برامج المحادثة [ تم حل المشكلة ] بليز حل لمشكلة (المآسنجر بس يفتح يعلق..)

[miss toofy]

المآسنجر بس يفتح يهنق ... ( Windows Live Messenger )

ومدري وش الحل معه......؟؟؟ :er:

حذفته ورجعت حملته بس بدون فآيدهـ

وحذفته ورجعت ابغي احمل (Messenger Plus)

بس مو رآضي يتحمل معي :no:

آآآآآآف طفشة منه ومآلقيت الأمنتدكم الكويس k:

اسدح مشكلتي فيه وان شآء الله راح تسآعدوني:q:

وش الحل مع تهنيق المسن ...؟

ويعطيكم الف عآفيه :b:

 

[miss toofy]

:er::er::er::er::er:

الي دخلو هيـ ن ـــآ 6 وبدون اي ردود >>تحطيم

بلييز سآعدوني يآأخوآن ...

 

[أعتز بك]

هلا يا الغلا

واحنا حااضرين للمساعده بأي وقت

المهم التعليق بس للماسنجر

وتأكد من التاريخ والوقت
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

OR

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة ==> انسخه والصقه بردك القادم

 

[miss toofy]

:kmj-by0000 (32):يعطيكـ ربي الف الف عآفيه

مشكور ومآقصرت وعسآكـ ع القوهـ

ايه التعليق بس بآلمسن عندي حذفته وحملت Messenger Plus

بس هم فيه مشكله انه محضور اتوقع بسبب الجدار الناري بس

تعبت والحضر مو جآي يودعني :cr:

وهآذآ التقرير الي تلبته...

7
7



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:06:26 م, on 13/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Free User\My Documents\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\FREEUS~1\LOCALS~1\Temp\init.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SplitCam] C:\Program Files\SplitCam\SplitCam.exe /play
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Mail to a Friend... -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O15 - Trusted Zone: webmessenger.msn.com
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 8149 bytes

 

[أعتز بك]

الله يعاافيك

يؤؤؤؤ شنو مسوي يجهازك << شكلها بيودع

المهم خليك معي بارك الله فيك

عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

 

[الهايم2020]

أذا أنت مركب سكربيتات للماسنجر او أبتســامات حاول تحذفها وشوف هو بيعلق معاكـ ، أنا صارت معاى نفس مشكـلتكـ وحذفت السكربيتات الخاصه بالبلس والابتسامت والحمدالله فتح معاى بدون تعليق جرب وشوف ....

 

[miss toofy]

الله يعاافيك

يؤؤؤؤ شنو مسوي يجهازك << شكلها بيودع

المهم خليك معي بارك الله فيك

عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

:cr::cr::cr::cr: وش السالفه بضبط تهيء

:q:>>>أهم شي مآيكون هكر



:er:وهآذآ التقرير الي طلبتهـ ونشآللهـ خير ..

7
7
7​

ComboFix 09-05-10.07 - Free User 09/13/2008 18:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.255.72 [GMT 2:00]
Running from: c:\documents and settings\Free User\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))
.
2009-07-26 19:44 . 2008-07-28 09:38 -------- d-----w c:\program files\MSECACHE
2009-07-14 07:29 . 2009-07-14 07:29 -------- d-----w c:\program files\Common Files\fwc
2009-07-14 07:29 . 2009-07-14 07:30 -------- d-----w c:\program files\Fake Webcam
2009-07-14 07:15 . 2004-08-03 20:58 5504 -c--a-w c:\windows\system32\dllcache\mstee.sys
2009-07-14 07:15 . 2004-08-03 20:58 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-07-14 07:14 . 2004-08-03 21:10 10880 -c--a-w c:\windows\system32\dllcache\ndisip.sys
2009-07-14 07:14 . 2004-08-03 21:10 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-07-14 07:14 . 2004-08-03 21:10 15360 -c--a-w c:\windows\system32\dllcache\streamip.sys
2009-07-14 07:14 . 2004-08-03 21:10 15360 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-07-14 07:14 . 2004-08-03 21:10 11136 -c--a-w c:\windows\system32\dllcache\slip.sys
2009-07-14 07:14 . 2004-08-03 21:10 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-07-14 07:14 . 2004-08-03 21:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-07-14 07:14 . 2004-08-03 21:10 19328 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-07-14 07:14 . 2004-08-03 21:10 85376 -c--a-w c:\windows\system32\dllcache\nabtsfec.sys
2009-07-14 07:14 . 2004-08-03 21:10 85376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-07-14 07:14 . 2004-08-03 21:10 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys
2009-07-14 07:14 . 2004-08-03 21:10 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-07-14 07:13 . 2004-08-03 22:56 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-14 07:13 . 2004-08-03 22:56 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-07-14 07:12 . 2009-07-16 11:54 -------- d-----w c:\program files\SplitCam
2009-07-14 06:18 . 2009-07-14 06:18 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Conduit
2009-07-14 06:18 . 2009-07-14 06:18 -------- d-----w c:\program files\Conduit
2009-07-14 06:18 . 2009-07-14 06:57 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Softonic_Deutsch
2009-07-14 06:17 . 2010-08-25 02:54 -------- d-----w c:\program files\Softonic_Deutsch
2009-07-11 21:58 . 2002-02-18 08:22 139536 ----a-w c:\windows\system32\javaee.dll
2009-07-11 17:44 . 2002-02-18 08:23 46352 ----a-w c:\windows\setdebug.exe
2009-07-11 17:44 . 2002-02-18 08:22 171280 ----a-w c:\windows\system32\jit.dll
2009-07-11 17:44 . 2002-02-18 05:35 6550 ----a-w c:\windows\jautoexp.dat
2009-07-11 17:44 . 2002-02-18 05:34 313856 ----a-w c:\windows\system32\dx3j.dll
2009-06-30 22:46 . 2001-08-17 20:36 99328 -c--a-w c:\windows\system32\dllcache\srusd.dll
2009-06-30 22:46 . 2001-08-17 20:36 99328 ----a-w c:\windows\system32\srusd.dll
2009-06-30 22:46 . 2001-08-17 11:53 6784 -c--a-w c:\windows\system32\dllcache\serscan.sys
2009-06-30 22:46 . 2001-08-17 11:53 6784 ----a-w c:\windows\system32\drivers\serscan.sys
2009-06-30 22:46 . 2001-08-17 20:36 71680 -c--a-w c:\windows\system32\dllcache\fnfilter.dll
2009-06-30 22:46 . 2001-08-17 20:36 71680 ----a-w c:\windows\system32\fnfilter.dll
2009-06-25 13:38 . 2009-06-25 13:38 -------- d-----w c:\documents and settings\Free User\Application Data\CometNetwork
2009-06-25 13:38 . 2009-06-25 13:38 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\CometNetwork
2009-06-25 13:37 . 2009-06-26 21:50 -------- d-----w c:\program files\CometBird
2009-06-25 13:18 . 2009-07-18 00:15 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Google
2009-06-25 13:16 . 2009-06-25 13:17 -------- d-----w c:\program files\Google
2009-06-25 13:12 . 2009-06-26 21:54 -------- d-----w c:\program files\BitComet
2009-06-18 07:58 . 2009-06-18 07:58 -------- d-----w c:\documents and settings\Free User\Application Data\aAvgApi
2009-06-13 14:37 . 2009-06-14 11:19 -------- d-----w c:\documents and settings\Free User\Application Data\Vbuzzer Messenger
2009-06-13 14:36 . 2007-11-02 08:06 57344 ----a-w c:\windows\system32\FaxMonitor.dll
2009-06-13 14:36 . 2007-11-02 09:00 245760 ----a-w c:\windows\system32\FaxHelper.exe
2009-02-09 13:19 . 2009-02-09 13:19 -------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-02-06 17:43 . 2009-02-06 17:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-05 18:28 . 2009-02-05 18:28 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-02-05 12:54 . 2009-02-05 12:54 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Identities
2009-01-31 07:33 . 2001-08-17 12:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-01-31 07:33 . 2001-08-17 12:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-01-31 07:31 . 2001-08-17 13:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-01-31 07:31 . 2001-08-17 13:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-01-29 20:03 . 2009-01-29 20:03 1632 ----a-w c:\windows\system32\d3d8caps.dat
2009-01-24 17:20 . 2008-08-27 21:10 -------- d-----w c:\program files\LtUcx
2009-01-14 16:51 . 2009-01-14 16:51 167936 ----a-w c:\windows\system32\mswsock2.dll
2008-10-27 12:55 . 2008-10-27 12:55 65864 ----a-w c:\windows\system32\SmbMInfo.exe
2008-10-27 12:54 . 2008-10-27 12:54 174400 ----a-w c:\windows\system32\RdCfg.exe
2008-10-06 05:59 . 2008-10-06 05:59 64920 ----a-w c:\windows\system32\drivers\SscRdBus.sys
2008-09-13 15:36 . 2008-09-13 15:36 -------- d-----w c:\program files\Gram base math
2008-09-13 15:36 . 2008-09-13 15:39 -------- d-----w c:\documents and settings\Free User\Application Data\Gram base math
2008-09-13 12:07 . 2008-09-13 12:07 -------- d-----w c:\program files\Trend Micro
2008-09-13 05:17 . 2008-09-13 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-09-13 04:45 . 2008-09-13 15:35 -------- d-----w c:\program files\Adverts
2008-09-13 03:16 . 2008-09-13 03:16 -------- d-----w c:\program files\inKline Global
2008-09-13 02:31 . 2008-09-13 02:31 -------- d-----w c:\program files\SuperSpeed
2008-09-13 00:55 . 2008-09-13 03:51 -------- d-----w c:\documents and settings\Free User\Application Data\cleaner
2008-09-13 00:41 . 2008-09-13 00:41 -------- d-----w c:\documents and settings\Free User\Application Data\Uniblue
2008-09-13 00:41 . 2008-09-13 00:41 0 ----a-w c:\windows\nsreg.dat
2008-09-13 00:41 . 2008-09-13 00:41 -------- d-----w c:\program files\Uniblue
2008-09-13 00:38 . 2008-09-13 00:41 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2008-09-06 17:42 . 2008-09-06 17:42 180224 ----a-w c:\windows\system32\WinVd32.sys
2008-09-06 17:42 . 2008-09-06 17:42 7680 ----a-w c:\windows\system32\WinFLsrv.exe
2008-09-06 17:42 . 2008-09-06 17:42 10752 ----a-w c:\windows\system32\WinFLdrv.sys
2008-09-06 17:42 . 2008-09-06 18:25 -------- d-----w c:\program files\Folder Lock 6
2008-08-27 20:08 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2008-08-27 20:02 . 2008-08-27 20:02 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Ahead
2008-08-27 18:24 . 2001-08-17 20:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2008-08-27 18:24 . 2001-08-17 20:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2008-08-27 18:24 . 2001-08-17 20:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2008-08-27 18:24 . 2001-08-17 20:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2008-08-25 16:04 . 2008-09-13 12:40 -------- d-----w c:\program files\MessengerPlus! 3
2008-08-23 22:48 . 2008-08-23 22:48 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Windows Live Writer
2008-08-23 22:48 . 2008-08-23 22:48 -------- d-----w c:\documents and settings\Free User\Application Data\Windows Live Writer
2008-08-23 18:42 . 2008-08-23 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-08-23 14:03 . 2008-08-23 14:03 -------- d-----w c:\documents and settings\Free User\Application Data\Sammsoft
2008-08-23 14:02 . 2008-08-26 01:46 -------- d-----w c:\program files\Advanced Registry Optimizer
2008-08-23 14:02 . 2008-08-23 14:02 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\The Weather Channel
2008-08-23 14:02 . 2008-08-23 14:02 -------- d-----w c:\program files\AskSearch
2008-08-23 14:02 . 2008-08-23 14:02 -------- d-----w c:\program files\AskBarDis
2008-08-21 00:21 . 2008-08-21 10:54 -------- d-----w c:\documents and settings\Free User\Application Data\AVGTOOLBAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 21:25 . 2008-01-15 16:49 42168 ----a-w c:\documents and settings\Free User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 17:34 . 2008-01-15 17:38 -------- d-----w c:\program files\Common Files\Adobe
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\IGGBDNHF.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\BZVHJ9VB.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\QKOCI2Q7.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\53NZN75V.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\YIV171B3.DAT
2009-07-11 17:44 . 2009-07-11 17:44 2232 ----a-w c:\windows\java\Packages\Data\TBPVDFN1.DAT
2009-07-11 17:44 . 2009-07-11 17:44 155995 ----a-w c:\windows\java\Packages\FR1JJ5NV.ZIP
2009-02-05 18:29 . 2008-01-16 21:14 -------- d-----w c:\program files\FlashGet
2008-09-13 03:16 . 2008-01-16 21:04 -------- d--h--w c:\program files\InstallShield Installation Information
2008-09-13 03:16 . 2008-01-16 21:04 -------- d-----w c:\program files\Common Files\InstallShield
2008-08-31 09:30 . 2008-01-15 17:39 -------- d-----w c:\program files\Golden Al-Wafi Translator
2008-08-09 18:22 . 2008-01-15 18:18 -------- d-----w c:\program files\Windows Live
2008-08-09 18:22 . 2008-08-09 18:22 -------- d-----w c:\program files\Microsoft Sync Framework
2008-08-09 18:19 . 2008-08-09 18:19 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-08-09 18:15 . 2008-08-09 18:15 -------- d-----w c:\program files\Microsoft
2008-08-09 18:14 . 2008-08-09 18:14 -------- d-----w c:\program files\Windows Live SkyDrive
2008-08-09 12:59 . 2008-08-09 12:59 -------- d-----w c:\program files\Common Files\Windows Live
2008-08-09 12:31 . 2008-08-09 12:31 -------- d-----w c:\program files\Circle Developemnt
2008-07-31 09:42 . 2008-07-31 09:11 23510720 ----a-w c:\windows\system32\dotnetfx.exe
2008-07-31 08:46 . 2008-07-31 08:42 2585872 ----a-w c:\windows\system32\WindowsInstaller-KB893803-v2-x86.exe
2008-07-18 15:16 . 2008-07-18 15:16 901120 ----a-w c:\windows\system32\VBuzzerHelper.dll
2008-07-11 08:55 . 2006-10-24 10:30 712704 ------w c:\windows\system32\windowscodecs.dll
2008-07-11 08:55 . 2006-10-24 10:29 347648 ------w c:\windows\system32\windowscodecsext.dll
.
------- Sigcheck -------
[-] 2008-02-26 17:08 1580544 1259B92EEF876FCA8AEDB3010D422067 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2008-09-13_15.56.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-13 16:12 . 2008-09-13 16:12 16384 c:\windows\temp\Perflib_Perfdata_e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2010-08-25 1883672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2010-08-25 02:58 1883672 ----a-w c:\program files\Softonic_Deutsch\tbSof1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2010-08-25 1883672]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2010-08-25 1883672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 68856]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"Mess platform"="c:\docume~1\FREEUS~1\APPLIC~1\GRAMBA~1\downloadgrey.exe" [2008-09-13 540672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"MessengerPlus3"="c:\documents and settings\Free User\Desktop\MsgPlus.exe" [2008-09-13 190024]
"stupid creative poll axis"="c:\documents and settings\All Users\Application Data\Memo save stupid creative\Owns Heart.exe" [2008-09-13 737280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26947:TCP"= 26947:TCP:BitComet 26947 TCP
"26947:UDP"= 26947:UDP:BitComet 26947 UDP
R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [06/10/2008 07:59 ص 64920]
R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [16/11/2007 03:58 م 37504]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 05:53 م 226656]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [06/09/2008 07:42 م 10752]
S2 dmatfsytzxp;dmatfsytzxp;\??\c:\windows\system32\drivers\ljchejibhcfjn.sys --> c:\windows\system32\drivers\ljchejibhcfjn.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2008-09-13 c:\windows\Tasks\A894F0B49193671C.job
- c:\docume~1\freeus~1\applic~1\gramba~1\cast eggs hold.exe [2008-09-13 15:39]
2008-09-12 c:\windows\Tasks\Advanced Registry Optimizer.job
- c:\program files\Advanced Registry Optimizer\ARO.exe [2008-08-23 13:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q=%s
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
LSP: c:\windows\System32\mswsock2.dll
Trusted Zone: msn.com\webmessenger
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.84/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-13 18:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\windows\system32\sys_drv.dat 7028 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\documents and settings\Free User\Application Data\systemfl.$dk 990 bytes
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(580)
c:\windows\System32\mswsock2.dll
- - - - - - - > 'explorer.exe'(2860)
c:\documents and settings\Free User\Desktop\MsgPlusLoader1.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Folder Lock 6\FLContextMenu.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
Completion time: 2008-09-13 18:25
ComboFix-quarantined-files.txt 2008-09-13 16:24
ComboFix2.txt 2008-09-13 15:58
Pre-Run: 14,160,359,424 bytes free
Post-Run: 14,157,037,568 bytes free
239

 

[miss toofy]

أذا أنت مركب سكربيتات للماسنجر او أبتســامات حاول تحذفها وشوف هو بيعلق معاكـ ، أنا صارت معاى نفس مشكـلتكـ وحذفت السكربيتات الخاصه بالبلس والابتسامت والحمدالله فتح معاى بدون تعليق جرب وشوف ....

اي والله كنت مركبه سكربت ويآكثر الرموز الي عندي
بس احين خذفته المسن 9عشآنه بس ادخل يعلق
وحملت بلس بس يطلع لي اصدار من العصر الحجري ـهع
وبس اقفل الجهاز وشغله يبغي تثبيت من جديد
مسن عبث بآلقووهـ :hh:

ونشآلله القي حل ع يد أعتز بكـk:

يعطيكـ العآفيهـ

 

[أعتز بك]

أوقي يا الغلا

عطني تقرير هايجاك جديد

 

[miss toofy]

أوقي يا الغلا

عطني تقرير هايجاك جديد

:?::?:


ComboFix 09-05-11.01 - Free User 09/13/2008 19:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.255.44 [GMT 2:00]
Running from: c:\documents and settings\Free User\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))
.
2009-07-26 19:44 . 2008-07-28 09:38 -------- d-----w c:\program files\MSECACHE
2009-07-14 07:29 . 2009-07-14 07:29 -------- d-----w c:\program files\Common Files\fwc
2009-07-14 07:29 . 2009-07-14 07:30 -------- d-----w c:\program files\Fake Webcam
2009-07-14 07:15 . 2004-08-03 20:58 5504 -c--a-w c:\windows\system32\dllcache\mstee.sys
2009-07-14 07:15 . 2004-08-03 20:58 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-07-14 07:14 . 2004-08-03 21:10 10880 -c--a-w c:\windows\system32\dllcache\ndisip.sys
2009-07-14 07:14 . 2004-08-03 21:10 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-07-14 07:14 . 2004-08-03 21:10 15360 -c--a-w c:\windows\system32\dllcache\streamip.sys
2009-07-14 07:14 . 2004-08-03 21:10 15360 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-07-14 07:14 . 2004-08-03 21:10 11136 -c--a-w c:\windows\system32\dllcache\slip.sys
2009-07-14 07:14 . 2004-08-03 21:10 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-07-14 07:14 . 2004-08-03 21:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-07-14 07:14 . 2004-08-03 21:10 19328 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-07-14 07:14 . 2004-08-03 21:10 85376 -c--a-w c:\windows\system32\dllcache\nabtsfec.sys
2009-07-14 07:14 . 2004-08-03 21:10 85376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-07-14 07:14 . 2004-08-03 21:10 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys
2009-07-14 07:14 . 2004-08-03 21:10 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-07-14 07:13 . 2004-08-03 22:56 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-14 07:13 . 2004-08-03 22:56 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-07-14 07:12 . 2009-07-16 11:54 -------- d-----w c:\program files\SplitCam
2009-07-14 06:18 . 2009-07-14 06:18 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Conduit
2009-07-14 06:18 . 2009-07-14 06:18 -------- d-----w c:\program files\Conduit
2009-07-14 06:18 . 2009-07-14 06:57 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Softonic_Deutsch
2009-07-14 06:17 . 2010-08-25 02:54 -------- d-----w c:\program files\Softonic_Deutsch
2009-07-11 21:58 . 2002-02-18 08:22 139536 ----a-w c:\windows\system32\javaee.dll
2009-07-11 17:44 . 2002-02-18 08:23 46352 ----a-w c:\windows\setdebug.exe
2009-07-11 17:44 . 2002-02-18 08:22 171280 ----a-w c:\windows\system32\jit.dll
2009-07-11 17:44 . 2002-02-18 05:35 6550 ----a-w c:\windows\jautoexp.dat
2009-07-11 17:44 . 2002-02-18 05:34 313856 ----a-w c:\windows\system32\dx3j.dll
2009-06-30 22:46 . 2001-08-17 20:36 99328 -c--a-w c:\windows\system32\dllcache\srusd.dll
2009-06-30 22:46 . 2001-08-17 20:36 99328 ----a-w c:\windows\system32\srusd.dll
2009-06-30 22:46 . 2001-08-17 11:53 6784 -c--a-w c:\windows\system32\dllcache\serscan.sys
2009-06-30 22:46 . 2001-08-17 11:53 6784 ----a-w c:\windows\system32\drivers\serscan.sys
2009-06-30 22:46 . 2001-08-17 20:36 71680 -c--a-w c:\windows\system32\dllcache\fnfilter.dll
2009-06-30 22:46 . 2001-08-17 20:36 71680 ----a-w c:\windows\system32\fnfilter.dll
2009-06-25 13:38 . 2009-06-25 13:38 -------- d-----w c:\documents and settings\Free User\Application Data\CometNetwork
2009-06-25 13:38 . 2009-06-25 13:38 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\CometNetwork
2009-06-25 13:37 . 2009-06-26 21:50 -------- d-----w c:\program files\CometBird
2009-06-25 13:18 . 2009-07-18 00:15 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Google
2009-06-25 13:16 . 2009-06-25 13:17 -------- d-----w c:\program files\Google
2009-06-25 13:12 . 2009-06-26 21:54 -------- d-----w c:\program files\BitComet
2009-06-18 07:58 . 2009-06-18 07:58 -------- d-----w c:\documents and settings\Free User\Application Data\aAvgApi
2009-06-13 14:37 . 2009-06-14 11:19 -------- d-----w c:\documents and settings\Free User\Application Data\Vbuzzer Messenger
2009-06-13 14:36 . 2007-11-02 08:06 57344 ----a-w c:\windows\system32\FaxMonitor.dll
2009-06-13 14:36 . 2007-11-02 09:00 245760 ----a-w c:\windows\system32\FaxHelper.exe
2009-02-09 13:19 . 2009-02-09 13:19 -------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-02-06 17:43 . 2009-02-06 17:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-05 18:28 . 2009-02-05 18:28 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-02-05 12:54 . 2009-02-05 12:54 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Identities
2009-01-31 07:33 . 2001-08-17 12:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-01-31 07:33 . 2001-08-17 12:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-01-31 07:31 . 2001-08-17 13:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-01-31 07:31 . 2001-08-17 13:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-01-29 20:03 . 2009-01-29 20:03 1632 ----a-w c:\windows\system32\d3d8caps.dat
2009-01-24 17:20 . 2008-08-27 21:10 -------- d-----w c:\program files\LtUcx
2009-01-14 16:51 . 2009-01-14 16:51 167936 ----a-w c:\windows\system32\mswsock2.dll
2008-10-27 12:55 . 2008-10-27 12:55 65864 ----a-w c:\windows\system32\SmbMInfo.exe
2008-10-27 12:54 . 2008-10-27 12:54 174400 ----a-w c:\windows\system32\RdCfg.exe
2008-10-06 05:59 . 2008-10-06 05:59 64920 ----a-w c:\windows\system32\drivers\SscRdBus.sys
2008-09-13 16:15 . 2008-09-13 16:16 -------- d-----w C:\32788R22FWJFW.0.tmp
2008-09-13 15:36 . 2008-09-13 15:36 -------- d-----w c:\program files\Gram base math
2008-09-13 15:36 . 2008-09-13 15:39 -------- d-----w c:\documents and settings\Free User\Application Data\Gram base math
2008-09-13 12:07 . 2008-09-13 12:07 -------- d-----w c:\program files\Trend Micro
2008-09-13 05:17 . 2008-09-13 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-09-13 04:45 . 2008-09-13 15:35 -------- d-----w c:\program files\Adverts
2008-09-13 03:16 . 2008-09-13 03:16 -------- d-----w c:\program files\inKline Global
2008-09-13 02:31 . 2008-09-13 02:31 -------- d-----w c:\program files\SuperSpeed
2008-09-13 00:55 . 2008-09-13 03:51 -------- d-----w c:\documents and settings\Free User\Application Data\cleaner
2008-09-13 00:41 . 2008-09-13 00:41 -------- d-----w c:\documents and settings\Free User\Application Data\Uniblue
2008-09-13 00:41 . 2008-09-13 00:41 0 ----a-w c:\windows\nsreg.dat
2008-09-13 00:41 . 2008-09-13 00:41 -------- d-----w c:\program files\Uniblue
2008-09-13 00:38 . 2008-09-13 00:41 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2008-09-06 17:42 . 2008-09-06 17:42 180224 ----a-w c:\windows\system32\WinVd32.sys
2008-09-06 17:42 . 2008-09-06 17:42 7680 ----a-w c:\windows\system32\WinFLsrv.exe
2008-09-06 17:42 . 2008-09-06 17:42 10752 ----a-w c:\windows\system32\WinFLdrv.sys
2008-09-06 17:42 . 2008-09-06 18:25 -------- d-----w c:\program files\Folder Lock 6
2008-08-27 20:08 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2008-08-27 20:02 . 2008-08-27 20:02 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Ahead
2008-08-27 18:24 . 2001-08-17 20:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2008-08-27 18:24 . 2001-08-17 20:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2008-08-27 18:24 . 2001-08-17 20:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2008-08-27 18:24 . 2001-08-17 20:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2008-08-25 16:04 . 2008-09-13 12:40 -------- d-----w c:\program files\MessengerPlus! 3
2008-08-23 22:48 . 2008-08-23 22:48 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Windows Live Writer
2008-08-23 22:48 . 2008-08-23 22:48 -------- d-----w c:\documents and settings\Free User\Application Data\Windows Live Writer
2008-08-23 18:42 . 2008-08-23 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-08-23 14:03 . 2008-08-23 14:03 -------- d-----w c:\documents and settings\Free User\Application Data\Sammsoft
2008-08-23 14:02 . 2008-08-26 01:46 -------- d-----w c:\program files\Advanced Registry Optimizer
2008-08-23 14:02 . 2008-08-23 14:02 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\The Weather Channel
2008-08-23 14:02 . 2008-08-23 14:02 -------- d-----w c:\program files\AskSearch
2008-08-23 14:02 . 2008-08-23 14:02 -------- d-----w c:\program files\AskBarDis
2008-08-21 00:21 . 2008-08-21 10:54 -------- d-----w c:\documents and settings\Free User\Application Data\AVGTOOLBAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 21:25 . 2008-01-15 16:49 42168 ----a-w c:\documents and settings\Free User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 17:34 . 2008-01-15 17:38 -------- d-----w c:\program files\Common Files\Adobe
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\IGGBDNHF.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\BZVHJ9VB.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\QKOCI2Q7.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\53NZN75V.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\YIV171B3.DAT
2009-07-11 17:44 . 2009-07-11 17:44 2232 ----a-w c:\windows\java\Packages\Data\TBPVDFN1.DAT
2009-07-11 17:44 . 2009-07-11 17:44 155995 ----a-w c:\windows\java\Packages\FR1JJ5NV.ZIP
2009-02-05 18:29 . 2008-01-16 21:14 -------- d-----w c:\program files\FlashGet
2008-09-13 03:16 . 2008-01-16 21:04 -------- d--h--w c:\program files\InstallShield Installation Information
2008-09-13 03:16 . 2008-01-16 21:04 -------- d-----w c:\program files\Common Files\InstallShield
2008-08-31 09:30 . 2008-01-15 17:39 -------- d-----w c:\program files\Golden Al-Wafi Translator
2008-08-09 18:22 . 2008-01-15 18:18 -------- d-----w c:\program files\Windows Live
2008-08-09 18:22 . 2008-08-09 18:22 -------- d-----w c:\program files\Microsoft Sync Framework
2008-08-09 18:19 . 2008-08-09 18:19 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-08-09 18:15 . 2008-08-09 18:15 -------- d-----w c:\program files\Microsoft
2008-08-09 18:14 . 2008-08-09 18:14 -------- d-----w c:\program files\Windows Live SkyDrive
2008-08-09 12:59 . 2008-08-09 12:59 -------- d-----w c:\program files\Common Files\Windows Live
2008-08-09 12:31 . 2008-08-09 12:31 -------- d-----w c:\program files\Circle Developemnt
2008-07-31 09:42 . 2008-07-31 09:11 23510720 ----a-w c:\windows\system32\dotnetfx.exe
2008-07-31 08:46 . 2008-07-31 08:42 2585872 ----a-w c:\windows\system32\WindowsInstaller-KB893803-v2-x86.exe
2008-07-18 15:16 . 2008-07-18 15:16 901120 ----a-w c:\windows\system32\VBuzzerHelper.dll
2008-07-11 08:55 . 2006-10-24 10:30 712704 ------w c:\windows\system32\windowscodecs.dll
2008-07-11 08:55 . 2006-10-24 10:29 347648 ------w c:\windows\system32\windowscodecsext.dll
.
------- Sigcheck -------
[-] 2008-02-26 17:08 1580544 1259B92EEF876FCA8AEDB3010D422067 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2010-08-25 1883672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2010-08-25 02:58 1883672 ----a-w c:\program files\Softonic_Deutsch\tbSof1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2010-08-25 1883672]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2010-08-25 1883672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 68856]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"Mess platform"="c:\docume~1\FREEUS~1\APPLIC~1\GRAMBA~1\downloadgrey.exe" [2008-09-13 540672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"MessengerPlus3"="c:\documents and settings\Free User\Desktop\MsgPlus.exe" [2008-09-13 190024]
"stupid creative poll axis"="c:\documents and settings\All Users\Application Data\Memo save stupid creative\Owns Heart.exe" [2008-09-13 737280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26947:TCP"= 26947:TCP:BitComet 26947 TCP
"26947:UDP"= 26947:UDP:BitComet 26947 UDP
R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [06/10/2008 07:59 ص 64920]
R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [16/11/2007 03:58 م 37504]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 05:53 م 226656]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [06/09/2008 07:42 م 10752]
S2 dmatfsytzxp;dmatfsytzxp;\??\c:\windows\system32\drivers\ljchejibhcfjn.sys --> c:\windows\system32\drivers\ljchejibhcfjn.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2008-09-13 c:\windows\Tasks\A894F0B49193671C.job
- c:\docume~1\freeus~1\applic~1\gramba~1\cast eggs hold.exe [2008-09-13 15:39]
2008-09-12 c:\windows\Tasks\Advanced Registry Optimizer.job
- c:\program files\Advanced Registry Optimizer\ARO.exe [2008-08-23 13:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q=%s
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
LSP: c:\windows\System32\mswsock2.dll
Trusted Zone: msn.com\webmessenger
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.84/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-13 20:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\windows\system32\sys_drv.dat 7028 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\documents and settings\Free User\Application Data\systemfl.$dk 990 bytes
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(580)
c:\windows\System32\mswsock2.dll
- - - - - - - > 'explorer.exe'(1948)
c:\documents and settings\Free User\Desktop\MsgPlusLoader1.dll
c:\windows\system32\msi.dll
.
Completion time: 2008-09-13 20:03
ComboFix-quarantined-files.txt 2008-09-13 18:03
ComboFix2.txt 2008-09-13 16:25
ComboFix3.txt 2008-09-13 15:58
Pre-Run: 14,145,179,648 bytes free
Post-Run: 14,139,867,136 bytes free
235

 

[أعتز بك]

هذا الهايجاك يا الغلا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

OR

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة ==> انسخه والصقه بردك القادم


يكون جديد

 

[miss toofy]

هذا الهايجاك يا الغلا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

OR

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة ==> انسخه والصقه بردك القادم


يكون جديد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:44:37 م, on 13/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Free User\Desktop\MsgPlus.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Golden Al-Wafi Translator\Golden Al-Wafi Translator.exe
C:\WINDOWS\speech\vcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Free User\Desktop\MsgPlus.exe"
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Owns Heart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Mess platform] C:\DOCUME~1\FREEUS~1\APPLIC~1\GRAMBA~1\downloadgrey.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O15 - Trusted Zone: webmessenger.msn.com
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 7050 bytes

:?: بس بغيت اسئل متي اقدر احمل برنآمج{{ مكآفح الفآيروس ...

 

[أعتز بك]

طيب يا الغلا

قم بحذف هذه القيم من الهايجاك

1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

طريقة الحذف

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

وبعدها

حمل الاداة من هنا​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل​

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير​

وبعد ما تنتهي

تقرير هاي جاك جديد

بالآآنتظآآر ,,

 

[miss toofy]

سويت كل الي قآلت لي عليه

وهآذآ التقرير طآل عمركـ ::​

7
7
7​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:31 م, on 13/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Free User\Desktop\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Free User\Desktop\MsgPlus.exe"
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Owns Heart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Mess platform] C:\DOCUME~1\FREEUS~1\APPLIC~1\GRAMBA~1\downloadgrey.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Free User\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Free User\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O15 - Trusted Zone: webmessenger.msn.com
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 6690 bytes​

بس بغيت اسئل انشىالله احين الجهآز اوكي ..؟​

 

[أعتز بك]

ان شاء الله يكون تمام

انت تأكد من انك عطلت برنامج الحمايه

المهم خليك معي بارك الله فيك

عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

وبالنسبه لأداة الكاسبر

فحص يا الغلا مو تثبيت

فقم بأستخدمها واستخدم الأداة اللي تو من جديد مع تعطيل برنامج الحمايه

وهات التقارير

 

[miss toofy]

ان شاء الله يكون تمام

انت تأكد من انك عطلت برنامج الحمايه

المهم خليك معي بارك الله فيك

عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

وبالنسبه لأداة الكاسبر

فحص يا الغلا مو تثبيت

فقم بأستخدمها واستخدم الأداة اللي تو من جديد مع تعطيل برنامج الحمايه

وهات التقارير

اوتسه فهمت عليكـ بس بغيت اسئل :

الجدار الناري احذفه ..؟

كيف اتأكد اني عطلت جميع برامج الحمايه ..؟

وعسآكـ ع القوهـ :king:

 

[أعتز بك]

لا الجدار اتركه

ما يحتاج لان بالأصل ما عندك برنامج

خليه بالأخير

ويااك يا الغلا

 

[miss toofy]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:01:23 ص, on 14/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Documents and Settings\Free User\Desktop\Virus Removal Tool\is-0RL9F\is-0RL9F.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Free User\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Free User\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-0RL9F.lnk = C:\Documents and Settings\Free User\Desktop\Virus Removal Tool\is-0RL9F\startup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock2.dll
O15 - Trusted Zone: webmessenger.msn.com
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 6362 bytes

 

[أعتز بك]

افحص أداة الكاسبر على نفس الشرح

وبعدها تقرير هايجاك

ملاحظه >> يا ليت اخوي تفرق بين أداة الهايجاك واي اداة أخرى

في اخر رد لي طلبت أداة ComboFix

والهايجاك يكون بعد تطبيق جميع الخطوات

 

[miss toofy]

أووهـ سوري اخوي ع التتنيحه ـهع

وهذي تقرير ---> ComboFix

أداة ComboFix

ComboFix 09-05-11.08 - Free User 09/14/2008 17:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.255.62 [GMT 2:00]
Running from: c:\documents and settings\Free User\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 )))))))))))))))))))))))))))))))
.
2009-07-26 19:44 . 2008-07-28 09:38 -------- d-----w c:\program files\MSECACHE
2009-07-14 07:29 . 2009-07-14 07:29 -------- d-----w c:\program files\Common Files\fwc
2009-07-14 07:29 . 2009-07-14 07:30 -------- d-----w c:\program files\Fake Webcam
2009-07-14 07:15 . 2004-08-03 20:58 5504 -c--a-w c:\windows\system32\dllcache\mstee.sys
2009-07-14 07:15 . 2004-08-03 20:58 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-07-14 07:14 . 2004-08-03 21:10 10880 -c--a-w c:\windows\system32\dllcache\ndisip.sys
2009-07-14 07:14 . 2004-08-03 21:10 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys
2009-07-14 07:14 . 2004-08-03 21:10 15360 -c--a-w c:\windows\system32\dllcache\streamip.sys
2009-07-14 07:14 . 2004-08-03 21:10 15360 ----a-w c:\windows\system32\drivers\StreamIP.sys
2009-07-14 07:14 . 2004-08-03 21:10 11136 -c--a-w c:\windows\system32\dllcache\slip.sys
2009-07-14 07:14 . 2004-08-03 21:10 11136 ----a-w c:\windows\system32\drivers\SLIP.sys
2009-07-14 07:14 . 2004-08-03 21:10 19328 -c--a-w c:\windows\system32\dllcache\wstcodec.sys
2009-07-14 07:14 . 2004-08-03 21:10 19328 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-07-14 07:14 . 2004-08-03 21:10 85376 -c--a-w c:\windows\system32\dllcache\nabtsfec.sys
2009-07-14 07:14 . 2004-08-03 21:10 85376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-07-14 07:14 . 2004-08-03 21:10 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys
2009-07-14 07:14 . 2004-08-03 21:10 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-07-14 07:13 . 2004-08-03 22:56 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-14 07:13 . 2004-08-03 22:56 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-07-14 07:12 . 2009-07-16 11:54 -------- d-----w c:\program files\SplitCam
2009-07-14 06:18 . 2009-07-14 06:18 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Conduit
2009-07-14 06:18 . 2009-07-14 06:18 -------- d-----w c:\program files\Conduit
2009-07-14 06:18 . 2009-07-14 06:57 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Softonic_Deutsch
2009-07-14 06:17 . 2010-08-25 02:54 -------- d-----w c:\program files\Softonic_Deutsch
2009-07-11 21:58 . 2002-02-18 08:22 139536 ----a-w c:\windows\system32\javaee.dll
2009-07-11 17:44 . 2002-02-18 08:23 46352 ----a-w c:\windows\setdebug.exe
2009-07-11 17:44 . 2002-02-18 08:22 171280 ----a-w c:\windows\system32\jit.dll
2009-07-11 17:44 . 2002-02-18 05:35 6550 ----a-w c:\windows\jautoexp.dat
2009-07-11 17:44 . 2002-02-18 05:34 313856 ----a-w c:\windows\system32\dx3j.dll
2009-06-30 22:46 . 2001-08-17 20:36 99328 -c--a-w c:\windows\system32\dllcache\srusd.dll
2009-06-30 22:46 . 2001-08-17 20:36 99328 ----a-w c:\windows\system32\srusd.dll
2009-06-30 22:46 . 2001-08-17 11:53 6784 -c--a-w c:\windows\system32\dllcache\serscan.sys
2009-06-30 22:46 . 2001-08-17 11:53 6784 ----a-w c:\windows\system32\drivers\serscan.sys
2009-06-30 22:46 . 2001-08-17 20:36 71680 -c--a-w c:\windows\system32\dllcache\fnfilter.dll
2009-06-30 22:46 . 2001-08-17 20:36 71680 ----a-w c:\windows\system32\fnfilter.dll
2009-06-25 13:38 . 2009-06-25 13:38 -------- d-----w c:\documents and settings\Free User\Application Data\CometNetwork
2009-06-25 13:38 . 2009-06-25 13:38 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\CometNetwork
2009-06-25 13:37 . 2009-06-26 21:50 -------- d-----w c:\program files\CometBird
2009-06-25 13:18 . 2009-07-18 00:15 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Google
2009-06-25 13:16 . 2009-06-25 13:17 -------- d-----w c:\program files\Google
2009-06-25 13:12 . 2009-06-26 21:54 -------- d-----w c:\program files\BitComet
2009-06-18 07:58 . 2009-06-18 07:58 -------- d-----w c:\documents and settings\Free User\Application Data\aAvgApi
2009-06-13 14:37 . 2009-06-14 11:19 -------- d-----w c:\documents and settings\Free User\Application Data\Vbuzzer Messenger
2009-06-13 14:36 . 2007-11-02 08:06 57344 ----a-w c:\windows\system32\FaxMonitor.dll
2009-06-13 14:36 . 2007-11-02 09:00 245760 ----a-w c:\windows\system32\FaxHelper.exe
2009-03-10 20:18 . 2009-03-10 20:18 934792 -c----w c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 20:18 . 2009-03-10 20:18 239496 -c----w c:\windows\system32\dllcache\wgaLogon.dll
2009-02-09 13:19 . 2009-02-09 13:19 -------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-02-06 17:43 . 2009-02-06 17:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-05 18:28 . 2009-02-05 18:28 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-02-05 12:54 . 2009-02-05 12:54 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Identities
2009-01-31 07:33 . 2001-08-17 12:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-01-31 07:33 . 2001-08-17 12:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-01-31 07:31 . 2001-08-17 13:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-01-31 07:31 . 2001-08-17 13:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-01-29 20:03 . 2009-01-29 20:03 1632 ----a-w c:\windows\system32\d3d8caps.dat
2009-01-24 17:20 . 2008-08-27 21:10 -------- d-----w c:\program files\LtUcx
2009-01-14 16:51 . 2009-01-14 16:51 167936 ----a-w c:\windows\system32\mswsock2.dll
2008-10-27 12:55 . 2008-10-27 12:55 65864 ----a-w c:\windows\system32\SmbMInfo.exe
2008-10-27 12:54 . 2008-10-27 12:54 174400 ----a-w c:\windows\system32\RdCfg.exe
2008-10-16 12:09 . 2008-10-16 12:09 43544 ----a-w c:\windows\system32\wups2.dll
2008-10-06 05:59 . 2008-10-06 05:59 64920 ----a-w c:\windows\system32\drivers\SscRdBus.sys
2008-09-14 09:12 . 2008-09-14 09:12 -------- d-----w C:\46b3a81d152f1566899a53b812734e
2008-09-14 03:35 . 2008-09-14 13:29 -------- d-----w c:\windows\system32\CatRoot_bak
2008-09-14 02:37 . 2009-02-06 17:22 2136064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-09-14 02:37 . 2009-02-06 17:24 2180480 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2008-09-14 02:37 . 2009-02-06 16:49 2015744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2008-09-14 02:37 . 2009-02-06 16:49 2057728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2008-09-14 01:56 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2008-09-14 01:46 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2008-09-14 01:46 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2008-09-14 01:02 . 2008-09-14 04:15 -------- d--h--w c:\windows\$hf_mig$
2008-09-13 23:17 . 2008-09-13 23:17 -------- d-----w c:\documents and settings\Free User\Application Data\URSoft
2008-09-13 23:16 . 2008-09-14 03:44 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-13 23:16 . 2008-09-14 03:54 -------- d-----w c:\program files\Your Uninstaller 2008
2008-09-13 22:23 . 2008-09-14 15:36 15654944 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-09-13 19:32 . 2008-09-13 19:32 -------- d-----w c:\documents and settings\Free User\Application Data\CyberScrub
2008-09-13 16:15 . 2008-09-13 16:16 -------- d-----w C:\32788R22FWJFW.0.tmp
2008-09-13 12:07 . 2008-09-13 12:07 -------- d-----w c:\program files\Trend Micro
2008-09-13 03:16 . 2008-09-13 03:16 -------- d-----w c:\program files\inKline Global
2008-09-13 02:31 . 2008-09-13 02:31 -------- d-----w c:\program files\SuperSpeed
2008-09-13 00:55 . 2008-09-14 14:42 -------- d-----w c:\documents and settings\Free User\Application Data\cleaner
2008-09-13 00:41 . 2008-09-13 00:41 -------- d-----w c:\documents and settings\Free User\Application Data\Uniblue
2008-09-13 00:41 . 2008-09-13 00:41 0 ----a-w c:\windows\nsreg.dat
2008-09-13 00:41 . 2008-09-13 00:41 -------- d-----w c:\program files\Uniblue
2008-09-13 00:38 . 2008-09-13 00:41 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2008-09-06 17:42 . 2008-09-06 17:42 180224 ----a-w c:\windows\system32\WinVd32.sys
2008-09-06 17:42 . 2008-09-06 17:42 7680 ----a-w c:\windows\system32\WinFLsrv.exe
2008-09-06 17:42 . 2008-09-06 17:42 10752 ----a-w c:\windows\system32\WinFLdrv.sys
2008-09-06 17:42 . 2008-09-06 18:25 -------- d-----w c:\program files\Folder Lock 6
2008-08-27 20:08 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2008-08-27 20:02 . 2008-08-27 20:02 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Ahead
2008-08-27 18:24 . 2001-08-17 20:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2008-08-27 18:24 . 2001-08-17 20:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2008-08-27 18:24 . 2001-08-17 20:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2008-08-27 18:24 . 2001-08-17 20:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2008-08-25 16:04 . 2008-09-13 12:40 -------- d-----w c:\program files\MessengerPlus! 3
2008-08-23 22:48 . 2008-08-23 22:48 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\Windows Live Writer
2008-08-23 22:48 . 2008-08-23 22:48 -------- d-----w c:\documents and settings\Free User\Application Data\Windows Live Writer
2008-08-23 18:42 . 2008-08-23 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-08-23 14:03 . 2008-08-23 14:03 -------- d-----w c:\documents and settings\Free User\Application Data\Sammsoft
2008-08-23 14:02 . 2008-08-26 01:46 -------- d-----w c:\program files\Advanced Registry Optimizer
2008-08-23 14:02 . 2008-08-23 14:02 -------- d-----w c:\documents and settings\Free User\Local Settings\Application Data\The Weather Channel
2008-08-23 14:02 . 2008-08-23 14:02 -------- d-----w c:\program files\AskSearch
2008-08-23 14:02 . 2008-09-14 03:53 -------- d-----w c:\program files\AskBarDis
2008-08-21 00:21 . 2008-08-21 10:54 -------- d-----w c:\documents and settings\Free User\Application Data\AVGTOOLBAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 21:25 . 2008-01-15 16:49 42168 ----a-w c:\documents and settings\Free User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 17:34 . 2008-01-15 17:38 -------- d-----w c:\program files\Common Files\Adobe
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\IGGBDNHF.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\BZVHJ9VB.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\QKOCI2Q7.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\53NZN75V.DAT
2009-07-11 21:58 . 2009-07-11 21:58 2678 ----a-w c:\windows\java\Packages\Data\YIV171B3.DAT
2009-07-11 17:44 . 2009-07-11 17:44 2232 ----a-w c:\windows\java\Packages\Data\TBPVDFN1.DAT
2009-07-11 17:44 . 2009-07-11 17:44 155995 ----a-w c:\windows\java\Packages\FR1JJ5NV.ZIP
2009-03-06 14:44 . 2002-12-31 11:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2002-12-31 11:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2002-12-31 11:00 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 10:20 . 2002-12-31 11:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2002-12-31 11:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-12-31 11:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-12-31 11:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-12-31 11:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2002-12-31 11:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2002-12-31 11:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2002-12-31 11:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-03 22:59 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-05 18:29 . 2008-01-16 21:14 -------- d-----w c:\program files\FlashGet
2009-02-03 20:08 . 2002-12-31 11:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-12-20 22:43 . 2002-12-31 11:00 1287680 ----a-w c:\windows\system32\quartz.dll
2008-12-16 12:47 . 2002-12-31 11:00 351232 ----a-w c:\windows\system32\winhttp.dll
2008-12-11 11:57 . 2002-12-31 11:00 333184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-05 07:12 . 2002-12-31 11:00 144896 ----a-w c:\windows\system32\schannel.dll
2008-10-24 11:10 . 2002-12-31 11:00 453632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 . 2002-12-31 11:00 283648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 12:13 . 2008-01-15 16:08 202776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 . 2008-01-15 16:08 1809944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 . 2008-01-15 16:08 323608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:12 . 2008-01-15 16:08 561688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:09 . 2008-01-15 16:08 51224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 . 2002-12-31 11:00 92696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:08 . 2008-01-15 16:08 34328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:15 . 2002-12-31 11:00 247326 ----a-w c:\windows\system32\strmdll.dll
2008-09-14 15:36 . 2008-09-13 22:23 186620 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-09-13 03:16 . 2008-01-16 21:04 -------- d--h--w c:\program files\InstallShield Installation Information
2008-09-13 03:16 . 2008-01-16 21:04 -------- d-----w c:\program files\Common Files\InstallShield
2008-09-04 16:42 . 2002-12-31 11:00 1106944 ----a-w c:\windows\system32\msxml3.dll
2008-08-31 09:30 . 2008-01-15 17:39 -------- d-----w c:\program files\Golden Al-Wafi Translator
2008-08-14 09:51 . 2002-12-31 11:00 138368 ----a-w c:\windows\system32\drivers\afd.sys
2008-08-09 18:22 . 2008-01-15 18:18 -------- d-----w c:\program files\Windows Live
2008-08-09 18:22 . 2008-08-09 18:22 -------- d-----w c:\program files\Microsoft Sync Framework
2008-08-09 18:19 . 2008-08-09 18:19 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-08-09 18:15 . 2008-08-09 18:15 -------- d-----w c:\program files\Microsoft
2008-08-09 18:14 . 2008-08-09 18:14 -------- d-----w c:\program files\Windows Live SkyDrive
2008-08-09 12:59 . 2008-08-09 12:59 -------- d-----w c:\program files\Common Files\Windows Live
2008-08-09 12:31 . 2008-08-09 12:31 -------- d-----w c:\program files\Circle Developemnt
2008-07-31 09:42 . 2008-07-31 09:11 23510720 ----a-w c:\windows\system32\dotnetfx.exe
2008-07-31 08:46 . 2008-07-31 08:42 2585872 ----a-w c:\windows\system32\WindowsInstaller-KB893803-v2-x86.exe
2008-07-18 15:16 . 2008-07-18 15:16 901120 ----a-w c:\windows\system32\VBuzzerHelper.dll
2008-07-11 08:55 . 2006-10-24 10:30 712704 ------w c:\windows\system32\windowscodecs.dll
2008-07-11 08:55 . 2006-10-24 10:29 347648 ------w c:\windows\system32\windowscodecsext.dll
2008-07-09 07:38 . 2008-08-09 18:17 26488 ----a-w c:\windows\system32\spupdsvc.exe
2008-07-07 20:32 . 2002-12-31 11:00 253952 ----a-w c:\windows\system32\es.dll
2008-06-24 16:23 . 2002-12-31 11:00 74240 ----a-w c:\windows\system32\mscms.dll
2008-06-20 17:41 . 2002-12-31 11:00 245248 ----a-w c:\windows\system32\mswsock.dll
2008-06-20 10:45 . 2002-12-31 11:00 360320 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-06-20 09:52 . 2002-12-31 11:00 225920 ----a-w c:\windows\system32\drivers\tcpip6.sys
.
------- Sigcheck -------
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2008-02-26 17:08 1580544 1259B92EEF876FCA8AEDB3010D422067 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2008-09-13_15.56.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47 . 2008-10-22 09:47 62976 c:\windows\system32\tzchange.exe
- 2008-07-31 08:49 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2008-07-31 08:49 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2008-09-13 18:44 . 2008-10-16 12:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 39424 c:\windows\system32\pngfilt.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 39424 c:\windows\system32\pngfilt.dll
- 2002-12-31 11:00 . 2008-08-23 22:38 58596 c:\windows\system32\perfc009.dat
+ 2002-12-31 11:00 . 2008-09-14 10:05 58596 c:\windows\system32\perfc009.dat
+ 2008-01-15 16:06 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 66560 c:\windows\system32\mtxclu.dll
+ 2002-12-31 11:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2008-01-15 16:06 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2008-01-15 16:06 . 2002-12-31 11:00 58880 c:\windows\system32\msdtclog.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 16384 c:\windows\system32\jsproxy.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 96256 c:\windows\system32\inseng.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 96256 c:\windows\system32\inseng.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 55808 c:\windows\system32\extmgr.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 55808 c:\windows\system32\extmgr.dll
+ 2008-01-15 16:08 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2008-01-15 16:08 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2002-12-31 11:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2002-12-31 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2002-12-31 11:00 . 2009-02-20 08:30 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-01-15 16:06 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2002-12-31 11:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-01-15 16:06 . 2002-12-31 11:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-01-15 16:06 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2002-12-31 11:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 96256 c:\windows\system32\dllcache\inseng.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 96256 c:\windows\system32\dllcache\inseng.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 81920 c:\windows\system32\dllcache\ieencode.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-01-15 16:08 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
- 2008-01-15 16:08 . 2002-12-31 11:00 18432 c:\windows\system32\dllcache\iedw.exe
- 2002-12-31 11:00 . 2002-12-31 11:00 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2008-01-15 16:06 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2002-12-31 11:00 . 2008-10-16 12:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2008-01-15 16:06 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2008-09-14 02:17 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
+ 2009-03-10 20:18 . 2009-03-10 20:18 934792 c:\windows\system32\WgaTray.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18 239496 c:\windows\system32\WgaLogon.dll
+ 2008-01-15 16:06 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-01-15 16:06 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-01-15 16:06 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 417792 c:\windows\system32\vbscript.dll
+ 2002-12-31 11:00 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 616448 c:\windows\system32\urlmon.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 474112 c:\windows\system32\shlwapi.dll
+ 2002-12-31 11:00 . 2008-09-14 10:05 392296 c:\windows\system32\perfh009.dat
- 2002-12-31 11:00 . 2008-08-23 22:38 392296 c:\windows\system32\perfh009.dat
+ 2002-12-31 11:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 532480 c:\windows\system32\mstime.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 146432 c:\windows\system32\msrating.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 146432 c:\windows\system32\msrating.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 449024 c:\windows\system32\mshtmled.dll
+ 2008-01-15 16:06 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-01-15 16:06 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2008-01-15 16:06 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 103936 c:\windows\system32\logagent.exe
+ 2002-12-31 11:00 . 2008-06-09 23:31 103936 c:\windows\system32\logagent.exe
+ 2002-12-31 11:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 450560 c:\windows\system32\jscript.dll
+ 2002-12-31 11:00 . 2007-12-18 14:40 450560 c:\windows\system32\jscript.dll
+ 2008-01-15 16:08 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 251392 c:\windows\system32\iepeers.dll
- 2008-01-15 16:58 . 2009-07-28 08:22 252680 c:\windows\system32\FNTCACHE.DAT
+ 2008-01-15 16:58 . 2008-09-14 09:10 252680 c:\windows\system32\FNTCACHE.DAT
+ 2002-12-31 11:00 . 2009-02-20 08:30 205312 c:\windows\system32\dxtrans.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 357888 c:\windows\system32\dxtmsft.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 357888 c:\windows\system32\dxtmsft.dll
+ 2002-12-31 11:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2002-12-31 11:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2008-01-15 16:08 . 2008-10-16 12:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2008-01-15 16:08 . 2008-10-16 12:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2008-01-15 16:08 . 2008-10-16 12:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2008-01-15 16:06 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2008-01-15 16:06 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-01-15 16:06 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 659456 c:\windows\system32\dllcache\wininet.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2002-12-31 11:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2002-12-31 11:00 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2002-12-31 11:00 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2002-12-31 11:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2002-12-31 11:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2002-12-31 11:00 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2002-12-31 11:00 . 2009-02-20 08:30 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2002-12-31 11:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
- 2002-12-31 11:00 . 2002-12-31 11:00 144896 c:\windows\system32\dllcache\schannel.dll
+ 2002-12-31 11:00 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2002-12-31 11:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2002-12-31 11:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
- 2002-12-31 11:00 . 2002-12-31 11:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2002-12-31 11:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2002-12-31 11:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2002-12-31 11:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2002-12-31 11:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 532480 c:\windows\system32\dllcache\mstime.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 146432 c:\windows\system32\dllcache\msrating.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 146432 c:\windows\system32\dllcache\msrating.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-01-15 16:06 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-01-15 16:06 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-01-15 16:06 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2008-01-15 16:08 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
- 2008-01-15 16:08 . 2002-12-31 11:00 331776 c:\windows\system32\dllcache\msadce.dll
+ 2002-12-31 11:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2002-12-31 11:00 . 2008-06-09 23:31 103936 c:\windows\system32\dllcache\logagent.exe
- 2002-12-31 11:00 . 2002-12-31 11:00 103936 c:\windows\system32\dllcache\logagent.exe
+ 2002-12-31 11:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2002-12-31 11:00 . 2007-12-18 14:40 450560 c:\windows\system32\dllcache\jscript.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 450560 c:\windows\system32\dllcache\jscript.dll
+ 2008-01-15 16:08 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2002-12-31 11:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2008-01-15 16:06 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2002-12-31 11:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2002-12-31 11:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2002-12-31 11:00 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2002-12-31 11:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2002-12-31 11:00 . 2006-08-16 11:58 100352 c:\windows\system32\dllcache\6to4svc.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 151040 c:\windows\system32\cdfview.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 100352 c:\windows\system32\6to4svc.dll
+ 2002-12-31 11:00 . 2006-08-16 11:58 100352 c:\windows\system32\6to4svc.dll
+ 2008-09-14 01:56 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-09-14 01:46 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2008-09-14 02:12 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2002-12-31 11:00 . 2008-11-07 16:32 2109440 c:\windows\system32\WMVCore.dll
+ 2002-12-31 11:00 . 2008-06-10 16:18 1053696 c:\windows\system32\WMNetmgr.dll
+ 2002-12-31 11:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2002-12-31 11:00 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 3059712 c:\windows\system32\mshtml.dll
+ 2009-03-10 20:18 . 2009-03-10 20:18 1482112 c:\windows\system32\LegitCheckControl.dll
+ 2008-01-15 16:08 . 2008-10-16 12:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2002-12-31 11:00 . 2008-11-07 16:32 2109440 c:\windows\system32\dllcache\WMVCore.dll
+ 2002-12-31 11:00 . 2008-06-10 16:18 1053696 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2002-12-31 11:00 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2002-12-31 11:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2002-12-31 11:00 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
+ 2002-12-31 11:00 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2002-12-31 11:00 . 2002-12-31 11:00 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2002-12-31 11:00 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 3059712 c:\windows\system32\dllcache\mshtml.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 1054208 c:\windows\system32\dllcache\danim.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 1054208 c:\windows\system32\danim.dll
+ 2002-12-31 11:00 . 2009-02-20 08:30 1023488 c:\windows\system32\browseui.dll
+ 2008-09-14 02:37 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-09-14 02:37 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-09-14 02:37 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-09-14 02:37 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2010-08-25 1883672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2010-08-25 02:58 1883672 ----a-w c:\program files\Softonic_Deutsch\tbSof1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2010-08-25 1883672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2010-08-25 1883672]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 68856]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26947:TCP"= 26947:TCP:BitComet 26947 TCP
"26947:UDP"= 26947:UDP:BitComet 26947 UDP
R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [06/10/2008 07:59 ص 64920]
R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [16/11/2007 03:58 م 37504]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 05:53 م 226656]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [06/09/2008 07:42 م 10752]
S2 dmatfsytzxp;dmatfsytzxp;\??\c:\windows\system32\drivers\ljchejibhcfjn.sys --> c:\windows\system32\drivers\ljchejibhcfjn.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2008-09-12 c:\windows\Tasks\Advanced Registry Optimizer.job
- c:\program files\Advanced Registry Optimizer\ARO.exe [2008-08-23 13:33]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
LSP: c:\windows\System32\mswsock2.dll
Trusted Zone: msn.com\webmessenger
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.84/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-14 17:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\windows\system32\sys_drv.dat 7028 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\documents and settings\Free User\Application Data\systemfl.$dk 990 bytes
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(580)
c:\windows\System32\mswsock2.dll
- - - - - - - > 'explorer.exe'(2292)
c:\windows\system32\msi.dll
.
Completion time: 2008-09-14 18:02
ComboFix-quarantined-files.txt 2008-09-14 16:02
ComboFix2.txt 2008-09-13 18:04
ComboFix3.txt 2008-09-13 16:25
ComboFix4.txt 2008-09-13 15:58
Pre-Run: 12,820,905,984 bytes free
Post-Run: 12,813,115,392 bytes free
443 --- E O F --- 2008-09-14 04:15

وحين وش المطلوب

**مع العلم اني سويت فحص أدآة الكآسبر ..