- بادئ الموضوع الوضيء
- تاريخ البدء
- 1,484
KoNaMi
زيزوومى فضى
غير متصل
حياك يالغلا اعمل الاتي
تقرير هايجاك
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
تقرير هايجاك
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد
0
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
مثل ما تفضل العزيز ...
و سؤال ... كيف عرفت أنه في عندك أتوران ؟
و بنتظار التقرير ...
و سؤال ... كيف عرفت أنه في عندك أتوران ؟
و بنتظار التقرير ...
توقيع : MMA_LORD_735
تأييد
0
هذا الي وجدة في المذكرة
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:45 م, on 01/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\ssc1\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\conime.exe
c:\windows\pp06.exe
C:\Windows\system32\DL32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ARRQW USB Modem\USB Modem.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\fxsolutions\fxsgtst.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avant Browser\avant.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AL Trade 4\terminal.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iolo\System Mechanic Professional\SysMech.exe
C:\Windows\system32\Dwm.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WinInet Class - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\Windows\ieocx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\Windows\system32\796525\796525.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SymLnch] "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe" "C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\Setup.exe" " /X"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [sysLDtray] c:\windows\ld08.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp06.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DL32] DL32
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{971CA72A-36E4-427B-BB21-14D99A35E60E}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: خدمة تحديث Google (gupdate1c9c79ce3295ba6) (gupdate1c9c79ce3295ba6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\asus\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 12006 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:45 م, on 01/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\ssc1\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\conime.exe
c:\windows\pp06.exe
C:\Windows\system32\DL32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ARRQW USB Modem\USB Modem.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\fxsolutions\fxsgtst.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avant Browser\avant.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AL Trade 4\terminal.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iolo\System Mechanic Professional\SysMech.exe
C:\Windows\system32\Dwm.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WinInet Class - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\Windows\ieocx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\Windows\system32\796525\796525.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SymLnch] "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe" "C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\Setup.exe" " /X"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [sysLDtray] c:\windows\ld08.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp06.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DL32] DL32
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{971CA72A-36E4-427B-BB21-14D99A35E60E}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: خدمة تحديث Google (gupdate1c9c79ce3295ba6) (gupdate1c9c79ce3295ba6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\asus\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 12006 bytes
تأييد
0
Corporation
زيزوومى فضى
غير متصل
عطل برامج الحماية وشغل الأداة
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
وعطيني تقرير هايجاك جديد مع تقرير هذه الأداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
وعطيني تقرير هايجاك جديد مع تقرير هذه الأداة
توقيع : Corporation
تأييد
0
هذا الي وجدة في المذكرة
ComboFix 09-05-01.1 - ssc1 05/02/2009 0:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1025.18.2046.826 [GMT 3:00]
Running from: c:\users\ssc1\Documents\Downloads\Programs\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *enabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-8-8-33-100007658-100031409-100025245-2380.com
c:\windows\ieocx.dll
c:\windows\ld08.exe
c:\windows\pp06.exe
c:\windows\System32\796525
c:\windows\System32\796525\796525.dll
c:\windows\system32\acovcnt.exe
c:\windows\system32\dl32.exe
D:\Autorun.inf
d:\recycler\S-8-8-33-100007658-100031409-100025245-2380.com
.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.
2009-04-30 22:49 . 2009-04-30 22:49 -------- d-----w c:\program files\QuickTiming
2009-04-30 20:49 . 2009-04-30 20:49 2 ---h--w c:\windows\t55ft2692f44.dat
2009-04-30 16:49 . 2009-04-30 16:49 -------- d-----w c:\users\ssc1\AppData\Roaming\BitDefender
2009-04-30 16:47 . 2009-04-30 16:49 -------- d-----w c:\progra~2\BitDefender
2009-04-29 14:16 . 2008-02-07 14:10 -------- d--h--w C:\ckis
2009-04-29 13:44 . 2009-04-30 16:26 -------- d-----w c:\progra~2\Kaspersky Lab Setup Files
2009-04-29 13:43 . 2009-04-29 13:43 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-29 13:37 . 2009-04-29 13:37 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-28 05:31 . 2009-04-28 05:31 -------- d-----w c:\users\ssc1\AppData\Roaming\Privacy center
2009-04-28 05:31 . 2009-04-29 08:27 -------- d-----w c:\program files\Privacy center
2009-04-28 00:02 . 2009-04-30 16:48 -------- d-----w c:\program files\BitDefender
2009-04-27 14:50 . 2008-09-03 06:41 12800 ----a-w c:\windows\system32\elrawdsk.sys
2009-04-27 14:50 . 2009-03-25 13:44 936288 ----a-w c:\windows\system32\Incinerator.dll
2009-04-27 14:50 . 2009-02-17 08:26 8192 ----a-w c:\windows\system32\smrgdf.exe
2009-04-27 14:50 . 2009-02-17 08:31 28672 ----a-w c:\windows\system32\iolobtdfg.exe
2009-04-27 14:50 . 2009-04-27 14:50 -------- d-----w c:\program files\iolo
2009-04-27 04:12 . 2009-04-27 04:12 -------- d-----w c:\users\ssc1\AppData\Local\Apple Computer
2009-04-27 04:12 . 2009-04-27 04:12 -------- d-----w c:\users\ssc1\AppData\Roaming\Apple Computer
2009-04-27 04:10 . 2009-04-27 04:10 -------- d-----w c:\progra~2\Apple Computer
2009-04-27 04:10 . 2009-04-27 04:11 -------- d-----w c:\program files\Safari
2009-04-27 04:05 . 2009-04-27 04:05 -------- d-----w c:\program files\Bonjour
2009-04-27 04:04 . 2009-04-27 04:04 -------- d-----w c:\users\ssc1\AppData\Local\Apple
2009-04-27 04:04 . 2009-04-27 04:04 -------- d-----w c:\program files\Apple Software Update
2009-04-27 04:04 . 2009-04-27 04:04 -------- d-----w c:\progra~2\Apple
2009-04-27 00:19 . 2009-04-27 00:19 -------- d-----w c:\users\ssc1\AppData\Roaming\GRETECH
2009-04-26 23:32 . 2009-04-26 23:50 -------- d-----w c:\users\ssc1\AppData\Roaming\Avant Profiles
2009-04-26 23:31 . 2009-04-28 01:18 -------- d-----w c:\program files\Avant Browser
2009-04-26 14:47 . 2009-04-26 14:47 -------- d-----w c:\users\ssc1\AppData\Roaming\ASUS Security Protect Manager
2009-04-26 00:13 . 2009-04-30 15:05 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-25 09:57 . 2009-04-25 12:43 -------- d-----w c:\windows\BDOSCAN8
2009-04-24 19:00 . 2009-04-24 19:00 -------- d-----w c:\users\ssc1\AppData\Local\Apps
2009-04-24 19:00 . 2009-04-24 19:00 -------- d-----w c:\users\ssc1\AppData\Local\Deployment
2009-04-16 20:22 . 2009-05-01 21:12 -------- d-----w c:\users\ssc1\Tracing
2009-04-16 12:10 . 2009-04-16 12:10 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-16 12:04 . 2009-04-16 12:04 -------- d-----w c:\program files\Microsoft
2009-04-16 12:04 . 2009-04-16 12:04 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-16 12:02 . 2009-04-16 12:02 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-16 11:51 . 2009-04-16 11:51 -------- d-----w c:\program files\FastStone MaxView
2009-04-16 09:58 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 09:58 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 09:57 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 09:56 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 09:56 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 09:56 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 09:56 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-16 09:53 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-16 09:53 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 09:53 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 09:53 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 09:53 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 09:53 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-16 09:53 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-16 09:53 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-16 09:53 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-16 09:53 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 19:49 . 2009-04-24 18:03 -------- d-----w c:\program files\NASA
2009-04-14 22:22 . 2009-04-14 22:23 -------- d-----w c:\progra~2\FLEXnet
2009-04-14 22:22 . 2009-04-14 22:22 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-14 22:22 . 2009-04-14 22:22 -------- d-----w c:\program files\Common Files\Intel
2009-04-13 11:02 . 2009-04-13 11:02 -------- d-----w C:\Local Settings
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:36 . 2009-03-25 21:52 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-01 21:28 . 2008-04-15 16:46 12 ----a-w c:\windows\bthservsdp.dat
2009-05-01 16:41 . 2009-02-26 17:23 -------- d-----w c:\program files\AL Trade 4
2009-04-30 20:30 . 2009-04-30 20:30 43 ----a-w c:\users\ssc1\AppData\Roaming\~ygw.tmp
2009-04-30 17:25 . 2008-04-15 17:38 78446 ----a-w c:\windows\system32\perfc001.dat
2009-04-30 17:25 . 2008-04-15 17:38 439186 ----a-w c:\windows\system32\perfh001.dat
2009-04-30 16:48 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-30 16:48 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-30 16:48 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-30 15:48 . 2009-02-26 14:58 -------- d-----w c:\program files\Internet Download Manager
2009-04-29 17:08 . 2009-02-25 18:33 129456 ----a-w c:\users\ssc1\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 16:34 . 2008-12-12 23:12 -------- d-----w c:\program files\Microsoft Works
2009-04-29 15:14 . 2009-02-27 02:48 -------- d-----w c:\program files\ARRQW USB Modem
2009-04-29 07:54 . 2009-02-28 17:21 680 ----a-w c:\users\ssc1\AppData\Local\d3d9caps.dat
2009-04-28 01:04 . 2008-12-13 00:08 -------- d-----w c:\program files\Google
2009-04-27 23:48 . 2008-12-12 23:21 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-27 02:45 . 2009-03-29 08:39 -------- d-----w c:\program files\Sea Journey
2009-04-19 22:20 . 2009-03-17 20:14 -------- d-----w c:\program files\Typing Assistant (English) 4.2
2009-04-16 12:11 . 2009-02-25 19:18 -------- d-----w c:\program files\Windows Live
2009-04-16 10:33 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 22:24 . 2008-12-13 00:26 -------- d-----w c:\program files\Intel
2009-04-03 14:05 . 2009-02-26 19:41 -------- d-----w c:\program files\Mobily Connect Card
2009-03-29 22:40 . 2009-02-26 16:22 -------- d-----w c:\program files\Hotspot Shield
2009-03-29 21:22 . 2009-03-29 21:21 -------- d-----w c:\program files\Super Internet TV
2009-03-28 21:17 . 2009-03-28 21:13 -------- d-----w c:\program files\AFAQ Wireless
2009-03-23 13:29 . 2009-03-23 13:29 -------- d-----w c:\program files\Nero
2009-03-20 11:27 . 2009-03-20 11:27 -------- d-----w c:\program files\VS Revo Group
2009-03-19 23:26 . 2009-03-19 22:57 46337496 ----a-w c:\users\ssc1\Nero-9.2.6.0.exe
2009-03-17 19:35 . 2009-03-17 19:35 -------- d-----w c:\program files\Boilsoft Video Joiner
2009-03-17 03:38 . 2009-04-16 09:56 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-08 18:42 . 2009-03-08 18:42 -------- d-----w c:\program files\Western Digital
2009-03-08 11:34 . 2009-03-19 22:47 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-19 22:47 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-19 22:47 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-19 22:47 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-19 22:47 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-19 22:47 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-19 22:47 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-19 22:47 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-19 22:47 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-19 22:47 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-19 22:47 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-19 22:47 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-19 22:47 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-19 22:47 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-19 22:47 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-19 22:47 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-19 22:47 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-19 22:47 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 19:32 . 2009-02-26 14:56 -------- d-----w c:\program files\Opera
2009-03-05 22:18 . 2009-03-05 22:17 -------- d-----w c:\program files\Paltalk Messenger
2009-02-28 03:38 . 2009-02-28 03:38 74703 ----a-w c:\windows\system32\mfc45.dll
2009-02-25 19:53 . 2009-02-25 19:53 47104 ------w c:\windows\AKDeInstall.exe
2009-02-09 03:10 . 2009-03-11 02:19 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w c:\program files\Common Files\CPInstallAction.dll
2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w c:\program files\Common Files\banner.jpg
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w c:\program files\Common Files\ASPG_icon.ico
2009-03-05 15:08 . 2009-04-26 00:22 49664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DL32"="DL32" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-22 2745776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-04 368640]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-12-13 39480]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-13 4915200]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2192196910-3654703199-4006320149-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A7478978-BC56-4564-B45A-5FBA06E62B13}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{034280E7-2272-481D-8E9F-42146039DE4F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{911E245D-FB3E-4ADC-85B1-F172436ACD8C}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{64AF44B8-7FC1-4E3D-9224-C34B66346F4E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{06714A62-1A83-4B75-9114-CB0D6673DC54}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F670927-B1A2-4E5C-8D57-AEEDADC350AE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A377698A-E53A-45A0-BDDE-970D9565F157}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8A765CD4-C993-4D65-8F26-59DC1CF6105C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F44E34A0-869B-4F6F-B65D-EEA974F4E1C1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DBDD2F22-623A-4E1E-B64A-102B2E247F3D}"= UDP:c:\program files\Avant Browser\avant.exe:Avant Browser
"{A10DE49D-F6DC-4373-AFB8-119721B83ED5}"= TCP:c:\program files\Avant Browser\avant.exe:Avant Browser
"{3F89E9FA-6117-4D86-82CA-3E3EBB116AC3}"= UDP:c:\program files\iolo\System Mechanic Professional\SysMech.exe:System Mechanic Professional
"{2E04B632-1537-470A-8520-50B5C15649D9}"= TCP:c:\program files\iolo\System Mechanic Professional\SysMech.exe:System Mechanic Professional
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 gupdate1c9c79ce3295ba6;خدمة تحديث Google (gupdate1c9c79ce3295ba6);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 133104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 COH_Mon;COH_Mon; [x]
R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 30192]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-09-03 12800]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 amoidatacard;HSDPA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\amoiusbser.sys [2007-06-27 94336]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{013d504d-32b8-11de-9704-bfba25d552e2}]
\shell\AutoRun\command - ej10fkdo.bat
\shell\open\Command - ej10fkdo.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43d9ce45-0416-11de-b844-002243c556f1}]
\shell\AutOPlAy\command - I:\tygex.pif
\shell\AutoRun\command - I:\tygex.pif
\shell\ExpLOre\COmMAnD - I:\tygex.pif
\shell\opEn\commAnd - I:\tygex.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{643e7e7a-32d7-11de-a99e-b1118c35bbd3}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{712bb461-0425-11de-9183-002243c556f1}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{712bb467-0425-11de-9183-002243c556f1}]
\shell\AutoRun\command - H:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdf9b1ff-1b9a-11de-893f-9589f26f9846}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdf9b24a-1b9a-11de-893f-9589f26f9846}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-13 10:56]
2009-05-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 01:01]
2009-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2192196910-3654703199-4006320149-1000.job
- c:\users\ssc1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-26 15:28]
2009-05-01 c:\windows\Tasks\User_Feed_Synchronization-{59B2CB89-E60E-4A35-9173-BE19BBFD45DE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
- - - - ORPHANS REMOVED - - - -
BHO-{E7F15AC4-E0A9-43F0-921B-70DFEA621220} - c:\windows\system32\796525\796525.dll
HKLM-Run-SymLnch - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: سأ±بجط¾«ءéدآشط(&B)
LSP: c:\windows\system32\idmmbc.dll
TCP: {971CA72A-36E4-427B-BB21-14D99A35E60E} = 84.23.101.84 84.23.101.85
FF - ProfilePath - c:\users\ssc1\AppData\Roaming\Mozilla\Firefox\Profiles\0ydwor9p.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\ssc1\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-02 00:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2192196910-3654703199-4006320149-1000_Classes\CLSID\{22e31210-42ad-493a-a381-70e8c69da067}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000074
"Therad"=dword:00000005
"MData"=hex(0):36,dc,6f,3c,23,b5,c7,15,a3,6b,68,3c,5e,23,de,d0,50,6a,8d,f2,bf,
e5,ae,8b,3b,8a,0a,32,11,89,01,b5,75,49,04,b9,a5,6b,5d,21,85,54,aa,2b,d0,57,\
[HKEY_USERS\S-1-5-21-2192196910-3654703199-4006320149-1000_Classes\CLSID\{5aa422f2-dbad-414b-aca0-04f2e2ed4b3c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000004c
"Therad"=dword:00000015
[HKEY_USERS\S-1-5-21-2192196910-3654703199-4006320149-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):67,3b,b1,98,b7,7a,e7,d1,a3,a1,4d,8a,ab,6e,d0,dd,6b,c3,5a,b7,4b,
73,25,27,d6,74,5a,3d,a0,df,de,fd,a2,ec,30,cd,d8,23,6b,f6,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2192196910-3654703199-4006320149-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c4,9f,99,f4,de,03,72,00,ed,57,23,9f,bb,25,d6,12,0e,d0,0a,44,ff,
bb,88,5e,38,79,db,35,29,48,9e,4f,96,98,a5,f6,a3,52,8f,e3,00,00,00,00,00,00,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(784)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3704)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\asus\NB Probe\SPM\spmgr.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\asus\SmartLogon\sensorsrv.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\asus\ASUS CopyProtect\ASPG.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\asus\Splendid\ACMON.exe
c:\windows\System32\conime.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iolo\System Mechanic Professional\SMTrayNotify.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-05-01 0:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 21:40
Pre-Run: 72,121,729,024 bytes free
Post-Run: 71,684,472,832 bytes free
524 --- E O F --- 2009-04-30 15:52
ComboFix 09-05-01.1 - ssc1 05/02/2009 0:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1025.18.2046.826 [GMT 3:00]
Running from: c:\users\ssc1\Documents\Downloads\Programs\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *enabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-8-8-33-100007658-100031409-100025245-2380.com
c:\windows\ieocx.dll
c:\windows\ld08.exe
c:\windows\pp06.exe
c:\windows\System32\796525
c:\windows\System32\796525\796525.dll
c:\windows\system32\acovcnt.exe
c:\windows\system32\dl32.exe
D:\Autorun.inf
d:\recycler\S-8-8-33-100007658-100031409-100025245-2380.com
.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.
2009-04-30 22:49 . 2009-04-30 22:49 -------- d-----w c:\program files\QuickTiming
2009-04-30 20:49 . 2009-04-30 20:49 2 ---h--w c:\windows\t55ft2692f44.dat
2009-04-30 16:49 . 2009-04-30 16:49 -------- d-----w c:\users\ssc1\AppData\Roaming\BitDefender
2009-04-30 16:47 . 2009-04-30 16:49 -------- d-----w c:\progra~2\BitDefender
2009-04-29 14:16 . 2008-02-07 14:10 -------- d--h--w C:\ckis
2009-04-29 13:44 . 2009-04-30 16:26 -------- d-----w c:\progra~2\Kaspersky Lab Setup Files
2009-04-29 13:43 . 2009-04-29 13:43 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-29 13:37 . 2009-04-29 13:37 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-28 05:31 . 2009-04-28 05:31 -------- d-----w c:\users\ssc1\AppData\Roaming\Privacy center
2009-04-28 05:31 . 2009-04-29 08:27 -------- d-----w c:\program files\Privacy center
2009-04-28 00:02 . 2009-04-30 16:48 -------- d-----w c:\program files\BitDefender
2009-04-27 14:50 . 2008-09-03 06:41 12800 ----a-w c:\windows\system32\elrawdsk.sys
2009-04-27 14:50 . 2009-03-25 13:44 936288 ----a-w c:\windows\system32\Incinerator.dll
2009-04-27 14:50 . 2009-02-17 08:26 8192 ----a-w c:\windows\system32\smrgdf.exe
2009-04-27 14:50 . 2009-02-17 08:31 28672 ----a-w c:\windows\system32\iolobtdfg.exe
2009-04-27 14:50 . 2009-04-27 14:50 -------- d-----w c:\program files\iolo
2009-04-27 04:12 . 2009-04-27 04:12 -------- d-----w c:\users\ssc1\AppData\Local\Apple Computer
2009-04-27 04:12 . 2009-04-27 04:12 -------- d-----w c:\users\ssc1\AppData\Roaming\Apple Computer
2009-04-27 04:10 . 2009-04-27 04:10 -------- d-----w c:\progra~2\Apple Computer
2009-04-27 04:10 . 2009-04-27 04:11 -------- d-----w c:\program files\Safari
2009-04-27 04:05 . 2009-04-27 04:05 -------- d-----w c:\program files\Bonjour
2009-04-27 04:04 . 2009-04-27 04:04 -------- d-----w c:\users\ssc1\AppData\Local\Apple
2009-04-27 04:04 . 2009-04-27 04:04 -------- d-----w c:\program files\Apple Software Update
2009-04-27 04:04 . 2009-04-27 04:04 -------- d-----w c:\progra~2\Apple
2009-04-27 00:19 . 2009-04-27 00:19 -------- d-----w c:\users\ssc1\AppData\Roaming\GRETECH
2009-04-26 23:32 . 2009-04-26 23:50 -------- d-----w c:\users\ssc1\AppData\Roaming\Avant Profiles
2009-04-26 23:31 . 2009-04-28 01:18 -------- d-----w c:\program files\Avant Browser
2009-04-26 14:47 . 2009-04-26 14:47 -------- d-----w c:\users\ssc1\AppData\Roaming\ASUS Security Protect Manager
2009-04-26 00:13 . 2009-04-30 15:05 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-25 09:57 . 2009-04-25 12:43 -------- d-----w c:\windows\BDOSCAN8
2009-04-24 19:00 . 2009-04-24 19:00 -------- d-----w c:\users\ssc1\AppData\Local\Apps
2009-04-24 19:00 . 2009-04-24 19:00 -------- d-----w c:\users\ssc1\AppData\Local\Deployment
2009-04-16 20:22 . 2009-05-01 21:12 -------- d-----w c:\users\ssc1\Tracing
2009-04-16 12:10 . 2009-04-16 12:10 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-16 12:04 . 2009-04-16 12:04 -------- d-----w c:\program files\Microsoft
2009-04-16 12:04 . 2009-04-16 12:04 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-16 12:02 . 2009-04-16 12:02 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-16 11:51 . 2009-04-16 11:51 -------- d-----w c:\program files\FastStone MaxView
2009-04-16 09:58 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 09:58 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 09:57 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 09:56 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 09:56 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 09:56 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 09:56 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-16 09:53 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-16 09:53 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 09:53 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 09:53 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 09:53 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 09:53 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-16 09:53 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-16 09:53 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-16 09:53 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-16 09:53 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 19:49 . 2009-04-24 18:03 -------- d-----w c:\program files\NASA
2009-04-14 22:22 . 2009-04-14 22:23 -------- d-----w c:\progra~2\FLEXnet
2009-04-14 22:22 . 2009-04-14 22:22 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-14 22:22 . 2009-04-14 22:22 -------- d-----w c:\program files\Common Files\Intel
2009-04-13 11:02 . 2009-04-13 11:02 -------- d-----w C:\Local Settings
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:36 . 2009-03-25 21:52 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-01 21:28 . 2008-04-15 16:46 12 ----a-w c:\windows\bthservsdp.dat
2009-05-01 16:41 . 2009-02-26 17:23 -------- d-----w c:\program files\AL Trade 4
2009-04-30 20:30 . 2009-04-30 20:30 43 ----a-w c:\users\ssc1\AppData\Roaming\~ygw.tmp
2009-04-30 17:25 . 2008-04-15 17:38 78446 ----a-w c:\windows\system32\perfc001.dat
2009-04-30 17:25 . 2008-04-15 17:38 439186 ----a-w c:\windows\system32\perfh001.dat
2009-04-30 16:48 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-30 16:48 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-30 16:48 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-30 15:48 . 2009-02-26 14:58 -------- d-----w c:\program files\Internet Download Manager
2009-04-29 17:08 . 2009-02-25 18:33 129456 ----a-w c:\users\ssc1\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 16:34 . 2008-12-12 23:12 -------- d-----w c:\program files\Microsoft Works
2009-04-29 15:14 . 2009-02-27 02:48 -------- d-----w c:\program files\ARRQW USB Modem
2009-04-29 07:54 . 2009-02-28 17:21 680 ----a-w c:\users\ssc1\AppData\Local\d3d9caps.dat
2009-04-28 01:04 . 2008-12-13 00:08 -------- d-----w c:\program files\Google
2009-04-27 23:48 . 2008-12-12 23:21 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-27 02:45 . 2009-03-29 08:39 -------- d-----w c:\program files\Sea Journey
2009-04-19 22:20 . 2009-03-17 20:14 -------- d-----w c:\program files\Typing Assistant (English) 4.2
2009-04-16 12:11 . 2009-02-25 19:18 -------- d-----w c:\program files\Windows Live
2009-04-16 10:33 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 22:24 . 2008-12-13 00:26 -------- d-----w c:\program files\Intel
2009-04-03 14:05 . 2009-02-26 19:41 -------- d-----w c:\program files\Mobily Connect Card
2009-03-29 22:40 . 2009-02-26 16:22 -------- d-----w c:\program files\Hotspot Shield
2009-03-29 21:22 . 2009-03-29 21:21 -------- d-----w c:\program files\Super Internet TV
2009-03-28 21:17 . 2009-03-28 21:13 -------- d-----w c:\program files\AFAQ Wireless
2009-03-23 13:29 . 2009-03-23 13:29 -------- d-----w c:\program files\Nero
2009-03-20 11:27 . 2009-03-20 11:27 -------- d-----w c:\program files\VS Revo Group
2009-03-19 23:26 . 2009-03-19 22:57 46337496 ----a-w c:\users\ssc1\Nero-9.2.6.0.exe
2009-03-17 19:35 . 2009-03-17 19:35 -------- d-----w c:\program files\Boilsoft Video Joiner
2009-03-17 03:38 . 2009-04-16 09:56 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-08 18:42 . 2009-03-08 18:42 -------- d-----w c:\program files\Western Digital
2009-03-08 11:34 . 2009-03-19 22:47 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-19 22:47 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-19 22:47 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-19 22:47 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-19 22:47 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-19 22:47 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-19 22:47 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-19 22:47 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-19 22:47 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-19 22:47 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-19 22:47 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-19 22:47 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-19 22:47 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-19 22:47 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-19 22:47 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-19 22:47 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-19 22:47 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-19 22:47 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 19:32 . 2009-02-26 14:56 -------- d-----w c:\program files\Opera
2009-03-05 22:18 . 2009-03-05 22:17 -------- d-----w c:\program files\Paltalk Messenger
2009-02-28 03:38 . 2009-02-28 03:38 74703 ----a-w c:\windows\system32\mfc45.dll
2009-02-25 19:53 . 2009-02-25 19:53 47104 ------w c:\windows\AKDeInstall.exe
2009-02-09 03:10 . 2009-03-11 02:19 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w c:\program files\Common Files\CPInstallAction.dll
2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w c:\program files\Common Files\banner.jpg
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w c:\program files\Common Files\ASPG_icon.ico
2009-03-05 15:08 . 2009-04-26 00:22 49664 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DL32"="DL32" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-22 2745776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-04 368640]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-12-13 39480]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-13 4915200]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2192196910-3654703199-4006320149-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A7478978-BC56-4564-B45A-5FBA06E62B13}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{034280E7-2272-481D-8E9F-42146039DE4F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{911E245D-FB3E-4ADC-85B1-F172436ACD8C}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{64AF44B8-7FC1-4E3D-9224-C34B66346F4E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{06714A62-1A83-4B75-9114-CB0D6673DC54}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F670927-B1A2-4E5C-8D57-AEEDADC350AE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A377698A-E53A-45A0-BDDE-970D9565F157}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8A765CD4-C993-4D65-8F26-59DC1CF6105C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F44E34A0-869B-4F6F-B65D-EEA974F4E1C1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DBDD2F22-623A-4E1E-B64A-102B2E247F3D}"= UDP:c:\program files\Avant Browser\avant.exe:Avant Browser
"{A10DE49D-F6DC-4373-AFB8-119721B83ED5}"= TCP:c:\program files\Avant Browser\avant.exe:Avant Browser
"{3F89E9FA-6117-4D86-82CA-3E3EBB116AC3}"= UDP:c:\program files\iolo\System Mechanic Professional\SysMech.exe:System Mechanic Professional
"{2E04B632-1537-470A-8520-50B5C15649D9}"= TCP:c:\program files\iolo\System Mechanic Professional\SysMech.exe:System Mechanic Professional
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 gupdate1c9c79ce3295ba6;خدمة تحديث Google (gupdate1c9c79ce3295ba6);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 133104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 COH_Mon;COH_Mon; [x]
R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 30192]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-09-03 12800]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 amoidatacard;HSDPA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\amoiusbser.sys [2007-06-27 94336]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{013d504d-32b8-11de-9704-bfba25d552e2}]
\shell\AutoRun\command - ej10fkdo.bat
\shell\open\Command - ej10fkdo.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43d9ce45-0416-11de-b844-002243c556f1}]
\shell\AutOPlAy\command - I:\tygex.pif
\shell\AutoRun\command - I:\tygex.pif
\shell\ExpLOre\COmMAnD - I:\tygex.pif
\shell\opEn\commAnd - I:\tygex.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{643e7e7a-32d7-11de-a99e-b1118c35bbd3}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{712bb461-0425-11de-9183-002243c556f1}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{712bb467-0425-11de-9183-002243c556f1}]
\shell\AutoRun\command - H:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdf9b1ff-1b9a-11de-893f-9589f26f9846}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdf9b24a-1b9a-11de-893f-9589f26f9846}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-13 10:56]
2009-05-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 01:01]
2009-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2192196910-3654703199-4006320149-1000.job
- c:\users\ssc1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-26 15:28]
2009-05-01 c:\windows\Tasks\User_Feed_Synchronization-{59B2CB89-E60E-4A35-9173-BE19BBFD45DE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
- - - - ORPHANS REMOVED - - - -
BHO-{E7F15AC4-E0A9-43F0-921B-70DFEA621220} - c:\windows\system32\796525\796525.dll
HKLM-Run-SymLnch - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: سأ±بجط¾«ءéدآشط(&B)
LSP: c:\windows\system32\idmmbc.dll
TCP: {971CA72A-36E4-427B-BB21-14D99A35E60E} = 84.23.101.84 84.23.101.85
FF - ProfilePath - c:\users\ssc1\AppData\Roaming\Mozilla\Firefox\Profiles\0ydwor9p.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\ssc1\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-02 00:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2192196910-3654703199-4006320149-1000_Classes\CLSID\{22e31210-42ad-493a-a381-70e8c69da067}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000074
"Therad"=dword:00000005
"MData"=hex(0):36,dc,6f,3c,23,b5,c7,15,a3,6b,68,3c,5e,23,de,d0,50,6a,8d,f2,bf,
e5,ae,8b,3b,8a,0a,32,11,89,01,b5,75,49,04,b9,a5,6b,5d,21,85,54,aa,2b,d0,57,\
[HKEY_USERS\S-1-5-21-2192196910-3654703199-4006320149-1000_Classes\CLSID\{5aa422f2-dbad-414b-aca0-04f2e2ed4b3c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000004c
"Therad"=dword:00000015
[HKEY_USERS\S-1-5-21-2192196910-3654703199-4006320149-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):67,3b,b1,98,b7,7a,e7,d1,a3,a1,4d,8a,ab,6e,d0,dd,6b,c3,5a,b7,4b,
73,25,27,d6,74,5a,3d,a0,df,de,fd,a2,ec,30,cd,d8,23,6b,f6,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2192196910-3654703199-4006320149-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c4,9f,99,f4,de,03,72,00,ed,57,23,9f,bb,25,d6,12,0e,d0,0a,44,ff,
bb,88,5e,38,79,db,35,29,48,9e,4f,96,98,a5,f6,a3,52,8f,e3,00,00,00,00,00,00,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(784)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3704)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\asus\NB Probe\SPM\spmgr.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\asus\SmartLogon\sensorsrv.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\asus\ASUS CopyProtect\ASPG.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\asus\Splendid\ACMON.exe
c:\windows\System32\conime.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iolo\System Mechanic Professional\SMTrayNotify.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-05-01 0:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 21:40
Pre-Run: 72,121,729,024 bytes free
Post-Run: 71,684,472,832 bytes free
524 --- E O F --- 2009-04-30 15:52
تأييد
0
Corporation
زيزوومى فضى
غير متصل
كذآ تممآم ,,
هات تقرير هايجآك جديد لاهنت ,,
هات تقرير هايجآك جديد لاهنت ,,
توقيع : Corporation
تأييد
0
Corporation
زيزوومى فضى
غير متصل
للتأكييد لتتطممن هذآ بعض من مآ تم حذفة >الذي تعاني منه 
تفحص المسآرآت والمسميآت بنفسك :d:
ولا تنسى تقرير الهايجاك ,,
PHP:
c:\recycler\S-8-8-33-100007658-100031409-100025245-2380.com
D:\Autorun.inf
d:\recycler\S-8-8-33-100007658-100031409-100025245-2380.comتفحص المسآرآت والمسميآت بنفسك :d:
ولا تنسى تقرير الهايجاك ,,
توقيع : Corporation
تأييد
0
Corporation
زيزوومى فضى
غير متصل
هذا حبيبي بس تسوية الحين يعني مش يكون التقرير الجديد
توقيع : Corporation
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:04:54 ص, on 02/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ARRQW USB Modem\USB Modem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ssc1\Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DL32] DL32
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: خدمة تحديث Google (gupdate1c9c79ce3295ba6) (gupdate1c9c79ce3295ba6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\asus\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10314 bytes
Scan saved at 03:04:54 ص, on 02/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ARRQW USB Modem\USB Modem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ssc1\Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DL32] DL32
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: خدمة تحديث Google (gupdate1c9c79ce3295ba6) (gupdate1c9c79ce3295ba6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\asus\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10314 bytes
تأييد
0
Corporation
زيزوومى فضى
غير متصل
احذف التالي ,,
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
طريقة الحذف للفسيتا
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
طريقة الحذف للفسيتا
بعدها ,,
start > run < mesconfig
بعدها تروح على startup
وتشل كل علامات الصح ماعدآ تبع المكآفح ,,
وبالتوفيق
التعديل الأخير بواسطة المشرف:
توقيع : Corporation
تأييد
0
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
احذف التالي ,,
o2 - bho: Nco 2.0 ie bho - {602adb0e-4aff-4217-8aa1-95dac4dfa408} - (no file)
o2 - bho: Symantec intrusion prevention - {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\ipsbho.dll (file missing)
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o9 - extra button: (no name) - cmdmapping - (no file) (hkcu)
o20 - appinit_dlls: C:\progra~1\google\google~1\goec62~1.dll apshook.dll
طريقة الحذف للفسيتا
بعدها ,,
start > run < mesconfig
بعدها تروح على startup
وتشل كل علامات الصح ماعدآ تبع المكآفح ,,
وبالتوفيق
+ تقرير جديد ...
توقيع : MMA_LORD_735
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:41:30 ص, on 02/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\ARRQW USB Modem\USB Modem.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{971CA72A-36E4-427B-BB21-14D99A35E60E}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: خدمة تحديث Google (gupdate1c9c79ce3295ba6) (gupdate1c9c79ce3295ba6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\asus\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8507 bytes
Scan saved at 03:41:30 ص, on 02/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\ARRQW USB Modem\USB Modem.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ssc1\Documents\Downloads\Programs\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{971CA72A-36E4-427B-BB21-14D99A35E60E}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: خدمة تحديث Google (gupdate1c9c79ce3295ba6) (gupdate1c9c79ce3295ba6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\asus\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8507 bytes
تأييد
0
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
كله تمام ...
الله يعطيك العافية حبيبي كومباك ...
عزيزي أي مشاكل تانية ؟
الله يعطيك العافية حبيبي كومباك ...
عزيزي أي مشاكل تانية ؟
توقيع : MMA_LORD_735
تأييد
0
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
لعفو يا لغلا ...
[ تم أغلق الموضوع << تم الحل ] ...
في امان الله ...
[ تم أغلق الموضوع << تم الحل ] ...
في امان الله ...
توقيع : MMA_LORD_735
تأييد
0
- الحالة