مشكلة في تعليق كاملاً !!

[أبو أسامة]

بسم الله الرحمن الرحيم

السلام عليكم ورحمة الله وبركاتة

أخواني اعضاء منتدى زيزوم واجهتني مشكلة بصراحة لا أدري من اي مصدرها :?:

المشكلة : اثناء الشغل على الجهاز يعلق ولا يتحرك ابدا حتى الفارة ومافيه حل إلا اني اقعد ضاغط على زر البور الين ما يتفطى ثم اعيد تشغيل الجهاز

نوع النظام : Windows XP Service Pack 3
نوع الجهاز : Toshiba Satellite Pro 300

تقرير الهياجك :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:39:32 م, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\WINDOWS\XviDplg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 7352 bytes


بالتوفيق لي ولكم
​

 

[starmaker295]

نفس المشكلة عندي !!!!!!!!

 

[starmaker295]

تقريري:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:21 م, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\stopcut\StopCut.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RamCleaner\RamCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\salma\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! ¤u¨م¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨م¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamCleaner] C:\Program Files\RamCleaner\ramcore.exe -s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StopCut.lnk = C:\Program Files\stopcut\StopCut.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Rapget - C:\Program Files\RAPidshareGET\RapGet\rapget.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link by Dr.Web -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{E2155FAB-91CA-4579-930C-323CF20400E2}: NameServer = 213.131.65.20,213.131.66.246
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8361 bytes

 

[MAAX]

اخي ابواسامة اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 

[MAAX]

نفس المشكلة عندي !!!!!!!!

افتح موضوع لوحدك عزيزي

 

[أبو أسامة]

تفضل

ComboFix 09-04-23.A3 - Al'almy 04/24/2009 2:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1014.525 [GMT 3:00]
Running from: c:\documents and settings\Al'almy\My Documents\ComboFix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\artools.dll
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.

2009-04-23 11:39 . 2009-04-23 11:42 -------- d-----w c:\documents and settings\Al'almy\Application Data\ooVoo Details
2009-04-22 12:49 . 2004-03-18 15:36 401484 ----a-w c:\windows\system32\msvcrtd.dll
2009-04-22 12:38 . 2007-09-20 10:04 114688 ----a-w c:\windows\system32\BTCamVideoSource.dll
2009-04-21 15:57 . 2009-04-21 15:57 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-04-21 15:57 . 2009-04-21 15:57 -------- d-----w c:\documents and settings\Al'almy\Local Settings\Application Data\TechSmith
2009-04-21 00:39 . 2008-08-26 07:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-18 14:51 . 2009-04-18 14:52 -------- d-----w c:\windows\system32\quicktime
2009-04-18 14:47 . 2009-04-18 14:47 823296 ----a-w c:\windows\is-GEGN8.exe
2009-04-18 14:47 . 2009-04-18 14:47 1847 ----a-w c:\windows\is-GEGN8.lst
2009-04-18 14:47 . 2009-04-18 14:47 10665 ----a-w c:\windows\is-GEGN8.msg
2009-04-16 16:36 . 2001-08-17 10:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-04-16 16:36 . 2001-08-17 10:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-04-16 16:35 . 2008-04-13 21:15 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-16 16:35 . 2008-04-13 21:15 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-16 14:15 . 2009-04-16 14:15 532480 ----a-w c:\windows\system32\Spider-Man 3 (Mary Jane Watson).scr
2009-04-16 14:15 . 2009-04-16 14:15 -------- d-----w c:\windows\system32\Spider-Man 3 (Mary Jane Watson) dir
2009-04-16 12:29 . 2009-04-16 12:29 212240 ----a-w c:\windows\system32\RICHTX32.OCX
2009-04-16 08:54 . 2009-04-16 12:26 -------- d-----w c:\documents and settings\Al'almy\Application Data\uTorrent
2009-04-16 07:29 . 2009-04-16 12:35 -------- d-----w c:\documents and settings\Al'almy\Application Data\Desktopicon
2009-04-15 14:13 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 12:27 . 2008-04-13 21:15 26112 -c--a-w c:\windows\system32\dllcache\usbser.sys
2009-04-14 12:27 . 2008-04-13 21:15 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-04-14 12:26 . 2009-04-14 12:26 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-14 12:26 . 2009-04-14 12:26 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-14 12:26 . 2008-03-21 10:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-04-12 00:17 . 2009-04-12 00:17 -------- d--h--w c:\windows\PIF
2009-04-10 02:13 . 2009-04-10 02:16 81920 ----a-w c:\documents and settings\Al'almy\Application Data\ezpinst.exe
2009-04-10 02:13 . 2009-04-10 02:16 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-10 02:13 . 2009-04-10 02:16 47360 ----a-w c:\documents and settings\Al'almy\Application Data\pcouffin.sys
2009-04-10 02:13 . 2009-04-10 02:16 -------- d-----w c:\documents and settings\Al'almy\Application Data\Vso
2009-04-10 00:57 . 2009-04-12 00:15 9062 ----a-w c:\windows\swi.ico
2009-04-10 00:57 . 2009-04-12 00:15 22926 ----a-w c:\windows\spf.ico
2009-04-10 00:57 . 2009-04-12 00:15 22486 ----a-w c:\windows\ssd.ico
2009-04-10 00:57 . 2009-04-12 00:15 22486 ----a-w c:\windows\sisx.ico
2009-04-10 00:57 . 2009-04-12 00:15 22486 ----a-w c:\windows\sis.ico
2009-04-10 00:57 . 2009-04-12 00:15 22486 ----a-w c:\windows\pkg.ico
2009-04-10 00:57 . 2009-04-10 00:57 -------- d-----w c:\windows\SISWare
2009-04-08 22:32 . 2009-04-08 22:52 215552 ----a-w c:\windows\system32\ALOWMVFile.dll
2009-04-08 22:32 . 2009-04-08 22:52 403968 ----a-w c:\windows\system32\ALOWMAFile2.dll
2009-04-08 22:32 . 2009-04-08 22:52 188416 ----a-w c:\windows\system32\ALOVideoFile.dll
2009-04-08 22:32 . 2009-04-08 22:52 495104 ----a-w c:\windows\system32\ALOVideoCoreM.dll
2009-04-08 22:32 . 2009-04-08 22:52 780288 ----a-w c:\windows\system32\ALOVideoCompress.dll
2009-04-08 22:32 . 2009-04-08 22:52 249856 ----a-w c:\windows\system32\ALOQuickTimeFile.dll
2009-04-08 22:29 . 2005-05-19 11:42 1458176 ----a-w c:\windows\system32\osenxpsuite2005.ocx
2009-04-08 22:29 . 2005-05-19 00:17 40960 ----a-w c:\windows\system32\osenxpsuite2005.dll
2009-04-08 22:29 . 2005-05-16 13:27 53248 ----a-w c:\windows\system32\AloFrame.ocx
2009-04-08 22:28 . 2000-12-06 10:02 209608 ----a-w c:\windows\system32\tabctl32.ocx
2009-04-08 22:28 . 2002-01-05 02:40 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-04-08 22:28 . 2004-03-09 13:45 152848 ----a-w c:\windows\system32\Comdlg32.ocx
2009-04-08 22:28 . 2002-01-05 03:48 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-08 22:28 . 2000-09-22 11:10 647872 ----a-w c:\windows\system32\MSCOMCT2.OCX
2009-04-08 22:27 . 2009-04-09 22:36 -------- d-----w c:\windows\system32\RMBin
2009-04-08 13:22 . 2008-04-13 21:21 101120 -c--a-w c:\windows\system32\dllcache\bthpan.sys
2009-04-08 13:22 . 2008-04-13 21:21 101120 ----a-w c:\windows\system32\drivers\bthpan.sys
2009-04-08 13:21 . 2008-04-14 02:41 28160 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-04-08 13:21 . 2008-04-14 02:41 28160 ----a-w c:\windows\system32\irmon.dll
2009-04-08 13:21 . 2008-04-13 21:16 59136 -c--a-w c:\windows\system32\dllcache\rfcomm.sys
2009-04-08 13:21 . 2008-04-13 21:16 59136 ----a-w c:\windows\system32\drivers\rfcomm.sys
2009-04-08 13:21 . 2008-04-13 21:16 17024 -c--a-w c:\windows\system32\dllcache\bthenum.sys
2009-04-08 13:21 . 2008-04-13 21:16 17024 ----a-w c:\windows\system32\drivers\BthEnum.sys
2009-04-08 13:21 . 2008-04-14 02:42 151552 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-04-08 13:21 . 2008-04-14 02:42 151552 ----a-w c:\windows\system32\irftp.exe
2009-04-08 13:21 . 2008-04-14 02:42 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-08 13:21 . 2008-04-14 02:42 8192 ----a-w c:\windows\system32\wshirda.dll
2009-04-08 13:21 . 2008-04-13 21:16 18944 -c--a-w c:\windows\system32\dllcache\bthusb.sys
2009-04-08 13:21 . 2008-04-13 21:16 18944 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2009-04-07 13:34 . 2009-04-08 13:28 -------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-04-06 03:53 . 2009-04-06 03:53 -------- d-----w c:\documents and settings\Al'almy\Local Settings\Application Data\WMTools Downloaded Files
2009-04-05 20:53 . 2000-05-22 19:58 608448 ----a-w c:\windows\system32\comctl32.ocx
2009-04-05 18:33 . 2009-04-05 18:33 -------- d-----w c:\documents and settings\Al'almy\Application Data\Foxit
2009-04-05 13:52 . 2009-01-09 09:46 39776 ----a-w c:\windows\system32\DfSdkBt64.exe
2009-04-05 13:52 . 2009-01-09 09:46 33632 ----a-w c:\windows\system32\DfSdkBt.exe
2009-04-05 12:46 . 2009-04-05 12:46 -------- d-----w c:\documents and settings\Al'almy\Local Settings\Application Data\Google
2009-04-04 16:40 . 2004-03-05 13:59 108336 ----a-w c:\windows\system32\mswinsck.ocx
2009-04-04 16:40 . 2004-01-10 22:17 45568 ----a-w c:\windows\system32\YM11AUTH.DLL
2009-04-04 16:37 . 2009-04-04 16:37 153600 ----a-w c:\windows\system32\TLBINF32.DLL
2009-04-04 16:29 . 2009-04-04 16:29 39424 ----a-w c:\windows\zipinst.exe
2009-04-03 13:24 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-04-02 23:16 . 2009-04-22 01:01 -------- d-----w c:\documents and settings\Al'almy\Application Data\TeamViewer
2009-04-02 23:15 . 2009-04-22 01:01 -------- d-----w c:\documents and settings\Al'almy\temp
2009-04-02 21:33 . 2009-04-02 21:33 -------- d-----w c:\windows\Sun
2009-04-02 18:57 . 2009-04-02 18:57 -------- d-----w c:\documents and settings\Al'almy\Application Data\Media Player Classic
2009-04-02 16:33 . 2009-03-09 02:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 16:33 . 2009-03-08 23:53 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-02 16:06 . 2009-04-02 16:06 -------- d-----w c:\windows\system32\XPSViewer
2009-04-02 16:06 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-02 16:06 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-02 16:06 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-02 16:06 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-02 16:06 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-02 16:06 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-02 16:06 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-02 01:22 . 2009-04-02 01:22 -------- d-----w c:\windows\KeyChanger Office Edition
2009-04-02 00:56 . 2009-04-02 00:56 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-02 00:55 . 2007-04-11 08:04 524288 ----a-w c:\windows\system32\opuc.dll
2009-04-01 20:51 . 2009-04-01 20:51 -------- d-----w c:\windows\OPTIONS
2009-04-01 20:51 . 2009-02-23 07:05 338944 ----a-w c:\windows\system32\drivers\RTL8187B.sys
2009-04-01 20:51 . 2009-02-23 07:05 338944 ----a-w c:\windows\system\rtl8187B.sys
2009-04-01 20:51 . 2009-02-23 07:05 310528 ----a-w c:\windows\system32\drivers\rtl8187Se.sys
2009-04-01 20:51 . 2009-02-23 07:05 310528 ----a-w c:\windows\system\rtl8187Se.sys
2009-04-01 20:51 . 2009-02-23 07:05 511872 ----a-w c:\windows\system32\drivers\rtl819xp.sys
2009-04-01 20:51 . 2009-02-23 07:05 511872 ----a-w c:\windows\system\rtl819xp.sys
2009-04-01 20:51 . 2009-04-01 20:51 -------- d-----w c:\documents and settings\Al'almy\Application Data\InstallShield
2009-04-01 20:20 . 2008-04-13 21:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-01 18:08 . 2009-04-05 22:37 82536 ----a-w c:\documents and settings\Al'almy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 23:10 . 2009-04-01 10:48 -------- d-----w c:\documents and settings\Al'almy\Application Data\DMCache
2009-04-23 22:45 . 2009-04-01 13:40 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-23 22:26 . 2009-04-23 13:25 -------- d-----w c:\program files\MBM
2009-04-23 22:24 . 2009-04-01 13:40 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 11:39 . 2009-04-23 11:38 -------- d-----w c:\program files\ooVoo
2009-04-23 11:38 . 2009-04-01 20:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-23 10:39 . 2009-04-23 10:39 -------- d-----w c:\program files\Trend Micro
2009-04-23 08:36 . 2009-04-01 09:53 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-22 12:51 . 2009-04-22 12:38 -------- d-----w c:\program files\Mobiola Web Camera for S60
2009-04-21 16:07 . 2009-04-01 10:48 -------- d-----w c:\program files\Internet Download Manager
2009-04-21 15:57 . 2009-04-21 15:57 -------- d-----w c:\program files\TechSmith
2009-04-21 15:56 . 2009-04-21 15:56 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-21 00:40 . 2009-04-21 00:40 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-21 00:40 . 2009-04-21 00:40 -------- d-----w c:\program files\Common Files\Nokia
2009-04-21 00:39 . 2009-04-21 00:39 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-21 00:38 . 2009-04-01 16:20 -------- d-----w c:\program files\Nokia
2009-04-21 00:37 . 2009-04-01 16:19 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-04-19 19:02 . 2009-04-10 01:59 -------- d-----w c:\program files\Hotspot Shield
2009-04-18 16:00 . 2009-04-18 14:43 -------- d-----w c:\program files\Gabest
2009-04-18 15:06 . 2009-04-18 15:04 -------- d-----w c:\program files\The KMPlayer
2009-04-18 15:05 . 2009-04-18 15:05 -------- d-----w c:\program files\Real Alternative
2009-04-18 15:02 . 2009-04-18 15:02 -------- d-----w c:\program files\Common Files\xing shared
2009-04-18 15:01 . 2009-04-02 16:38 -------- d-----w c:\program files\Common Files\Real
2009-04-18 15:01 . 2003-03-18 17:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-18 15:01 . 2003-02-21 01:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-18 13:20 . 2009-04-01 16:22 -------- d-----w c:\documents and settings\Al'almy\Application Data\PC Suite
2009-04-16 15:56 . 2009-04-01 16:22 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-16 12:34 . 2009-04-16 07:29 -------- d-----w c:\program files\FormatFactory
2009-04-16 08:59 . 2009-04-16 08:54 -------- d-----w c:\program files\uTorrent
2009-04-16 07:47 . 2009-04-03 11:17 -------- d-----w c:\program files\vSoft
2009-04-14 12:33 . 2009-04-01 16:22 -------- d-----w c:\documents and settings\Al'almy\Application Data\Nokia
2009-04-12 22:44 . 2009-04-05 20:53 -------- d-----w c:\program files\Total Video Converter
2009-04-11 16:04 . 2009-04-01 10:48 -------- d-----w c:\documents and settings\Al'almy\Application Data\IDM
2009-04-10 09:56 . 2009-04-10 02:13 -------- d-----w c:\program files\Video Converter Professional
2009-04-10 00:57 . 2009-04-10 00:57 -------- d-----w c:\program files\CequenzeTech
2009-04-09 22:36 . 2009-04-09 22:36 -------- d-----w c:\program files\Real_SC
2009-04-08 22:52 . 2009-04-08 22:31 382464 ----a-w c:\windows\system32\ALOAVIFile.dll
2009-04-08 22:52 . 2009-04-08 22:31 90112 ----a-w c:\windows\system32\ALOAudioFormatSettings3.dll
2009-04-08 22:52 . 2009-04-08 22:31 877568 ----a-w c:\windows\system32\ALOAudioFile2.dll
2009-04-08 22:52 . 2009-04-08 22:31 2846720 ----a-w c:\windows\system32\ALOAudioCompress3.dll
2009-04-08 22:52 . 2009-04-08 22:31 778240 ----a-w c:\windows\system32\ALOAudioCompress2.dll
2009-04-08 22:27 . 2009-04-08 22:27 -------- d-----w c:\program files\Ozone
2009-04-07 13:33 . 2009-04-07 13:33 -------- d-----w c:\program files\IVT Corporation
2009-04-05 18:33 . 2009-04-05 18:33 -------- d-----w c:\program files\Foxit Software
2009-04-05 13:52 . 2009-04-05 13:52 -------- d-----w c:\program files\Ashampoo
2009-04-04 21:14 . 2009-04-04 21:14 -------- d-----w c:\program files\Nsasoft
2009-04-02 23:15 . 2009-04-02 23:15 -------- d-----w c:\program files\TeamViewer
2009-04-02 22:52 . 2009-04-02 22:52 -------- d-----w c:\program files\LtUcx
2009-04-02 22:35 . 2009-04-01 16:41 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-02 18:57 . 2009-04-02 16:33 -------- d-----w c:\program files\Java
2009-04-02 16:46 . 2009-04-01 16:41 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-02 16:38 . 2009-04-02 16:38 -------- d-----w c:\program files\Real
2009-04-02 16:34 . 2009-04-02 16:34 -------- d-----w c:\program files\Sun
2009-04-02 16:06 . 2009-04-02 16:06 -------- d-----w c:\program files\MSBuild
2009-04-02 16:06 . 2009-04-02 16:06 -------- d-----w c:\program files\Reference Assemblies
2009-04-02 15:50 . 2009-04-02 01:22 -------- d-----w c:\program files\KeyChanger Office Edition
2009-04-01 20:51 . 2009-04-01 20:51 -------- d-----w c:\program files\Realtek WLAN driver
2009-04-01 20:30 . 2009-04-01 20:30 -------- d-----w c:\program files\NCC Education
2009-04-01 17:25 . 2009-04-01 17:25 -------- d-----w c:\program files\microsoft frontpage
2009-04-01 17:22 . 2009-04-01 17:22 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-01 16:46 . 2009-04-01 16:46 -------- d-----w c:\program files\Microsoft Works
2009-04-01 16:45 . 2009-04-01 16:45 -------- d-----w c:\program files\Microsoft.NET
2009-04-01 16:20 . 2009-04-01 16:20 -------- d-----w c:\program files\DIFX
2009-04-01 16:08 . 2009-04-01 16:08 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-01 15:58 . 2009-04-01 15:58 -------- d-----w c:\program files\Windows Live
2009-04-01 15:45 . 2009-04-01 11:48 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-01 15:45 . 2009-04-01 11:43 -------- dc-h--w c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-04-01 15:42 . 2009-04-01 15:40 -------- d-----w c:\program files\UltraISO
2009-04-01 15:40 . 2009-04-01 15:40 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-01 13:40 . 2009-04-01 13:40 -------- d-----w c:\documents and settings\Al'almy\Application Data\URSoft
2009-04-01 13:40 . 2009-04-01 13:40 -------- d-----w c:\program files\Intel
2009-04-01 13:21 . 2009-04-01 00:57 -------- d-----w c:\program files\Realtek
2009-04-01 13:17 . 2009-04-01 00:57 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-01 12:37 . 2009-04-01 12:37 -------- d-----w c:\program files\CONEXANT
2009-04-01 12:24 . 2009-04-01 12:24 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-01 10:19 . 2009-04-01 17:24 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-01 00:57 . 2009-04-01 00:57 315392 ----a-w c:\windows\HideWin.exe
2009-03-10 12:46 . 2009-03-10 12:46 126976 ----a-w c:\windows\XviDplg.dll
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2008-04-14 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-21 05:25 . 2008-12-31 14:04 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-20 18:09 . 2008-04-14 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 04:37 . 2009-04-01 16:20 91136 ----a-w c:\windows\system32\nmwcdcls.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-04-14 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

------- Sigcheck -------

[-] 2008-09-22 20:53 1614848 4728A2BF7FD18C858772158689ECDAC2 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-10 2794928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-18 185872]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-10-27 16860672]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*isabledoVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*isabledoVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*isabledoVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*isabledoVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*isabledoVoo UDP المنفذ 37675

R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; [x]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-03-19 51816]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-02-23 338944]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be0914a3-1edf-11de-b0fd-001b9ee628c6}]
\Shell\AutoRun\command - jm3cx96.bat
\Shell\open\Command - jm3cx96.bat
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Al'almy\Application Data\Mozilla\Firefox\Profiles\0ptpyegd.default\
FF - prefs.js: browser.startup.homepage - hxxp://arab-gb.com/
FF - component: c:\documents and settings\Al'almy\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-24 02:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-23 2:14
ComboFix-quarantined-files.txt 2009-04-23 23:14

Pre-Run: 30,751,633,408 bytes free
Post-Run: 30,753,054,720 bytes free

319 --- E O F --- 2009-04-15 21:58

​

 

[KoNaMi]

الين يجي الغلا نور

اديني تقرير جديد للهاجيك ..
​

 

[أبو أسامة]

أبشر

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:47:34 ص, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 7209 bytes

 

[MAAX]

حدد التالي واحذفه

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

طريقة الحذف

​

​

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود​

ثم نزل هذه الاداة واتبع الشرح التالي​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط ​

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

وكيف الاوضاع عندك الان ؟​

 

[أعتز بك]

بعد اذن الأخوآن

قم بحذف القيمه التاليه

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود



ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط




شرح الاستخدام ,,,,,,​

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )​

​

​

​

​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

​

​

​

وبعد ماتخلص ​

​

اغلق جميع برامج الحماية واغلق جميع البرامج والمتصفح واعمل التالي​

​

اعمل التالي



عطل استعادة النظام وابقها معطلة حسب الشرح التالي

​

ثم​

​

حمل الاداة التالية​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

​

​

شغلها فتظهر لك واجهة الاداة​

احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة​

وبس تخلص عطيني التقرير مع تقرير هايجاك جديد​

​

​

​

​

​

 

[أعتز بك]

آآسف أخي ماااكس

لم أنتبه للرد

بالتوفيق لك وتابع اخي ماكس

 

[أبو أسامة]

يعطيك الف عافية أخ أعتز بك مشكور ما قصرت

استفدت من أداة الحذف و وحذفت القيمة التي في الهياجك

وبالنسبة للأداة الثانية الرابط مو شغال

ومنتظرين الأخ ماكس الله يبارك فيه

بالتوفيق لكم

 

[KoNaMi]

الين يجي الغلا مآآكس

اديني تقرير جديد للهاجيك ...
​

 

[أعتز بك]

الين يجي الغلا مآآكس



اديني تقرير جديد للهاجيك ...
​

انت قلت أطمر :d:

بعد أذنك

هذا رابط للأداة الثانيه

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وان شاء الله الأخوان يكملوا معك

يمدحوون النوم :hh:

بالتوفيق لك وللجيمع

تحياتي ،،​

 

[أبو أسامة]

للرفع ,,,,,,,

 

[MAAX]

اي رابط اللي ما اشتغل اخوي ؟