[تم حل المشكلة]مشكلة مع الذاكرة والمعالج يا ريث الحل

الحالة
مغلق و غير مفتوح للمزيد من الردود.
الرجباني

الرجباني

زيزوومى متألق
إنضم
13 يناير 2009
المشاركات
269
مستوى التفاعل
19
النقاط
370
الإقامة
لــيبيــا
غير متصل
السلام عليكم كل ما افتح البرنامج تصير معي نفس المشكلة ....


هذي صورة توضح المشكلة وفيه تقريرأو تفصيل ....



التفصيل...

راجع نهاية هذه الرسالة للحصول على تفاصيل حول استدعاء
التصحيح اللحظي (JIT) بدلاً من مربع الحوار الحالي.

************** نص الاستثناء **************
System.AccessViolationException: جرت محاولة القراءة من الذاكرة المحمية أو الكتابة إليها. ويعد ذلك غالبًا إشارة إلى أن الذاكرة الأخرى تالفة.
عند (* )
عند ..()
عند ProgDvbNet.OSDChannelCaptionForm.(Object , EventArgs )
عند System.Windows.Forms.Timer.OnTick(EventArgs e)
عند System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
عند System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** التجميعات المحملة **************
mscorlib
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
ProgDvbNet
إصدار التجميع: 6.6.1.0
إصدار Win32: 6.06.1
مصدر البرنامج: file:///C:/Program%20Files/ProgDVB/ProgDvbNet.exe
----------------------------------------
EngineApiWrapper
إصدار التجميع: 1.2.9.0
إصدار Win32:
مصدر البرنامج: file:///C:/Program%20Files/ProgDVB/EngineApiWrapper.DLL
----------------------------------------
msvcm80
إصدار التجميع: 8.0.50727.1433
إصدار Win32: 8.00.50727.1433
مصدر البرنامج: file:///C:/WINDOWS/WinSxS/x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2/msvcm80.dll
----------------------------------------
System.Windows.Forms
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
ProgDvbNet.bc
إصدار التجميع: 1.0.2.0
إصدار Win32: 1.0.2.0
مصدر البرنامج: file:///C:/Program%20Files/ProgDVB/ProgDvbNet.bc.DLL
----------------------------------------
IPDev.Skins
إصدار التجميع: 1.3.11.0
إصدار Win32: 1.3.11.0
مصدر البرنامج: file:///C:/Program%20Files/ProgDVB/IPDev.Skins.DLL
----------------------------------------
ProgDvbNet.EPG
إصدار التجميع: 1.0.5.0
إصدار Win32: 1.0.5.0
مصدر البرنامج: file:///C:/Program%20Files/ProgDVB/ProgDvbNet.EPG.DLL
----------------------------------------
ProgDvbNet.CC
إصدار التجميع: 1.0.4.0
إصدار Win32: 1.0.4.0
مصدر البرنامج: file:///C:/Program%20Files/ProgDVB/ProgDvbNet.CC.DLL
----------------------------------------
System.Xml
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
mscorlib.resources
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
ProgDvbNet.Win
إصدار التجميع: 1.0.0.0
إصدار Win32:
مصدر البرنامج: file:///C:/Program%20Files/ProgDVB/ProgDvbNet.Win.DLL
----------------------------------------
ProgDvbNet.resources
إصدار التجميع: 0.0.0.0
إصدار Win32: 0.0.0.0
مصدر البرنامج: file:///C:/Program%20Files/ProgDVB/ar-TN/ProgDvbNet.resources.DLL
----------------------------------------
System.Windows.Forms.resources
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms.resources/2.0.0.0_ar_b77a5c561934e089/System.Windows.Forms.resources.dll
----------------------------------------
Accessibility
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
----------------------------------------
System.Design
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Design/2.0.0.0__b03f5f7f11d50a3a/System.Design.dll
----------------------------------------
System.resources
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/System.resources/2.0.0.0_ar_b77a5c561934e089/System.resources.dll
----------------------------------------
System.Drawing.Design
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing.Design/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.Design.dll
----------------------------------------
System.Configuration
إصدار التجميع: 2.0.0.0
إصدار Win32: 2.0.50727.1433 (REDBITS.050727-1400)
مصدر البرنامج: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------

************** تصحيح JIT **************
لتمكين التصحيح اللحظي (JIT)، يجب تعيين قيمة
jitDebugging في القسم system.windows.forms
في ملف التكوين لهذا التطبيق أو الكمبيوتر (machine.config).
يجب أيضًا تحويل التطبيق برمجيًا مع تمكين
التصحيح.

على سبيل المثال:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

عند تمكين تصحيح JIT، سيتم إرسال أي استثناء لم تتم معالجته
إلى مصحح JIT المسجل على الكمبيوتر
بدلاً من معالجته بواسطة مربع الحوار هذا.


وبعد الضغط على إنهاء يطلع هذا كما موضح في الصورة....



والله حيرني هذا الكمبيوتر؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
 

توقيع : الرجباني
ترتيب حسب التاريخ ترتيب حسب الأصوات
اعمل الاتي يالغلااا في الوضع الامن >>> السيف مووود

تقرير هايجاك
حمل هذا البرنامج
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد 0
هذا التقرير أخوي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:39 ص, on 08/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\LTT WiMAX\LTT WiMAX.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ProgDVB\ProgDvbNet.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: searchersmart search enhancer - {6BAAFB29-2F6C-DA4D-18D5-15E027AB712D} - C:\WINDOWS\system32\xwpkkyflrenywhj.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RGSC] D:\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] D:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ScsiAccess - Unknown owner - D:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7189 bytes
 
توقيع : الرجباني
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
هذا التقرير أخوي...


ComboFix 09-05-07.A01 - Administrator 05/08/2009 18:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.218.1033.18.2047.1303 [GMT 3:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Solt Lake Software
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\52QWLrdF.exe.a_a
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
c:\windows\system32\xwpkkyflrenywhj.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.

2009-05-08 14:04 . 2009-05-08 14:04 0 ----a-w c:\windows\system32\drivers\IsDrv118.sys
2009-05-08 14:04 . 2009-05-08 14:04 0 ----a-w c:\windows\system32\drivers\IsPubDrv.sys
2009-05-08 14:02 . 2009-05-08 14:02 107520 ----a-w c:\windows\Netfathr.exe
2009-05-08 14:02 . 2009-05-08 14:07 -------- d-sh--r d:\program files.\tuEagles
2009-05-07 15:21 . 2009-05-07 15:21 -------- d-----w d:\program files.\microsoft frontpage
2009-05-07 15:13 . 2009-05-07 15:13 -------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue
2009-05-07 15:12 . 2009-05-07 20:45 -------- dc-h--w c:\documents and settings\All Users\Application Data\~0
2009-05-07 15:09 . 1998-06-17 22:00 153600 ----a-w c:\windows\system32\tlbinf32.dll
2009-05-05 11:31 . 2001-08-17 19:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-05-05 11:31 . 2001-08-17 19:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-05-05 11:31 . 2001-08-17 19:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2009-05-05 11:31 . 2001-08-17 19:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-05-05 11:31 . 2001-08-17 11:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
2009-05-05 11:31 . 2001-08-17 11:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-05-05 11:31 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
2009-05-05 11:31 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-05-05 11:31 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-05-05 11:31 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-05-05 11:31 . 2008-04-14 02:39 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
2009-05-05 11:31 . 2008-04-14 02:39 6144 ----a-w c:\windows\system32\kbd106.dll
2009-05-05 07:49 . 2009-05-05 07:49 -------- d-----w c:\documents and settings\Administrator\Application Data\Netscape
2009-05-05 07:48 . 2009-05-05 07:48 -------- d-----w d:\program files.\Photodex
2009-05-05 07:48 . 2009-05-05 07:48 -------- d-----w c:\documents and settings\Administrator\Application Data\Photodex
2009-05-03 22:16 . 2009-05-03 22:16 214 ----a-w C:\UnInstall.dat
2009-05-03 22:16 . 2009-05-02 09:39 16896 ----a-w c:\windows\system32\grwinsthlp.exe
2009-05-01 12:11 . 2009-05-01 12:11 -------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-01 10:13 . 2009-05-01 10:13 -------- d-----w c:\documents and settings\Administrator\Application Data\GlarySoft
2009-04-30 09:35 . 2009-04-30 09:35 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-30 09:35 . 2008-11-24 11:19 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-30 09:35 . 2009-04-30 09:35 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-29 19:35 . 2009-04-29 19:35 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-29 19:29 . 2009-04-29 19:35 -------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-04-29 18:42 . 2009-04-29 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-29 14:19 . 2009-05-05 15:47 -------- d-----w c:\windows\system32\SupportWimax
