مشكلة (The Volume Is Dirty) ....

[ZeraX]

السلام عليكم
========
عن جديد
صرت كل مرة اشغل الكومبيوتر
تتطلعلي الشاشة الزرقاء اللي تعمل Scan عن ال Errors بس هذه مختلفة
تقلي The Volume Is dirty
ماذا افعل بها ؟


الرجاء المساعدة ..
======
و ايضا هل هناك برنامج يصحح مشاكل ال CRC (Cyclic Reduncy Check ) ؟؟؟؟؟؟؟؟


و مشكوووووووور للي يساعدني

 

[MAAX]

الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 

[ZeraX]

عذرا اخوي على التاخيير
كان الانترنت زفت
المهم هذه نتيجة البرنامج
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:51 AM, on 5/18/2009
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BinarySense\disksvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\IE Accelerator\IEAccelerator.exe
C:\Program Files\BinarySense\HDDTemp4\HDDtemp4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [IE Accelerator] C:\Program Files\IE Accelerator\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [HDDtemp4] C:\Program Files\BinarySense\HDDTemp4\HDDtemp4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08AXLRD_12088796] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CE9C291-3964-4403-A179-0BEFA0BD1316}: NameServer = 84.11.141.115
O23 - Service: Agnitum Client Security Service (acssrv) - Unknown owner - C:\PROGRA~1\Agnitum\Outpost Firewall Pro\acs.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L.

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Program Files\Common Files\BinarySense\disksvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 5967 bytes

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

 

[ZeraX]

عذرا اخي على التأخير انسغلت هاللاسبوع
والله خجلان منك جدا
لأني اعذبك معاي
تفضل التقرير
===========
ComboFix 09-05-21.01 - ZeraX 23/05/2009 1:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2046.1279 [GMT 3:00]
Running from: d:\zerax\My Programs\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\glhvt.dll
c:\windows\ksires32.dll
c:\windows\msvrc20.dll
c:\windows\msxfcg32.dll
c:\windows\system32\LPDx09.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-22 21:43 . 2009-05-22 22:05 1184300 ----a-w c:\documents and settings\ZeraX\Application Data\IDM\DwnlData\ZeraX\WDM_R224_122\WDM_R224.exe
2009-05-22 20:19 . 2009-05-22 20:19 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Adobe Flash Player ActiveX\400000d100002i\GrabVideo.exe
2009-05-22 18:18 . 2009-05-22 18:18 -------- d-----w c:\windows\Downloaded Installations
2009-05-22 17:07 . 2009-05-22 17:07 12800 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\WinTools.net 9.3.0 Professional\10000006600002i\regedit.exe
2009-05-22 17:00 . 2009-05-22 17:00 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Adobe Flash Player ActiveX\400000f400002i\CopyUpdate.exe
2009-05-22 17:00 . 2009-05-22 17:00 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Adobe Flash Player ActiveX\400000f400002i\update.exe
2009-05-22 17:00 . 2009-05-22 17:00 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Adobe Flash Player ActiveX\40000031000002i\FLV Downloader.exe
2009-05-22 16:58 . 2009-05-22 16:58 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Internet Download Manager\4000004000002i\IEMonitor.exe
2009-05-22 16:58 . 2009-05-22 16:58 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Internet Download Manager\40000027e00002i\IDMan.exe
2009-05-22 16:57 . 2009-05-22 16:58 -------- d-----w c:\documents and settings\ZeraX\Application Data\PasswordZilla
2009-05-22 16:57 . 2009-05-22 16:57 12800 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\PasswordZilla 2.3\4000008d00002i\PasswordZilla.exe
2009-05-22 16:55 . 2009-05-22 16:55 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Comfort On-Screen Keyboard Pro 3.1.3.0\400000f00002i\CKeyboardCm.exe
2009-05-22 16:47 . 2009-05-22 16:47 -------- d-----w c:\documents and settings\ZeraX\Application Data\Pointstone
2009-05-21 23:14 . 2009-05-21 23:21 -------- d-----w c:\program files\FDF
2009-05-21 17:33 . 2009-05-21 17:34 224513 ----a-w c:\documents and settings\ZeraX\Application Data\IDM\DwnlData\ZeraX\DOSBox0.72-win32-installer_112\DOSBox0.72-win32-installer.exe
2009-05-21 17:18 . 2009-05-21 17:18 -------- d-----w c:\windows\SIGN
2009-05-21 12:42 . 2009-05-21 12:41 121064 ----a-w c:\documents and settings\ZeraX\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\1.09\setup.exe
2009-05-21 12:41 . 2009-05-21 12:38 368640 ----a-w c:\documents and settings\ZeraX\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\_setup.dll
2009-05-21 12:38 . 2009-05-21 12:41 121064 ----a-w c:\documents and settings\ZeraX\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe
2009-05-21 12:14 . 2009-05-21 12:14 -------- d-----w c:\program files\Common Files\DirectX
2009-05-20 23:04 . 2009-05-20 23:04 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-20 17:45 . 2009-05-20 17:45 -------- d-----w c:\documents and settings\ZeraX\Application Data\Ahead
2009-05-20 17:44 . 2009-05-20 17:44 -------- d-----w c:\program files\Common Files\Ahead
2009-05-20 17:44 . 2009-05-20 17:44 -------- d-----w c:\program files\Nero
2009-05-19 14:08 . 2009-05-19 14:08 -------- d-----w c:\documents and settings\ZeraX\Local Settings\Application Data\SubtitleCreator
2009-05-18 23:28 . 2009-05-18 23:28 -------- d-----w c:\program files\PureImage
2009-05-18 23:20 . 2009-05-18 23:20 -------- d-----w c:\program files\Common Files\CyberLink
2009-05-18 23:16 . 2009-05-18 23:16 -------- d-----w c:\program files\SourceTec
2009-05-18 18:06 . 2009-05-18 18:06 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Error Repair Professional 3.8.3\400000cf00002i\IEAccelerator.exe
2009-05-18 18:06 . 2009-05-18 18:06 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Error Repair Professional 3.8.3\40000021d00002i\HDDtemp4.exe
2009-05-18 18:06 . 2009-05-18 18:06 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Error Repair Professional 3.8.3\4000001ee00002i\IObit SmartDefrag.exe
2009-05-18 18:06 . 2009-05-18 18:06 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Error Repair Professional 3.8.3\4000005600002i\EDICT.EXE
2009-05-18 17:20 . 2009-05-18 17:20 4096 ----a-w c:\windows\system32\drivers\nocashio.sys
2009-05-17 23:07 . 2009-04-06 18:46 161816 ----a-w c:\windows\RegGenieOnUninstall.exe
2009-05-17 23:07 . 2009-05-17 23:13 -------- d-----w c:\program files\RegGenie
2009-05-17 20:13 . 2009-05-17 20:15 -------- d-----w c:\program files\Java
2009-05-17 20:12 . 2009-05-17 20:12 -------- d-----w c:\documents and settings\ZeraX\Local Settings\Application Data\Sun
2009-05-17 15:19 . 2009-05-17 15:20 -------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-05-17 15:19 . 2009-05-17 15:19 -------- d-----w c:\documents and settings\ZeraX\Local Settings\Application Data\Ubisoft
2009-05-17 10:07 . 2009-05-17 10:07 -------- d-----w c:\documents and settings\Lolita 2120\Local Settings\Application Data\Microsoft Help
2009-05-16 13:41 . 2009-05-16 13:41 -------- d-----w c:\documents and settings\ZeraX\Local Settings\Application Data\Help
2009-05-16 11:07 . 2009-05-16 11:07 -------- d-----w c:\documents and settings\Lolita 2120\Application Data\FastStone
2009-05-16 11:06 . 2009-05-16 11:06 7168 ----a-w c:\documents and settings\Lolita 2120\Application Data\Thinstall\Chily Registry Cleaner ver 7.12.01\40000065e00002i\Chily Registry Cleaner.exe
2009-05-16 11:06 . 2009-05-16 11:06 -------- d-----w c:\documents and settings\Lolita 2120\Application Data\Thinstall
2009-05-15 19:35 . 2009-05-15 19:35 -------- d-----w c:\program files\WinAVI Video Converter
2009-05-15 19:21 . 2009-05-22 01:23 -------- d-----w c:\documents and settings\ZeraX\Application Data\Any Video Converter Professional
2009-05-15 19:21 . 2009-05-15 19:21 -------- d-----w c:\program files\Any Video Converter Professional
2009-05-15 19:01 . 2009-05-15 19:01 -------- d-----w c:\documents and settings\ZeraX\Application Data\DivX
2009-05-15 19:00 . 2009-05-15 19:00 -------- d-----w c:\program files\DivX
2009-05-15 18:53 . 1997-10-28 09:30 409600 ----a-w c:\windows\system32\Crde96v3.dll
2009-05-15 18:53 . 1997-10-28 09:30 221184 ----a-w c:\windows\system32\I3spec32.dll
2009-05-15 18:53 . 1997-10-28 09:30 159744 ----a-w c:\windows\system32\Ilanot32.dll
2009-05-15 18:53 . 1996-09-11 10:33 48640 ----a-w c:\windows\system32\Inetwh32.dll
2009-05-15 18:53 . 1996-08-28 02:48 9136 ----a-w c:\windows\system32\Inetwh16.dll
2009-05-15 18:53 . 1996-08-28 02:48 4528 ----a-w c:\windows\system32\Setbrows.exe
2009-05-15 18:53 . 1601-01-01 09:24 108032 ----a-w c:\windows\system32\UNWISE.EXE
2009-05-15 18:53 . 2009-05-15 18:53 -------- d-----w c:\program files\Sausage
2009-05-15 18:53 . 1999-01-29 15:17 692736 ----a-w c:\windows\system32\BatchRegister.exe
2009-05-15 18:53 . 1999-01-29 15:09 1025536 ----a-w c:\windows\system32\SausReg.exe
2009-05-15 11:32 . 2009-05-22 06:33 10 ----a-w c:\windows\popcinfo.dat
2009-05-15 09:47 . 2009-05-15 09:47 -------- d-----w c:\documents and settings\Lolita 2120\Local Settings\Application Data\Activision
2009-05-14 14:19 . 2001-08-17 10:48 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-14 14:19 . 2001-08-17 10:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-14 13:27 . 2009-05-14 13:27 -------- d-----w c:\program files\Common Files\BinarySense
2009-05-14 13:27 . 2009-05-14 13:27 -------- d-----w c:\program files\BinarySense
2009-05-13 20:08 . 2009-05-13 20:28 -------- d-----w c:\program files\Microsoft Student
2009-05-13 20:07 . 2009-05-20 20:39 -------- d-----w c:\windows\LastGood
2009-05-13 19:35 . 2009-05-13 19:35 -------- d-----w c:\program files\IE Accelerator
2009-05-12 15:47 . 2001-08-23 16:00 59904 -c--a-w c:\windows\system32\dllcache\imkrinst.exe
2009-05-12 15:46 . 2001-08-17 19:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2009-05-12 15:46 . 2001-08-17 19:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-05-12 15:46 . 2001-08-17 19:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-05-12 15:46 . 2001-08-17 19:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-05-12 15:46 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
2009-05-12 15:46 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-05-12 15:46 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-05-12 15:46 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-05-12 15:46 . 2001-08-17 11:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
2009-05-12 15:46 . 2001-08-17 11:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-05-12 15:46 . 2007-10-30 21:28 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
2009-05-12 15:46 . 2007-10-30 21:28 6144 ----a-w c:\windows\system32\kbd106.dll
2009-05-12 13:45 . 2009-05-18 17:25 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-12 13:45 . 2009-05-18 17:25 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-12 13:45 . 2009-05-12 13:45 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-05-12 12:59 . 2009-05-12 12:59 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-05-11 18:16 . 2009-05-11 18:16 -------- d-----w c:\documents and settings\Lolita 2120\Application Data\IObit
2009-05-10 22:42 . 2009-05-10 22:42 -------- d-----w c:\documents and settings\ZeraX\Application Data\IObit
2009-05-10 22:42 . 2009-05-10 22:42 -------- d-----w c:\program files\IObit
2009-05-10 18:46 . 2009-05-10 18:46 -------- d-----w c:\documents and settings\ZeraX\WINDOWS
2009-05-10 17:13 . 2009-05-10 17:13 -------- d-----w c:\documents and settings\Lolita 2120\Application Data\Genimo
2009-05-10 17:09 . 2009-05-10 17:09 198064 ----a-w c:\documents and settings\Lolita 2120\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-10 17:09 . 2009-05-10 17:09 -------- d-----w c:\documents and settings\Lolita 2120\Application Data\BitDefender
2009-05-08 12:07 . 2009-05-08 12:07 198064 ----a-w c:\documents and settings\ZeraX\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-08 11:26 . 2009-05-08 11:26 -------- d-----w c:\documents and settings\ZeraX\Local Settings\Application Data\WMTools Downloaded Files
2009-05-08 08:19 . 2009-05-08 08:19 116144 ----a-w c:\documents and settings\ZeraX\Application Data\IDM\idmmzcc02\components\idmmzcc.dll
2009-05-08 08:19 . 2009-05-17 18:30 -------- d-----w c:\documents and settings\ZeraX\Application Data\IDM
2009-05-08 08:19 . 2009-05-09 15:00 -------- d-----w c:\program files\Internet Download Manager
2009-05-08 07:14 . 2009-05-08 07:17 -------- d-----w c:\program files\Fast AVI MPEG Splitter
2009-05-07 07:42 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-05-06 14:24 . 2009-05-06 14:24 -------- d-----w c:\documents and settings\ZeraX\Application Data\InstallShield
2009-05-05 16:09 . 2009-05-05 16:09 -------- d-----w c:\documents and settings\ZeraX\Application Data\Avanquest
2009-05-05 15:53 . 2009-05-05 15:53 -------- d-sh--r C:\_Backup.RC
2009-05-05 15:53 . 2009-05-05 15:53 -------- d--h--w C:\VCOM
2009-05-05 15:49 . 2009-05-05 15:49 -------- d-----w c:\documents and settings\ZeraX\Application Data\VCOM
2009-05-05 15:49 . 2009-05-05 15:49 -------- d-----w c:\program files\VCOM
2009-05-05 15:41 . 2009-05-05 15:41 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Error Repair Professional 3.8.3\40000062700002i\SpySweeperUI.exe
2009-05-05 15:41 . 2009-05-05 15:41 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Error Repair Professional 3.8.3\4000005d00002i\processlasso.exe
2009-05-05 15:41 . 2009-05-05 15:41 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Error Repair Professional 3.8.3\4000002b00002i\processgovernor.exe
2009-05-05 15:41 . 2009-05-05 15:41 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Error Repair Professional 3.8.3\4000001f00002i\memtuneup.exe
2009-05-05 15:29 . 2009-05-05 15:29 7168 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Error Repair Professional 3.8.3\40000031600002i\ErrorRepairProfessional.exe
2009-05-05 15:28 . 2009-05-05 15:28 110592 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\COWON Media Center - jetAudio Plus VX\40000012c00002i\jetUpdate.exe
2009-05-05 15:28 . 2009-05-05 15:28 110592 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\COWON Media Center - jetAudio Plus VX\4000002b200002i\JetAudio.exe
2009-05-05 14:48 . 2009-05-05 14:48 -------- d-----w c:\windows\Sun
2009-05-04 20:46 . 2009-05-04 20:46 -------- d-----w c:\documents and settings\ZeraX\Application Data\Systweak
2009-05-04 20:44 . 2009-05-04 20:48 -------- d-----w c:\program files\Advanced System Optimizer
2009-05-04 19:37 . 2009-05-04 19:37 -------- d-----w c:\documents and settings\All Users\Application Data\Made in Indonesia
2009-05-04 19:36 . 2009-05-04 19:36 128 ----a-w c:\documents and settings\ZeraX\Local Settings\Application Data\fusioncache.dat
2009-05-04 19:36 . 2009-05-15 15:11 -------- d-----w c:\documents and settings\ZeraX\Local Settings\Application Data\ApplicationHistory
