مشاكل البرامج ( تقرير هايجاك )

[ستيف الاشهب]

السلام عليكم ورحمة الله وبركاته ..





يا أخوان هذا تقرير هايجاك .. لأن جهازي صايرة فيه مشاكل كثيره مثلاً الكاسبر عندي حملته ولما اشغله تطلع لي هالرسالة .. هو وعدّة برامج أخرى ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهذا التقرير ..


Logfile of HijackThis v1.99.1
Scan saved at 09:59:12 ص, on 24/05/09
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\rabeh_2\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\rabeh_2\Documents\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P_.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: TBSB09257 - {F8C564CD-2FA0-4534-AF8D-52F3D054C0EF} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IE Toolbar - {0C55A48A-97DC-4003-8729-7D0B159B40D3} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P_.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [cdoosoft] C:\Windows\system32\olhrwef.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: خدمة تحديث Google (gupdate1c9af50f8e583fa) (gupdate1c9af50f8e583fa) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

[ابـــو عــبــد الــلــه]

وعليكم السلام


عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى​

 

[ستيف الاشهب]

وعليكم السلام


عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى​

الله يجزاك الجنه أخوي أبو ريما
سويت الفحص وطلع هالتقرير

ComboFix 09-05-23.04 - rabeh_2 05/24/2009 10:30.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1256.966.1025.18.1013.245 [GMT 3:00]
Running from: c:\users\rabeh_2\Documents\Downloads\Programs\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\j60osk9.cmd
C:\lad.bat
c:\program files\Windows NT\system\htrn_jis.dll
C:\ukvr.bat
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\x64
c:\windows\system32\x64\csnp2uvc.dll
c:\windows\system32\x64\rsnpvc64.dll
c:\windows\system32\x64\sncduvc.sys
c:\windows\system32\x64\snp2uvc.sys
c:\windows\system32\x64\vsnpvc64.dll
D:\Autorun.inf
D:\j60osk9.cmd
D:\lad.bat
D:\ukvr.bat

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 21:31 . 2009-05-23 21:31 70104 ----a-w c:\users\rabeh_2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-23 21:31 . 2009-05-23 21:31 -------- d-----w c:\users\rabeh_2\AppData\Local\VirtualStore
2009-05-23 10:10 . 2009-05-23 10:10 96645 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-23 10:10 . 2009-05-23 10:10 87941 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-23 10:09 . 2009-05-24 06:16 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-23 10:09 . 2009-05-24 06:16 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-23 10:09 . 2009-05-23 10:10 -------- d-----w c:\programdata\Kaspersky Lab
2009-05-23 10:09 . 2009-05-23 10:09 -------- d-----w c:\program files\Kaspersky Lab
2009-05-23 08:14 . 2009-05-23 08:14 -------- d-----w c:\users\rabeh_2\AppData\Roaming\URSoft
2009-05-23 08:13 . 2009-05-23 08:13 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-23 05:15 . 2009-05-23 06:58 -------- d-----w c:\programdata\Kaspersky Lab Setup Files
2009-05-23 03:50 . 2006-04-13 18:42 7484104 ----a-w c:\windows\system32\osetup.dll
2009-05-20 20:52 . 2009-05-20 20:52 -------- d-----w c:\programdata\DAEMON Tools Lite
2009-05-20 20:52 . 2009-05-20 20:52 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-05-20 20:51 . 2009-05-20 20:52 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-20 20:46 . 2009-05-20 20:53 -------- d-----w c:\users\rabeh_2\AppData\Roaming\DAEMON Tools Lite
2009-05-16 22:20 . 2009-05-20 20:25 -------- d-----w c:\users\rabeh_2\AppData\Roaming\uTorrent
2009-05-16 15:27 . 2009-05-16 15:27 -------- d-----w c:\users\rabeh_2\AppData\Roaming\TuneUp Software
2009-05-16 03:08 . 2009-05-16 03:08 -------- d-----w c:\users\rabeh_2\AppData\Local\CyberLink
2009-05-16 03:08 . 2009-05-16 03:08 -------- d-----w c:\users\rabeh_2\AppData\Local\HomeMedia
2009-05-16 02:47 . 2009-05-20 20:53 -------- d-----w c:\users\rabeh_2\AppData\Roaming\DAEMON Tools
2009-05-16 02:41 . 2009-05-20 20:47 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-16 02:18 . 2009-05-16 02:18 -------- d-----w c:\users\rabeh_2\AppData\Roaming\CyberLink
2009-05-15 20:28 . 2009-05-15 20:28 -------- d-----w c:\users\rabeh_2\AppData\Roaming\JLC's Software
2009-05-14 14:51 . 2009-05-14 14:51 5648 ----a-w c:\users\rabeh_2\AppData\Local\d3d9caps.dat
2009-05-12 11:41 . 2009-05-12 11:41 -------- d-----w c:\users\rabeh_2\AppData\Roaming\COWON
2009-05-11 21:13 . 2009-05-24 05:16 -------- d-----w c:\users\rabeh_2\Tracing
2009-05-11 19:17 . 2009-05-11 19:17 -------- d-----w c:\users\rabeh_2\AppData\Local\Mozilla
2009-05-11 18:51 . 2009-05-11 19:02 1003320 ----a-w c:\users\rabeh_2\AppData\Roaming\IDM\DwnlData\rabeh_2\Firefox-20Setup-203.0.9_2\Firefox-20Setup-203.0.9.exe
2009-05-11 18:29 . 2009-05-11 18:29 -------- d-----w c:\users\rabeh_2\AppData\Local\Hotspot_Shield
2009-05-11 18:06 . 2009-05-11 18:06 198064 ----a-w c:\users\rabeh_2\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
2009-05-11 18:06 . 2009-05-24 07:35 -------- d-----w c:\users\rabeh_2\AppData\Roaming\DMCache
2009-05-11 18:06 . 2009-05-16 23:08 -------- d-----w c:\users\rabeh_2\AppData\Roaming\IDM
2009-05-11 11:34 . 2009-05-14 04:46 -------- d-----w c:\users\rabeh_2\AppData\Local\Adobe
2009-05-10 21:14 . 2009-05-10 21:15 -------- d-----w c:\users\rabeh_2\AppData\Local\MigWiz
2009-05-10 21:10 . 2009-05-19 20:30 -------- d-----w c:\users\rabeh_2\AppData\Local\Google
2009-05-10 21:08 . 2009-05-16 21:26 -------- d-----w c:\users\rabeh_2\AppData\Local\Acer Arcade
2009-05-10 21:08 . 2009-05-10 21:08 -------- d-----w c:\users\rabeh_2\AppData\Roaming\Acer
2009-05-10 21:07 . 2009-05-10 21:07 -------- d-----w c:\users\rabeh_2\AppData\Roaming\Leadertech
2009-05-05 00:21 . 2009-05-05 00:21 -------- d-----w c:\programdata\Forge of Games
2009-05-03 22:06 . 2009-05-03 22:06 -------- d-----w c:\program files\P2P_Torrent
2009-05-03 22:06 . 2009-05-03 22:12 -------- d-----w c:\program files\uTorrent Turbo Booster
2009-05-02 23:02 . 2009-05-02 23:08 -------- d-----w c:\program files\CometBird
2009-05-02 22:39 . 2009-05-02 22:40 -------- d-----w C:\Downloads
2009-05-02 22:38 . 2009-05-04 19:24 -------- d-----w c:\program files\BitComet
2009-05-02 19:46 . 2009-05-02 19:46 -------- d-----w c:\program files\uTorrent
2009-04-25 17:14 . 2009-04-25 17:14 -------- d-----w C:\download_copy77

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 16:44 . 2009-03-14 14:44 -------- d-----w c:\program files\Yahoo!
2009-05-24 16:43 . 2009-03-15 02:13 -------- d-----w c:\programdata\Yahoo! Companion
2009-05-24 06:16 . 2009-05-23 10:09 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-24 06:16 . 2009-05-23 10:09 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-23 05:38 . 2008-02-27 16:50 -------- d-----w c:\program files\Symantec
2009-05-23 05:34 . 2008-02-27 16:50 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-23 05:34 . 2008-02-27 16:51 -------- d-----w c:\program files\Norton Internet Security
2009-05-23 05:34 . 2008-02-27 16:50 -------- d-----w c:\programdata\Symantec
2009-05-19 21:10 . 2009-03-28 02:57 -------- d-----w c:\program files\Google
2009-05-16 18:22 . 2009-04-01 05:23 -------- d-----w c:\program files\Internet Download Manager
2009-05-16 03:19 . 2008-02-27 16:26 -------- d-----w c:\programdata\CyberLink
2009-05-14 07:11 . 2008-02-27 16:31 -------- d-----w c:\program files\Common Files\Adobe
2009-05-12 11:11 . 2009-05-12 11:11 2678 ----a-w c:\windows\Java\Packages\Data\2YXN93XJ.DAT
2009-05-12 11:11 . 2009-05-12 11:11 2678 ----a-w c:\windows\Java\Packages\Data\VZ7FRTVT.DAT
2009-05-12 11:11 . 2009-05-12 11:11 2678 ----a-w c:\windows\Java\Packages\Data\VDBRXNZN.DAT
2009-05-12 11:11 . 2009-05-12 11:11 2678 ----a-w c:\windows\Java\Packages\Data\FJRLNPV7.DAT
2009-05-12 11:11 . 2009-05-12 11:11 2678 ----a-w c:\windows\Java\Packages\Data\9FHJPV37.DAT
2009-05-10 01:31 . 2009-03-16 12:01 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-05-08 04:31 . 2009-04-15 03:00 -------- d-----w c:\program files\Hotspot Shield
2009-05-08 04:30 . 2009-03-30 03:34 -------- d-----w c:\program files\Hotspot_Shield
2009-05-08 04:16 . 2009-04-14 23:41 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-05-08 04:00 . 2009-03-14 14:50 -------- d-----w c:\program files\Acer Registration
2009-05-06 19:58 . 2009-03-16 09:43 -------- d-----w c:\program files\JetAudio
2009-05-04 19:16 . 2008-02-27 14:13 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-02 16:12 . 2008-02-27 16:33 -------- d-----w c:\programdata\Microsoft Help
2009-04-23 13:15 . 2009-04-23 13:15 1134024 ----a-w c:\users\rabeh_2\AppData\Roaming\Mozilla\Firefox\Profiles\z92u3ukb.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-04-22 16:48 . 2009-04-22 16:48 -------- d-----w c:\program files\JLC's Software
2009-04-20 14:01 . 2009-04-20 14:01 -------- d-----w c:\program files\AmanLinks_Beta_0.0.4
2009-04-16 01:18 . 2009-04-16 01:18 222 ----a-w c:\windows\system32\msopents.drv
2009-04-15 18:53 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 03:33 . 2009-03-30 03:34 -------- d-----w c:\program files\Conduit
2009-04-07 15:13 . 2009-03-28 10:08 -------- d-----w c:\programdata\Messenger Plus!
2009-04-05 17:00 . 2009-04-03 07:11 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-03 18:18 . 2009-04-03 18:18 33256 ----a-w c:\windows\system32\drivers\HssDrv.sys
2009-04-03 07:48 . 2009-04-03 07:48 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-03 07:47 . 2009-04-03 07:47 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-03 07:11 . 2009-04-03 07:11 -------- d-----w c:\programdata\TuneUp Software
2009-04-01 18:00 . 2009-04-01 18:00 6403 ----a-w c:\program files\un_Internet Download Manager_16575.txt
2009-03-30 21:47 . 2009-03-30 21:47 -------- d-----w c:\program files\Stardock
2009-03-28 05:36 . 2009-03-28 05:36 -------- d-----w c:\program files\Circe Developement
2009-03-28 05:36 . 2009-03-28 05:36 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-28 03:38 . 2009-03-28 03:38 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-28 03:00 . 2009-03-28 03:00 -------- d-----w c:\program files\Common Files\xing shared
2009-03-28 03:00 . 2009-03-15 06:20 -------- d-----w c:\program files\Common Files\Real
2009-03-21 13:40 . 2009-03-21 13:40 2232 ----a-w c:\windows\Java\Packages\Data\8PF93PZ1.DAT
2009-03-21 13:40 . 2009-03-21 13:40 155995 ----a-w c:\windows\Java\Packages\D7ZTVVVN.ZIP
2009-03-20 18:50 . 2009-03-20 18:50 3358720 ----a-w c:\windows\system32\GPhotos.scr
2009-03-20 11:04 . 2009-03-20 11:04 268800 ----a-w c:\windows\system32\es.dll
2009-03-20 11:02 . 2009-03-20 11:02 1799168 ----a-w c:\windows\system32\NlsData002a.dll
2009-03-18 12:12 . 2009-03-18 12:11 70104 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-18 11:57 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-03-18 10:37 . 2009-03-18 10:37 61440 ----a-w c:\windows\system32\winipsec.dll
2009-03-18 10:37 . 2009-03-18 10:37 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-03-18 10:37 . 2009-03-18 10:37 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll
2009-03-18 10:37 . 2009-03-18 10:37 272896 ----a-w c:\windows\system32\polstore.dll
2009-03-18 10:36 . 2009-03-18 10:36 95232 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll
2009-03-18 10:36 . 2009-03-18 10:36 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll
2009-03-18 10:36 . 2009-03-18 10:36 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll
2009-03-18 10:36 . 2009-03-18 10:36 194560 ----a-w c:\windows\system32\WebClnt.dll
2009-03-18 10:36 . 2009-03-18 10:36 110080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2009-03-18 10:31 . 2009-03-18 10:31 297472 ----a-w c:\windows\system32\gdi32.dll
2009-03-18 10:30 . 2009-03-18 10:30 1060920 ----a-w c:\windows\system32\drivers\ntfs.sys
2009-03-18 10:30 . 2009-03-18 10:30 41984 ----a-w c:\windows\system32\drivers\monitor.sys
2009-03-18 10:28 . 2009-03-18 10:28 211456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-03-18 10:28 . 2009-03-18 10:28 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-03-18 10:28 . 2009-03-18 10:28 4247552 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-18 10:28 . 2009-03-18 10:28 1687040 ----a-w c:\windows\system32\gameux.dll
2009-03-18 10:27 . 2009-03-18 10:27 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-03-18 10:26 . 2009-03-18 10:26 2048 ----a-w c:\windows\system32\msxml3r.dll
2009-03-18 10:26 . 2009-03-18 10:26 1194496 ----a-w c:\windows\system32\msxml3.dll
2009-03-18 10:25 . 2009-03-18 10:25 2048 ----a-w c:\windows\system32\tzres.dll
2009-03-18 10:23 . 2009-03-18 10:23 8147968 ----a-w c:\windows\system32\wmploc.DLL
2009-03-18 10:23 . 2009-03-18 10:23 7680 ----a-w c:\windows\system32\spwmp.dll
2009-03-18 10:23 . 2009-03-18 10:23 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-03-18 10:20 . 2009-03-18 10:20 45112 ----a-w c:\windows\system32\drivers\pciidex.sys
2009-03-18 10:20 . 2009-03-18 10:20 25656 ----a-w c:\windows\system32\drivers\msahci.sys
2009-03-18 10:20 . 2009-03-18 10:20 21560 ----a-w c:\windows\system32\drivers\atapi.sys
2009-03-18 10:20 . 2009-03-18 10:20 17464 ----a-w c:\windows\system32\drivers\intelide.sys
2009-03-18 10:20 . 2009-03-18 10:20 109624 ----a-w c:\windows\system32\drivers\ataport.sys
2009-03-18 10:20 . 2009-03-18 10:20 154624 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-03-18 10:20 . 2009-03-18 10:20 2923520 ----a-w c:\windows\explorer.exe
2009-03-18 10:19 . 2009-03-18 10:19 24064 ----a-w c:\windows\system32\netcfg.exe
2009-03-18 10:19 . 2009-03-18 10:19 216632 ----a-w c:\windows\system32\drivers\netio.sys
2009-03-18 10:19 . 2009-03-18 10:19 803328 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-03-18 10:19 . 2009-03-18 10:19 22016 ----a-w c:\windows\system32\netiougc.exe
2009-03-18 10:19 . 2009-03-18 10:19 167424 ----a-w c:\windows\system32\tcpipcfg.dll
2009-03-18 10:16 . 2009-03-18 10:16 1585664 ----a-w c:\windows\system32\setupapi.dll
2009-03-18 10:16 . 2009-03-18 10:16 40960 ----a-w c:\windows\system32\srclient.dll
2009-03-18 10:16 . 2009-03-18 10:16 371712 ----a-w c:\windows\system32\srcore.dll
2009-03-18 10:16 . 2009-03-18 10:16 313856 ----a-w c:\windows\system32\rstrui.exe
2009-03-18 10:16 . 2009-03-18 10:16 16384 ----a-w c:\windows\system32\srdelayed.exe
2009-03-18 10:16 . 2009-03-18 10:16 613888 ----a-w c:\windows\system32\wpd_ci.dll
2009-03-18 10:16 . 2009-03-18 10:16 19000 ----a-w c:\windows\system32\kd1394.dll
2009-03-18 10:16 . 2009-03-18 10:16 905400 ----a-w c:\windows\system32\winresume.exe
2009-03-18 10:16 . 2009-03-18 10:16 944184 ----a-w c:\windows\system32\winload.exe
2009-03-18 10:16 . 2009-03-18 10:16 620088 ----a-w c:\windows\system32\ci.dll
2009-03-18 10:16 . 2009-03-18 10:16 224824 ----a-w c:\windows\system32\clfs.sys
2009-03-18 10:16 . 2009-03-18 10:16 19456 ----a-w c:\windows\system32\cfgmgr32.dll
2009-03-18 10:13 . 2009-03-18 10:13 712192 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-03-18 10:13 . 2009-03-18 10:13 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
2009-03-10 18:47 2079256 ----a-w c:\program files\P2P_Torrent\tbP2P_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2008-06-25 06:17 1569304 ----a-w c:\program files\Hotspot_Shield\tbHots.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8C564CD-2FA0-4534-AF8D-52F3D054C0EF}]
2007-11-15 12:36 2293760 ----a-w c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-08 04:29 218160 ----a-w c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-27 1232896]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-03-31 2790832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-22 155648]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-26 201992]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-16 113664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-27 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-09-24 22:57 197912 ----a-w c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1051317728-217112228-3166357025-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EF9CC5DE-3D68-4391-A888-9A62D092F4A6}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{439DF0A7-DA4A-4536-BAA1-D2B2B3ED96AE}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{B8C6A430-AC33-4EF3-A1BD-4A182F37063C}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{9846DB7D-AE90-4820-8CA2-E3F9E8CA8100}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{05FD21B0-27CE-459E-A383-1BE6C8444762}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
"{3DD92890-972E-4E0D-86C6-3AF72C5C6878}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E4F0E4FF-754A-4E2D-A18D-7069A7AE20FA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A74563AF-90A8-4D57-A3F8-F4290C01891A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8F84C61A-9D1F-4E62-AE7D-525B6C2C6B9F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{87EDD941-5059-47CD-9D36-FA65FA554DC2}"= UDP:15758:BitComet 15758 TCP
"{146CAA1F-E8E5-4072-BF67-9DBE1AE79269}"= TCP:15758:BitComet 15758 UDP
"{FE19173A-2379-4888-8E48-9BFE6FE58464}"= UDP:15758:BitComet 15758 TCP
"{DAFDF8ED-ABD1-417A-9C53-8116D5C62E64}"= TCP:15758:BitComet 15758 UDP
"TCP Query User{A87562F2-0912-48D7-BCD9-7409F5A409C5}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{AC1BC743-09F6-4C4A-A799-F55D46741375}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [30/01/08 04:29 ص 32784]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090519.001\IDSvix86.sys [19/05/09 10:17 م 272432]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [26/03/08 11:10 م 20496]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [22/04/09 04:12 ص 328752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [03/04/09 10:48 ص 603904]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [27/02/08 03:34 م 179712]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\System32\drivers\HssDrv.sys [03/04/09 09:18 م 33256]
S2 gupdate1c9af50f8e583fa;خدمة تحديث Google (gupdate1c9af50f8e583fa);c:\program files\Google\Update\GoogleUpdate.exe [28/03/09 05:57 ص 133104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15/03/09 01:51 ص 101936]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [23/04/09 12:34 ص 34352]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [15/03/09 05:23 ص 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 23:28]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 02:57]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://ar.intl.acer.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\rabeh_2\AppData\Roaming\Mozilla\Firefox\Profiles\z92u3ukb.default\
FF - prefs.js: browser.startup.homepage -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\rabeh_2\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\users\rabeh_2\AppData\Roaming\Mozilla\Firefox\Profiles\z92u3ukb.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-24 10:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-05-24 10:38
ComboFix-quarantined-files.txt 2009-05-24 07:38

Pre-Run: 3,410,059,264 bytes free
Post-Run: 3,881,730,048 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
340 --- E O F --- 2009-05-02 16:12

 

[ابـــو عــبــد الــلــه]

1- عطل استعادة النظام حسب الشرح التالي

كلك يمين على جهاز الكمبيوتر من سطح المكتب ثم اختر خصائص

2- ادخل هذه الصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التقرير noor_mcafee
وارفعه على هذا الموقع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفق رابط التحميل بمشاركتك القادمة
​

 

[ستيف الاشهب]

اخوي ابو ريما .. اداة المكافي حجمها كبير وانا اتصالي ضعيف والرابط لايدعم الاستكمال .. والنت كل شوي يفصل واعيد التحميل وما نفع .. لو فيه حل ثاني تكفى دلني عليه

 

[format]

أغلق برنامج الحماية
و قم بتعطيل استعادة النظام كما في الشرح

حمل الأداة من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم ألصقه بردك القادم

​