خطاء عند تشغيل الجهاز مرفك بي تقرير من هيجك

الرجباني · 11 مايو 2009

هذي الصورة الخطاء وهذي صورة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

هذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:47:02 م, on 11/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\FLSDEVCP.EXE
D:\program files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Nokia\Tss\Instrument API\bin\tray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
D:\program files\PC Connectivity Solution\ServiceLayer.exe
D:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\مجلد جديد\Internet Download Manager\IDMan.exe
C:\Program Files\LTT WiMAX\LTT WiMAX.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\HiJackThis_2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\مجلد جديد\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: searchersmart search enhancer - {6BAAFB29-2F6C-DA4D-18D5-15E027AB712D} - C:\WINDOWS\system32\xwpkkyflrenywhj.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eagleeye] d:\program files.\tuEagles\EagleSvr.exe
O4 - HKLM\..\Run: [FLSDeviceControlPanel] C:\WINDOWS\system32\FLSDEVCP.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "D:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [IDMan] F:\مجلد جديد\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RGSC] D:\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] D:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TSS Instrument API Tray Utility.lnk = C:\Program Files\Common Files\Nokia\Tss\Instrument API\bin\tray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - F:\مجلد جديد\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - F:\مجلد جديد\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - F:\مجلد جديد\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ScsiAccess - Unknown owner - D:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - D:\program files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8758 bytes

أعتز بك · 11 مايو 2009

عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

وهل الفوتشوب موجود لديك ..؟

الرجباني · 11 مايو 2009

الفوتشوب محمول عندي ولكن تطلع حتى عند بداية الجهاز ...

الرجباني · 11 مايو 2009

لم يعمل ستارت وهذا التقرير طلع اخوي...