2009-05-03 20:30 . 2009-05-03 20:30 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-03 20:30 . 2009-05-03 20:30 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-03 20:29 . 2009-05-03 20:41 -------- d-----w c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-05-03 19:09 . 2009-05-03 19:09 24064 ----a-w c:\documents and settings\ZeraX\Application Data\Thinstall\Ashampoo PowerUp 3.10\10000006600002i\Regedit.exe
2009-05-03 12:12 . 2009-05-03 12:12 -------- d-----w c:\documents and settings\ZeraX\Application Data\BitDefender
2009-05-03 12:12 . 2009-05-03 12:14 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-05-03 11:05 . 2009-05-12 15:46 -------- d-----w c:\windows\LastGood.Tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 19:17 . 2009-04-21 17:18 -------- d-----w c:\program files\OpenAL
2009-05-22 18:20 . 2009-04-21 20:09 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-22 00:25 . 2009-04-21 17:17 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-21 12:38 . 2009-04-22 17:16 -------- d-----w c:\documents and settings\ZeraX\Application Data\InstallShield Installation Information
2009-05-18 23:18 . 2009-04-21 20:39 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-05-18 23:18 . 2003-03-18 17:14 505128 ----a-w c:\windows\system32\msvcp71.dll
2009-05-18 21:57 . 2009-04-21 17:32 -------- d-----w c:\documents and settings\ZeraX\Application Data\Ubisoft
2009-05-17 10:07 . 2009-04-21 20:24 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-16 17:47 . 2009-04-21 17:33 -------- d-----w c:\documents and settings\ZeraX\Application Data\Dark Sector
2009-05-15 19:02 . 2009-04-21 18:23 74472 ----a-w c:\documents and settings\ZeraX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 22:35 . 2009-04-21 17:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 12:31 . 2009-04-22 13:06 720896 ----a-w c:\windows\iun6002.exe
2009-05-10 11:33 . 2009-04-21 17:42 517504 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-09 19:29 . 2009-04-21 17:21 -------- d-----w c:\program files\Common Files\Adobe
2009-05-03 12:19 . 2009-04-21 18:57 -------- d-----w c:\program files\BitDefender
2009-05-02 17:56 . 2009-04-21 17:23 -------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-05-02 10:56 . 2009-04-21 20:09 -------- d-----w c:\program files\Your Uninstaller 2006
2009-05-02 10:31 . 2009-04-21 17:12 -------- d-----w c:\program files\Realtek
2009-04-30 19:02 . 2009-04-21 17:19 457248 ----a-w c:\windows\system32\nvudisp.exe
2009-04-30 19:02 . 2009-02-18 11:44 9994240 ----a-w c:\windows\system32\nvoglnt.dll
2009-04-30 19:02 . 2009-02-18 11:44 806912 ----a-w c:\windows\system32\nvapi.dll
2009-04-30 19:02 . 2009-02-18 11:44 8055584 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 19:02 . 2009-02-18 11:44 663552 ----a-w c:\windows\system32\nvcuvid.dll
2009-04-30 19:02 . 2009-02-18 11:44 5896320 ----a-w c:\windows\system32\nv4_disp.dll
2009-04-30 19:02 . 2009-02-18 11:44 1720320 ----a-w c:\windows\system32\nvcuda.dll
2009-04-30 19:02 . 2009-02-18 11:44 143360 ----a-w c:\windows\system32\nvcodins.dll
2009-04-30 19:02 . 2009-02-18 11:44 143360 ----a-w c:\windows\system32\nvcod.dll
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\CALYPSO
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\BLOCKUP
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\BEARPAW
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\BAUBAU
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\ANTFARM
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\alphawomanhair
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\alpharope
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\allpurposesigns
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\ALEWIS
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\ALECTO
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\airstream
2009-04-27 12:33 . 2009-04-26 20:24 -------- d-----w c:\windows\Fonts\adrinkforallages
2009-04-26 21:42 . 2009-04-21 17:19 457248 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-26 20:25 . 2009-04-21 17:16 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-26 15:55 . 2009-04-21 18:57 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-24 16:34 . 2009-04-21 17:24 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-23 14:31 . 2009-04-21 20:19 -------- d-----w c:\program files\Unlocker
2009-04-21 20:40 . 2009-04-21 20:40 -------- d-----w c:\documents and settings\ZeraX\Application Data\CyberLink
2009-04-21 20:27 . 2009-04-21 20:27 -------- d-----w c:\program files\Microsoft Works
2009-04-21 20:26 . 2009-04-21 20:26 -------- d-----w c:\program files\Microsoft.NET
2009-04-21 20:09 . 2009-04-21 20:09 -------- d-----w c:\documents and settings\ZeraX\Application Data\URSoft
2009-04-21 19:44 . 2009-04-21 17:04 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 19:10 . 2009-04-21 19:09 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-21 19:09 . 2009-04-21 19:09 172032 ------w c:\windows\Setup1.exe
2009-04-21 19:09 . 2009-04-21 19:09 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-21 18:03 . 2009-04-21 18:03 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-21 18:03 . 2009-04-21 18:03 -------- d-----w c:\program files\Malicious Software Removal Tool
2009-04-21 17:58 . 2009-04-21 17:58 -------- d-----w c:\program files\MSXML 6.0
2009-04-21 17:42 . 2009-04-21 17:42 -------- d-----w c:\program files\MSBuild
2009-04-21 17:39 . 2009-04-21 17:39 -------- d-----w c:\program files\Reference Assemblies
2009-04-21 17:38 . 2009-04-21 17:38 -------- d-----w c:\documents and settings\ZeraX\Application Data\COWON
2009-04-21 17:31 . 2009-04-21 17:31 -------- d-----w c:\documents and settings\All Users\Application Data\Redrum
2009-04-21 17:31 . 2009-04-21 17:31 -------- d-----w c:\documents and settings\All Users\Application Data\ERS G-Studio
2009-04-21 17:29 . 2009-04-21 17:29 -------- d-----w c:\program files\HighMAT CD Writing Wizard
2009-04-21 17:29 . 2009-04-21 17:29 -------- d-----w c:\program files\RADVideo
2009-04-21 17:25 . 2009-04-21 17:25 -------- d-----w c:\program files\USB Vibration Joystick
2009-04-21 17:24 . 2009-04-21 17:24 -------- d-----w c:\program files\DAMN NFO Viewer
2009-04-21 17:23 . 2009-04-21 17:23 -------- d-----w c:\documents and settings\ZeraX\Application Data\GRETECH
2009-04-21 17:23 . 2009-04-21 17:23 -------- d-----w c:\program files\GRETECH
2009-04-21 17:23 . 2009-04-21 17:23 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-04-21 17:23 . 2009-04-21 17:23 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-04-21 17:23 . 2009-04-21 17:22 -------- d-----w c:\program files\JetAudio
2009-04-21 17:22 . 2009-04-21 17:22 -------- d-----w c:\program files\Common Files\COWON
2009-04-21 17:21 . 2009-04-21 17:21 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-21 17:20 . 2009-04-21 17:20 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-21 17:19 . 2009-04-21 17:19 -------- d-----w c:\documents and settings\ZeraX\Application Data\FastStone
2009-04-21 17:19 . 2009-04-21 17:19 -------- d-----w c:\program files\FastStone Image Viewer
2009-04-21 17:18 . 2009-04-21 17:18 -------- d-----w c:\program files\AGEIA Technologies
2009-04-21 17:18 . 2009-04-21 17:18 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-21 17:18 . 2009-04-21 17:18 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-21 17:14 . 2009-04-21 17:14 -------- d-----w c:\program files\Intel
2009-04-21 17:05 . 2009-04-21 17:05 -------- d-----w c:\program files\microsoft frontpage
2009-04-21 17:02 . 2009-04-21 17:02 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-16 11:18 . 2009-05-16 12:28 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 11:18 . 2009-05-16 12:28 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 11:18 . 2009-05-16 12:28 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 11:18 . 2009-05-16 12:28 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 12:27 . 2009-05-16 12:28 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 12:27 . 2009-05-16 12:28 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 12:27 . 2009-05-16 12:28 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2008-08-13 16:02 . 2008-08-13 16:02 35840 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-10-30 15360]
"L08AXLRD_12088796"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-08-14 716800]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-02-13 1986896]
"IE Accelerator"="c:\program files\IE Accelerator\IEAccelerator.exe" [2009-03-30 284672]
"HDDtemp4"="c:\program files\BinarySense\HDDTemp4\HDDtemp4.exe" [2009-04-22 2215936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MaxRecentDocs"= 15 (0xf)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games\\Lost Planet Colonies Edition\\LostPlanetColoniesDX9.exe"=
"d:\\Games\\Lost Planet Colonies Edition\\LostPlanetColoniesDX10.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [27/4/2009 1:20 AM 38448]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1/2/2008 5:24 PM 41456]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2/7/2008 1:07 PM 82568]
R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [20/4/2009 3:13 PM 205976]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/8/2008 6:40 PM 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [14/8/2008 6:54 PM 102208]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [22/4/2009 6:05 PM 31424]
R3 slnt;RTL8139D PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [22/4/2009 3:10 PM 18004]
S1 SandBox;SandBox;\??\c:\windows\system32\drivers\SandBox.sys --> c:\windows\system32\drivers\SandBox.sys [?]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\Outpost Firewall Pro\acs.exe --> c:\progra~1\Agnitum\Outpost Firewall Pro\acs.exe [?]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys --> c:\windows\system32\DRIVERS\afw.sys [?]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys --> c:\windows\system32\drivers\afwcore.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21/4/2009 8:16 PM 1684736]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/7/2008 1:06 PM 118784]
S3 ASWFilt;ASWFilt;\??\c:\windows\system32\Filt\ASWFilt.dll --> c:\windows\system32\Filt\ASWFilt.dll [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2009-05-22 c:\windows\Tasks\WinXP Manager - Auto Shutdown.job
- c:\program files\Yamicsoft\WinXP Manager\ShutDownCommand.exe [2006-09-27 03:16]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer
IE: Download All by FlashGet
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download using FlashGet
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Sign
TCP: {1CE9C291-3964-4403-A179-0BEFA0BD1316} = 84.11.141.115
FF - ProfilePath - c:\documents and settings\ZeraX\Application Data\Mozilla\Firefox\Profiles\qo5nzbeu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\documents and settings\ZeraX\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.urlbar.hideGoButton - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-23 01:53
Windows 5.1.2600 Service Pack 3, v.3244 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="489260D6666400C7CDDE55F6C0F1A50FF211A76F9127079F208E337467E0E2A8766F570186B3EBD2B9A5E9FB7D9C25291644F96C914B8A94AE45E9B9747692E77F6ECDFA4DC27575893A236413BBCD3ED7DCD4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DAFA8EA75151938A3E7B2B5364CF37AE8D38AFE22A1D706853B39F052FE7A6536C2480DECF32547E54C18A2BDE93074386A8654A8D5D5E55864E62EE20A50DD9FC4D0CD800DCD998A7E30174F822D0EFD9EB3FA052912B6D70F834F3CE34274D76A49B340D359FAD25B8889268347533713C6F940A11EE3DE47070BD548B89436C88FC7AE5F26F834A302F6F3FB6E9296D0445F58E51E9E7CFEBC20989A2B6F495A541843692265D8F7535BDAA0A7DF83C50A37BCC44DD9F40BC44D62DE29FC4F7D9CB669D0CE551C61063AF3C78B9218BF4398542F774EC0251258054055F2BD744038FE9AC52512CB789B4B6EC5C4A2F5F41975B8FD780AEA6E0A480C6551BC666CB6D7EAB1727F065C89DFB396D626FD74D46F9B5618315DF22EE43423572ADCA2CF3B8E511E5C423711275DD16AD8566E6B033389324962119688CFEE8A944637A5E373F74F581A61C588D060E6A4DE5F81E382368D19438C165617B834C2F653DC002D0EF053088ABEDF9CBE79A9DB1C3DBC2D8BB71DADFB8763E987622A22F120B4F20D2FE4EA34177D6DFC8F3974CACB29FB50FE85B1CC453A4776E47A64E61D179E85FCD485B36C251ABFDBD937E5DA3C5C5D7934C6BD32D858B1D1133CD38432AF9A11A08132E10F98BDD6C5143B20F8DD20FD4144623231E47E81070AB30D85C803E5F968AF9D6786C53BEC5E7052583719297969A22D29DAB0122117D26F05B00B3847AB7BCACDA2B508F04F79AC48C0DF5CDA55BB909B4D34635D0B50E996D2908BA11C3C975651837FA88322EE2AF79A3919103C4C55F1061C6A7624BD16BD08A4D6726CB70A99B62B9D7A895D527C882A1D02075698A1B8A42FCA14B052A4780FE7C95861E2A8EA541019A1400B1379D980F655A51B5B73A9C25EBE8C0DDD7C198A23244E534D5189F0A8B2618EA5D43914A2B2B709406F9CF2EB141F7E65C453A7DE433E3DFB2F20E753D51210C191FB5A99FD0DFD967B343F1158BAD1D81314DD4680F2F94C5B2D4E2B7AA43516BF1B0CD46C2B8D49F966DB51A633A57C3FF7FD057934557AC00D3325E3F194797E5114B2841A3CE361F3B112E8E30DB535D98D2A204B8E66635F5A98A7553D63829F9274A2E58599BA5B5E9E61298F90735E4728B908DA9455853841B2ADB072174B59BDF6A057C02662B0A425E5A7BA0E6A16D7613CE1AB3EA8784141DFE0E618DAF29984DC1353"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1804)
c:\windows\system32\wbem\wbemcomn.dll
.
Completion time: 2009-05-22 1:54
ComboFix-quarantined-files.txt 2009-05-22 22:54
Pre-Run: 10,998,292,480 bytes free
Post-Run: 11,161,137,152 bytes free
365 --- E O F --- 2009-05-08 14:40

 

[MMA_LORD_735]

مرحباً ...

الحين هات تقرير هاجيك جديد لا هنت ...

 

[ZeraX]

مرحباً ...

الحين هات تقرير هاجيك جديد لا هنت ...

تفضل اخي

=====================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:48 AM, on 23/5/2009
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BinarySense\disksvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\IE Accelerator\IEAccelerator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [IE Accelerator] C:\Program Files\IE Accelerator\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [HDDtemp4] C:\Program Files\BinarySense\HDDTemp4\HDDtemp4.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08AXLRD_12088796] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CE9C291-3964-4403-A179-0BEFA0BD1316}: NameServer = 84.11.141.115
O23 - Service: Agnitum Client Security Service (acssrv) - Unknown owner - C:\PROGRA~1\Agnitum\Outpost Firewall Pro\acs.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L.

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Program Files\Common Files\BinarySense\disksvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 5823 bytes

 

[MMA_LORD_735]

ذاد الله فضلك ...

حدد هذه القيم و سوي لها أصلاح ...

O4 - HKLM\..\Run: [IE Accelerator] C:\Program Files\IE Accelerator\IEAccelerator.exe /Auto

O17 - HKLM\System\CCS\Services\Tcpip\..\{1CE9C291-3964-4403-A179-0BEFA0BD1316}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

طريقة الأصلاح ...

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

التوافق : ويندوز اكسبيفقط ​

شرح الاستخدام ,,,,,,​

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

و بعد أعادة التشغيل هات تقرير جديد ... ​