2009-03-29 22:26 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Deployment
2009-03-29 21:43 . 2009-03-29 21:43 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 18:01 . 2004-08-03 14:56 218624 ----a-w c:\windows\system32\dllcache\uxtheme.dll
2009-04-18 17:34 . 2009-04-18 17:34 -------- d-----w c:\program files\Softwin
2009-04-18 01:28 . 2009-04-18 01:28 -------- d-----w c:\program files\Common Files\Acronis
2009-04-18 01:28 . 2009-04-18 01:28 -------- d-----w c:\program files\Acronis
2009-04-18 01:06 . 2009-04-18 01:06 -------- d-----w c:\program files\ClocX
2009-04-17 22:26 . 2009-04-17 22:26 -------- d-----w c:\program files\MyFreeWeather
2009-04-17 16:27 . 2004-08-03 21:56 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-16 14:07 . 2009-04-16 14:07 -------- d-----w c:\program files\LeapFTP
2009-04-15 21:20 . 2009-04-15 21:20 -------- d-----w c:\program files\Godlike Developers
2009-04-15 18:39 . 2009-04-15 18:39 -------- d-----w c:\program files\ONSPEED
2009-04-15 14:55 . 2009-04-15 14:55 -------- d-----w c:\program files\Icons from File
2009-04-12 08:54 . 2008-09-06 09:23 291648 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 19:37 . 2009-04-11 19:37 -------- d-----w c:\program files\Ashampoo
2009-04-11 11:35 . 2009-04-11 11:35 -------- d-----w c:\program files\ATI
2009-04-11 11:15 . 2009-04-11 11:15 -------- d-----w c:\program files\Net Studio
2009-04-11 06:50 . 2009-04-11 06:50 -------- d-----w c:\program files\DIYYWON
2009-04-11 06:25 . 2009-04-11 06:25 -------- d-----w c:\program files\Podmailing
2009-04-11 06:04 . 2009-04-11 06:04 -------- d-----w c:\program files\way2allahTV
2009-04-11 05:21 . 2009-04-11 05:21 -------- d-----w c:\program files\MSBuild
2009-04-11 05:21 . 2009-04-11 05:21 -------- d-----w c:\program files\Reference Assemblies
2009-04-10 23:43 . 2009-04-10 23:43 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 22:31 . 2009-04-10 22:31 -------- d-----w c:\program files\Free Download Manager
2009-04-10 22:14 . 2009-04-10 22:14 2678 ----a-w c:\windows\java\Packages\Data\FNPN3RPZ.DAT
2009-04-10 22:14 . 2009-04-10 22:14 2678 ----a-w c:\windows\java\Packages\Data\XFNH3NHR.DAT
2009-04-10 22:14 . 2009-04-10 22:14 2678 ----a-w c:\windows\java\Packages\Data\RXB3FLJR.DAT
2009-04-10 22:14 . 2009-04-10 22:14 2678 ----a-w c:\windows\java\Packages\Data\PJ7LVHVJ.DAT
2009-04-10 22:14 . 2009-04-10 22:14 2678 ----a-w c:\windows\java\Packages\Data\ENVR7DJJ.DAT
2009-04-10 13:58 . 2009-04-10 13:58 -------- d-----w c:\program files\IObit
2009-04-09 13:13 . 2009-04-09 13:13 -------- d-----w c:\program files\MSXML 6.0
2009-04-07 10:43 . 2009-04-07 10:43 -------- d-----w c:\program files\Common Files\Crystal Decisions
2009-04-07 10:42 . 2009-04-07 10:42 -------- d-----w c:\program files\Lingobit Localizer
2009-04-07 07:18 . 2009-04-07 07:18 -------- d-----w c:\program files\FastStone Photo Resizer
2009-04-07 06:49 . 2009-04-07 06:49 -------- d-----w c:\program files\onspeed_toolbar
2009-04-06 22:33 . 2009-04-06 22:33 -------- d-----w c:\program files\HP
2009-04-05 23:50 . 2009-04-05 23:50 -------- d-----w c:\program files\nLite
2009-04-02 23:27 . 2009-04-02 23:27 -------- d-----w c:\program files\Driver Magician
2009-04-02 13:10 . 2009-04-02 13:10 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-02 13:10 . 2009-04-02 13:10 -------- d-----w c:\program files\UltraISO
2009-04-02 09:44 . 2009-04-02 09:44 -------- d-----w c:\program files\uTorrent
2009-03-30 20:51 . 2009-03-30 20:51 -------- d-----w c:\program files\SinaSoft
2009-03-30 16:29 . 2009-03-30 16:29 -------- d-----w c:\program files\Your Uninstaller 2008
2009-03-30 11:41 . 2009-03-30 11:41 -------- d-----w c:\program files\4shared Uploader
2009-03-30 09:20 . 2009-03-30 09:19 -------- d-----w c:\program files\phpDesigner 2008
2009-03-29 09:05 . 2009-03-29 09:05 -------- d-----w c:\program files\Easy Index Generator
2009-03-29 07:55 . 2009-03-29 07:55 -------- d-----w c:\program files\Apple Software Update
2009-03-27 13:02 . 2009-03-27 13:02 -------- d-----w c:\program files\Common Files\Intel
2009-03-25 22:19 . 2009-03-25 22:19 -------- d-----w c:\program files\AutoPlay Media Studio 7.0
2009-03-25 15:04 . 2009-03-25 15:04 -------- d-----w c:\program files\ESET
2009-03-25 13:26 . 2009-03-25 13:26 -------- d-----w c:\program files\SRSLabs
2009-03-25 13:26 . 2009-03-25 13:26 -------- d-----w c:\program files\Common Files\SRS
2009-03-25 12:10 . 2009-03-25 12:10 -------- d-----w c:\program files\iVocalize Web Conference 4
2009-03-24 21:12 . 2009-03-24 21:12 -------- d-----w c:\program files\Corel
2009-03-24 11:45 . 2009-03-24 11:45 -------- d-----w c:\program files\Windows Defender
2009-03-24 10:43 . 2009-03-24 10:43 -------- d-----w c:\program files\Bonjour
2009-03-24 10:39 . 2009-03-24 10:39 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-21 14:18 . 2004-08-03 14:56 986112 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 15:09 . 2009-03-20 15:09 -------- d-----w c:\program files\TechSmith
2009-03-20 15:08 . 2009-03-20 15:08 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 01:15 . 2009-03-20 01:14 -------- d-----w c:\program files\CCleaner
2009-03-19 18:50 . 2009-03-19 18:50 21035 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-19 18:49 . 2009-03-19 18:49 -------- d-----w c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility
2009-03-17 07:43 . 2009-03-17 07:43 -------- d-----w c:\documents and settings\user\Application Data\Windows Live Writer
2009-03-17 07:18 . 2009-03-17 07:18 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-17 07:17 . 2009-03-17 07:17 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-17 07:16 . 2009-03-17 07:16 -------- d-----w c:\program files\Microsoft
2009-03-17 07:11 . 2009-03-17 07:11 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-16 17:50 . 2009-03-16 17:50 81984 ----a-w c:\windows\system32\bdod.bin
2009-03-14 20:53 . 2009-03-14 20:53 -------- d-----w c:\program files\Total Video Converter
2009-03-14 04:45 . 2009-03-14 04:45 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-03-13 11:36 . 2009-03-13 11:36 -------- d-----w c:\program files\Uniblue
2009-03-13 11:36 . 2009-03-13 11:36 -------- d-----w c:\documents and settings\user\Application Data\Uniblue
2009-03-13 11:36 . 2009-03-13 11:36 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-13 11:33 . 2009-03-13 11:32 -------- d--h--w c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-12 23:03 . 2009-03-12 23:03 -------- d-----w c:\documents and settings\user\Application Data\URSoft
2009-03-11 14:19 . 2009-03-11 14:19 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-11 14:12 . 2009-03-11 14:12 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-10 10:24 . 2009-03-10 10:24 -------- d-----w c:\documents and settings\user\Application Data\Sony
2009-03-10 10:23 . 2009-03-10 10:23 -------- d-----w c:\program files\Sony
2009-03-10 10:23 . 2009-03-10 10:23 -------- d-----w c:\program files\Sony Setup
2009-03-10 09:28 . 2009-03-10 09:28 -------- d-----w c:\program files\iZotope
2009-03-10 09:28 . 2009-03-10 09:28 -------- d-----w c:\program files\Common Files\iZotope
2009-03-08 11:09 . 2008-09-06 09:14 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 11:09 . 2004-08-03 21:56 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 01:41 . 2004-08-03 21:56 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 01:39 . 2009-03-03 17:14 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 01:34 . 2004-08-03 21:56 981504 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2004-08-03 14:56 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 01:34 . 2004-08-03 14:56 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 01:34 . 2004-08-03 21:56 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 01:34 . 2004-08-03 21:56 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:34 . 2004-08-03 21:56 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 01:34 . 2004-08-03 14:56 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 01:34 . 2004-08-03 21:56 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 01:34 . 2004-08-03 21:56 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 01:33 . 2008-09-06 09:15 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 01:33 . 2004-08-03 21:56 18944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 01:33 . 2004-08-03 21:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2004-08-03 21:56 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 01:33 . 2004-08-03 21:56 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 01:33 . 2004-08-03 21:56 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
.
------- Sigcheck -------
[-] 2009-03-08 01:34 981504 97C2DC4A0C6F8068424A6CED25983006 c:\windows\system32\wininet.dll
[7] 2009-03-08 01:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll
[7] 2008-12-20 12:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie8\wininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\wininet.dll
[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\wininet.dll
[7] 2008-04-20 20:57 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[7] 2008-04-20 20:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-20 20:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-08-25 22:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 12:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-04-20 21:04 659456 1EFB8A3EA8454AEC1BB8A240A2845598 c:\windows\ie7\wininet.dll
[7] 2007-08-13 15:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-25 20:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB961260-IE7\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2009-02-07 3739648]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-12-12 2745776]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-11-20 155904]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-18 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-18 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-18 131072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-06 185896]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-26 16875008]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-17 77824]
"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2005-05-26 128000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2009-3-19 737280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" -autorun
"Podmailing"=c:\program files\Podmailing\Podmailing.exe start-minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"SlipStream"="c:\program files\ONSPEED\onspeedcore.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"g:\\AutoPlay\\Docs\\Alkaka Break\\ألعاب\\كرة طائرة\\volley.exe"=
"c:\\Program Files\\Podmailing\\podmailing.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R2 gupdate1c9b0b75e056d4c;Google Update Service (gupdate1c9b0b75e056d4c);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 133104]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 MagixASIODrv;MAGIX_ASIO_BoostDriver;c:\program files\Magix\Samplitude_V8_professional\mxasio.sys [2004-10-27 4899]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - 286E398A
*NewlyCreated* - EF56EC14
*Deregistered* - 286e398a
*Deregistered* - ef56ec14
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-18 c:\windows\Tasks\الصيانة بنقرة واحدة.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 13:28]
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 14:57]
2009-04-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 21:42]
2009-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-220523388-839522115-1003.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-29 22:26]
2009-04-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-12 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-10 10:15]
2009-04-18 c:\windows\Tasks\User_Feed_Synchronization-{7F2FE2AD-DD3E-4809-B9F2-CA62203C0706}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
2009-04-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 15:20]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
uInternet Settings,ProxyOverride = *.local
IE: تحميل الفيديو بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlfvideo.htm
IE: تحميل الكل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlall.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل المحددة بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlselected.htm
IE: تحميل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dllink.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\progra~1\ONSPEED\sliplsp.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\40omr8xe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\user\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\40omr8xe.default\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}\components\NOWImaging_Moz.dll
FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
FF - user.js: network.http.max-connections-per-server - 8
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-18 22:46
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1376)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxdev.dll
- - - - - - - > 'lsass.exe'(1504)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-04-18 22:46
ComboFix-quarantined-files.txt 2009-04-18 19:46
Pre-Run: 14,146,043,904 bytes free
Post-Run: 14,177,501,184 bytes free
441 --- E O F --- 2009-04-18 00:01


شاكر لك يا عزيزي ..
 
توقيع : أبوعوض
تأييد 0
عطل نقطة الاستعادة مثل الموجود في الشرح التالي


jpg





::::



حمل اداة الكاسبر من الرابط التالي


...
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
...


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل



تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-3d6517b067.png



zyzoom-7717063ed7.png



zyzoom-cda271da05.png



zyzoom-26888dbf15.png



zyzoom-3f4576c288.png



[/B]

ثم قوم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
التعديل الأخير بواسطة المشرف:
توقيع : ابـــو عــبــد الــلــه
تأييد 0
انا الآن أفحص بالكاسبر والنود 23 الاصدار الرابع النود للآن صاير مكتشف 3 والكاسبر حاليا لآ شي ولسا ما خلصوا
 
توقيع : أبوعوض
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى