مشكلة لايعد تطبيق صالح من تطبيقات Win32

ع

عبير الاسلام

زيزوومي جديد
إنضم
1 يونيو 2009
المشاركات
29
مستوى التفاعل
0
النقاط
20
الإقامة
in yemen
غير متصل
السلام عليكم ورحمة الله وبركاته

ارجو مساعدتكم العاجلة في مشكلة تظهر لي وهي لايعد تطبيق صالح من تطبيقات Win32

 

ترتيب حسب التاريخ ترتيب حسب الأصوات



حملي هالاداة وسوي سكان

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



صور الاداة

zyzoom-520857a18c.gif



zyzoom-5276b4b3be.gif



zyzoom-302fdfb80f.gif



وراح تقضي على الفايروسات

بعدين سو اعادة تشغيل وشف الفرق

وراح تروح هذي واذا استمرت بلغينا !!!
 
توقيع : فديتني
تأييد 0
المعذرة بتعديل العنوان

بالأنتظار لحل فديتني واخبارنا بالنتيجه
 
توقيع : AbOdy
تأييد 0
لم اتمكن من تحميل الاداة
 
تأييد 0
توقيع : فديتني
تأييد 0
حمل هذهالأداة ...

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



شغلهاو روح على [ Do a system scan and save log ] ...

شوي و يعطيك تقريرداخل مفكرة ...

أنسخه كاملاً ... و بشكل صحيح ...

و لصقه في ردكالقادم ...
 
توقيع : AbOdy
تأييد 0
السلام عليكم

جزاك الله خيرا" حملت الاداه وعملت سكان للسستم وهذا التقرير المرفق

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:44 ?, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pc\Desktop\stinger1001546.exe
C:\Documents and Settings\pc\Desktop\HiJackThis.exe

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Adobe Acrobat Control for ActiveX - {CA8A9780-280D-11CF-A24D-444553540000} - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 2692 bytes
 
تأييد 0
قم بحذف التالي


O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)


O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)



O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)



O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)​
 
توقيع : format
تأييد 0
طريقة الحذف للاكس بي





mg%20%283%29.png





mg%20%284%29.png



بعدين استخدم ها الادوات



التحميل من هنا




يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





التوافق : ويندوز اكسبي فقط





شرح الاستخدام ,,,,,,




عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )





000.png





001.png





وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))





002.png


بعدين

عطل جميع برامج الحمايه ,,

نزل هذه الاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة

 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
جزاك الله خيرا"
لقد اتبعت الخطوات كاملة وهذا التقرير

ComboFix 09-06-01.03 - pc 06/03/2009 19:22.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.967.1033.18.631.458 [GMT 3:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\p.exe
c:\windows\system32\IMPLODE.DLL
c:\windows\system32\kakle.dll
c:\windows\system32\Meuedit.dll
c:\windows\system32\PG32.DLL
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 16:03 . 2009-06-03 16:03 -------- d-----w- c:\documents and settings\pc\Application Data\CyberScrub
2009-06-02 20:27 . 2009-06-02 20:27 -------- d-----w- c:\program files\Rainy Screensaver
2009-06-02 20:26 . 2009-06-02 20:27 1175700 ----a-w- c:\windows\system32\RainySs.scr
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\program files\Marah
2009-05-30 19:02 . 2009-05-30 19:02 -------- d-----w- c:\program files\Realtek
2009-05-30 19:02 . 2009-05-30 19:02 319488 ----a-w- c:\windows\HideWin.exe
2009-05-30 19:02 . 2008-07-29 12:42 528384 ----a-w- c:\windows\RtlExUpd.dll
2009-05-30 18:40 . 2009-05-30 18:40 -------- d-----w- c:\program files\ma-config.com
2009-05-30 18:40 . 2009-05-30 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-05-30 17:23 . 2009-05-30 17:23 -------- d-----w- c:\program files\Dial-a-fix
2009-05-30 10:30 . 2004-06-14 11:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2009-05-30 08:53 . 2009-05-30 08:53 -------- d-----w- c:\documents and settings\All Users\Mozilla Firefox
2009-05-30 07:36 . 2008-11-22 14:25 200064 ----a-w- c:\windows\system32\WgaLogonold.dll
2009-05-30 07:36 . 2008-11-22 14:24 1488688 ----a-w- c:\windows\system32\LegitCheckControlold.dll
2009-05-30 07:36 . 2002-09-08 21:03 151552 ----a-w- c:\windows\system32\igfxres.dll
2009-05-30 07:08 . 2004-08-03 19:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-05-30 07:00 . 2004-05-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-05-30 07:00 . 2004-05-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-05-30 07:00 . 2009-05-30 07:00 -------- d-----w- c:\documents and settings\Default User\??? ??????
2009-05-30 07:00 . 2009-05-30 07:00 -------- d-----w- c:\documents and settings\All Users\??? ??????
2009-05-30 07:00 . 2009-05-30 07:00 -------- d-----r- c:\documents and settings\Default User\????? ????
2009-05-30 07:00 . 2009-05-30 07:00 -------- d-----r- c:\documents and settings\All Users\????? ????
2009-05-28 19:23 . 2009-05-28 19:23 63488 ----a-w- c:\windows\xobglu16.dll
2009-05-28 19:23 . 2009-05-28 19:23 23552 ----a-w- c:\windows\xobglu32.dll
2009-05-28 17:16 . 2009-05-28 17:16 -------- d-----w- c:\windows\lhsp
2009-05-27 20:49 . 2009-05-27 20:49 -------- d-----w- c:\windows\A4W_DATA
2009-05-24 17:15 . 2009-05-24 17:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-24 14:09 . 2009-05-24 14:09 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Identities
2009-05-23 17:31 . 2006-12-14 07:00 110592 ----a-w- c:\documents and settings\pc\Application Data\U3\temp\cleanup.exe
2009-05-23 17:01 . 2007-02-12 14:46 3096576 ---ha-w- c:\documents and settings\pc\Application Data\U3\temp\Launchpad Removal.exe
2009-05-23 17:00 . 2009-05-23 17:01 -------- d-----w- c:\documents and settings\pc\Application Data\U3
2009-05-22 18:17 . 2009-05-22 18:17 -------- d-----w- c:\program files\Windows Sidebar
2009-05-21 05:21 . 2009-05-21 05:21 -------- d-s---w- c:\documents and settings\pc\UserData
2009-05-15 18:19 . 2009-05-28 17:13 737280 ----a-w- c:\windows\iun6002.exe
2009-05-14 14:26 . 2009-05-14 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-11 08:37 . 2009-05-11 08:37 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-05-10 17:20 . 2009-05-10 17:20 -------- d-----w- c:\documents and settings\pc\Application Data\Media Player Classic
2009-05-08 15:36 . 2009-05-08 15:36 -------- d--h--w- c:\windows\$hf_mig$
2009-05-08 13:53 . 1994-11-07 21:00 18400 ----a-w- c:\windows\system\VB4EN16.DLL
2009-05-08 13:53 . 1994-11-07 21:00 935840 ----a-w- c:\windows\system\VB40016.DLL
2009-05-08 13:53 . 1994-11-07 21:00 175488 ----a-w- c:\windows\system\TYPELIB.DLL
2009-05-08 13:53 . 1994-11-07 21:00 157696 ----a-w- c:\windows\system\STORAGE.DLL
2009-05-08 13:53 . 1994-11-07 21:00 154336 ----a-w- c:\windows\system\OLE2NLS.DLL
2009-05-08 13:53 . 1994-11-07 21:00 302592 ----a-w- c:\windows\system\OLE2.DLL
2009-05-08 13:53 . 1994-11-07 21:00 163712 ----a-w- c:\windows\system\OLE2DISP.DLL
2009-05-08 13:53 . 1994-11-07 21:00 527664 ----a-w- c:\windows\system\OC25.DLL
2009-05-08 13:53 . 1995-08-14 21:00 109056 ----a-w- c:\windows\system\COMPOBJ.DLL
2009-05-08 13:53 . 1994-11-07 21:00 8480 ----a-w- c:\windows\system\VAEN2.DLL
2009-05-08 13:53 . 1994-02-18 21:47 26112 ----a-w- c:\windows\system\WAVEMIX.DLL
2009-05-08 13:52 . 1996-05-20 13:00 180400 ----a-w- c:\windows\system\IMGFX400.DLL
2009-05-08 13:52 . 1996-05-20 13:00 72256 ----a-w- c:\windows\system\FXTLS400.DLL
2009-05-06 21:18 . 2009-05-06 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-06 21:07 . 2009-05-06 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-05-06 21:07 . 2009-05-06 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-05-06 21:07 . 2009-05-06 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-06 14:31 . 2009-05-06 14:31 -------- d-----w- c:\windows\pluginep
2009-05-06 14:22 . 2009-05-06 14:22 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Symantec
2009-05-06 10:13 . 2009-05-06 10:13 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\ESET
2009-05-06 10:00 . 2009-05-06 10:00 -------- d-----w- c:\program files\Common Files\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 16:02 . 2009-06-03 16:02 -------- d-----w- c:\documents and settings\pc\Application Data\cleaner
2009-05-31 20:45 . 2009-05-31 20:44 896812 ----a-w- c:\program files\WinRAR.7z
2009-05-31 19:13 . 2009-05-02 01:40 201552 ----a-w- c:\documents and settings\pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 17:23 . 2009-05-30 17:23 -------- d-----w- c:\windows\Fonts\KPE\Anti\82
2009-05-30 17:18 . 2009-05-30 17:18 -------- d-----w- c:\windows\Fonts\KPE\Anti\22
2009-05-30 17:18 . 2009-05-30 17:18 -------- d-----w- c:\windows\Fonts\KPE\Anti
2009-05-30 17:18 . 2009-05-30 17:18 -------- d-----w- c:\windows\Fonts\KPE
2009-05-30 07:12 . 2009-05-02 01:24 23848 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-03 19:13 . 2009-05-03 19:13 -------- d-----w- c:\documents and settings\pc\Application Data\Acrobat
2009-05-03 18:35 . 2009-05-03 18:35 -------- d-----w- c:\documents and settings\pc\Application Data\Symantec
2009-05-03 18:02 . 2009-05-03 18:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-03 13:47 . 2009-05-03 13:47 0 ----a-w- c:\windows\nsreg.dat
2009-05-02 23:48 . 2009-05-02 23:48 -------- d-----w- c:\program files\Thomson
2009-05-02 23:48 . 2009-05-02 23:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-02 23:47 . 2009-05-02 23:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-02 19:07 . 2009-05-02 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-02 19:07 . 2009-05-02 19:07 125 ----a-w- c:\documents and settings\pc\Local Settings\Application Data\fusioncache.dat
2009-05-02 06:55 . 2009-05-02 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-05-02 06:54 . 2009-05-02 06:54 -------- d-----w- c:\program files\HP
2009-05-02 06:45 . 2009-05-02 06:45 -------- d--h--w- c:\program files\Avago-HP
2009-05-02 05:10 . 2009-05-02 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-02 04:44 . 2009-05-02 04:44 -------- d-----w- c:\program files\Common Files\L&H
2009-05-02 04:43 . 2009-05-02 04:43 -------- d-----w- c:\program files\Microsoft.NET
2009-05-02 04:43 . 2009-05-02 04:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-02 04:42 . 2009-05-02 04:42 -------- d-----w- c:\program files\Microsoft Works
2009-05-02 04:31 . 2009-05-02 04:31 -------- d-----w- c:\program files\Real_SC
2009-05-02 04:30 . 2009-05-02 04:30 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-02 04:29 . 2009-05-02 04:29 172032 ------w- c:\windows\Setup1.exe
2009-05-02 04:29 . 2009-05-02 04:29 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-02 04:29 . 2009-05-02 04:29 -------- d-----w- c:\program files\Rainbow Dictionary
2009-05-02 04:29 . 2009-05-02 04:29 -------- d-----w- c:\program files\????? ????????
2009-05-02 04:24 . 2009-05-02 04:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-02 04:24 . 2009-05-02 04:24 -------- d-----w- c:\program files\Common Files\Real
2009-05-02 04:24 . 2009-05-02 04:24 -------- d-----w- c:\program files\Real
2009-05-02 04:22 . 2009-05-02 04:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-02 04:21 . 2009-05-02 04:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-02 04:21 . 2009-05-02 04:21 -------- d-----w- c:\documents and settings\pc\Application Data\InterTrust
2009-05-02 04:20 . 2009-05-02 04:20 -------- d-----w- c:\program files\ACDSee32
2009-05-02 04:20 . 2009-05-02 04:20 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-02 04:20 . 2009-05-02 04:20 -------- d-----w- c:\program files\Ahead
2009-05-02 01:49 . 2009-05-02 01:28 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-02 01:30 . 2009-05-02 01:30 -------- d-----w- c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-05-23 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\pc\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-02 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-05-23 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\HP1006MC.EXE"=

R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RecAgent
*Deregistered* - RemoteRegistry
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SlWdmSup
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\hyjchjcr.default\
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-06-03 19:26
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\.Default\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Ding.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\.Default\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Ding.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\AppGPFault\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\AppGPFault\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\CCSelect\5H*0*¤R]
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\CCSelect\5H*J0*Õw]
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\Close\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\Close\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Critical.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Critical.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Insert.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Insert.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Remove.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Remove.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Fail.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Hardware Fail.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Low.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Battery Low.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\MailBeep\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Notify.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\MailBeep\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Notify.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\Maximize\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\Maximize\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\MenuCommand\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\MenuCommand\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\MenuPopup\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\MenuPopup\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\Minimize\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\Minimize\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\Open\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\Open\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\RestoreDown\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\RestoreDown\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\RestoreUp\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\RestoreUp\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\ShowBand\5H*0*¤R]
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\ShowBand\5H*J0*Õw]
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Error.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Error.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Exclamation.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Exclamation.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemExit\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Shutdown.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemExit\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Shutdown.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemHand\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Critical Stop.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemHand\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Critical Stop.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Balloon.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Balloon.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemQuestion\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemQuestion\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemStart\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Startup.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\SystemStart\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Startup.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logoff Sound.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logoff Sound.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logon Sound.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Logon Sound.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Conf\Person Joins\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Conf\Person Joins\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Conf\Person Leaves\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Conf\Person Leaves\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Conf\Receive Call\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="RingIn.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Conf\Receive Call\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="RingIn.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Conf\Receive Request to Join\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="RingIn.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Conf\Receive Request to Join\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="RingIn.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\5H*0*¤R]
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\5H*J0*Õw]
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\5H*0*¤R]
@="Windows XP Pop-up Blocked.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\5H*J0*Õw]
@="Windows XP Pop-up Blocked.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Recycle.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows XP Recycle.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\5H*0*¤R]
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\5H*J0*Õw]
@=""

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\Navigating\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows XP Start.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\Navigating\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows XP Start.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\5H*0*¤R]
@="Windows XP Information Bar.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\5H*J0*Õw]
@="Windows XP Information Bar.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\5H*0*¤R]
@="c:\\Program Files\\Messenger\\online.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\5H*J0*Õw]
@="c:\\Program Files\\Messenger\\online.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\5H*0*¤R]
@="c:\\Program Files\\Messenger\\newalert.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\5H*J0*Õw]
@="c:\\Program Files\\Messenger\\newalert.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\5H*0*¤R]
@="c:\\Program Files\\Messenger\\newemail.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\5H*J0*Õw]
@="c:\\Program Files\\Messenger\\newemail.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\5H*0*¤R]
@="c:\\Program Files\\Messenger\\type.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\5H*J0*Õw]
@="c:\\Program Files\\Messenger\\type.wav"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Names\5H*0*¤R]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="ÕæÊ"

[HKEY_USERS\S-1-5-21-746137067-1563985344-682003330-1003\AppEvents\Schemes\Names\5H*J0*Õw]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="ÕæÊí"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\l3codecp.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\DivXa32.acm
.
Completion time: 2009-06-03 19:27
ComboFix-quarantined-files.txt 2009-06-03 16:27

Pre-Run: 4,803,837,952 bytes free
Post-Run: 4,793,384,960 bytes free

591
 
تأييد 0
هل جربتي ردي تراي منزل الاداة بس يمكن ما شفتيها جربيها وراح تنحل مشكلتك !!
 
توقيع : فديتني
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى