- بادئ الموضوع فـهـد
- تاريخ البدء
- 1,391
قاهرهم
زيزوومى مميز
غير متصل
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بس راح يكوون بدل الأفيرا الـ AVG 8
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
فـهـد
زيزوومى مبدع
غير متصل
شغلت الاداه
بس يطلع اللي بالوسط فااااااضي !!!!
بس يطلع اللي بالوسط فااااااضي !!!!
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : فـهـد
تأييد
0
hany mix
زيزوومى محترف
غير متصل
طريقة حذف البرامج من جذورها
طريقة حذف البرامج من جذورها عندما تريد أن تحذف برنامجاً ما فان الطريقة الصحيحة هي ان تذهب إلى (لوحة التحكم ) ثم ( إضافة /إزالة البرامج) وفيها تشير من قائمة البرامج على البرنامج المراد حذفة ثم تضغط على (إزالة/ إضافة) فيحذف … ولكن هناك برامج (تجحدك وتلزق) في جهازك….. ( عليك اتباع الخطوات بشكل صحيح ) 1- اضغط على ابدأ ( Star)
2- ستفتح لك قائمة ابدأ ( Star) اختار تشغيل (Run) .
3- سوف يظهر لك مربع حوارباسم تشغيل أو ( Run) اكتب فيه (Regedit) .
4-اضغط موافق (Ok) .
5- سوف يفتح لك صفحة باسم (Registry Editor) . هذه الصفحة عبارة عن قسمين: أيمن وأيسر ، القسم الأيمن فارغ وفي القسم الأيسر قائمة ملفات عمودية كما تلاحظ:
6-اضغط من القسم الأيسر على الملف HKEY_LOCAL_MACHINE ) .
7- ثم اختر الملف : ( SOFTWARE ) .
8-اختر ( Microsoft ) .
9- اختر( Windows ) .
10-اختر( CurrentVersion ) .
11- اختر ( Uninstall ).
الآن تظهر لك قائمة فرعية بها جميع البرامج التي في جهازك: 12- توجه إلى البرنامج المراد حذفه… ثم اضغط عليه بزر الفارة الأيمن ثم اضغط على زر (Delete ) بلوحة المفاتيح .و سوف يحذف بلا رجعه
توقيع : hany mix
تأييد
0
مجيد الحلو
زيزوومي جديد
- إنضم
- 9 يناير 2009
- المشاركات
- 520
- مستوى التفاعل
- 2
- النقاط
- 0
غير متصل
اخي العزيز ارجع نصب برنامج avg 8 وبعدين احذفو بالاداة يلي اعطاك اياها قاهرهم وخبرنا
توقيع : مجيد الحلو
تأييد
0
فـهـد
زيزوومى مبدع
غير متصل
هذي اول مشكله
ثاني مشكله
ثالث مشكله
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثاني مشكله
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثالث مشكله
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : فـهـد
تأييد
0
Corporation
زيزوومى فضى
غير متصل
أذا جهـآزك مو مكرك
أعمل للكآسبر خروج من شريط المهام
نزل هذه الاداة
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
أعمل للكآسبر خروج من شريط المهام
نزل هذه الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
توقيع : Corporation
تأييد
0
فـهـد
زيزوومى مبدع
غير متصل
ComboFix 09-04-25.A1 - al batin 04/24/2009 18:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.247.96 [GMT 3:00]
Running from: c:\documents and settings\al batin\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.
2009-04-24 14:15 . 2009-04-24 14:15 471 ----a-w c:\windows\system32\%LocalXml%
2009-04-24 13:19 . 2009-04-24 15:16 172064 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-24 13:19 . 2009-04-24 15:16 1668 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-24 11:02 . 2009-04-24 11:02 69 ----a-w c:\windows\NeroDigital.ini
2009-04-23 21:19 . 2009-04-24 10:38 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-23 18:55 . 2009-04-24 15:12 43760 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 18:55 . 2009-04-24 15:12 4073504 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 17:09 . 2009-04-23 17:09 0 ----a-w c:\windows\nsreg.dat
2009-04-23 17:09 . 2009-04-23 17:09 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\Mozilla
2009-04-23 16:55 . 2009-04-23 16:55 -------- d-----w c:\windows\system32\LogFiles
2009-04-23 16:51 . 2009-04-23 16:51 -------- d-----w c:\windows\system32\ar-sa
2009-04-23 16:20 . 2006-09-06 14:42 22752 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-23 16:18 . 2009-04-23 16:18 -------- d--h--w c:\windows\$hf_mig$
2009-04-23 16:06 . 2009-04-23 16:06 -------- d-sh--w c:\documents and settings\al batin\UserData
2009-04-23 16:01 . 2009-04-23 20:14 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-23 15:51 . 2009-04-23 15:51 -------- d-----w c:\documents and settings\al batin\Application Data\Itch Eq
2009-04-23 15:24 . 2009-04-24 15:19 -------- d-----w c:\documents and settings\al batin\Tracing
2009-04-23 15:07 . 2004-08-03 21:55 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-23 15:07 . 2004-08-03 21:55 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-23 15:07 . 2004-08-03 21:45 14720 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-04-23 15:07 . 2004-08-03 21:45 14720 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-23 15:07 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-23 15:07 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-23 13:46 . 2001-09-18 10:38 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-04-23 13:46 . 2001-09-18 10:38 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-04-23 13:46 . 2001-08-17 11:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-23 13:46 . 2001-08-17 11:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-23 13:45 . 2001-08-17 09:19 72192 -c--a-w c:\windows\system32\dllcache\es1969.sys
2009-04-23 13:45 . 2001-08-17 09:19 72192 ----a-w c:\windows\system32\drivers\es1969.sys
2009-04-22 17:52 . 2009-04-24 14:12 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-22 17:52 . 2009-04-24 14:12 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-22 17:52 . 2009-04-24 15:18 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-22 14:20 . 2009-04-22 14:21 -------- d-----w c:\documents and settings\al batin\Application Data\Media Player Classic
2009-04-22 08:09 . 2006-01-01 14:48 28672 ----a-r c:\windows\system32\SiSPInst.dll
2009-04-22 08:09 . 2006-01-01 14:48 49152 ----a-r c:\windows\system32\sis740.bin
2009-04-22 08:09 . 2006-01-01 14:48 1869609 ----a-r c:\windows\system32\sisgl.dll
2009-04-22 08:09 . 2006-01-01 14:48 11904 ----a-r c:\windows\system32\drivers\srvkp.sys
2009-04-22 08:09 . 2006-01-01 14:48 884736 ----a-r c:\windows\system32\sisgrv.dll
2009-04-22 08:09 . 2006-01-01 14:48 49152 ----a-r c:\windows\system32\sis650.bin
2009-04-22 08:09 . 2006-01-01 14:48 247296 ----a-r c:\windows\system32\drivers\sisgrp.sys
2009-04-22 07:44 . 2004-08-03 20:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-22 07:34 . 2006-01-01 14:48 75513 ----a-r c:\windows\VGAsetup.ini
2009-04-22 07:34 . 2009-04-22 08:02 2 ----a-w c:\windows\~sisRslt
2009-04-22 07:33 . 2006-01-01 14:48 49152 ----a-r c:\windows\system32\SiSPower.dll
2009-04-22 07:33 . 2006-01-01 14:48 884736 -c--a-w c:\windows\system32\dllcache\sisgrv.dll
2009-04-22 07:33 . 2006-01-01 14:48 247296 -c--a-w c:\windows\system32\dllcache\sisgrp.sys
2009-04-22 07:25 . 2006-01-01 14:47 156672 ----a-r c:\windows\system32\RTLCPAPI.dll
2009-04-22 07:25 . 2006-01-01 14:47 10458112 ----a-r c:\windows\system32\RTLCPL.EXE
2009-04-22 07:25 . 2006-01-01 14:47 141016 ----a-r c:\windows\system32\ALSNDMGR.WAV
2009-04-22 07:25 . 2006-01-01 14:47 18763776 ----a-r c:\windows\system32\ALSNDMGR.CPL
2009-04-22 07:25 . 2006-01-01 14:47 81920 ----a-r c:\windows\SOUNDMAN.EXE
2009-04-22 07:25 . 2006-01-01 14:47 3644032 ----a-r c:\windows\system32\drivers\ALCXWDM.SYS
2009-04-22 06:56 . 2009-04-22 16:46 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-22 06:52 . 2009-04-22 06:52 79360 ----a-w c:\windows\system32\realmrec.dll
2009-04-22 06:52 . 2009-04-22 06:52 72704 ----a-w c:\windows\system32\in_tara.dll
2009-04-22 06:52 . 2009-04-22 06:52 70144 ----a-w c:\windows\system32\in_cdda.dll
2009-04-22 06:52 . 2009-04-22 06:52 68578 ----a-w c:\windows\system32\tarawin.bmp
2009-04-22 06:52 . 2009-04-22 06:52 53760 ----a-w c:\windows\system\ppacklib.dll
2009-04-22 06:52 . 2009-04-22 06:52 515584 ----a-w c:\windows\system32\WaPlug.ocx
2009-04-22 06:52 . 2009-04-22 06:52 226816 ----a-w c:\windows\system32\in_vorbis.dll
2009-04-22 06:52 . 2009-04-22 06:52 15360 ----a-w c:\windows\system32\out_disk.dll
2009-04-22 06:52 . 2009-04-22 06:52 13824 ----a-w c:\windows\system32\out_wave.dll
2009-04-22 06:52 . 2009-04-22 06:52 1159 ----a-w c:\windows\system32\tara.ini
2009-04-22 06:52 . 2009-04-22 06:52 102400 ----a-w c:\windows\system32\in_wm.dll
2009-04-22 06:52 . 2009-04-22 06:52 -------- d-----w c:\windows\محول الصوتيات
2009-04-22 06:50 . 2009-04-22 06:50 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-22 06:48 . 2009-04-22 06:48 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-22 06:48 . 2001-03-08 15:30 24064 ------w c:\windows\system32\msxml3a.dll
2009-04-22 06:40 . 2009-04-22 06:40 -------- d-----w c:\documents and settings\al batin\Application Data\PC Suite
2009-04-22 06:40 . 2009-04-22 06:41 -------- d-----w c:\documents and settings\al batin\Application Data\Nokia
2009-04-22 06:40 . 2009-04-22 06:40 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-22 06:39 . 2007-09-17 12:53 21632 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-22 06:38 . 2009-04-22 06:40 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-22 06:38 . 2008-05-07 04:38 90624 ----a-w c:\windows\system32\nmwcdcls.dll
2009-04-22 06:36 . 2009-04-22 06:36 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-04-22 06:35 . 2004-03-02 13:37 125184 ------w c:\windows\system32\drivers\imagesrv.sys
2009-04-22 06:35 . 2004-03-02 13:37 5504 ------w c:\windows\system32\drivers\imagedrv.sys
2009-04-22 06:35 . 2000-06-26 07:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-04-22 06:35 . 2004-07-26 13:16 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-04-22 06:35 . 2004-07-26 13:16 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-04-22 06:35 . 2004-07-26 13:16 262144 ------w c:\windows\system32\ImagXR7.dll
2009-04-22 06:35 . 2004-07-26 13:16 1568768 ------w c:\windows\system32\ImagX7.dll
2009-04-22 06:35 . 2001-07-09 07:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-04-22 06:32 . 2009-04-22 06:31 69632 ----a-w c:\windows\system32\javacpl.cpl
2009-04-22 06:30 . 2009-04-22 06:31 -------- d-----w c:\windows\speech
2009-04-22 06:30 . 2009-04-22 06:30 172032 ------w c:\windows\Setup1.exe
2009-04-22 06:30 . 2009-04-22 06:30 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-22 06:26 . 2009-04-22 06:30 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\Adobe
2009-04-22 06:23 . 2009-04-22 06:23 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\ACD Systems
2009-04-22 06:23 . 2009-04-22 06:23 -------- d-----w c:\documents and settings\al batin\Application Data\ACD Systems
2009-04-22 06:22 . 2009-04-22 06:22 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-04-22 06:21 . 2009-04-22 06:21 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\Downloaded Installations
2009-04-22 06:16 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-22 06:08 . 2009-04-22 06:13 -------- d-----w c:\windows\SHELLNEW
2009-04-22 06:07 . 2009-04-22 06:07 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\Microsoft Help
2009-04-22 06:07 . 2009-04-22 06:16 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-22 06:07 . 2009-04-22 06:07 -------- d--h--r C:\MSOCache
2009-04-22 06:04 . 2009-04-22 16:47 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft
2009-04-22 06:04 . 2009-04-22 06:04 -------- d-s---w c:\windows\system32\Microsoft
2009-04-22 06:04 . 2009-04-22 06:04 -------- d-sh--w c:\documents and settings\LocalService
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 14:50 . 2009-04-24 10:06 -------- d-----w c:\program files\VS Revo Group
2009-04-24 14:12 . 2007-10-24 11:16 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-24 12:54 . 2009-04-22 17:52 -------- d-----w c:\program files\Kaspersky Lab
2009-04-24 12:26 . 2001-09-19 12:00 39982 ----a-w c:\windows\system32\perfc001.dat
2009-04-24 12:26 . 2001-09-19 12:00 251478 ----a-w c:\windows\system32\perfh001.dat
2009-04-23 15:51 . 2009-04-23 15:51 -------- d-----w c:\program files\Itch Eq
2009-04-23 15:50 . 2009-04-23 15:50 -------- d-----w c:\program files\Circl Developement
2009-04-23 15:50 . 2009-04-23 15:50 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-23 15:48 . 2009-04-22 06:05 99496 ----a-w c:\documents and settings\al batin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 07:50 . 2009-04-22 07:48 -------- d-----w c:\program files\Windows Live
2009-04-22 07:48 . 2009-04-22 07:48 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-22 07:47 . 2009-04-22 07:47 -------- d-----w c:\program files\Microsoft
2009-04-22 06:52 . 2009-04-22 06:52 -------- d-----w c:\program files\Real_SC
2009-04-22 06:50 . 2009-04-22 06:50 -------- d-----w c:\program files\Common Files\Real
2009-04-22 06:50 . 2009-04-22 06:50 -------- d-----w c:\program files\Ringz Studio
2009-04-22 06:48 . 2009-04-22 06:47 -------- d-----w c:\program files\CyberLink
2009-04-22 06:47 . 2009-04-22 06:47 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-22 06:47 . 2009-04-22 06:46 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-22 06:39 . 2009-04-22 06:39 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-22 06:39 . 2009-04-22 06:39 -------- d-----w c:\program files\Common Files\Nokia
2009-04-22 06:39 . 2009-04-22 06:38 -------- d-----w c:\program files\Nokia
2009-04-22 06:39 . 2009-04-22 06:39 -------- d-----w c:\program files\DIFX
2009-04-22 06:38 . 2009-04-22 06:38 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-22 06:35 . 2009-04-22 06:35 -------- d-----w c:\program files\Ahead
2009-04-22 06:35 . 2009-04-22 06:35 -------- d-----w c:\program files\Common Files\Ahead
2009-04-22 06:33 . 2009-04-22 06:33 2232 ----a-w c:\windows\java\Packages\Data\RVN733TZ.DAT
2009-04-22 06:33 . 2009-04-22 06:33 155995 ----a-w c:\windows\java\Packages\8177HNB3.ZIP
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\5Z7T713R.DAT
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\7X35BJFR.DAT
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\BDBPFDZX.DAT
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\9B77P33H.DAT
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\J5JL3JTF.DAT
2009-04-22 06:33 . 2009-04-22 06:32 -------- d-----w c:\program files\Microsoft VM
2009-04-22 06:31 . 2009-04-22 06:31 -------- d-----w c:\program files\Java
2009-04-22 06:31 . 2009-04-22 06:31 -------- d-----w c:\program files\Common Files\Java
2009-04-22 06:30 . 2009-04-22 06:30 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-22 06:25 . 2009-04-22 06:25 -------- d-----w c:\program files\Common Files\Adobe
2009-04-22 06:22 . 2009-04-22 06:22 -------- d-----w c:\program files\Common Files\ACD Systems
2009-04-22 06:22 . 2009-04-22 06:22 -------- d-----w c:\program files\ACD Systems
2009-04-22 06:14 . 2009-04-22 06:14 -------- d-----w c:\program files\Microsoft Works
2009-04-22 06:14 . 2009-04-22 06:14 -------- d-----w c:\program files\MSBuild
2009-04-21 20:04 . 2009-04-21 20:04 -------- d-----w c:\program files\microsoft frontpage
2009-04-21 20:02 . 2009-04-21 20:02 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 19:59 . 2009-04-21 19:59 22144 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"flapmulti"="c:\docume~1\ALBATI~1\APPLIC~1\ITCHEQ~1\firstintertick.exe" [2009-04-23 618496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-04-22 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-24 206088]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-01-01 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2039:TCP"= 2039:TCP:vqjdng
R2 wbqylxmf;Network Support;c:\windows\system32\svchost.exe [2004-08-03 14336]
R3 bustf;bustf; [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-04-24 33808]
S3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [2001-08-17 72192]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-05-30 24344]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wbqylxmf
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
FF - ProfilePath - c:\documents and settings\al batin\Application Data\Mozilla\Firefox\Profiles\6rpxbfuf.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-24 18:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bustf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wbqylxmf]
"ServiceDll"="c:\windows\system32\iyeosnro.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-04-24 18:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-24 15:22
Pre-Run: 15,557,115,904 bytes free
Post-Run: 15,678,115,840 bytes free
257
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.247.96 [GMT 3:00]
Running from: c:\documents and settings\al batin\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.
2009-04-24 14:15 . 2009-04-24 14:15 471 ----a-w c:\windows\system32\%LocalXml%
2009-04-24 13:19 . 2009-04-24 15:16 172064 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-24 13:19 . 2009-04-24 15:16 1668 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-24 11:02 . 2009-04-24 11:02 69 ----a-w c:\windows\NeroDigital.ini
2009-04-23 21:19 . 2009-04-24 10:38 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-23 18:55 . 2009-04-24 15:12 43760 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 18:55 . 2009-04-24 15:12 4073504 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 17:09 . 2009-04-23 17:09 0 ----a-w c:\windows\nsreg.dat
2009-04-23 17:09 . 2009-04-23 17:09 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\Mozilla
2009-04-23 16:55 . 2009-04-23 16:55 -------- d-----w c:\windows\system32\LogFiles
2009-04-23 16:51 . 2009-04-23 16:51 -------- d-----w c:\windows\system32\ar-sa
2009-04-23 16:20 . 2006-09-06 14:42 22752 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-23 16:18 . 2009-04-23 16:18 -------- d--h--w c:\windows\$hf_mig$
2009-04-23 16:06 . 2009-04-23 16:06 -------- d-sh--w c:\documents and settings\al batin\UserData
2009-04-23 16:01 . 2009-04-23 20:14 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-23 15:51 . 2009-04-23 15:51 -------- d-----w c:\documents and settings\al batin\Application Data\Itch Eq
2009-04-23 15:24 . 2009-04-24 15:19 -------- d-----w c:\documents and settings\al batin\Tracing
2009-04-23 15:07 . 2004-08-03 21:55 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-23 15:07 . 2004-08-03 21:55 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-23 15:07 . 2004-08-03 21:45 14720 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-04-23 15:07 . 2004-08-03 21:45 14720 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-23 15:07 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-23 15:07 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-23 13:46 . 2001-09-18 10:38 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-04-23 13:46 . 2001-09-18 10:38 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-04-23 13:46 . 2001-08-17 11:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-23 13:46 . 2001-08-17 11:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-23 13:45 . 2001-08-17 09:19 72192 -c--a-w c:\windows\system32\dllcache\es1969.sys
2009-04-23 13:45 . 2001-08-17 09:19 72192 ----a-w c:\windows\system32\drivers\es1969.sys
2009-04-22 17:52 . 2009-04-24 14:12 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-22 17:52 . 2009-04-24 14:12 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-22 17:52 . 2009-04-24 15:18 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-22 14:20 . 2009-04-22 14:21 -------- d-----w c:\documents and settings\al batin\Application Data\Media Player Classic
2009-04-22 08:09 . 2006-01-01 14:48 28672 ----a-r c:\windows\system32\SiSPInst.dll
2009-04-22 08:09 . 2006-01-01 14:48 49152 ----a-r c:\windows\system32\sis740.bin
2009-04-22 08:09 . 2006-01-01 14:48 1869609 ----a-r c:\windows\system32\sisgl.dll
2009-04-22 08:09 . 2006-01-01 14:48 11904 ----a-r c:\windows\system32\drivers\srvkp.sys
2009-04-22 08:09 . 2006-01-01 14:48 884736 ----a-r c:\windows\system32\sisgrv.dll
2009-04-22 08:09 . 2006-01-01 14:48 49152 ----a-r c:\windows\system32\sis650.bin
2009-04-22 08:09 . 2006-01-01 14:48 247296 ----a-r c:\windows\system32\drivers\sisgrp.sys
2009-04-22 07:44 . 2004-08-03 20:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-22 07:34 . 2006-01-01 14:48 75513 ----a-r c:\windows\VGAsetup.ini
2009-04-22 07:34 . 2009-04-22 08:02 2 ----a-w c:\windows\~sisRslt
2009-04-22 07:33 . 2006-01-01 14:48 49152 ----a-r c:\windows\system32\SiSPower.dll
2009-04-22 07:33 . 2006-01-01 14:48 884736 -c--a-w c:\windows\system32\dllcache\sisgrv.dll
2009-04-22 07:33 . 2006-01-01 14:48 247296 -c--a-w c:\windows\system32\dllcache\sisgrp.sys
2009-04-22 07:25 . 2006-01-01 14:47 156672 ----a-r c:\windows\system32\RTLCPAPI.dll
2009-04-22 07:25 . 2006-01-01 14:47 10458112 ----a-r c:\windows\system32\RTLCPL.EXE
2009-04-22 07:25 . 2006-01-01 14:47 141016 ----a-r c:\windows\system32\ALSNDMGR.WAV
2009-04-22 07:25 . 2006-01-01 14:47 18763776 ----a-r c:\windows\system32\ALSNDMGR.CPL
2009-04-22 07:25 . 2006-01-01 14:47 81920 ----a-r c:\windows\SOUNDMAN.EXE
2009-04-22 07:25 . 2006-01-01 14:47 3644032 ----a-r c:\windows\system32\drivers\ALCXWDM.SYS
2009-04-22 06:56 . 2009-04-22 16:46 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-22 06:52 . 2009-04-22 06:52 79360 ----a-w c:\windows\system32\realmrec.dll
2009-04-22 06:52 . 2009-04-22 06:52 72704 ----a-w c:\windows\system32\in_tara.dll
2009-04-22 06:52 . 2009-04-22 06:52 70144 ----a-w c:\windows\system32\in_cdda.dll
2009-04-22 06:52 . 2009-04-22 06:52 68578 ----a-w c:\windows\system32\tarawin.bmp
2009-04-22 06:52 . 2009-04-22 06:52 53760 ----a-w c:\windows\system\ppacklib.dll
2009-04-22 06:52 . 2009-04-22 06:52 515584 ----a-w c:\windows\system32\WaPlug.ocx
2009-04-22 06:52 . 2009-04-22 06:52 226816 ----a-w c:\windows\system32\in_vorbis.dll
2009-04-22 06:52 . 2009-04-22 06:52 15360 ----a-w c:\windows\system32\out_disk.dll
2009-04-22 06:52 . 2009-04-22 06:52 13824 ----a-w c:\windows\system32\out_wave.dll
2009-04-22 06:52 . 2009-04-22 06:52 1159 ----a-w c:\windows\system32\tara.ini
2009-04-22 06:52 . 2009-04-22 06:52 102400 ----a-w c:\windows\system32\in_wm.dll
2009-04-22 06:52 . 2009-04-22 06:52 -------- d-----w c:\windows\محول الصوتيات
2009-04-22 06:50 . 2009-04-22 06:50 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-22 06:48 . 2009-04-22 06:48 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-22 06:48 . 2001-03-08 15:30 24064 ------w c:\windows\system32\msxml3a.dll
2009-04-22 06:40 . 2009-04-22 06:40 -------- d-----w c:\documents and settings\al batin\Application Data\PC Suite
2009-04-22 06:40 . 2009-04-22 06:41 -------- d-----w c:\documents and settings\al batin\Application Data\Nokia
2009-04-22 06:40 . 2009-04-22 06:40 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-22 06:39 . 2007-09-17 12:53 21632 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-22 06:38 . 2009-04-22 06:40 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-22 06:38 . 2008-05-07 04:38 90624 ----a-w c:\windows\system32\nmwcdcls.dll
2009-04-22 06:36 . 2009-04-22 06:36 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-04-22 06:35 . 2004-03-02 13:37 125184 ------w c:\windows\system32\drivers\imagesrv.sys
2009-04-22 06:35 . 2004-03-02 13:37 5504 ------w c:\windows\system32\drivers\imagedrv.sys
2009-04-22 06:35 . 2000-06-26 07:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-04-22 06:35 . 2004-07-26 13:16 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-04-22 06:35 . 2004-07-26 13:16 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-04-22 06:35 . 2004-07-26 13:16 262144 ------w c:\windows\system32\ImagXR7.dll
2009-04-22 06:35 . 2004-07-26 13:16 1568768 ------w c:\windows\system32\ImagX7.dll
2009-04-22 06:35 . 2001-07-09 07:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-04-22 06:32 . 2009-04-22 06:31 69632 ----a-w c:\windows\system32\javacpl.cpl
2009-04-22 06:30 . 2009-04-22 06:31 -------- d-----w c:\windows\speech
2009-04-22 06:30 . 2009-04-22 06:30 172032 ------w c:\windows\Setup1.exe
2009-04-22 06:30 . 2009-04-22 06:30 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-22 06:26 . 2009-04-22 06:30 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\Adobe
2009-04-22 06:23 . 2009-04-22 06:23 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\ACD Systems
2009-04-22 06:23 . 2009-04-22 06:23 -------- d-----w c:\documents and settings\al batin\Application Data\ACD Systems
2009-04-22 06:22 . 2009-04-22 06:22 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-04-22 06:21 . 2009-04-22 06:21 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\Downloaded Installations
2009-04-22 06:16 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-22 06:08 . 2009-04-22 06:13 -------- d-----w c:\windows\SHELLNEW
2009-04-22 06:07 . 2009-04-22 06:07 -------- d-----w c:\documents and settings\al batin\Local Settings\Application Data\Microsoft Help
2009-04-22 06:07 . 2009-04-22 06:16 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-22 06:07 . 2009-04-22 06:07 -------- d--h--r C:\MSOCache
2009-04-22 06:04 . 2009-04-22 16:47 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft
2009-04-22 06:04 . 2009-04-22 06:04 -------- d-s---w c:\windows\system32\Microsoft
2009-04-22 06:04 . 2009-04-22 06:04 -------- d-sh--w c:\documents and settings\LocalService
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 14:50 . 2009-04-24 10:06 -------- d-----w c:\program files\VS Revo Group
2009-04-24 14:12 . 2007-10-24 11:16 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-24 12:54 . 2009-04-22 17:52 -------- d-----w c:\program files\Kaspersky Lab
2009-04-24 12:26 . 2001-09-19 12:00 39982 ----a-w c:\windows\system32\perfc001.dat
2009-04-24 12:26 . 2001-09-19 12:00 251478 ----a-w c:\windows\system32\perfh001.dat
2009-04-23 15:51 . 2009-04-23 15:51 -------- d-----w c:\program files\Itch Eq
2009-04-23 15:50 . 2009-04-23 15:50 -------- d-----w c:\program files\Circl Developement
2009-04-23 15:50 . 2009-04-23 15:50 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-23 15:48 . 2009-04-22 06:05 99496 ----a-w c:\documents and settings\al batin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 07:50 . 2009-04-22 07:48 -------- d-----w c:\program files\Windows Live
2009-04-22 07:48 . 2009-04-22 07:48 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-22 07:47 . 2009-04-22 07:47 -------- d-----w c:\program files\Microsoft
2009-04-22 06:52 . 2009-04-22 06:52 -------- d-----w c:\program files\Real_SC
2009-04-22 06:50 . 2009-04-22 06:50 -------- d-----w c:\program files\Common Files\Real
2009-04-22 06:50 . 2009-04-22 06:50 -------- d-----w c:\program files\Ringz Studio
2009-04-22 06:48 . 2009-04-22 06:47 -------- d-----w c:\program files\CyberLink
2009-04-22 06:47 . 2009-04-22 06:47 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-22 06:47 . 2009-04-22 06:46 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-22 06:39 . 2009-04-22 06:39 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-22 06:39 . 2009-04-22 06:39 -------- d-----w c:\program files\Common Files\Nokia
2009-04-22 06:39 . 2009-04-22 06:38 -------- d-----w c:\program files\Nokia
2009-04-22 06:39 . 2009-04-22 06:39 -------- d-----w c:\program files\DIFX
2009-04-22 06:38 . 2009-04-22 06:38 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-22 06:35 . 2009-04-22 06:35 -------- d-----w c:\program files\Ahead
2009-04-22 06:35 . 2009-04-22 06:35 -------- d-----w c:\program files\Common Files\Ahead
2009-04-22 06:33 . 2009-04-22 06:33 2232 ----a-w c:\windows\java\Packages\Data\RVN733TZ.DAT
2009-04-22 06:33 . 2009-04-22 06:33 155995 ----a-w c:\windows\java\Packages\8177HNB3.ZIP
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\5Z7T713R.DAT
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\7X35BJFR.DAT
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\BDBPFDZX.DAT
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\9B77P33H.DAT
2009-04-22 06:33 . 2009-04-22 06:33 2678 ----a-w c:\windows\java\Packages\Data\J5JL3JTF.DAT
2009-04-22 06:33 . 2009-04-22 06:32 -------- d-----w c:\program files\Microsoft VM
2009-04-22 06:31 . 2009-04-22 06:31 -------- d-----w c:\program files\Java
2009-04-22 06:31 . 2009-04-22 06:31 -------- d-----w c:\program files\Common Files\Java
2009-04-22 06:30 . 2009-04-22 06:30 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-22 06:25 . 2009-04-22 06:25 -------- d-----w c:\program files\Common Files\Adobe
2009-04-22 06:22 . 2009-04-22 06:22 -------- d-----w c:\program files\Common Files\ACD Systems
2009-04-22 06:22 . 2009-04-22 06:22 -------- d-----w c:\program files\ACD Systems
2009-04-22 06:14 . 2009-04-22 06:14 -------- d-----w c:\program files\Microsoft Works
2009-04-22 06:14 . 2009-04-22 06:14 -------- d-----w c:\program files\MSBuild
2009-04-21 20:04 . 2009-04-21 20:04 -------- d-----w c:\program files\microsoft frontpage
2009-04-21 20:02 . 2009-04-21 20:02 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 19:59 . 2009-04-21 19:59 22144 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"flapmulti"="c:\docume~1\ALBATI~1\APPLIC~1\ITCHEQ~1\firstintertick.exe" [2009-04-23 618496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-04-22 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-24 206088]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-01-01 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2039:TCP"= 2039:TCP:vqjdng
R2 wbqylxmf;Network Support;c:\windows\system32\svchost.exe [2004-08-03 14336]
R3 bustf;bustf; [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-04-24 33808]
S3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [2001-08-17 72192]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-05-30 24344]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wbqylxmf
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
FF - ProfilePath - c:\documents and settings\al batin\Application Data\Mozilla\Firefox\Profiles\6rpxbfuf.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-24 18:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bustf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wbqylxmf]
"ServiceDll"="c:\windows\system32\iyeosnro.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-04-24 18:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-24 15:22
Pre-Run: 15,557,115,904 bytes free
Post-Run: 15,678,115,840 bytes free
257
توقيع : فـهـد
تأييد
0
Corporation
زيزوومى فضى
غير متصل
ارجع سو تقرير هايجاك جديد ,,
توقيع : Corporation
تأييد
0