ComboFix 09-05-07.A01 - Administrator 05/11/2009 14:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.218.1033.18.2047.1554 [GMT 3:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Solt Lake Software
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
c:\windows\system32\xwpkkyflrenywhj.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-10 23:41 . 2009-05-10 23:41 -------- d-----w d:\program files.\AGEIA Technologies
2009-05-10 20:28 . 2009-05-10 23:38 -------- d-----w d:\program files.\Thinstall.VS
2009-05-10 20:28 . 2009-05-10 20:28 -------- d-----w c:\documents and settings\Administrator\Application Data\Downloaded Installations
2009-05-10 20:04 . 2009-05-10 20:04 -------- d-----w C:\Nokia
2009-05-10 17:51 . 2009-05-10 17:51 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-10 17:12 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-05-10 17:09 . 2009-05-10 17:09 -------- d-----w d:\program files.\Microsoft Works
2009-05-10 17:09 . 2009-05-10 17:09 -------- d-----w d:\program files.\MSBuild
2009-05-10 17:08 . 2009-05-10 17:08 -------- d-----w d:\program files.\Microsoft.NET
2009-05-10 17:06 . 2009-05-10 17:06 -------- d-----w d:\program files.\Microsoft Visual Studio 8
2009-05-10 17:05 . 2009-05-10 17:09 -------- d-----w c:\windows\SHELLNEW
2009-05-10 17:05 . 2009-05-10 17:05 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-05-10 17:05 . 2009-05-10 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-10 10:56 . 2009-05-10 10:56 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Runscanner.net
2009-05-10 10:55 . 2009-05-10 10:55 -------- d-----w d:\program files.\Process Master
2009-05-10 10:28 . 2009-05-10 10:28 -------- d-----w C:\zyz_auto_killer
2009-05-10 09:21 . 2009-05-10 09:21 -------- d--h--w d:\program files.\InstallShield Installation Information
2009-05-10 08:39 . 2009-05-10 08:39 10454 ----a-w c:\windows\system32\drivers\parldr2k.sys
2009-05-10 08:39 . 2009-05-10 08:39 34048 ----a-w c:\windows\system32\drivers\flsvcom.sys
2009-05-10 08:39 . 2009-05-10 08:39 51798 ----a-w c:\windows\system32\drivers\FLSUSB.SYS
2009-05-10 08:39 . 2009-05-10 08:39 8344 ----a-w c:\windows\system32\drivers\flsser.sys
2009-05-10 08:39 . 2009-05-10 08:39 16314 ----a-w c:\windows\system32\drivers\flspar.sys
2009-05-10 08:38 . 2009-05-10 08:38 1859584 ----a-w c:\windows\system32\FLSINST.DLL
2009-05-10 08:38 . 2009-05-10 08:38 64312 ----a-w c:\windows\system32\vercp32.dll
2009-05-10 08:38 . 2009-05-10 08:38 89400 ----a-w c:\windows\system32\DNCP32.DLL
2009-05-10 08:38 . 2009-05-10 08:38 92984 ----a-w c:\windows\system32\DNClnt32.dll
2009-05-10 08:38 . 2009-05-10 08:38 14856 ----a-w c:\windows\system32\drivers\dkpccard.sys
2009-05-10 08:38 . 2009-05-10 08:38 11576 ----a-w c:\windows\system32\DKCLINST.DLL
2009-05-10 08:38 . 2009-05-10 08:38 92984 ----a-w c:\windows\system32\dkcpanel.exe
2009-05-10 08:38 . 2009-05-10 08:38 32208 ----a-w c:\windows\system32\dk2win16.dll
2009-05-10 08:38 . 2009-05-10 08:38 -------- d-----w c:\program files\Common Files\DESkey
2009-05-10 08:38 . 2009-05-10 08:38 2325304 ----a-w c:\windows\system32\DK2INST.DLL
2009-05-10 08:37 . 2009-05-10 08:40 -------- d-----w d:\program files.\Nokia
2009-05-10 08:35 . 2009-05-10 08:35 -------- d-----w d:\program files.\MSXML 6.0
2009-05-09 23:24 . 2008-03-21 10:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-05-09 23:18 . 2009-05-09 23:18 -------- d-----w d:\program files.\DIFX
2009-05-09 23:17 . 2009-05-09 23:17 -------- d-----w d:\program files.\PC Connectivity Solution
2009-05-09 23:17 . 2008-09-15 04:29 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll
2009-05-09 15:02 . 2009-05-11 10:37 0 ----a-w c:\windows\system32\drivers\IsDrv118.sys
2009-05-09 15:02 . 2009-05-11 10:37 0 ----a-w c:\windows\system32\drivers\IsPubDrv.sys
2009-05-09 15:01 . 2009-05-09 15:01 107520 ----a-w c:\windows\Netfathr.exe
2009-05-09 13:00 . 2009-05-09 13:05 -------- d-----w c:\documents and settings\Administrator\Application Data\AIMP
2009-05-09 12:59 . 2009-05-09 13:00 -------- d-----w d:\program files.\AIMP2
2009-05-08 23:36 . 2009-05-08 23:36 -------- d--h--w c:\documents and settings\All Users\Application Data\~0
2009-05-08 18:09 . 2009-05-08 23:36 -------- d-----w C:\RECYCLER(2)
2009-05-08 16:09 . 2009-05-08 23:36 -------- d-----w C:\32788R22FWJFW(2)
2009-05-08 14:02 . 2009-05-09 15:01 -------- d-sh--r d:\program files.\tuEagles
2009-05-07 15:21 . 2009-05-07 15:21 -------- d-----w d:\program files.\microsoft frontpage
2009-05-07 15:13 . 2009-05-07 15:13 -------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue
2009-05-07 15:09 . 1998-06-17 22:00 153600 ----a-w c:\windows\system32\tlbinf32.dll
2009-05-05 11:31 . 2001-08-17 19:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-05-05 11:31 . 2001-08-17 19:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-05-05 11:31 . 2001-08-17 19:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2009-05-05 11:31 . 2001-08-17 19:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-05-05 11:31 . 2001-08-17 11:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
2009-05-05 11:31 . 2001-08-17 11:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-05-05 11:31 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
2009-05-05 11:31 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-05-05 11:31 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-05-05 11:31 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-05-05 11:31 . 2008-04-14 02:39 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
2009-05-05 11:31 . 2008-04-14 02:39 6144 ----a-w c:\windows\system32\kbd106.dll
2009-05-05 07:49 . 2009-05-05 07:49 -------- d-----w c:\documents and settings\Administrator\Application Data\Netscape
2009-05-05 07:48 . 2009-05-05 07:48 -------- d-----w d:\program files.\Photodex
2009-05-05 07:48 . 2009-05-05 07:48 -------- d-----w c:\documents and settings\Administrator\Application Data\Photodex
2009-05-03 22:16 . 2009-05-03 22:16 214 ----a-w C:\UnInstall.dat
2009-05-03 22:16 . 2009-05-02 09:39 16896 ----a-w c:\windows\system32\grwinsthlp.exe
2009-05-01 12:11 . 2009-05-01 12:11 -------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-01 10:13 . 2009-05-01 10:13 -------- d-----w c:\documents and settings\Administrator\Application Data\GlarySoft
2009-04-30 19:02 . 2009-04-30 19:02 1314816 ----a-w c:\windows\system32\nvcuvenc.dll
2009-04-30 19:02 . 2009-04-30 19:02 663552 ----a-w c:\windows\system32\nvcuvid.dll
2009-04-30 19:02 . 2009-04-30 19:02 1579630 ----a-w c:\windows\system32\nvdata.bin
2009-04-30 09:35 . 2009-04-30 09:35 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-30 09:35 . 2008-11-24 11:19 27904 ----a-w c:\windows\system32\uxtuneup(3)(2).dll
2009-04-30 09:35 . 2008-11-24 11:19 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-30 09:35 . 2009-04-30 09:35 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-29 19:35 . 2009-05-09 23:25 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-29 19:29 . 2009-05-09 23:25 -------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-04-29 18:42 . 2009-04-29 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-29 14:19 . 2009-05-05 15:47 -------- d-----w c:\windows\system32\SupportWimax
2009-04-28 13:15 . 2009-04-29 18:42 -------- d-----w c:\documents and settings\Administrator\Application Data\CoreFTP
2009-04-17 14:47 . 2009-03-09 13:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-17 14:47 . 2009-03-09 13:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-17 14:47 . 2009-03-09 13:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-17 14:47 . 2009-03-16 12:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-17 14:47 . 2009-03-16 12:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-17 14:47 . 2009-03-16 12:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-17 14:47 . 2009-03-16 12:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-15 10:28 . 2009-04-22 22:03 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Dyyno
2009-04-12 17:19 . 2009-04-12 17:19 -------- d-----w c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 10:36 . 2009-01-18 14:10 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-11 10:29 . 2009-01-18 14:10 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-11 09:39 . 2009-01-26 10:42 3053600 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-11 09:39 . 2009-01-26 10:42 25984 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-11 00:13 . 2009-01-26 10:42 745504 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-11 00:13 . 2009-01-26 10:42 4676 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-10 23:42 . 2009-01-17 17:07 1092400 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-10 23:41 . 2009-01-24 11:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-10 22:16 . 2008-11-14 22:27 105384 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 17:50 . 2009-02-18 14:33 -------- d-----w c:\program files\Common Files\Adobe
2009-05-10 15:58 . 2009-05-10 15:58 2678 ----a-w c:\windows\java\Packages\Data\OVXRZXRT.DAT
2009-05-10 15:57 . 2009-05-10 15:57 2678 ----a-w c:\windows\java\Packages\Data\EI4XNPBX.DAT
2009-05-10 15:57 . 2009-05-10 15:57 2678 ----a-w c:\windows\java\Packages\Data\RDF7N1JJ.DAT
2009-05-10 15:57 . 2009-05-10 15:57 2678 ----a-w c:\windows\java\Packages\Data\IXJ97X3B.DAT
2009-05-10 15:57 . 2009-05-10 15:57 2678 ----a-w c:\windows\java\Packages\Data\BZX3Z7XZ.DAT
2009-05-10 09:21 . 2009-01-17 17:48 -------- d-----w c:\program files\Common Files\Nokia
2009-05-10 08:46 . 2008-11-14 13:56 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-10 08:39 . 2009-05-10 08:39 23120 ----a-w c:\windows\system32\drivers\FPGA8501.rd4
2009-05-10 08:39 . 2009-05-10 08:39 13440 ----a-w c:\windows\system32\drivers\flsiface.sys
2009-05-09 23:24 . 2009-05-09 23:24 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-05-09 23:24 . 2009-05-09 23:24 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-09 23:18 . 2009-01-17 17:48 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-03 10:58 . 2009-01-24 11:26 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-30 19:02 . 2008-11-14 14:06 457248 ----a-w c:\windows\system32\nvudisp.exe
2009-04-30 19:02 . 2008-10-07 11:33 1720320 ----a-w c:\windows\system32\nvcuda.dll
2009-04-30 19:02 . 2007-06-28 16:43 9994240 ----a-w c:\windows\system32\nvoglnt.dll
2009-04-30 19:02 . 2007-06-28 16:43 806912 ----a-w c:\windows\system32\nvapi.dll
2009-04-30 19:02 . 2007-06-28 16:43 8055584 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 19:02 . 2007-06-28 16:43 5896320 ----a-w c:\windows\system32\nv4_disp.dll
2009-04-30 19:02 . 2007-06-28 16:43 143360 ----a-w c:\windows\system32\nvcodins.dll
2009-04-30 19:02 . 2007-06-28 16:43 143360 ----a-w c:\windows\system32\nvcod.dll
2009-04-26 21:42 . 2008-11-14 14:05 457248 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-26 20:52 . 2009-02-17 14:50 196608 ----a-w c:\windows\system32\maag.dll
2009-04-26 20:52 . 2009-02-17 14:50 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-26 20:52 . 2009-02-17 14:50 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-26 20:52 . 2009-02-17 14:50 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-26 20:52 . 2009-02-17 14:50 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-26 20:52 . 2009-02-17 14:50 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-26 20:52 . 2009-02-17 14:50 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-26 20:52 . 2009-02-17 14:50 1245184 ----a-w c:\windows\system32\bkll.dll
2009-04-12 17:18 . 2008-11-14 14:23 -------- d-----w c:\program files\Common Files\Real
2009-04-07 10:44 . 2008-04-14 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-03 09:39 . 2009-04-03 09:39 70936 ----a-w c:\windows\system32\PhysXLoader.dll
2009-03-25 15:28 . 2009-03-10 12:21 -------- d-----w c:\program files\Common Files\Ahead
2009-03-21 17:26 . 2009-01-18 14:10 139152 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2009-03-21 17:24 . 2009-03-21 17:06 111928 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrB.exe
2009-03-21 17:24 . 2009-01-26 10:29 794408 ----a-w c:\windows\system32\pbsvc.exe
2009-03-21 13:57 . 2008-09-12 11:42 -------- d-----w d:\program files.\SCC-TDS
2009-03-16 23:18 . 2009-03-16 23:18 -------- d-----w d:\program files.\GRETECH
2009-02-28 18:44 . 2009-02-28 18:44 2232 ----a-w c:\windows\java\Packages\Data\9BR713VB.DAT
2009-02-28 18:44 . 2009-02-28 18:44 155995 ----a-w c:\windows\java\Packages\NZ7DBVLF.ZIP
2009-02-28 09:02 . 2009-01-18 14:10 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-27 06:03 . 2008-12-06 18:13 57394 ----a-w c:\windows\system32\xwpkkyflrenywhj.dll-uninst.exe
2009-02-18 20:10 . 2001-08-23 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-18 20:08 . 2008-11-14 13:29 23224 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-17 14:50 . 2009-02-17 14:50 344064 ----a-w c:\windows\system32\dkll.dll
.

------- Sigcheck -------

[-] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2004-08-03 22:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB956390_0$\wininet.dll
[7] 2008-04-14 12:00 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2008-10-16 10:37 659456 6F1E4BFD78C4E0D05FF3725D59B72925 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll
[-] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll
[-] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll
[-] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll
[-] 2008-04-14 12:00 776192 966F311363CE6E4719A0A04070D345CC c:\windows\system32\wininet.dll
[-] 2008-04-14 12:00 776192 966F311363CE6E4719A0A04070D345CC c:\windows\system32\dllcache\wininet.dll

[-] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 13:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2004-08-03 23:05 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[7] 2008-04-14 12:00 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2008-04-14 12:00 2186752 E79A41C2F9EAC01B23A18C8911112934 c:\windows\system32\ntkrnlpa.exe

[-] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 14:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2004-08-03 21:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[7] 2008-04-14 12:00 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2008-04-14 12:00 2308096 33C3C3D7A7C6E56D9EBC3E8EEA0D490C c:\windows\system32\ntoskrnl.exe

[-] 2008-04-14 12:00 1540608 891CC147CC1EAA759A7DA3050E7446FF c:\windows\explorer.exe
[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 12:00 1540608 891CC147CC1EAA759A7DA3050E7446FF c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BAAFB29-2F6C-DA4D-18D5-15E027AB712D}]
c:\windows\system32\xwpkkyflrenywhj.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RGSC"="d:\grand theft auto iv\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-26 306088]
"PC Suite Tray"="d:\nokia pc suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-12 198160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 206088]
"eagleeye"="d:\program files.\tuEagles\EagleSvr.exe" [2009-05-09 408064]
"FLSDeviceControlPanel"="c:\windows\system32\FLSDEVCP.EXE" [2009-05-10 91696]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-10-12 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TSS Instrument API Tray Utility.lnk - c:\program files\Common Files\Nokia\Tss\Instrument API\bin\tray.exe [2007-12-7 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=d:\grand theft auto iv\Rockstar Games Social Club\RGSCLauncher.exe /silent
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 2\\firefox.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Grand Theft Auto IV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\Grand Theft Auto IV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\SCC-TDS\\Command And Conquer Red Alert 3\\Data\\ra3_1.0.game"=
"d:\\Program Files\\SCC-TDS\\Command And Conquer Red Alert 3\\Data\\ra3_1.8.game"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\SCC-TDS\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\tuEagles\\EagleSvr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [10/05/2009 11:38 ص 33404]
R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [10/05/2009 11:39 ص 13440]
R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [10/05/2009 11:39 ص 16314]
R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [10/05/2009 11:39 ص 8344]
R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [10/05/2009 11:39 ص 34048]
R2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [10/05/2009 11:39 ص 10454]
R3 AVHybrid;AVHybrid service;c:\windows\system32\drivers\AVHybrid.sys [01/07/2005 01:01 م 999808]
R3 HuaweiWiMAXUSB;HuaweiWiMAXUSB Device driver;c:\windows\system32\drivers\HuaweiWiMAXUSB.sys [15/02/2009 06:11 م 45312]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
S2 gupdate1c9ad443d76c006;gupdate1c9ad443d76c006; [x]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [30/04/2009 12:35 م 603904]
S3 dump_wmimmc;dump_wmimmc; [x]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/01/2009 08:30 م 138112]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\StarSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2580971e-fa0c-11dd-9851-00192103c7f1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2580971f-fa0c-11dd-9851-00192103c7f1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a0059fb-09b0-11de-9882-001e108547de}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d711291-131d-11de-9898-001e108547de}]
\sheLl\aUTopLAY\command - G:\ejojut.cmd
\sheLl\AutoRun\command - G:\ejojut.cmd
\sheLl\EXPlOrE\command - G:\ejojut.cmd
\sheLl\open\CommanD - G:\ejojut.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fdae04b-0991-11de-9880-001e108547de}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb4484ba-fb72-11dd-9856-00192103c7f1}]
\Shell\AutoRun\command - F:\StarSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb4484bc-fb72-11dd-9856-00192103c7f1}]
\Shell\AutoRun\command - G:\StarSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc723867-04fe-11de-9879-001e108547de}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Iloveher.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 14:46]

2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 12:21]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IDMan - f:\مجلد جديد\Internet Download Manager\IDMan.exe
HKCU-Run-Uniblue RegistryBooster 2009 - d:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ly/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: ????? ???? ?????? Internet Download Manager
IE: ????? ????? FLV ?????? Internet Download Manager
IE: ????? ?????? Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager
IE: E???? C??? E?C??E Internet Download Manager
IE: E???? E?C??E Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: E???? C??? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: E???? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: ت&صدير إلى Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - f:\مجلد جديد\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - f:\مجلد جديد\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - f:\مجلد جديد\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5p85lj9u.default\
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 2\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-11 14:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-507921405-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A06499A1-6085-6B7F-20CC-56C457CDF178}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abddpdbalnahnikphehnkjkbdkbccmnggi"=hex:65,62,64,69,6a,6e,6c,69,6f,6a,63,6a,
6a,68,63,62,6b,6b,67,6d,64,69,65,6e,69,6f,66,70,6d,6d,6c,67,6a,69,6c,67,61,\
"bbddpdbalnahnikpheinfmkbhgiplpimghbm"=hex:61,62,61,6e,68,68,70,6a,66,6d,6b,64,
68,6f,6c,66,6e,6d,64,62,6d,62,61,66,65,6c,6a,6c,6e,6f,70,62,63,6c,00,67

[HKEY_USERS\S-1-5-21-1123561945-507921405-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:bb,b8,83,90,b8,72,38,c1,27,8e,2e,42,af,5e,2d,ce,56,e0,ec,bc,98,
4b,1d,8a,4d,db,33,6f,cd,52,36,a3,87,01,26,a1,7b,45,64,8d,50,10,f0,b0,33,89,\
"rkeysecu"=hex:05,9e,b5,be,ee,ec,f5,be,e6,52,11,bb,37,ca,ad,1b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a0,a9,1a,94,41,1e,73,47,e4,9a,a7,b0,df,bb,19,d4,f8,10,bb,40,73,
ce,7b,2b,87,f1,5c,eb,fa,ce,60,7e,a5,ae,4a,28,bd,af,57,c7,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f570ca31-d385-4921-90ab-5ce0648933f2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000003d
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,f6,31,ec,ed,75,f3,b6,1d,5d,f0,c9,49,d3,6c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1396)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'lsass.exe'(1464)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-05-11 14:13
ComboFix-quarantined-files.txt 2009-05-11 11:13
ComboFix2.txt 2009-05-08 16:02

Pre-Run: 1,537,544,192 bytes free
Post-Run: 1,569,697,792 bytes free

387 --- E O F --- 2009-01-26 14:28

أعتز بك · 11 مايو 2009

الرجباني قال:
الفوتشوب محمول عندي ولكن تطلع حتى عند بداية الجهاز ...

هو شغال تمام او فيه مشاكل

الرجباني · 11 مايو 2009

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

هذي صورة الخطاء عند بداية تشغيل الجهاز...

الفوتشوب هذا يعطيني نفس الخطاء ولكن عندى نسخه اخرى تشتغل مافيها شيء...

format · 11 مايو 2009

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

موقع يحل الك مشاكل ملف dll

الرجباني · 11 مايو 2009

ثم الحل بارك الله فيكم..

أعتز بك · 11 مايو 2009

الرجباني قال:
ثم الحل بارك الله فيكم..

الحمد الله على الأنتهاء

ولكن يا ليت توضح من أي موضوع لكي يستفيد غيرك

بالتوفيق

الرجباني · 19 يوليو 2009

فورمات وندوز جديده هذا الحل

خطاء عند تشغيل الجهاز مرفك بي تقرير من هيجك

الرجباني

زيزوومى متألق

توقيع : الرجباني

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

الرجباني

زيزوومى متألق

توقيع : الرجباني

الرجباني

زيزوومى متألق

توقيع : الرجباني

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

الرجباني

زيزوومى متألق

توقيع : الرجباني

format

زيزوومي ماسى

توقيع : format

الرجباني

زيزوومى متألق

توقيع : الرجباني

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

الرجباني

زيزوومى متألق

توقيع : الرجباني

NTLite Business 2025.8.10552 X64