lio messi
زيزوومى مميز
غير متصل
- بادئ الموضوع lio messi
- تاريخ البدء
- 904
علاوي الدلوع
زيزوومي جديد
غير متصل
اخي كم الرااااااااااام عندك عطني مواصفات جهازك
علاوي الدلوع
مهندس صيانة
علاوي الدلوع
مهندس صيانة
تأييد
0
علاوي الدلوع
زيزوومي جديد
غير متصل
طيب خلاص حبيبي مشكلتك انة عندك فايرس في الجهاز يجعل بطي في عملية النظام راح ارسلك رابط لتحميل برنامج كاااااسبر
تأييد
0
lio messi
زيزوومى مميز
غير متصل
اخوي انا ندي جميع برامج الحماية لا كاسبر ولا افيرا ولا نورتن صاد شي
بس
مدري عن السباي وير
لاني ما لقيت برنامج سباي وير جيد
كلهن (( مع الاسف فاشلات )) كنت استخدم AVG Anti spyware
واذكر وقف التحديث ومن يومها وانا ما عندي برنامج سباي وير
المهم كل شي سويته لاكن ما فيه شي
سويت تقرير هاي جاك وما حصلت فية شي
والله اني متحير من ذا الجهاااز
بس
مدري عن السباي وير
لاني ما لقيت برنامج سباي وير جيد
كلهن (( مع الاسف فاشلات )) كنت استخدم AVG Anti spyware
واذكر وقف التحديث ومن يومها وانا ما عندي برنامج سباي وير
المهم كل شي سويته لاكن ما فيه شي
سويت تقرير هاي جاك وما حصلت فية شي
والله اني متحير من ذا الجهاااز
توقيع : lio messi
تأييد
0
علاوي الدلوع
زيزوومي جديد
غير متصل
ولو مانفعت خدها نصيحة مني كمهندس فرمت c وريح حالك من الدوخة كل واحد بيجيبلك حل وصدقني مابينفع كلها مجرب احتمالات اختصر الطريق وريح حاااااااااااااااااااالك
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
اولا
عطل برامج الحماية لديك
نزل هذه الاداة
عطل برامج الحماية لديك
نزل هذه الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول
ثانيا
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول
ثانيا
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني
ملاحظة لانظمة فيستا يكون تشغيل الادوات كلك يمين ثم تشغيل كمسؤول
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني
ملاحظة لانظمة فيستا يكون تشغيل الادوات كلك يمين ثم تشغيل كمسؤول
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد
0
علاوي الدلوع
زيزوومي جديد
غير متصل
هلا اخوي ابغى منك حاجة وحدة ادارة المهام شغالة عندك ام لا
علاوي الدلوع
مهندس صيانة
تأييد
0
lio messi
زيزوومى مميز
غير متصل
ComboFix 09-04-28.02 - ASUS 04/29/2009 13:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1256.966.1025.18.3071.1829 [GMT 3:00]
Running from: c:\users\ASUS\Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.
2009-04-29 10:15 . 2009-04-29 13:05 -------- d-----w c:\users\ASUS\AppData\Local\Temp
2009-04-29 10:15 . 2009-04-29 10:15 -------- d-----w c:\users\ASUS\AppData\Local\Temporary Internet Files
2009-04-29 10:15 . 2009-04-29 10:15 -------- d-----w c:\users\ASUS\AppData\Local\History
2009-04-29 10:15 . 2009-04-29 10:15 -------- d-----w C:\Temp
2009-04-29 10:15 . 2009-04-29 10:15 -------- d-----w c:\windows\system32\dllcache
2009-04-29 01:16 . 2008-06-20 01:17 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-29 01:16 . 2008-06-20 01:18 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-29 01:16 . 2008-06-20 01:17 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-29 01:16 . 2008-06-20 01:17 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-29 01:16 . 2008-06-20 01:18 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-29 01:16 . 2008-06-20 01:18 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-29 01:16 . 2008-06-20 01:18 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-29 01:10 . 2008-07-27 18:00 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-29 01:10 . 2008-07-27 18:00 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-29 01:10 . 2008-07-27 18:00 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-29 01:10 . 2008-07-27 18:00 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-29 01:10 . 2008-07-27 18:00 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-29 01:09 . 2009-04-29 01:09 -------- d-----w c:\users\ASUS\AppData\Local\Microsoft Help
2009-04-28 23:49 . 2008-06-26 03:22 1963520 ----a-w c:\windows\system32\NlsData0002.dll
2009-04-28 23:02 . 2009-04-28 23:20 -------- d-----w c:\users\ASUS\AppData\Local\Temp(31)
2009-04-28 12:30 . 2009-04-28 12:30 -------- d-----w c:\program files\Memory Improve Master
2009-04-27 13:42 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-04-27 10:52 . 2009-04-28 23:23 -------- d-----w c:\users\ASUS\AppData\Roaming\TeraCopy
2009-04-27 10:50 . 2009-04-27 10:52 -------- d-----w c:\program files\TeraCopy
2009-04-26 22:00 . 2009-04-26 22:00 -------- d-----w c:\users\ASUS\AppData\Local\Adobe
2009-04-25 22:40 . 2009-04-03 18:18 33256 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-04-25 21:44 . 2009-04-25 22:06 -------- d-----w c:\users\ASUS\AppData\Roaming\Hide IP NG
2009-04-25 21:40 . 2009-04-25 21:40 -------- d-----w c:\programdata\RealHideIP
2009-04-25 21:40 . 2009-04-25 21:41 -------- d-----w c:\users\ASUS\AppData\Roaming\RealHideIP
2009-04-25 15:17 . 2009-04-25 15:17 -------- d-----w c:\users\ASUS\AppData\Roaming\Ahead
2009-04-25 15:17 . 2009-04-25 15:17 -------- d-----w c:\programdata\LightScribe
2009-04-25 14:53 . 1998-02-22 09:51 28160 ----a-w c:\windows\system32\Rdcdnt.dll
2009-04-25 14:53 . 1998-02-22 09:51 28160 ----a-w c:\windows\system32\Rdcd32.dll
2009-04-25 14:53 . 1998-02-19 11:06 3824 ----a-w c:\windows\system32\Rdcd16.dll
2009-04-25 14:49 . 2009-04-25 14:53 -------- d-----w C:\Audio
2009-04-25 14:35 . 2009-04-25 14:35 -------- d-----w c:\users\ASUS\AppData\Roaming\Syntrillium
2009-04-25 14:34 . 2009-04-25 14:37 -------- d-----w c:\program files\coolpro2
2009-04-22 12:15 . 2008-06-21 15:54 11779 ----a-w c:\windows\REGTWEAK.REG
2009-04-22 12:01 . 2008-04-19 08:13 268800 ----a-w c:\windows\system32\es.dll
2009-04-20 19:33 . 2009-04-20 19:33 297472 ----a-w c:\windows\system32\gdi32.dll
2009-04-20 19:33 . 2009-04-20 19:33 1244672 ----a-w c:\windows\system32\mcmde.dll
2009-04-20 19:33 . 2009-04-20 19:33 428032 ----a-w c:\windows\system32\EncDec.dll
2009-04-20 19:33 . 2009-04-20 19:33 292352 ----a-w c:\windows\system32\psisdecd.dll
2009-04-20 19:33 . 2009-04-20 19:33 1585664 ----a-w c:\windows\system32\setupapi.dll
2009-04-20 15:13 . 2009-04-20 15:13 -------- d-----w c:\program files\Conduit
2009-04-20 14:30 . 2009-04-20 14:30 -------- d-----w c:\programdata\Office Genuine Advantage
2009-04-20 14:09 . 2009-04-20 14:09 465408 ----a-w c:\windows\system32\newdev.dll
2009-04-20 14:09 . 2009-04-20 14:09 74752 ----a-w c:\windows\system32\newdev.exe
2009-04-20 14:09 . 2009-04-20 14:09 858112 ----a-w c:\windows\system32\RacEngn.dll
2009-04-20 14:09 . 2009-04-20 14:09 500736 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-20 14:09 . 2009-04-20 14:09 30208 ----a-w c:\windows\system32\xolehlp.dll
2009-04-20 14:08 . 2009-04-20 14:08 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-20 14:08 . 2009-04-20 14:08 8147968 ----a-w c:\windows\system32\wmploc.DLL
2009-04-20 14:08 . 2009-04-20 14:08 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-20 14:08 . 2009-04-20 14:08 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-20 14:05 . 2009-04-20 14:05 21560 ----a-w c:\windows\system32\drivers\atapi.sys
2009-04-20 14:05 . 2009-04-20 14:05 45112 ----a-w c:\windows\system32\drivers\pciidex.sys
2009-04-20 14:05 . 2009-04-20 14:05 109624 ----a-w c:\windows\system32\drivers\ataport.sys
2009-04-20 14:05 . 2009-04-20 14:05 17464 ----a-w c:\windows\system32\drivers\intelide.sys
2009-04-20 14:05 . 2009-04-20 14:05 211000 ----a-w c:\windows\system32\drivers\volsnap.sys
2009-04-20 14:05 . 2009-04-20 14:05 154624 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-04-20 14:04 . 2009-04-20 14:04 2923520 ----a-w c:\windows\explorer.exe
2009-04-20 14:01 . 2009-04-20 14:01 181760 ----a-w c:\windows\system32\fsquirt.exe
2009-04-20 14:01 . 2009-04-20 14:01 19456 ----a-w c:\windows\system32\drivers\bthenum.sys
2009-04-20 14:01 . 2009-04-20 14:01 220160 ----a-w c:\windows\system32\drivers\bthport.sys
2009-04-20 14:01 . 2009-04-20 14:01 29184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2009-04-20 13:58 . 2009-04-20 13:58 549888 ----a-w c:\windows\system32\rpcss.dll
2009-04-20 13:58 . 2009-04-20 13:58 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-20 13:58 . 2009-04-20 13:58 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-20 13:58 . 2009-04-20 13:58 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-20 13:58 . 2009-04-20 13:58 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-20 13:58 . 2009-04-20 13:58 53248 ----a-w c:\windows\system32\iasads.dll
2009-04-20 13:58 . 2009-04-20 13:58 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-20 13:58 . 2009-04-20 13:58 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-04-20 13:58 . 2009-04-20 13:58 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-04-20 13:57 . 2009-04-20 13:57 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-20 13:57 . 2009-04-20 13:57 7680 ----a-w c:\windows\system32\lsass.exe
2009-04-20 13:57 . 2009-04-20 13:57 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-04-20 13:57 . 2009-04-20 13:57 25600 ----a-w c:\windows\system32\amxread.dll
2009-04-20 13:57 . 2009-04-20 13:57 14848 ----a-w c:\windows\system32\apilogen.dll
2009-04-20 13:56 . 2009-04-20 13:56 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll
2009-04-20 13:56 . 2009-04-20 13:56 712192 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-04-20 13:56 . 2009-04-20 13:56 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-04-20 13:56 . 2009-04-20 13:56 37376 ----a-w c:\windows\system32\printcom.dll
2009-04-20 13:56 . 2009-04-20 13:56 441856 ----a-w c:\windows\system32\win32spl.dll
2009-04-20 13:56 . 2009-04-20 13:56 290304 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-20 13:53 . 2009-04-20 13:53 1341440 ----a-w c:\windows\system32\msxml6.dll
2009-04-20 13:53 . 2009-04-20 13:53 2048 ----a-w c:\windows\system32\msxml6r.dll
2009-04-17 18:03 . 2009-04-17 18:03 -------- d-----w c:\program files\SpeedBit Video Accelerator
2009-04-17 11:07 . 2009-04-17 11:08 -------- d-----w c:\program files\MP3Resizer
2009-04-17 09:36 . 2009-04-17 09:36 1327104 ----a-w c:\windows\system32\quartz.dll
2009-04-17 09:36 . 2009-04-17 09:36 2030080 ----a-w c:\windows\system32\win32k.sys
2009-04-16 20:18 . 2009-04-25 22:42 -------- d-----w c:\program files\Hotspot Shield
2009-04-16 11:34 . 2009-04-16 11:34 -------- d-----w c:\users\ASUS\AppData\Local\Kakomira
2009-04-16 11:23 . 2009-04-16 11:23 -------- d-----w c:\program files\SpeedFan
2009-04-16 11:15 . 2009-04-16 11:15 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-16 11:15 . 2009-04-16 11:15 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-16 11:15 . 2009-04-16 11:15 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-16 11:15 . 2009-04-16 11:15 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-16 11:15 . 2009-04-16 11:15 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll
2009-04-16 11:15 . 2009-04-16 11:15 95232 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-16 11:15 . 2009-04-16 11:15 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll
2009-04-16 11:14 . 2009-04-16 11:14 110080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2009-04-16 11:14 . 2009-04-16 11:14 194560 ----a-w c:\windows\system32\WebClnt.dll
2009-04-16 11:14 . 2009-04-16 11:14 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 11:14 . 2009-04-16 11:14 1060920 ----a-w c:\windows\system32\drivers\ntfs.sys
2009-04-16 11:14 . 2009-04-16 11:14 41984 ----a-w c:\windows\system32\drivers\monitor.sys
2009-04-16 11:13 . 2009-04-16 11:13 211456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-16 11:12 . 2009-04-16 11:12 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-16 11:12 . 2009-04-16 11:12 4247552 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-16 11:12 . 2009-04-16 11:12 1687040 ----a-w c:\windows\system32\gameux.dll
2009-04-16 11:12 . 2009-04-16 11:12 1194496 ----a-w c:\windows\system32\msxml3.dll
2009-04-16 11:12 . 2009-04-16 11:12 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-16 11:11 . 2009-04-16 11:11 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-16 11:10 . 2009-04-16 11:10 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-16 11:10 . 2009-04-16 11:10 24064 ----a-w c:\windows\system32\netcfg.exe
2009-04-16 11:10 . 2009-04-16 11:10 216632 ----a-w c:\windows\system32\drivers\netio.sys
2009-04-16 11:10 . 2009-04-16 11:10 167424 ----a-w c:\windows\system32\tcpipcfg.dll
2009-04-16 11:10 . 2009-04-16 11:10 22016 ----a-w c:\windows\system32\netiougc.exe
2009-04-16 11:10 . 2009-04-16 11:10 803328 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-16 11:09 . 2009-04-16 11:09 9728 ----a-w c:\windows\system32\LAPRXY.DLL
2009-04-16 11:09 . 2009-04-16 11:09 2048 ----a-w c:\windows\system32\asferror.dll
2009-04-16 11:09 . 2009-04-16 11:09 223232 ----a-w c:\windows\system32\WMASF.DLL
2009-04-16 11:09 . 2009-04-16 11:09 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-16 11:09 . 2009-04-16 11:09 14848 ----a-w c:\windows\system32\wshrm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 11:10 . 2007-04-20 16:23 81136 ----a-w c:\windows\system32\perfc001.dat
2009-04-29 11:10 . 2007-04-20 16:23 460662 ----a-w c:\windows\system32\perfh001.dat
2009-04-29 11:01 . 2009-04-14 17:42 3892 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-29 11:01 . 2009-04-14 17:42 22384 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 10:59 . 2007-04-20 15:35 12 ----a-w c:\windows\bthservsdp.dat
2009-04-25 22:40 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-04-25 22:40 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-22 11:40 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-22 11:40 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-20 14:17 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-04-20 13:57 . 2009-04-20 13:57 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-04-17 12:34 . 2008-02-12 01:55 -------- d-----w c:\program files\ASUS
2009-04-16 12:50 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 12:50 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 11:12 . 2009-04-16 11:12 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-16 11:12 . 2009-04-16 11:12 2144256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-16 11:12 . 2009-04-16 11:12 537600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-16 11:12 . 2009-04-16 11:12 449536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-16 11:12 . 2009-04-16 11:12 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-16 11:05 . 2009-04-16 11:05 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-16 11:05 . 2009-04-16 11:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-04-16 11:05 . 2009-04-16 11:05 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-04-16 11:05 . 2009-04-16 11:05 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-16 11:05 . 2009-04-16 11:05 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-16 11:05 . 2009-04-16 11:05 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-16 11:05 . 2009-04-16 11:05 56320 ----a-w c:\windows\system32\iesetup.dll
2009-04-15 18:49 . 2008-02-12 01:49 -------- d-----w c:\program files\Intel
2009-04-15 13:43 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-14 17:36 . 2008-02-12 02:02 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-20 22:27 . 2009-03-20 22:27 27136 ----a-w c:\windows\system32\drivers\tapvpn.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-25 22:40 332776 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-16 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-28 2799024]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-04-14 270128]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2008-09-29 4354048]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-04-17 2823784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 630784]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-02 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-02-12 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-02-12 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-15 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-15 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 136600]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E196C3E4-2EE2-43CE-A754-A41A9B0AEAC8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1EE0A8A6-5D04-4432-9EBC-F3E8C948B47D}"= UDP:c:\users\ASUS\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{5B338740-FF26-46F8-99F4-9978FCB35F1D}"= TCP:c:\users\ASUS\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{E188933D-52F3-4A17-886F-5EFA79567FC0}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BC229020-66DD-4091-801B-A173EC955998}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.EXE [2009-04-22 34352]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-15 33808]
S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23232]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-22 328752]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-04-17 288368]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-06-27 46592]
S3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\DRIVERS\HssDrv.sys [2009-04-03 33256]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09db16cd-2b3d-11de-8bf2-001e8cedc1ef}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41764745-3011-11de-b9d3-001e8cedc1ef}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5c9793c-2921-11de-bc6a-001de025e4a3}]
\shell\AutoRun\command - setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Copy Handler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = about:blank
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\javbf27w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\ASUS\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\javbf27w.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-29 16:05
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(760)
c:\progra~1\SPEEDB~1\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3380)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\wlanext.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
c:\windows\System32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\IfxUAGUI.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTNA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-04-29 16:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 13:06
Pre-Run: 51,277,455,360 bytes free
Post-Run: 51,872,325,632 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,22
431 --- E O F --- 2009-04-29 01:25
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1256.966.1025.18.3071.1829 [GMT 3:00]
Running from: c:\users\ASUS\Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.
2009-04-29 10:15 . 2009-04-29 13:05 -------- d-----w c:\users\ASUS\AppData\Local\Temp
2009-04-29 10:15 . 2009-04-29 10:15 -------- d-----w c:\users\ASUS\AppData\Local\Temporary Internet Files
2009-04-29 10:15 . 2009-04-29 10:15 -------- d-----w c:\users\ASUS\AppData\Local\History
2009-04-29 10:15 . 2009-04-29 10:15 -------- d-----w C:\Temp
2009-04-29 10:15 . 2009-04-29 10:15 -------- d-----w c:\windows\system32\dllcache
2009-04-29 01:16 . 2008-06-20 01:17 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-29 01:16 . 2008-06-20 01:18 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-29 01:16 . 2008-06-20 01:17 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-29 01:16 . 2008-06-20 01:17 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-29 01:16 . 2008-06-20 01:18 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-29 01:16 . 2008-06-20 01:18 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-29 01:16 . 2008-06-20 01:18 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-29 01:10 . 2008-07-27 18:00 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-29 01:10 . 2008-07-27 18:00 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-29 01:10 . 2008-07-27 18:00 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-29 01:10 . 2008-07-27 18:00 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-29 01:10 . 2008-07-27 18:00 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-29 01:09 . 2009-04-29 01:09 -------- d-----w c:\users\ASUS\AppData\Local\Microsoft Help
2009-04-28 23:49 . 2008-06-26 03:22 1963520 ----a-w c:\windows\system32\NlsData0002.dll
2009-04-28 23:02 . 2009-04-28 23:20 -------- d-----w c:\users\ASUS\AppData\Local\Temp(31)
2009-04-28 12:30 . 2009-04-28 12:30 -------- d-----w c:\program files\Memory Improve Master
2009-04-27 13:42 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-04-27 10:52 . 2009-04-28 23:23 -------- d-----w c:\users\ASUS\AppData\Roaming\TeraCopy
2009-04-27 10:50 . 2009-04-27 10:52 -------- d-----w c:\program files\TeraCopy
2009-04-26 22:00 . 2009-04-26 22:00 -------- d-----w c:\users\ASUS\AppData\Local\Adobe
2009-04-25 22:40 . 2009-04-03 18:18 33256 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-04-25 21:44 . 2009-04-25 22:06 -------- d-----w c:\users\ASUS\AppData\Roaming\Hide IP NG
2009-04-25 21:40 . 2009-04-25 21:40 -------- d-----w c:\programdata\RealHideIP
2009-04-25 21:40 . 2009-04-25 21:41 -------- d-----w c:\users\ASUS\AppData\Roaming\RealHideIP
2009-04-25 15:17 . 2009-04-25 15:17 -------- d-----w c:\users\ASUS\AppData\Roaming\Ahead
2009-04-25 15:17 . 2009-04-25 15:17 -------- d-----w c:\programdata\LightScribe
2009-04-25 14:53 . 1998-02-22 09:51 28160 ----a-w c:\windows\system32\Rdcdnt.dll
2009-04-25 14:53 . 1998-02-22 09:51 28160 ----a-w c:\windows\system32\Rdcd32.dll
2009-04-25 14:53 . 1998-02-19 11:06 3824 ----a-w c:\windows\system32\Rdcd16.dll
2009-04-25 14:49 . 2009-04-25 14:53 -------- d-----w C:\Audio
2009-04-25 14:35 . 2009-04-25 14:35 -------- d-----w c:\users\ASUS\AppData\Roaming\Syntrillium
2009-04-25 14:34 . 2009-04-25 14:37 -------- d-----w c:\program files\coolpro2
2009-04-22 12:15 . 2008-06-21 15:54 11779 ----a-w c:\windows\REGTWEAK.REG
2009-04-22 12:01 . 2008-04-19 08:13 268800 ----a-w c:\windows\system32\es.dll
2009-04-20 19:33 . 2009-04-20 19:33 297472 ----a-w c:\windows\system32\gdi32.dll
2009-04-20 19:33 . 2009-04-20 19:33 1244672 ----a-w c:\windows\system32\mcmde.dll
2009-04-20 19:33 . 2009-04-20 19:33 428032 ----a-w c:\windows\system32\EncDec.dll
2009-04-20 19:33 . 2009-04-20 19:33 292352 ----a-w c:\windows\system32\psisdecd.dll
2009-04-20 19:33 . 2009-04-20 19:33 1585664 ----a-w c:\windows\system32\setupapi.dll
2009-04-20 15:13 . 2009-04-20 15:13 -------- d-----w c:\program files\Conduit
2009-04-20 14:30 . 2009-04-20 14:30 -------- d-----w c:\programdata\Office Genuine Advantage
2009-04-20 14:09 . 2009-04-20 14:09 465408 ----a-w c:\windows\system32\newdev.dll
2009-04-20 14:09 . 2009-04-20 14:09 74752 ----a-w c:\windows\system32\newdev.exe
2009-04-20 14:09 . 2009-04-20 14:09 858112 ----a-w c:\windows\system32\RacEngn.dll
2009-04-20 14:09 . 2009-04-20 14:09 500736 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-20 14:09 . 2009-04-20 14:09 30208 ----a-w c:\windows\system32\xolehlp.dll
2009-04-20 14:08 . 2009-04-20 14:08 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-04-20 14:08 . 2009-04-20 14:08 8147968 ----a-w c:\windows\system32\wmploc.DLL
2009-04-20 14:08 . 2009-04-20 14:08 7680 ----a-w c:\windows\system32\spwmp.dll
2009-04-20 14:08 . 2009-04-20 14:08 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-04-20 14:05 . 2009-04-20 14:05 21560 ----a-w c:\windows\system32\drivers\atapi.sys
2009-04-20 14:05 . 2009-04-20 14:05 45112 ----a-w c:\windows\system32\drivers\pciidex.sys
2009-04-20 14:05 . 2009-04-20 14:05 109624 ----a-w c:\windows\system32\drivers\ataport.sys
2009-04-20 14:05 . 2009-04-20 14:05 17464 ----a-w c:\windows\system32\drivers\intelide.sys
2009-04-20 14:05 . 2009-04-20 14:05 211000 ----a-w c:\windows\system32\drivers\volsnap.sys
2009-04-20 14:05 . 2009-04-20 14:05 154624 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-04-20 14:04 . 2009-04-20 14:04 2923520 ----a-w c:\windows\explorer.exe
2009-04-20 14:01 . 2009-04-20 14:01 181760 ----a-w c:\windows\system32\fsquirt.exe
2009-04-20 14:01 . 2009-04-20 14:01 19456 ----a-w c:\windows\system32\drivers\bthenum.sys
2009-04-20 14:01 . 2009-04-20 14:01 220160 ----a-w c:\windows\system32\drivers\bthport.sys
2009-04-20 14:01 . 2009-04-20 14:01 29184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2009-04-20 13:58 . 2009-04-20 13:58 549888 ----a-w c:\windows\system32\rpcss.dll
2009-04-20 13:58 . 2009-04-20 13:58 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-20 13:58 . 2009-04-20 13:58 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-20 13:58 . 2009-04-20 13:58 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-20 13:58 . 2009-04-20 13:58 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-20 13:58 . 2009-04-20 13:58 53248 ----a-w c:\windows\system32\iasads.dll
2009-04-20 13:58 . 2009-04-20 13:58 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-20 13:58 . 2009-04-20 13:58 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-04-20 13:58 . 2009-04-20 13:58 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-04-20 13:57 . 2009-04-20 13:57 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-20 13:57 . 2009-04-20 13:57 7680 ----a-w c:\windows\system32\lsass.exe
2009-04-20 13:57 . 2009-04-20 13:57 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-04-20 13:57 . 2009-04-20 13:57 25600 ----a-w c:\windows\system32\amxread.dll
2009-04-20 13:57 . 2009-04-20 13:57 14848 ----a-w c:\windows\system32\apilogen.dll
2009-04-20 13:56 . 2009-04-20 13:56 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll
2009-04-20 13:56 . 2009-04-20 13:56 712192 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-04-20 13:56 . 2009-04-20 13:56 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-04-20 13:56 . 2009-04-20 13:56 37376 ----a-w c:\windows\system32\printcom.dll
2009-04-20 13:56 . 2009-04-20 13:56 441856 ----a-w c:\windows\system32\win32spl.dll
2009-04-20 13:56 . 2009-04-20 13:56 290304 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-20 13:53 . 2009-04-20 13:53 1341440 ----a-w c:\windows\system32\msxml6.dll
2009-04-20 13:53 . 2009-04-20 13:53 2048 ----a-w c:\windows\system32\msxml6r.dll
2009-04-17 18:03 . 2009-04-17 18:03 -------- d-----w c:\program files\SpeedBit Video Accelerator
2009-04-17 11:07 . 2009-04-17 11:08 -------- d-----w c:\program files\MP3Resizer
2009-04-17 09:36 . 2009-04-17 09:36 1327104 ----a-w c:\windows\system32\quartz.dll
2009-04-17 09:36 . 2009-04-17 09:36 2030080 ----a-w c:\windows\system32\win32k.sys
2009-04-16 20:18 . 2009-04-25 22:42 -------- d-----w c:\program files\Hotspot Shield
2009-04-16 11:34 . 2009-04-16 11:34 -------- d-----w c:\users\ASUS\AppData\Local\Kakomira
2009-04-16 11:23 . 2009-04-16 11:23 -------- d-----w c:\program files\SpeedFan
2009-04-16 11:15 . 2009-04-16 11:15 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-04-16 11:15 . 2009-04-16 11:15 61440 ----a-w c:\windows\system32\winipsec.dll
2009-04-16 11:15 . 2009-04-16 11:15 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-16 11:15 . 2009-04-16 11:15 272896 ----a-w c:\windows\system32\polstore.dll
2009-04-16 11:15 . 2009-04-16 11:15 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll
2009-04-16 11:15 . 2009-04-16 11:15 95232 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-16 11:15 . 2009-04-16 11:15 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll
2009-04-16 11:14 . 2009-04-16 11:14 110080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2009-04-16 11:14 . 2009-04-16 11:14 194560 ----a-w c:\windows\system32\WebClnt.dll
2009-04-16 11:14 . 2009-04-16 11:14 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 11:14 . 2009-04-16 11:14 1060920 ----a-w c:\windows\system32\drivers\ntfs.sys
2009-04-16 11:14 . 2009-04-16 11:14 41984 ----a-w c:\windows\system32\drivers\monitor.sys
2009-04-16 11:13 . 2009-04-16 11:13 211456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-16 11:12 . 2009-04-16 11:12 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-04-16 11:12 . 2009-04-16 11:12 4247552 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-16 11:12 . 2009-04-16 11:12 1687040 ----a-w c:\windows\system32\gameux.dll
2009-04-16 11:12 . 2009-04-16 11:12 1194496 ----a-w c:\windows\system32\msxml3.dll
2009-04-16 11:12 . 2009-04-16 11:12 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-04-16 11:11 . 2009-04-16 11:11 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-16 11:10 . 2009-04-16 11:10 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-16 11:10 . 2009-04-16 11:10 24064 ----a-w c:\windows\system32\netcfg.exe
2009-04-16 11:10 . 2009-04-16 11:10 216632 ----a-w c:\windows\system32\drivers\netio.sys
2009-04-16 11:10 . 2009-04-16 11:10 167424 ----a-w c:\windows\system32\tcpipcfg.dll
2009-04-16 11:10 . 2009-04-16 11:10 22016 ----a-w c:\windows\system32\netiougc.exe
2009-04-16 11:10 . 2009-04-16 11:10 803328 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-16 11:09 . 2009-04-16 11:09 9728 ----a-w c:\windows\system32\LAPRXY.DLL
2009-04-16 11:09 . 2009-04-16 11:09 2048 ----a-w c:\windows\system32\asferror.dll
2009-04-16 11:09 . 2009-04-16 11:09 223232 ----a-w c:\windows\system32\WMASF.DLL
2009-04-16 11:09 . 2009-04-16 11:09 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-16 11:09 . 2009-04-16 11:09 14848 ----a-w c:\windows\system32\wshrm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 11:10 . 2007-04-20 16:23 81136 ----a-w c:\windows\system32\perfc001.dat
2009-04-29 11:10 . 2007-04-20 16:23 460662 ----a-w c:\windows\system32\perfh001.dat
2009-04-29 11:01 . 2009-04-14 17:42 3892 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-29 11:01 . 2009-04-14 17:42 22384 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 10:59 . 2007-04-20 15:35 12 ----a-w c:\windows\bthservsdp.dat
2009-04-25 22:40 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-04-25 22:40 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-22 11:40 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-22 11:40 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-20 14:17 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-04-20 13:57 . 2009-04-20 13:57 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-04-17 12:34 . 2008-02-12 01:55 -------- d-----w c:\program files\ASUS
2009-04-16 12:50 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 12:50 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-16 11:12 . 2009-04-16 11:12 2560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-04-16 11:12 . 2009-04-16 11:12 2144256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-04-16 11:12 . 2009-04-16 11:12 537600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-04-16 11:12 . 2009-04-16 11:12 449536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-04-16 11:12 . 2009-04-16 11:12 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-04-16 11:05 . 2009-04-16 11:05 72704 ----a-w c:\windows\system32\admparse.dll
2009-04-16 11:05 . 2009-04-16 11:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-04-16 11:05 . 2009-04-16 11:05 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-04-16 11:05 . 2009-04-16 11:05 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-16 11:05 . 2009-04-16 11:05 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-04-16 11:05 . 2009-04-16 11:05 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-16 11:05 . 2009-04-16 11:05 56320 ----a-w c:\windows\system32\iesetup.dll
2009-04-15 18:49 . 2008-02-12 01:49 -------- d-----w c:\program files\Intel
2009-04-15 13:43 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-14 17:36 . 2008-02-12 02:02 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-20 22:27 . 2009-03-20 22:27 27136 ----a-w c:\windows\system32\drivers\tapvpn.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-25 22:40 332776 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-16 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-28 2799024]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-04-14 270128]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2008-09-29 4354048]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-04-17 2823784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 630784]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-02 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-02-12 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-02-12 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-15 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-15 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 136600]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E196C3E4-2EE2-43CE-A754-A41A9B0AEAC8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1EE0A8A6-5D04-4432-9EBC-F3E8C948B47D}"= UDP:c:\users\ASUS\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{5B338740-FF26-46F8-99F4-9978FCB35F1D}"= TCP:c:\users\ASUS\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{E188933D-52F3-4A17-886F-5EFA79567FC0}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BC229020-66DD-4091-801B-A173EC955998}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.EXE [2009-04-22 34352]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-15 33808]
S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23232]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-22 328752]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-04-17 288368]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-06-27 46592]
S3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\DRIVERS\HssDrv.sys [2009-04-03 33256]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09db16cd-2b3d-11de-8bf2-001e8cedc1ef}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41764745-3011-11de-b9d3-001e8cedc1ef}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5c9793c-2921-11de-bc6a-001de025e4a3}]
\shell\AutoRun\command - setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Copy Handler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = about:blank
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
,IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\javbf27w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\ASUS\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\javbf27w.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-29 16:05
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(760)
c:\progra~1\SPEEDB~1\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3380)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\wlanext.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
c:\windows\System32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\IfxUAGUI.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTNA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-04-29 16:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 13:06
Pre-Run: 51,277,455,360 bytes free
Post-Run: 51,872,325,632 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,22
431 --- E O F --- 2009-04-29 01:25
توقيع : lio messi
تأييد
0
lio messi
زيزوومى مميز
غير متصل
وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:07 م, on 30/04/09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yamicsoft\Vista Manager\VistaManager.exe
C:\Windows\System32\dfrgui.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\ASUS\Documents\Downloads\Programs\stronghold2_v1-2_from_v1-0_update_us-zip.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 9299 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:07 م, on 30/04/09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yamicsoft\Vista Manager\VistaManager.exe
C:\Windows\System32\dfrgui.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\ASUS\Documents\Downloads\Programs\stronghold2_v1-2_from_v1-0_update_us-zip.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
,R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 9299 bytes
توقيع : lio messi
تأييد
0
KoNaMi
زيزوومى فضى
غير متصل
اولا من اضافة وازالة البرامج احذف آي Toolbar
وبعدين طبق الشرح الموجود هنا
وبعدين طبق الشرح الموجود هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : KoNaMi
تأييد
0