2009-04-28 13:15 . 2009-04-29 18:42 -------- d-----w c:\documents and settings\Administrator\Application Data\CoreFTP
2009-04-17 14:47 . 2009-03-09 13:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-17 14:47 . 2009-03-09 13:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-17 14:47 . 2009-03-09 13:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-17 14:47 . 2009-03-16 12:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-17 14:47 . 2009-03-16 12:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-17 14:47 . 2009-03-16 12:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-17 14:47 . 2009-03-16 12:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-15 10:28 . 2009-04-22 22:03 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Dyyno
2009-04-12 17:19 . 2009-04-12 17:19 -------- d-----w c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 15:54 . 2009-01-18 14:10 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-08 15:49 . 2009-01-18 14:10 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-07 15:20 . 2009-01-26 10:42 688160 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-07 15:20 . 2009-01-26 10:42 4480 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-07 15:20 . 2009-01-26 10:42 2748960 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-07 15:20 . 2009-01-26 10:42 23604 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-07 15:20 . 2009-01-17 17:07 731528 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-07 14:52 . 2008-11-14 22:27 33712 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 10:58 . 2009-01-24 11:26 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-01 12:14 . 2009-02-18 14:33 -------- d-----w c:\program files\Common Files\Adobe
2009-04-26 20:52 . 2009-02-17 14:50 196608 ----a-w c:\windows\system32\maag.dll
2009-04-26 20:52 . 2009-02-17 14:50 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-26 20:52 . 2009-02-17 14:50 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-26 20:52 . 2009-02-17 14:50 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-26 20:52 . 2009-02-17 14:50 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-26 20:52 . 2009-02-17 14:50 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-26 20:52 . 2009-02-17 14:50 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-26 20:52 . 2009-02-17 14:50 1245184 ----a-w c:\windows\system32\bkll.dll
2009-04-12 17:18 . 2008-11-14 14:23 -------- d-----w c:\program files\Common Files\Real
2009-04-07 10:44 . 2008-04-14 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-03-25 15:28 . 2009-03-10 12:21 -------- d-----w c:\program files\Common Files\Ahead
2009-03-21 17:26 . 2009-01-18 14:10 139152 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2009-03-21 17:24 . 2009-03-21 17:06 111928 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrB.exe
2009-03-21 17:24 . 2009-01-26 10:29 794408 ----a-w c:\windows\system32\pbsvc.exe
2009-03-21 13:57 . 2008-09-12 11:42 -------- d-----w d:\program files.\SCC-TDS
2009-03-16 23:18 . 2009-03-16 23:18 -------- d-----w d:\program files.\GRETECH
2009-02-28 18:50 . 2009-02-28 18:50 2678 ----a-w c:\windows\java\Packages\Data\SNZ1R39J.DAT
2009-02-28 18:50 . 2009-02-28 18:50 2678 ----a-w c:\windows\java\Packages\Data\3BJV9B1F.DAT
2009-02-28 18:50 . 2009-02-28 18:50 2678 ----a-w c:\windows\java\Packages\Data\Q4C7BL7H.DAT
2009-02-28 18:50 . 2009-02-28 18:50 2678 ----a-w c:\windows\java\Packages\Data\GRBHFRRV.DAT
2009-02-28 18:50 . 2009-02-28 18:50 2678 ----a-w c:\windows\java\Packages\Data\XRR77LVD.DAT
2009-02-28 18:44 . 2009-02-28 18:44 2232 ----a-w c:\windows\java\Packages\Data\9BR713VB.DAT
2009-02-28 18:44 . 2009-02-28 18:44 155995 ----a-w c:\windows\java\Packages\NZ7DBVLF.ZIP
2009-02-28 09:02 . 2009-01-18 14:10 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-27 06:03 . 2008-12-06 18:13 57394 ----a-w c:\windows\system32\xwpkkyflrenywhj.dll-uninst.exe
2009-02-18 20:10 . 2001-08-23 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-18 20:08 . 2008-11-14 13:29 23224 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-17 14:50 . 2009-02-17 14:50 344064 ----a-w c:\windows\system32\dkll.dll
2009-02-10 09:22 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-10 09:21 . 2009-01-26 10:43 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-10 09:21 . 2009-01-26 10:43 101287 ----a-w c:\windows\system32\drivers\klin.dat
.

