أخواني جهازي بطي

[دمعة خفوق]

السلام عليكم ورحمة الله وبركاته
أخواني في زيزووم مرحبا بكم مجدد ودائما ,,,,,

علمن بأن الجهاز عندي لهو تقريبا 10 أيام بطي عندي
وكاسبر يعطني إشارة ملف طرواده لون الأشاره الحمراء والصفراء

وهذا تقرير الهيجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12:36 م, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\برامج كمبيوتر\تقرير الهيجاك\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SEEK BEEP] C:\DOCUME~1\ADMINI~1\APPLIC~1\ADMIND~1\Roamwait.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: IDMan.exe.lnk = C:\Program Files\Internet Download Manager\IDMan.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: UseFlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 9983 bytes

 

[AbOdy]

اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[أعتز بك]

وعليكم السلام

تابع هذا الموضوع وعمل كما هو موضح

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهات التقرير هنا

وبعد ما تخلص تقرير هاي جاك جديد

بالآآنتظآآر ,,

 

[دمعة خفوق]

أخي أعتز بك بارك الله فيك ,,,,

عندي أداة برنامج NortonSecurityScan
وإذا تكون لازم أداة كاسبر يمكن أتأخر لان الجهاز عندي مليان ملفات
وهذا الأداه :

ComboFix 09-05-02.4 - Administrator 05/02/2009 13:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1013.639 [GMT 3:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.
2009-05-02 07:37 . 2009-05-02 07:42 -------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2009-05-02 07:36 . 2008-09-28 19:00 439440 ----a-w c:\program files\un_Internet Download Manager_16575.exe
2009-05-02 01:05 . 2004-03-29 12:23 90112 ----a-w c:\windows\unvise32.exe
2009-05-02 01:04 . 2009-05-02 01:05 -------- d-----w c:\program files\SWiSHmax
2009-05-01 01:52 . 2009-05-01 01:52 10 ----a-w c:\windows\popcinfo.dat
2009-05-01 01:45 . 2009-05-01 01:45 0 ----a-w c:\windows\popcreg.dat
2009-05-01 01:45 . 2009-05-02 10:02 -------- d-----w c:\program files\PopCap Games
2009-05-01 01:45 . 2009-05-02 06:46 14 ----a-w c:\windows\popcinfot.dat
2009-04-21 16:49 . 2009-04-23 04:32 -------- d-----w c:\program files\FlashGet
2009-04-21 04:26 . 2009-04-21 04:26 0 ----a-w c:\windows\nsreg.dat
2009-04-21 04:26 . 2009-04-21 04:26 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-20 05:10 . 2009-04-20 05:10 -------- d-----w c:\program files\DepositFiles
2009-04-20 04:56 . 2009-04-20 04:56 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-20 02:56 . 2009-04-20 02:56 -------- d-----w C:\DepositFiles
2009-04-15 21:18 . 2009-04-15 21:18 -------- d-----w c:\documents and settings\Administrator\Application Data\Ashampoo Photo Commander 6
2009-04-14 15:08 . 2009-04-14 15:08 -------- d-----w c:\program files\Aimersoft
2009-04-14 02:01 . 2001-09-18 11:04 116736 -c--a-w c:\windows\system32\dllcache\ovcodec2.dll
2009-04-14 00:33 . 2004-08-03 19:29 25471 -c--a-w c:\windows\system32\dllcache\watv10nt.sys
2009-04-14 00:32 . 2001-08-17 10:52 7040 -c--a-w c:\windows\system32\dllcache\tandqic.sys
2009-04-14 00:31 . 2004-08-03 21:55 3901 -c--a-w c:\windows\system32\dllcache\siint5.dll
2009-04-14 00:30 . 2001-08-17 10:28 112574 -c--a-w c:\windows\system32\dllcache\ptserlp.sys
2009-04-14 00:29 . 2001-09-18 10:44 65278 -c--a-w c:\windows\system32\dllcache\netflx3.sys
2009-04-14 00:28 . 2001-09-18 11:03 235648 -c--a-w c:\windows\system32\dllcache\mgaud.dll
2009-04-14 00:27 . 2004-08-03 22:55 81920 -c--a-w c:\windows\system32\dllcache\ieencode.dll
2009-04-14 00:26 . 2001-09-18 11:04 31232 -c--a-w c:\windows\system32\dllcache\hpgt42tk.dll
2009-04-14 00:25 . 2004-08-03 19:32 137088 -c--a-w c:\windows\system32\dllcache\essm2e.sys
2009-04-14 00:24 . 2001-09-18 11:03 65622 -c--a-w c:\windows\system32\dllcache\digiasyn.dll
2009-04-14 00:23 . 2004-08-03 21:55 15423 -c--a-w c:\windows\system32\dllcache\ch7xxnt5.dll
2009-04-14 00:22 . 2004-08-03 21:55 17279 -c--a-w c:\windows\system32\dllcache\atv10nt5.dll
2009-04-14 00:21 . 2001-08-17 09:19 553984 -c--a-w c:\windows\system32\dllcache\adm8820.sys
2009-04-13 14:04 . 2009-04-13 14:04 -------- d-----w c:\documents and settings\Administrator\Application Data\GrabPro
2009-04-13 14:04 . 2009-04-13 14:51 -------- d-----w c:\documents and settings\Administrator\Application Data\Orbit
2009-04-12 19:04 . 2009-04-12 19:04 720896 ----a-w c:\windows\iun6002.exe
2009-04-12 19:04 . 2009-04-12 19:10 -------- d-----w c:\program files\Natural Ambience
2009-04-12 15:00 . 2009-04-12 15:00 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-12 14:59 . 2009-04-12 14:59 -------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-04-12 14:59 . 2009-04-12 15:01 -------- d-----w c:\program files\Common Files\HP
2009-04-12 14:59 . 2009-04-12 14:59 -------- d-----w c:\program files\Hewlett-Packard
2009-04-12 14:58 . 2009-04-12 14:58 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-12 14:54 . 2009-04-12 15:01 -------- d-----w c:\program files\HP
2009-04-12 14:42 . 2006-12-06 06:02 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-12 14:42 . 2006-12-06 06:02 49920 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-12 14:42 . 2009-04-12 15:11 144537 ----a-w c:\windows\hpoins12.dat
2009-04-12 14:42 . 2007-01-22 16:05 1470 ------w c:\windows\hpomdl12.dat
2009-04-12 14:42 . 2009-04-12 14:42 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-12 14:41 . 2006-12-15 16:04 258048 ----a-r c:\windows\system32\hpzids01.dll
2009-04-12 14:41 . 2006-12-30 12:49 117760 ----a-w c:\windows\system32\hpzll4v2.dll
2009-04-12 14:41 . 2006-12-06 06:02 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-12 14:41 . 2004-08-03 20:01 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-12 14:41 . 2004-08-03 20:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-12 14:40 . 2006-12-06 06:02 364544 ----a-r c:\windows\system32\hppldcoi.dll
2009-04-12 14:40 . 2006-12-06 06:00 294912 ----a-r c:\windows\system32\hpovst10.dll
2009-04-12 14:40 . 2006-12-06 06:00 569344 ----a-r c:\windows\system32\hpotscl3.dll
2009-04-12 14:40 . 2006-12-06 06:00 675840 ----a-r c:\windows\system32\hpowiax3.dll
2009-04-12 14:40 . 2004-08-03 19:58 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-12 14:40 . 2004-08-03 19:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-12 14:37 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-12 14:37 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-12 12:29 . 2009-04-12 12:29 -------- d-----w c:\documents and settings\LocalService\سطح المكتب
2009-04-12 02:56 . 2009-04-12 02:56 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\ashampoo
2009-04-12 02:56 . 2009-04-12 02:56 -------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-04-12 02:55 . 2009-04-12 02:55 -------- d-----w c:\program files\Ashampoo
2009-04-12 01:40 . 2009-04-12 01:57 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-04-11 18:38 . 2009-04-11 18:38 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-11 16:07 . 2009-04-11 16:07 -------- d-----w c:\program files\Common Files\Accent Shared
2009-04-11 16:07 . 2009-04-11 16:07 -------- d-----w c:\windows\LHSP
2009-04-11 16:07 . 1996-11-07 22:48 368912 ----a-w c:\windows\system32\VBAR332.DLL
2009-04-11 16:07 . 1996-09-24 14:16 98356 ----a-w c:\windows\system32\MSJTER32.DLL
2009-04-11 16:07 . 1996-09-24 14:16 244496 ----a-w c:\windows\system32\VBAR2232.DLL
2009-04-11 16:07 . 1996-09-24 14:16 965904 ----a-w c:\windows\system32\MSJT3032.DLL
2009-04-11 16:07 . 1996-09-24 14:16 33552 ----a-w c:\windows\system32\MSJINT32.DLL
2009-04-11 16:07 . 1995-08-29 01:52 220672 ----a-w c:\windows\system32\BC450RTL.DLL
2009-04-11 16:07 . 1999-09-21 10:38 28672 ----a-w c:\windows\AGTCOMM.DLL
2009-04-11 16:07 . 2009-04-11 16:07 -------- d-----w c:\program files\Common Files\GuruNet Shared
2009-04-11 16:07 . 2009-04-11 16:10 -------- d-----w c:\program files\QuickWiz
2009-04-11 16:03 . 1997-08-11 09:39 298496 ----a-w c:\windows\uninst.exe
2009-04-11 16:03 . 2009-04-11 16:03 -------- d-----w c:\documents and settings\Administrator\WINDOWS
2009-04-11 12:25 . 2009-04-11 12:25 -------- d-----w c:\program files\Common Files\Vbox
2009-04-10 16:24 . 2009-04-10 16:24 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-10 15:37 . 2009-04-10 15:37 687104 ----a-w c:\windows\is-J9CVO.exe
2009-04-10 14:46 . 2009-04-10 14:46 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache
2009-04-10 14:45 . 2009-04-10 14:45 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-10 14:44 . 2009-04-10 14:44 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-10 14:42 . 2009-04-10 14:42 -------- d-----w c:\windows\ie8updates
2009-04-10 14:40 . 2009-04-10 14:41 -------- dc-h--w c:\windows\ie8
2009-04-10 12:56 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-10 01:14 . 2009-04-10 01:14 -------- d-----w c:\program files\Zone Labs
2009-04-10 01:14 . 2009-04-12 22:38 -------- d-----w c:\windows\Internet Logs
2009-04-10 00:00 . 2009-03-10 19:18 453000 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-10 00:00 . 2009-04-10 01:03 -------- d-----w c:\windows\system32\KB905474
2009-04-09 14:46 . 2009-04-09 14:46 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-09 14:46 . 2008-11-12 13:44 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-09 14:46 . 2009-04-09 14:46 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-09 14:35 . 2009-04-12 01:43 -------- d-----w c:\program files\Common Files\Adobe
2009-04-09 14:35 . 2009-04-09 14:35 -------- d-----w c:\windows\Cache
2009-04-09 06:33 . 1999-09-10 11:06 4672 ----a-w c:\windows\system\wowpost.exe
2009-04-09 06:33 . 1999-09-10 11:06 25244 ----a-w c:\windows\system32\drivers\aspi32.sys
2009-04-09 06:33 . 1999-09-10 11:06 5600 ----a-w c:\windows\system\winaspi.dll
2009-04-09 06:33 . 1999-09-10 11:06 45056 ----a-w c:\windows\system32\wnaspi32.dll
2009-04-09 06:25 . 2009-04-09 06:25 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-09 06:24 . 2009-04-26 00:11 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-09 06:24 . 2009-04-09 06:24 -------- d-----w c:\windows\system32\LogFiles
2009-04-09 06:20 . 2009-04-09 06:20 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2009-04-09 05:03 . 2009-04-09 05:03 -------- d-----w c:\windows\system32\ebay
2009-04-09 03:33 . 2009-04-12 02:56 -------- d-----w c:\documents and settings\Administrator\Application Data\Ashampoo
2009-04-08 01:38 . 2009-04-08 02:08 592 ----a-w c:\windows\chgkey.vbs
2009-04-07 04:21 . 2009-04-07 04:21 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-07 04:21 . 2009-04-07 04:53 -------- d-----w c:\program files\UltraISO
2009-04-07 03:01 . 2009-04-07 03:01 -------- d-----w c:\documents and settings\Administrator\.dvdcss
2009-04-06 23:59 . 2009-04-30 12:34 -------- d-----w c:\program files\The KMPlayer
2009-04-05 17:08 . 2004-08-03 20:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-04 23:30 . 2009-04-04 23:30 -------- d-----w c:\program files\uTorrent
2009-04-04 19:31 . 2009-05-02 06:28 -------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-04-03 23:53 . 2009-04-03 23:53 -------- d-----w C:\profiles
2009-04-03 15:27 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-03 15:25 . 2009-04-03 15:25 -------- d-----w c:\program files\Microsoft Works
2009-04-03 15:25 . 2009-04-03 15:25 -------- d-----w c:\program files\MSBuild
2009-04-03 15:24 . 2009-04-03 15:24 -------- d-----w c:\program files\Microsoft.NET
2009-04-03 15:22 . 2009-04-03 15:22 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-03 15:21 . 2009-04-03 15:25 -------- d-----w c:\windows\SHELLNEW
2009-04-03 15:21 . 2009-04-03 15:21 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-04-03 15:21 . 2009-04-29 17:59 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-03 15:20 . 2009-04-03 15:20 -------- d--h--r C:\MSOCache
2009-04-03 01:46 . 2009-04-03 01:46 -------- d-----w c:\documents and settings\Administrator\Application Data\IObit
2009-04-03 01:46 . 2009-04-03 01:46 -------- d-----w c:\program files\IObit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 10:29 . 2001-09-19 12:00 59680 ----a-w c:\windows\system32\perfc001.dat
2009-05-02 10:29 . 2001-09-19 12:00 331066 ----a-w c:\windows\system32\perfh001.dat
2009-05-02 10:26 . 2009-03-23 19:46 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 10:25 . 2009-04-09 14:46 502 ----a-w c:\windows\Tasks\1-Click Maintenance.job
2009-05-02 10:25 . 2009-03-30 15:32 502 ----a-w c:\windows\Tasks\الصيانة بنقرة واحدة.job
2009-05-02 10:25 . 2009-04-12 21:42 264 ----a-w c:\windows\Tasks\OGALogon.job
2009-05-02 10:25 . 2009-03-23 20:09 16608 ----a-w c:\windows\gdrv.sys
2009-05-02 10:23 . 2009-03-23 19:53 1208864 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-02 10:23 . 2009-03-23 19:53 20267552 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-02 10:00 . 2009-03-23 21:27 286 ---ha-w c:\windows\Tasks\A8E652BA91A9C45E.job
2009-05-02 09:54 . 2009-03-28 01:41 -------- d-----w c:\program files\Internet Download Manager
2009-05-02 09:24 . 2009-03-23 19:53 278120 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-02 09:24 . 2009-03-23 19:53 118952 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-02 07:36 . 2009-05-02 07:36 6333 ----a-w c:\program files\un_Internet Download Manager_16575.txt
2009-05-01 21:42 . 2009-04-12 21:42 264 ----a-w c:\windows\Tasks\OGADaily.job
2009-04-29 18:48 . 2009-03-25 14:48 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-18 02:51 . 2009-03-30 14:44 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-11 19:02 . 2009-04-11 19:02 172 ----a-w C:\curr_ver.tmp
2009-04-11 16:40 . 2009-03-23 19:47 99496 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 12:23 . 2009-03-23 20:10 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 03:32 . 2009-03-25 04:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 01:16 . 2009-03-23 20:10 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 20:36 . 2009-03-27 20:37 -------- d-----w c:\program files\Nokia
2009-04-06 12:32 . 2009-03-25 04:05 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 12:32 . 2009-03-25 04:05 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 19:00 . 2009-04-03 01:46 400 ----a-w c:\windows\Tasks\SmartDefrag.job
2009-04-01 15:15 . 2009-04-01 15:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-01 15:15 . 2009-04-01 15:15 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-01 15:10 . 2009-04-01 15:10 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-01 15:10 . 2009-04-01 15:10 -------- d-----w c:\program files\Common Files\Nokia
2009-04-01 15:09 . 2009-04-01 15:09 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-01 00:18 . 2009-03-31 18:59 -------- d-----w c:\program files\Dachshund Software
2009-04-01 00:17 . 2009-03-31 18:59 202 ---ha-w c:\windows\winshell.dat
2009-04-01 00:17 . 2009-04-01 00:17 64512 ---ha-w c:\documents and settings\Administrator\Application Data\dach100.dll
2009-03-31 19:04 . 2009-03-31 19:04 918045 ---ha-w C:\DH Temp.tmp
2009-03-31 12:52 . 2009-03-31 12:52 -------- d-----w c:\program files\MSXML 6.0
2009-03-30 13:21 . 2009-03-23 19:41 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 19:53 . 2009-03-29 19:53 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-29 11:14 . 2009-03-29 11:13 -------- d-----w c:\program files\Hotspot Shield
2009-03-29 09:35 . 2009-03-29 09:35 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-29 09:35 . 2009-03-29 09:35 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-29 07:34 . 2009-03-29 07:19 -------- d-----w c:\program files\MOZAT
2009-03-28 01:16 . 2009-03-28 01:16 -------- d-----w c:\program files\Panda Security
2009-03-27 20:37 . 2009-03-27 20:37 -------- d-----w c:\program files\DIFX
2009-03-27 02:49 . 2009-03-27 02:49 203776 ----a-w c:\windows\system32\clrviddc.dll
2009-03-27 02:26 . 2009-03-27 02:26 -------- d-----w c:\program files\Common Files\xing shared
2009-03-27 02:26 . 2009-03-27 02:26 -------- d-----w c:\program files\Common Files\Real
2009-03-27 02:26 . 2009-03-27 02:26 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-27 02:26 . 2009-03-27 02:26 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-27 02:26 . 2009-03-27 02:26 -------- d-----w c:\program files\Real
2009-03-25 14:48 . 2009-03-25 14:48 -------- d-----w c:\program files\Circle Devlopement
2009-03-25 01:29 . 2009-03-23 21:21 -------- d-----w c:\program files\Adverts
2009-03-24 01:15 . 2007-04-28 13:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-03-24 01:15 . 2009-03-23 23:43 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-24 01:15 . 2009-03-23 23:43 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-24 00:28 . 2009-03-24 00:21 -------- d-----w c:\program files\Google
2009-03-24 00:21 . 2009-03-24 00:21 -------- d-----w c:\program files\GRETECH
2009-03-23 23:43 . 2009-03-23 23:43 -------- d-----w c:\program files\Kaspersky Lab
2009-03-23 23:12 . 2009-03-23 22:12 -------- d-----w c:\program files\Windows Live
2009-03-23 22:14 . 2009-03-23 22:12 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-03-23 21:22 . 2009-03-23 21:22 -------- d-----w c:\program files\Admin Dumb
2009-03-23 21:21 . 2009-03-23 21:21 -------- d-----w c:\program files\MessengerPlus! 3
2009-03-23 20:45 . 2009-03-23 20:45 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-23 20:16 . 2009-03-23 20:13 -------- d-----w c:\program files\Realtek
2009-03-23 20:13 . 2009-03-23 20:13 315392 ----a-w c:\windows\HideWin.exe
2009-03-23 20:10 . 2009-03-23 20:10 -------- d-----w c:\program files\Intel
2009-03-23 20:10 . 2009-03-23 20:10 -------- d-----w c:\program files\Browser Configuration Utility
2009-03-23 20:10 . 2009-03-23 20:10 -------- d-----w c:\program files\Gigabyte
2009-03-23 19:42 . 2009-03-23 19:42 -------- d-----w c:\program files\MSXML 4.0
2009-03-23 19:41 . 2001-09-19 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-23 19:39 . 2009-03-23 19:39 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-23 19:14 . 2009-03-23 19:14 -------- d-----w c:\program files\microsoft frontpage
2009-03-08 01:34 . 2007-04-23 04:53 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2004-08-03 22:55 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2004-08-03 22:55 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2004-08-03 22:55 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2004-08-03 22:55 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2004-08-03 22:55 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2004-08-03 22:55 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2004-08-03 22:53 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2004-08-03 22:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2001-09-19 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:00 . 2004-08-03 22:55 283136 ----a-w c:\windows\system32\pdh.dll
2009-02-21 05:25 . 2008-12-31 14:04 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-09 13:52 . 2007-04-23 04:52 1847296 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:41 . 2007-02-28 19:05 2022400 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:41 . 2007-04-23 04:53 2144256 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:03 . 2007-04-23 04:52 722944 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:03 . 2007-04-23 04:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:03 . 2004-08-03 22:55 681984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:03 . 2004-08-03 22:55 694272 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 09:50 . 2004-08-03 22:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2001-09-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:52 . 2004-08-03 22:55 56320 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-03-23 190024]
"SEEK BEEP"="c:\docume~1\ADMINI~1\APPLIC~1\ADMIND~1\Roamwait.exe" [2009-03-23 606208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\Msmsgs.exe" [2004-10-13 1694208]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-03 2794928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-27 198160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-04-23 12451]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\Administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
IDMan.exe.lnk - c:\program files\Internet Download Manager\IDMan.exe [2009-5-2 2794928]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Gigabyte\\EasySaver\\GBTUpd.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gigabyte\\EasySaver\\UpdExe.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:Torrent
"8080:UDP"= 8080:UDP:µTorrent
R3 utg4njgz;AVZ Kernel Driver; [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2008-07-17 80392]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-09 603904]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 13:28]
2009-05-02 c:\windows\Tasks\A8E652BA91A9C45E.job
- c:\docume~1\admini~1\applic~1\admind~1\pop chic close.exe [2009-03-23 21:27]
2009-05-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-05-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-05 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-03 10:15]
2009-05-02 c:\windows\Tasks\الصيانة بنقرة واحدة.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 13:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?fr=mcafee&p={searchTerms}
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqn9e8r5.default\
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-02 13:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-583907252-113007714-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,11,2f,f8,8c,79,e5,4b,a9,2e,c8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,11,2f,f8,8c,79,e5,4b,a9,2e,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42663e19-70aa-4d04-acdc-7de0d6a0d1f5}]
@Denied: (Full) (Everyone)
"Model"=dword:00000076
"Therad"=dword:00000021
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4d,31,63,fc,3e,cb,1f,a9,f1,89,0f,9f,be,a7,9c,de,39,37,33,04,37,
88,ab,93,ed,c9,5b,31,fa,bd,cc,eb,21,68,0e,58,a1,08,eb,b5,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1792)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1896)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
- - - - - - - > 'explorer.exe'(2440)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
.
Completion time: 2009-05-02 13:30
ComboFix-quarantined-files.txt 2009-05-02 10:30
Pre-Run: 41,443,635,200 bytes free
Post-Run: 41,557,295,104 bytes free
400 --- E O F --- 2009-04-29 17:59

 

[أعتز بك]

أخي البطء لا يزال بهذه الأداة

أستخدم أداة المكافئ


حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها فتظهر لك واجهة الاداة


اختر خيار التنظيف فتظهر شاشة الدوس للفحص

اتركها حتى تنتهي ويظهر التقرير

انسخه والصقه بمشاركتك القادمة

وبعدها شوف اوضاع الجهاز

وخذ رااحتك

بالآآنتظآآر ,,

 

[دمعة خفوق]

أخي أعتز بارك الله فيك حملة الأداه بس طلعة فيه مشكلة في التحميل
وصل نسبة 90% وقف حتى أستنأف لايستطيع
وتوجهة على موقع رابيد شير أبحمل من جديد
ولا أستطيع تحميله
إذا الأداه مرفوعه على موقع ثاني تكفى ضعها في ردك

 

[أعتز بك]

أخي أعتز بارك الله فيك حملة الأداه بس طلعة فيه مشكلة في التحميل
وصل نسبة 90% وقف حتى أستنأف لايستطيع
وتوجهة على موقع رابيد شير أبحمل من جديد
ولا أستطيع تحميله
إذا الأداه مرفوعه على موقع ثاني تكفى ضعها في ردك

آآسف

الأداة مرفوعه فقط على الرابد شير

بس ان شاء الله أقوم برفعها على موقع أخر

وإلى ذلك الوقت حمل هذه الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وسوف اقوم بوضع اداة تنظيف آخرى

بالآآنتظآآر ,,

 

[أعتز بك]

وتفضل هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بالتوفيق

وعطني أوضاع الجهاز بعد الأنتهاء

 

[دمعة خفوق]

وتفضل هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بالتوفيق

وعطني أوضاع الجهاز بعد الأنتهاء

مشكور أخي و بارك الله فيك ,,,,,,,
الجهاز عندي 100%
كل شي صار تمام ولله الحمد
والله يجزاك الف خير

وتقبل خالص تحياتي