مشكلة لم اجد لها تفسير ..! ارجو الأطلاع

[ابو فجر 1]

السلام عليكم ورحمة الله وبركاتة
ارجو ممن لدية الخبرة مساعدتي واخباري بنوع المشكلة في جهازي لأني الى الان لا اعرف ماسبب المشكلة
علق الجهاز وعملت له ريستار وبعدها بدأت المشكلة

مشكلتي اختفاء ايقونات سطح المكتب والمفضلة وظهور صفحة الاكسبلورار ئيسية بلغة صينية او يابانية مع العلم انني عندما اذهب الى مجلد المفضلة الموجود بسي اجد جميع مواقعي وعندما احاول فتح الارتباط تظهر لي رسالة خطأ يتعذر على الويندوز العثور على الرابط تأكد من كتابة العنوان بشكل صحيح
وعند فتح جهاز الكمبيوتر تظهر رسالة يتعذر الوصول الى wandows>system32<config<system provel<dsktop
تم رفض الوصول واختفت جميع الاختصارات على سطح المكتب ماعدا جهاز الكميوتر والشبكة وسلة المحذوفات ولوحة التحكم

وعندما احاول حفظ موقع جديد بلمفضلة لا ينحفظ مع العلم انهوا قبل هذة المشكلة ظهرت لي رسالة تخبرني بأن نسخة الاوفيس غير اصلية الموجودة على جهازي فهل لهو صلة بلمشكلة


نظام التشغيل لجهازي فيستا ارجو من لدية الخبرة افادتي هل هو فايرس ام اختراق ام ماذ1 .....؟

 

[السّاجد لله]

هذا والله اعلم الفايروس الصيني حاول تعمل التالي

اولا
عطل برامج الحماية لديك
نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

اثناء الفحص ممكن يعاد تشغيل الجهاز​

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثانيا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني​

​

​

 

[ابو فجر 1]

اولأ اشكرك اخي على سرعة الرد
ثانيا لقد حملت البرنامج الاول فلم تظهر لي اي خيارات مجرد ظهور شريط مثل شريط التحميل وكتب فوقة
fax com
وبعدها عملت ريستارت وعندما اشتغل الجهاز ولكن اختفت خلفية سطح المكتب لتظهر خلفية سوداء وعند محاولة تغييرها لاتظهر اي صورة لا يمكن حتى استعرض صور سطح المكتب وبنسبة للبرنامج الثاني فهذا هو التقرير الذي ظهر لي


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:10:56 م, on 10/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 13636 bytes


هل يوجد حل ام ماذا ..؟

 

[أعتز بك]

قم بتحمل الأداة الأولى من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وأعمل كما في الشرح مسبقاً

 

[ابو فجر 1]

اشكرك اخي اعتز بك على اهتمامك
لقد حملت الاداة وقد كان الخطاء في المرة الاولى مني لأني لم اوقف عمل الكاسبر المهم حملت البرنامج واشتغل وظهر لي هذ1 التقرير فهل تخبرني لو سمحت بحالت جهازي مع العلم انه بعد عمل البرنامج بدقائق عاد سطح المكتب الى ماهو علية فماهي المشكلة شاكر لكم اهتمامك وتقبلوا تحياتي

هذ1 هو التقرير الذي ظهر

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1025.18.3068.2062 [GMT 3:00]
Running from: c:\users\thana\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
.
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.
2009-05-10 10:10 . 2009-05-10 10:10 -------- d-----w c:\program files\Trend Micro
2009-05-05 18:44 . 2009-05-05 18:48 3380520 ----a-w c:\users\thana\vista_MSJavx86.exe
2009-05-05 10:12 . 2009-05-05 10:12 56 ---ha-w c:\programdata\ezsidmv.dat
2009-05-05 10:12 . 2009-05-05 10:12 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-05-05 10:12 . 2009-05-09 18:25 -------- d-----w c:\users\thana\AppData\Roaming\skypePM
2009-05-04 18:42 . 2009-05-09 18:27 -------- d-----w c:\users\thana\AppData\Roaming\Skype
2009-05-04 18:41 . 2009-05-04 18:41 -------- d-----w c:\program files\Common Files\Skype
2009-05-04 18:41 . 2009-05-04 18:41 -------- d-----r c:\program files\Skype
2009-05-04 18:41 . 2009-05-04 18:41 -------- d-----w c:\programdata\Skype
2009-05-04 18:41 . 2009-05-04 18:41 -------- d-----w c:\users\All Users\Skype
2009-05-04 18:06 . 2004-06-14 11:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-05-04 18:06 . 2009-05-04 18:06 -------- d-----w c:\program files\Driver-Soft
2009-05-04 16:34 . 2009-05-04 16:34 -------- d-sh--w c:\windows\system32\config\systemprofile\قائمة ابدأ
2009-05-03 22:03 . 2009-05-09 22:15 5316176 ----a-w c:\users\thana\MSJavx86.exe
2009-05-03 20:32 . 2009-05-03 20:32 -------- d-----w c:\programdata\Office Genuine Advantage
2009-05-03 20:32 . 2009-05-03 20:32 -------- d-----w c:\users\All Users\Office Genuine Advantage
2009-05-03 20:03 . 2009-03-08 11:31 45568 ----a-w c:\windows\system32\mshta.exe
2009-04-27 16:53 . 2009-05-03 16:19 -------- d-----w C:\Downloads
2009-04-27 16:53 . 2009-05-03 16:19 -------- d-----w c:\users\thana\AppData\Roaming\Internet Download Accelerator
2009-04-27 16:51 . 2009-05-03 19:44 -------- d-----w c:\program files\IDA
2009-04-16 11:42 . 2009-04-16 11:42 -------- d-----w c:\program files\Microsoft Virtual PC
2009-04-16 11:30 . 2009-04-16 11:30 -------- d-----w c:\program files\Posum
2009-04-16 11:29 . 1997-01-18 08:40 299520 ----a-w c:\windows\uninst.exe
2009-04-16 11:21 . 2009-04-16 11:21 -------- d-----w c:\users\ابو فجر\AppData\Local\Adobe
2009-04-11 20:11 . 2004-10-22 16:19 106496 ----a-w c:\windows\system32\vmnetdhcp.exe
2009-04-11 20:10 . 2009-05-10 14:06 -------- d-----w c:\programdata\VMware
2009-04-11 20:10 . 2009-05-10 14:06 -------- d-----w c:\users\All Users\VMware
2009-04-11 20:10 . 2004-10-22 16:19 135168 ----a-w c:\windows\system32\vmnat.exe
2009-04-11 20:10 . 2004-10-22 16:29 13440 ----a-w c:\windows\system32\drivers\vmnetuserif.sys
2009-04-11 20:10 . 2004-10-22 16:19 380928 ----a-w c:\windows\system32\vnetlib.dll
2009-04-11 20:04 . 2009-04-11 20:04 -------- d-----w c:\program files\VMware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 14:06 . 2008-08-03 12:22 78215 ----a-w c:\users\All Users\nvModes.dat
2009-05-10 14:06 . 2008-08-03 12:22 78215 ----a-w c:\programdata\nvModes.dat
2009-05-10 10:22 . 2008-11-27 18:03 843808 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-10 10:22 . 2008-11-27 18:03 5741600 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-10 10:22 . 2008-11-27 18:03 46984 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-10 10:22 . 2008-11-27 18:03 3964 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-10 10:22 . 2008-06-28 12:30 3204 ----a-w c:\windows\bthservsdp.dat
2009-05-09 22:16 . 2009-05-09 22:16 2678 ----a-w c:\windows\Java\Packages\Data\0K4AKOV3.DAT
2009-05-09 22:16 . 2009-05-09 22:16 2678 ----a-w c:\windows\Java\Packages\Data\7VZXRT31.DAT
2009-05-09 22:16 . 2009-05-09 22:16 2678 ----a-w c:\windows\Java\Packages\Data\P7B9RZDJ.DAT
2009-05-09 22:16 . 2009-05-09 22:16 2678 ----a-w c:\windows\Java\Packages\Data\979RZ5JP.DAT
2009-05-09 22:16 . 2009-05-09 22:16 2678 ----a-w c:\windows\Java\Packages\Data\2SO0FBND.DAT
2009-05-05 19:08 . 2009-02-08 19:32 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-05 19:08 . 2008-06-28 13:58 -------- d-----w c:\program files\Java
2009-05-04 17:06 . 2008-06-28 12:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 17:06 . 2008-06-28 12:39 -------- d-----w c:\program files\Hewlett-Packard
2009-05-04 17:06 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-17 08:54 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 11:43 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-16 11:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-12 10:43 . 2008-06-28 13:25 -------- d-----w c:\program files\Microsoft Works
2009-04-12 10:36 . 2008-08-03 11:53 -------- d-----w c:\program files\Apoint2K
2009-04-09 17:40 . 2009-04-08 17:04 -------- d-----w c:\program files\Yahoo!
2009-04-08 17:08 . 2009-04-08 17:08 262144 ----a-w C:\ntuser.dat
2009-03-31 17:27 . 2008-11-07 09:29 7592 ----a-w c:\users\thana\AppData\Local\d3d9caps.dat
2009-03-30 14:05 . 2008-11-06 05:51 -------- d-----w c:\program files\Nokia
2009-03-30 14:05 . 2008-11-06 05:52 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-30 13:48 . 2008-11-27 16:57 -------- d-----w c:\program files\Webteh
2009-03-30 13:01 . 2009-03-30 13:01 -------- d-----w c:\program files\Rar Repair Tool
2009-03-20 10:19 . 2009-03-20 10:19 -------- d-----w c:\program files\iVocalize Web Conference 4
2009-03-19 13:38 . 2009-03-19 13:38 249856 ------w c:\windows\Setup1.exe
2009-03-19 13:38 . 2009-03-19 13:38 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-19 12:17 . 2009-03-19 12:16 -------- d-----w c:\program files\Acoustica MP3 Audio Mixer
2009-03-19 09:43 . 2008-11-27 17:00 -------- d-----w c:\program files\DivX
2009-03-17 03:38 . 2009-04-16 11:27 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 11:27 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-15 16:19 . 2009-01-06 21:48 -------- d-----w c:\program files\MessengerDiscovery
2009-03-08 11:34 . 2009-05-03 20:03 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-03 20:04 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-03 20:04 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-03 20:03 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-03 20:03 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-03 20:03 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-03 20:03 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-03 20:03 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-03 20:03 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-03 20:04 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-03 20:04 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-03 20:04 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-03 20:04 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-03 20:03 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-03 20:04 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-03 20:04 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:22 . 2009-05-03 20:04 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-16 11:27 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 11:27 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 11:27 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 11:27 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 11:27 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 11:27 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 11:27 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 11:27 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 11:27 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 11:27 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-18 20:30 . 2009-02-18 20:30 118648 ----a-w c:\users\ابو فجر\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-13 08:49 . 2009-04-16 11:27 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 11:27 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-10 21:43 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-06-28 11:21 . 2008-06-28 11:18 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-12-17 2745776]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-07-05 4538368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-13 699456]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-10 206088]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-04-29 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-28 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-17 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E41ADE1D-2FAA-48B0-A392-29D93035E1D3}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{5FBF742E-B407-4701-A527-67FDC089B545}c:\\users\\thana\\appdata\\local\\temp\\rar$ex40.621\\brmoda 1.5.1.exe"= UDP:c:\users\thana\appdata\local\temp\rar$ex40.621\brmoda 1.5.1.exe:brmoda 1.5.1.exe
"UDP Query User{0E7B4EF2-92E0-4D8D-AD08-EB03A80021A3}c:\\users\\thana\\appdata\\local\\temp\\rar$ex40.621\\brmoda 1.5.1.exe"= TCP:c:\users\thana\appdata\local\temp\rar$ex40.621\brmoda 1.5.1.exe:brmoda 1.5.1.exe
"TCP Query User{2766421A-9629-4EF6-ADD8-EB20E4A346D1}c:\\users\\thana\\appdata\\local\\temp\\rar$ex13.2872\\brmoda 1.5.1.exe"= UDP:c:\users\thana\appdata\local\temp\rar$ex13.2872\brmoda 1.5.1.exe:brmoda 1.5.1.exe
"UDP Query User{DBF3ECB8-32D0-4392-83CC-AC53F6789DFC}c:\\users\\thana\\appdata\\local\\temp\\rar$ex13.2872\\brmoda 1.5.1.exe"= TCP:c:\users\thana\appdata\local\temp\rar$ex13.2872\brmoda 1.5.1.exe:brmoda 1.5.1.exe
"TCP Query User{4C516B1A-E852-4FB2-8662-2C9B7CB8E399}c:\\users\\thana\\appdata\\local\\temp\\rar$ex02.870\\brmoda 1.5.1.exe"= UDP:c:\users\thana\appdata\local\temp\rar$ex02.870\brmoda 1.5.1.exe:brmoda 1.5.1.exe
"UDP Query User{A1ECF99C-7A40-4D35-8F56-CD6F1A3F2F5C}c:\\users\\thana\\appdata\\local\\temp\\rar$ex02.870\\brmoda 1.5.1.exe"= TCP:c:\users\thana\appdata\local\temp\rar$ex02.870\brmoda 1.5.1.exe:brmoda 1.5.1.exe
"TCP Query User{6D76926A-2B3C-429E-B05E-627EA306486F}c:\\users\\thana\\appdata\\local\\temp\\rar$ex00.564\\brmoda 1.5.1.exe"= UDP:c:\users\thana\appdata\local\temp\rar$ex00.564\brmoda 1.5.1.exe:brmoda 1.5.1.exe
"UDP Query User{5B39A4CD-8708-483B-AED7-A531FD367DF3}c:\\users\\thana\\appdata\\local\\temp\\rar$ex00.564\\brmoda 1.5.1.exe"= TCP:c:\users\thana\appdata\local\temp\rar$ex00.564\brmoda 1.5.1.exe:brmoda 1.5.1.exe
"TCP Query User{E874226C-4D9E-410A-BC9B-E5A7BBFA6F62}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{02D99091-5B19-4C3D-99E4-59D12BD1F11F}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{D219C92F-7E71-4605-8907-D3913C447321}c:\\program files\\fdrlab\\anytv\\anytv.exe"= UDP:c:\program files\fdrlab\anytv\anytv.exe:anyTV exe file
"UDP Query User{7887E637-5FC6-4EC1-9D82-0D3CA9D30A0F}c:\\program files\\fdrlab\\anytv\\anytv.exe"= TCP:c:\program files\fdrlab\anytv\anytv.exe:anyTV exe file
"{538C14CD-E670-403D-B79A-9D52ECA0FDAC}"= UDP:c:\program files\Mask Surf Pro\Tor\tor.exe:Tor
"{8961A295-9C40-4C82-8416-BD984D1423EB}"= TCP:c:\program files\Mask Surf Pro\Tor\tor.exe:Tor
"{0C0FF911-8389-4519-9FB5-332084CD85EA}"= UDP:c:\program files\Mask Surf Pro\masksurf.exe:Mask Surf Pro
"{48547C76-F6FF-4BAD-A1FF-3695C1ED4EEC}"= TCP:c:\program files\Mask Surf Pro\masksurf.exe:Mask Surf Pro
"TCP Query User{A97267DC-4D36-4C77-AD35-D69B6B5836BC}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{736AC808-DE4A-428F-8469-B93BA0CC9953}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{EC8C0DC3-014C-4653-9F0C-12B53BDD983A}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{939D8918-9AEF-4D2A-ABDE-86032163D916}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{37773989-4D72-436B-BB54-EF3D74EB3690}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FD7E3053-8C1C-4CA4-A28F-C6FDE7A31106}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{365F1257-24F3-471C-9BCA-956BFE4ED622}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F0E74D28-BDBC-455F-92F2-93B6997CC00D}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8EEA84E3-40C5-4EF0-AA17-A5FE995185A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/08 06:29 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/08 06:28 م 20496]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\AEstSrv.exe [03/08/08 02:56 م 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/08 05:23 ص 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19/03/08 02:24 ص 24880]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [28/06/08 04:53 م 361808]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/09 05:53 م 226656]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [28/04/08 08:26 ص 599344]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [09/11/08 11:48 م 602392]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/08 04:23 م 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [11/04/08 08:55 م 84240]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [03/08/08 02:49 م 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [14/05/08 05:09 ص 43552]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [28/04/08 08:27 ص 40752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{263acf67-e328-11dd-bdbb-0021866ec2b4}]
\shell\AutoRun\command - F:\ve.exe
\shell\open\Command - F:\ve.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-10 c:\windows\Tasks\User_Feed_Synchronization-{464DB690-2378-46B2-B5CC-D409B31DF0A1}.job
- c:\windows\system32\msfeedssync.exe [2009-05-03 11:31]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKCU-Run-Internet Download Accelerator - c:\program files\IDA\ida.exe

.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sa&c=83&bd=Pavilion&pf=cnnb
IE: Download ALL with IDA
IE: Download with IDA
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.78/imscp/talks3n.cab
FF - ProfilePath - c:\users\thana\AppData\Roaming\Mozilla\Firefox\Profiles\5rbunuiu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yma2&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yma2&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\thana\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-10 17:38
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3999296949-679126791-2377173614-1000_Classes\CLSID\{01fe60d3-7c32-4302-a1f2-88495cc99496}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000057
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,e2,a9,50,ca,93,
58,29,4a,05,98,32,02,34,2b,da,61,0a,8d,3a,7d,25,e0,44,9e,70,17,7c,60,18,0a,\
[HKEY_USERS\S-1-5-21-3999296949-679126791-2377173614-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6a,d4,2a,26,6b,fc,5d,a9,25,1b,5d,d3,39,4a,ff,24,63,fd,1a,8a,28,
2d,71,d6,6a,08,29,19,11,e8,11,48,79,8a,3b,69,bb,c6,f0,36,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > 'Explorer.exe'(2760)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
Completion time: 2009-05-10 17:40
ComboFix-quarantined-files.txt 2009-05-10 14:40
Pre-Run: 170,023,800,832 bytes free
Post-Run: 170,359,713,792 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9,18
309 --- E O F --- 2009-05-10 09:29

 

[ابو فجر 1]

غريبة تأخرتوا برد ماعودتونا على كذ1
ولا مشكلتي مالها حل عندكم ..؟