------- Sigcheck -------

[-] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2004-08-03 22:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB956390_0$\wininet.dll
[7] 2008-04-14 12:00 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2008-10-16 10:37 659456 6F1E4BFD78C4E0D05FF3725D59B72925 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll
[-] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll
[-] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll
[-] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll
[-] 2008-04-14 12:00 776192 966F311363CE6E4719A0A04070D345CC c:\windows\system32\wininet.dll
[-] 2008-04-14 12:00 776192 966F311363CE6E4719A0A04070D345CC c:\windows\system32\dllcache\wininet.dll

[-] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 13:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2004-08-03 23:05 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[7] 2008-04-14 12:00 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2008-04-14 12:00 2186752 E79A41C2F9EAC01B23A18C8911112934 c:\windows\system32\ntkrnlpa.exe

[-] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 14:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2004-08-03 21:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[7] 2008-04-14 12:00 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2008-04-14 12:00 2308096 33C3C3D7A7C6E56D9EBC3E8EEA0D490C c:\windows\system32\ntoskrnl.exe

[-] 2008-04-14 12:00 1540608 891CC147CC1EAA759A7DA3050E7446FF c:\windows\explorer.exe
[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 12:00 1540608 891CC147CC1EAA759A7DA3050E7446FF c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-02-24 2745776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RGSC"="d:\grand theft auto iv\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-26 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-12 198160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 206088]
"eagleeye"="d:\program files.\tuEagles\EagleSvr.exe" [2009-05-08 408064]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-10-12 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=d:\grand theft auto iv\Rockstar Games Social Club\RGSCLauncher.exe /silent
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 2\\firefox.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Grand Theft Auto IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\Grand Theft Auto IV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\SCC-TDS\\Command And Conquer Red Alert 3\\Data\\ra3_1.0.game"=
"d:\\Program Files\\SCC-TDS\\Command And Conquer Red Alert 3\\Data\\ra3_1.8.game"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\SCC-TDS\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\tuEagles\\EagleSvr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R3 AVHybrid;AVHybrid service;c:\windows\system32\drivers\AVHybrid.sys [01/07/2005 01:01 م 999808]
R3 HuaweiWiMAXUSB;HuaweiWiMAXUSB Device driver;c:\windows\system32\drivers\HuaweiWiMAXUSB.sys [15/02/2009 06:11 م 45312]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
S2 gupdate1c9ad443d76c006;gupdate1c9ad443d76c006; [x]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [30/04/2009 12:35 م 603904]
S3 dump_wmimmc;dump_wmimmc; [x]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/01/2009 08:30 م 138112]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PNKBSTRB

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2580971e-fa0c-11dd-9851-00192103c7f1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2580971f-fa0c-11dd-9851-00192103c7f1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a0059fb-09b0-11de-9882-001e108547de}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d711291-131d-11de-9898-001e108547de}]
\sheLl\aUTopLAY\command - G:\ejojut.cmd
\sheLl\AutoRun\command - G:\ejojut.cmd
\sheLl\EXPlOrE\command - G:\ejojut.cmd
\sheLl\open\CommanD - G:\ejojut.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fdae04b-0991-11de-9880-001e108547de}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb4484ba-fb72-11dd-9856-00192103c7f1}]
\Shell\AutoRun\command - F:\StarSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb4484bc-fb72-11dd-9856-00192103c7f1}]
\Shell\AutoRun\command - F:\StarSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc723867-04fe-11de-9879-001e108547de}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 14:46]

2009-05-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 12:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6BAAFB29-2F6C-DA4D-18D5-15E027AB712D} - c:\windows\system32\xwpkkyflrenywhj.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ly/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: ????? ???? ?????? Internet Download Manager
IE: ????? ????? FLV ?????? Internet Download Manager
IE: ????? ?????? Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager
IE: E???? C??? E?C??E Internet Download Manager
IE: E???? E?C??E Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: E???? C??? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: E???? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5p85lj9u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 2\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 19:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-507921405-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A06499A1-6085-6B7F-20CC-56C457CDF178}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abddpdbalnahnikphehnkjkbdkbccmnggi"=hex:65,62,64,69,6a,6e,6c,69,6f,6a,63,6a,
6a,68,63,62,6b,6b,67,6d,64,69,65,6e,69,6f,66,70,6d,6d,6c,67,6a,69,6c,67,61,\
"bbddpdbalnahnikpheinfmkbhgiplpimghbm"=hex:61,62,61,6e,68,68,70,6a,66,6d,6b,64,
68,6f,6c,66,6e,6d,64,62,6d,62,61,66,65,6c,6a,6c,6e,6f,70,62,63,6c,00,67

[HKEY_USERS\S-1-5-21-1123561945-507921405-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:bb,b8,83,90,b8,72,38,c1,27,8e,2e,42,af,5e,2d,ce,56,e0,ec,bc,98,
4b,1d,8a,4d,db,33,6f,cd,52,36,a3,87,01,26,a1,7b,45,64,8d,50,10,f0,b0,33,89,\
"rkeysecu"=hex:05,9e,b5,be,ee,ec,f5,be,e6,52,11,bb,37,ca,ad,1b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a0,a9,1a,94,41,1e,73,47,e4,9a,a7,b0,df,bb,19,d4,f8,10,bb,40,73,
ce,7b,2b,87,f1,5c,eb,fa,ce,60,7e,a5,ae,4a,28,bd,af,57,c7,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f570ca31-d385-4921-90ab-5ce0648933f2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000003d
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,f6,31,ec,ed,75,f3,b6,1d,5d,f0,c9,49,d3,6c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1396)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'lsass.exe'(1496)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-05-08 19:02
ComboFix-quarantined-files.txt 2009-05-08 16:02

Pre-Run: 2,968,981,504 bytes free
Post-Run: 2,980,868,096 bytes free

308 --- E O F --- 2009-01-26 14:28
 
توقيع : الرجباني
تأييد 0
الرسالة تظهر بجميع البرامج ام ببرنامج واحد فقط ؟
وكيف الاوضاع الان ؟
 
تأييد 0
الله يبشر بالخير
والحمدلله على انتهاء المشكلة
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى