مهاوي وبس
زيزوومى محترف
غير متصل
- بادئ الموضوع مهاوي وبس
- تاريخ البدء
- 782
غير متصل
جربي تشغلينه بالويندوز ميديا بلاير
كليك يمين على المسلسل > تشغيل بواسطة > ويندوز ميديا بلاير
اذا استمرت المشكله
شغليها بالبرنامج هذا بعد ما تنتهين من تثبيته
كليك يمين على المسلسل > تشغيل بواسطة > ويندوز ميديا بلاير
اذا استمرت المشكله
شغليها بالبرنامج هذا بعد ما تنتهين من تثبيته
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : Juve Guard
تأييد
0
مهاوي وبس
زيزوومى محترف
غير متصل
طيب
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:18:25 م, on 21/04/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Users\Hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\681TAWA1\Zyzoom_HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6477 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:18:25 م, on 21/04/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Users\Hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\681TAWA1\Zyzoom_HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6477 bytes
توقيع : مهاوي وبس
تأييد
0
KoNaMi
زيزوومى فضى
غير متصل
يالغلا اصبري ان الله مع الصابرين
سؤال هل جربتي تستخدمي برنامج اخر ؟؟
اعملي الاتي
عطلي جميع برامج الحمايه
نزل هذه الاداة
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
سؤال هل جربتي تستخدمي برنامج اخر ؟؟
اعملي الاتي
عطلي جميع برامج الحمايه
نزل هذه الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد
0
PrinceOfPersia
زيزوومي VIP
- إنضم
- 19 أبريل 2008
- المشاركات
- 4,718
- مستوى التفاعل
- 7,773
- النقاط
- 1,220
- الإقامة
- الكويت
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
أختي الكريمة..
نزلتي ال Divx؟
كثير من الأفلام الكارتون والأجنبية يتم استخدام ال Divx معها
نزلتي ال Divx؟
كثير من الأفلام الكارتون والأجنبية يتم استخدام ال Divx معها
توقيع : PrinceOfPersia
تأييد
0
مهاوي وبس
زيزوومى محترف
غير متصل
ComboFix 09-04-21.A8 - Hp 04/21/2009 19:46.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1025.18.2046.1333 [GMT 3:00]
Running from: c:\users\Hp\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 090421-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-20 18:24 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-20 18:24 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-20 18:24 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-20 18:24 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-04-20 18:24 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-20 18:24 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-20 18:24 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-20 18:24 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-20 18:19 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-20 18:19 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-20 18:19 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-20 18:19 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-20 18:19 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-20 16:30 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 16:49 . 2008-12-28 21:47 -------- d-----w c:\users\Hp\AppData\Roaming\DMCache
2009-04-21 16:44 . 2008-01-21 05:58 78446 ----a-w c:\windows\System32\perfc001.dat
2009-04-21 16:44 . 2008-01-21 05:58 439186 ----a-w c:\windows\System32\perfh001.dat
2009-04-21 16:37 . 2008-12-25 07:26 4132 ----a-w c:\windows\bthservsdp.dat
2009-04-21 16:09 . 2009-04-08 22:02 -------- d-----w c:\program files\Internet Download Manager
2009-04-20 18:34 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-20 18:31 . 2009-01-29 02:20 -------- d-----w c:\programdata\Microsoft Help
2009-04-20 17:43 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-20 17:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-04-19 15:39 . 2008-12-30 21:04 12884 ----a-w c:\users\Hp\AppData\Roaming\nvModes.dat
2009-04-10 16:54 . 2008-12-25 07:39 7592 ----a-w c:\users\Hp\AppData\Local\d3d9caps.dat
2009-04-08 22:02 . 2008-12-28 21:47 -------- d-----w c:\users\Hp\AppData\Roaming\IDM
2009-04-08 21:44 . 2008-12-30 15:57 -------- d-----w c:\users\Hp\AppData\Roaming\PC Suite
2009-03-27 17:56 . 2008-12-28 22:42 -------- d-----w c:\program files\Java
2009-03-25 15:45 . 2008-12-28 21:31 -------- d-----w c:\users\Hp\AppData\Roaming\ESTsoft
2009-03-25 15:45 . 2008-12-28 21:30 -------- d-----w c:\program files\ESTsoft
2009-03-24 16:31 . 2008-12-28 21:31 -------- d-----w c:\programdata\ESTsoft
2009-03-17 03:38 . 2009-04-20 16:30 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-20 16:30 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-20 16:30 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-09 02:19 . 2008-12-28 22:42 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 16:49 . 2009-03-08 16:49 -------- d-----w c:\users\Hp\AppData\Roaming\Nero
2009-03-08 16:49 . 2009-03-08 16:49 -------- d-----w c:\program files\Common Files\Ahead
2009-03-08 16:49 . 2009-03-08 16:49 -------- d-----w c:\program files\Nero
2009-03-08 15:03 . 2009-02-18 17:12 -------- d-----w c:\users\Hp\AppData\Roaming\Desktopicon
2009-03-03 04:46 . 2009-04-20 16:32 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-20 16:32 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-20 16:30 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-20 16:32 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-20 16:32 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-20 16:32 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-20 16:30 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-20 16:32 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-20 16:32 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-20 16:32 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-20 16:32 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-20 16:32 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-20 16:30 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-28 01:53 . 2008-12-30 15:57 -------- d-----w c:\users\Hp\AppData\Roaming\Nokia
2009-02-21 05:25 . 2009-02-21 05:25 691592 ----a-w c:\windows\System32\OGACheckControl.DLL
2009-02-18 17:16 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-02-15 15:16 . 2009-02-15 15:16 594 ----a-w C:\updatedatfix.log
2009-02-13 08:49 . 2009-04-20 16:30 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-12 19:11 . 2009-02-12 19:11 90112 ----a-w c:\windows\System32\agsaami.dll
2009-02-12 19:11 . 2009-02-12 19:11 610304 ----a-w c:\windows\System32\agsaamg.dll
2009-02-12 19:11 . 2009-02-12 19:11 372736 ----a-w c:\windows\System32\agsaamc.dll
2009-02-12 19:11 . 2009-02-12 19:11 2535424 ----a-w c:\windows\System32\agsaamj.dll
2009-02-12 19:11 . 2009-02-12 19:11 1986560 ----a-w c:\windows\System32\akll.dll
2009-02-12 19:11 . 2009-02-12 19:11 196608 ----a-w c:\windows\System32\maag.dll
2009-02-12 19:11 . 2009-02-12 19:11 1245184 ----a-w c:\windows\System32\bkll.dll
2009-02-12 19:11 . 2009-02-12 19:11 1212416 ----a-w c:\windows\System32\ckll.dll
2009-02-09 03:10 . 2009-03-12 10:56 2033152 ----a-w c:\windows\System32\win32k.sys
2009-01-31 20:14 . 2009-01-31 20:04 173519 ----a-w c:\windows\hpoins27.dat
2009-01-29 08:21 . 2008-12-25 07:39 117272 ----a-w c:\users\Hp\AppData\Local\GDIPFONTCACHEV1.DAT
2008-12-25 08:31 . 2008-12-25 08:31 552 ----a-w c:\users\Hp\AppData\Local\d3d8caps.dat
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-03 2794928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-29 185896]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
c:\users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 50768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dfecf89-ff56-11dd-958a-001e37e795ef}]
\shell\AutoRun\command - F:\zPharaoh.exe
\shell\explore\command - F:\zPharaoh.exe
\shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86bd9050-1891-11de-a9a3-001e37e795ef}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5b00a8d-fdbf-11dd-8b0f-001e37e795ef}]
\shell\AutoRun\command - G:\zPharaoh.exe
\shell\explore\command - G:\zPharaoh.exe
\shell\open\command - G:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0969d4a-fb7f-11dd-a494-001e37e795ef}]
\shell\AutoRun\command - F:\ntde1ect.com
\shell\explore\Command - F:\ntde1ect.com
\shell\open\Command - F:\ntde1ect.com
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/ig?hl=ar
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-21 19:49
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-290055442-2049091082-512904846-1000_Classes\CLSID\{1f2e5089-59a4-43d6-96f9-61aa4e021ddf}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006e
"Therad"=dword:00000003
[HKEY_USERS\S-1-5-21-290055442-2049091082-512904846-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3f,ea,1f,78,99,4b,93,6d,ba,7f,ac,26,50,59,18,12,79,c6,a9,e1,3f,
22,ac,6c,d2,9a,26,67,76,99,2c,66,44,ed,85,a8,86,a2,40,d8,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-290055442-2049091082-512904846-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e0,b4,c1,ce,c1,0c,fe,01,76,49,32,a8,3c,27,d6,29,75,dc,18,ff,8a,
19,cb,64,4a,eb,33,5c,cb,79,f9,4e,d6,6f,3f,b6,d9,7f,85,ba,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-290055442-2049091082-512904846-1000_Classes\CLSID\{9c727d44-0e63-4fb2-bba1-2ab2472d522f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006e
"Therad"=dword:0000000d
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-21 19:50
ComboFix-quarantined-files.txt 2009-04-21 16:50
Pre-Run: 176,318,070,784 bytes free
Post-Run: 176,311,627,776 bytes free
273 --- E O F --- 2009-04-20 18:34
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1025.18.2046.1333 [GMT 3:00]
Running from: c:\users\Hp\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 090421-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-20 18:24 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-20 18:24 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-20 18:24 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-20 18:24 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-04-20 18:24 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-20 18:24 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-20 18:24 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-20 18:24 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-20 18:19 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-20 18:19 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-20 18:19 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-20 18:19 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-20 18:19 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-20 16:30 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 16:49 . 2008-12-28 21:47 -------- d-----w c:\users\Hp\AppData\Roaming\DMCache
2009-04-21 16:44 . 2008-01-21 05:58 78446 ----a-w c:\windows\System32\perfc001.dat
2009-04-21 16:44 . 2008-01-21 05:58 439186 ----a-w c:\windows\System32\perfh001.dat
2009-04-21 16:37 . 2008-12-25 07:26 4132 ----a-w c:\windows\bthservsdp.dat
2009-04-21 16:09 . 2009-04-08 22:02 -------- d-----w c:\program files\Internet Download Manager
2009-04-20 18:34 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-20 18:31 . 2009-01-29 02:20 -------- d-----w c:\programdata\Microsoft Help
2009-04-20 17:43 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-20 17:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-04-19 15:39 . 2008-12-30 21:04 12884 ----a-w c:\users\Hp\AppData\Roaming\nvModes.dat
2009-04-10 16:54 . 2008-12-25 07:39 7592 ----a-w c:\users\Hp\AppData\Local\d3d9caps.dat
2009-04-08 22:02 . 2008-12-28 21:47 -------- d-----w c:\users\Hp\AppData\Roaming\IDM
2009-04-08 21:44 . 2008-12-30 15:57 -------- d-----w c:\users\Hp\AppData\Roaming\PC Suite
2009-03-27 17:56 . 2008-12-28 22:42 -------- d-----w c:\program files\Java
2009-03-25 15:45 . 2008-12-28 21:31 -------- d-----w c:\users\Hp\AppData\Roaming\ESTsoft
2009-03-25 15:45 . 2008-12-28 21:30 -------- d-----w c:\program files\ESTsoft
2009-03-24 16:31 . 2008-12-28 21:31 -------- d-----w c:\programdata\ESTsoft
2009-03-17 03:38 . 2009-04-20 16:30 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-20 16:30 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-20 16:30 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-09 02:19 . 2008-12-28 22:42 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 16:49 . 2009-03-08 16:49 -------- d-----w c:\users\Hp\AppData\Roaming\Nero
2009-03-08 16:49 . 2009-03-08 16:49 -------- d-----w c:\program files\Common Files\Ahead
2009-03-08 16:49 . 2009-03-08 16:49 -------- d-----w c:\program files\Nero
2009-03-08 15:03 . 2009-02-18 17:12 -------- d-----w c:\users\Hp\AppData\Roaming\Desktopicon
2009-03-03 04:46 . 2009-04-20 16:32 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-20 16:32 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-20 16:30 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-20 16:32 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-20 16:32 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-20 16:32 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-20 16:30 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-20 16:32 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-20 16:32 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-20 16:32 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-20 16:32 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-20 16:32 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-20 16:30 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-28 01:53 . 2008-12-30 15:57 -------- d-----w c:\users\Hp\AppData\Roaming\Nokia
2009-02-21 05:25 . 2009-02-21 05:25 691592 ----a-w c:\windows\System32\OGACheckControl.DLL
2009-02-18 17:16 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-02-15 15:16 . 2009-02-15 15:16 594 ----a-w C:\updatedatfix.log
2009-02-13 08:49 . 2009-04-20 16:30 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-12 19:11 . 2009-02-12 19:11 90112 ----a-w c:\windows\System32\agsaami.dll
2009-02-12 19:11 . 2009-02-12 19:11 610304 ----a-w c:\windows\System32\agsaamg.dll
2009-02-12 19:11 . 2009-02-12 19:11 372736 ----a-w c:\windows\System32\agsaamc.dll
2009-02-12 19:11 . 2009-02-12 19:11 2535424 ----a-w c:\windows\System32\agsaamj.dll
2009-02-12 19:11 . 2009-02-12 19:11 1986560 ----a-w c:\windows\System32\akll.dll
2009-02-12 19:11 . 2009-02-12 19:11 196608 ----a-w c:\windows\System32\maag.dll
2009-02-12 19:11 . 2009-02-12 19:11 1245184 ----a-w c:\windows\System32\bkll.dll
2009-02-12 19:11 . 2009-02-12 19:11 1212416 ----a-w c:\windows\System32\ckll.dll
2009-02-09 03:10 . 2009-03-12 10:56 2033152 ----a-w c:\windows\System32\win32k.sys
2009-01-31 20:14 . 2009-01-31 20:04 173519 ----a-w c:\windows\hpoins27.dat
2009-01-29 08:21 . 2008-12-25 07:39 117272 ----a-w c:\users\Hp\AppData\Local\GDIPFONTCACHEV1.DAT
2008-12-25 08:31 . 2008-12-25 08:31 552 ----a-w c:\users\Hp\AppData\Local\d3d8caps.dat
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-03 2794928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-29 185896]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
c:\users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 50768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dfecf89-ff56-11dd-958a-001e37e795ef}]
\shell\AutoRun\command - F:\zPharaoh.exe
\shell\explore\command - F:\zPharaoh.exe
\shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86bd9050-1891-11de-a9a3-001e37e795ef}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5b00a8d-fdbf-11dd-8b0f-001e37e795ef}]
\shell\AutoRun\command - G:\zPharaoh.exe
\shell\explore\command - G:\zPharaoh.exe
\shell\open\command - G:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0969d4a-fb7f-11dd-a494-001e37e795ef}]
\shell\AutoRun\command - F:\ntde1ect.com
\shell\explore\Command - F:\ntde1ect.com
\shell\open\Command - F:\ntde1ect.com
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/ig?hl=ar
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-21 19:49
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-290055442-2049091082-512904846-1000_Classes\CLSID\{1f2e5089-59a4-43d6-96f9-61aa4e021ddf}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006e
"Therad"=dword:00000003
[HKEY_USERS\S-1-5-21-290055442-2049091082-512904846-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3f,ea,1f,78,99,4b,93,6d,ba,7f,ac,26,50,59,18,12,79,c6,a9,e1,3f,
22,ac,6c,d2,9a,26,67,76,99,2c,66,44,ed,85,a8,86,a2,40,d8,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-290055442-2049091082-512904846-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e0,b4,c1,ce,c1,0c,fe,01,76,49,32,a8,3c,27,d6,29,75,dc,18,ff,8a,
19,cb,64,4a,eb,33,5c,cb,79,f9,4e,d6,6f,3f,b6,d9,7f,85,ba,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-290055442-2049091082-512904846-1000_Classes\CLSID\{9c727d44-0e63-4fb2-bba1-2ab2472d522f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006e
"Therad"=dword:0000000d
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-21 19:50
ComboFix-quarantined-files.txt 2009-04-21 16:50
Pre-Run: 176,318,070,784 bytes free
Post-Run: 176,311,627,776 bytes free
273 --- E O F --- 2009-04-20 18:34
توقيع : مهاوي وبس
تأييد
0
غير متصل
يا مهاوي
انتي تبين مشغل مسلسلات على قولتك
ولا برنامج التحميل
ترى لحستي مخي
انتي تبين مشغل مسلسلات على قولتك
ولا برنامج التحميل
ترى لحستي مخي
توقيع : Juve Guard
تأييد
0
- الحالة