برامج الاوفس ماتنفتح ولا الفوتوشب ولا الفلاشات وغير كذا جهازي يعلق كل شوي ,,

ز

زهرة هوكايدوا

زيزوومي نشيط
إنضم
15 يونيو 2009
المشاركات
163
مستوى التفاعل
0
النقاط
200
غير متصل
السلام عليكم اخواني ,,
اناعندي مشكله بجهازي:er: انه برامج الاوفس ماتنفتح معي برضوا الفلاشاااااات وسويت له تقرير ,,
ومشكورين مااااااتقصرون والله ,,


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:11 بسمه, on 14/06/09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\ReGet Software\ReGet Deluxe\ReGetDx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ooze close] "C:\ProgramData\bore axis axis.17qvb9q"
O4 - HKCU\..\Run: [bone thunk axis copy] "C:\ProgramData\Road ref draw.mtkx84"
O4 - HKCU\..\Run: [ColdWare] C:\Users\USER\AppData\Local\Temp\3F16.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 9061 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وقف برنامج الحمايه

ثم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
 
تأييد 0
و عليكم السلام و رحمة الله و بركته ...

حياك الله ...

أولاً عطل برنامج لحماية عندك ...

و تابع لشرح بضببببط لا هنت ...

اداة ComboFix


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
 
توقيع : MMA_LORD_735
تأييد 0
rd-19 قال:
وقف برنامج الحمايه

ثم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه

انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
أنقر للتوسيع...

:b:

عفواً يا قلبي ...
 
توقيع : MMA_LORD_735
تأييد 0
قم بحذف البرنامج التالي :

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

قم بحذف القيم التالية :

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
p1.0.1.1.cab

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

هناك 3 او 4 قيم لم اقم بوضعهآ لاني شاك فيها هل هي تأثر على الجهاز او لا !

عموماً هذه القيم يجب حذفهآ

وقد لاتساعدك على حل المشكلة ، لكنهآ قيم يجب ان لا تتواجد في الجهآز !

ايضاً اي تولبار في اي متصفح يجب حذفه تماماً

تحيآتي
 
توقيع : mr.3bode
تأييد 0
بانتظار التقارير
 
تأييد 0
اشكركم ومعليش تأخرت ..

ComboFix 09-06-14.02 - USER 06/14/2009 20:12.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1256.966.1025.18.2038.1143 [GMT 3:00]
Running from: c:\users\USER\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-14 17:14 . 2009-06-14 17:14 -------- d-----w- c:\users\USER\AppData\Local\temp
2009-06-14 07:51 . 2009-06-14 07:51 -------- d-----w- c:\program files\Trend Micro
2009-06-11 17:44 . 2009-06-11 17:44 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 17:43 . 2009-06-11 17:43 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-11 17:42 . 2009-06-11 17:42 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-06-11 17:42 . 2009-06-11 17:42 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-06-11 17:42 . 2009-06-11 17:42 268800 ----a-w- c:\windows\system32\es.dll
2009-06-11 17:40 . 2009-06-11 17:40 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-06-11 17:40 . 2009-06-11 17:40 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-06-11 17:40 . 2009-06-11 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-06-11 17:39 . 2009-06-11 17:39 696832 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 17:36 . 2009-06-11 17:36 7680 ----a-w- c:\windows\system32\lsass.exe
2009-06-11 17:36 . 2009-06-11 17:36 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-11 17:36 . 2009-06-11 17:36 25600 ----a-w- c:\windows\system32\amxread.dll
2009-06-11 17:36 . 2009-06-11 17:36 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-06-11 17:36 . 2009-06-11 17:36 1233408 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-11 17:35 . 2009-06-11 17:35 269824 ----a-w- c:\windows\system32\schannel.dll
2009-06-11 17:33 . 2009-06-11 17:33 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-11 14:00 . 2009-06-11 14:00 0 ----a-w- c:\users\USER\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-05-29 10:06 . 2009-05-29 10:06 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-29 10:06 . 2009-05-29 10:06 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg7\RealPlayer11.exe
2009-05-28 17:25 . 2009-05-28 17:25 -------- d-----w- c:\program files\MSECache
2009-05-23 12:25 . 2009-05-23 12:24 177664 ----a-w- c:\windows\cbuninstall.exe
2009-05-23 12:25 . 2009-05-23 12:26 -------- d-----w- C:\Chatterbox
2009-05-20 08:47 . 2003-08-15 11:55 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2009-05-20 04:21 . 2009-05-20 04:21 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg6\RealPlayer11.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 17:11 . 2009-02-08 10:42 -------- d-----w- c:\users\USER\AppData\Roaming\ReGet Software
2009-06-14 16:57 . 2006-12-05 05:23 82094 ----a-w- c:\windows\system32\perfc001.dat
2009-06-14 16:57 . 2006-12-05 05:23 463314 ----a-w- c:\windows\system32\perfh001.dat
2009-06-14 16:55 . 2009-05-04 11:01 721408 ----a-w- c:\programdata\pure coal bone thunk\license plus.exe
2009-06-11 17:30 . 2009-06-11 17:30 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-11 17:30 . 2009-06-11 17:30 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-11 17:30 . 2009-06-11 17:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-11 17:30 . 2009-06-11 17:30 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-06-11 17:30 . 2009-06-11 17:30 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-11 17:30 . 2009-06-11 17:30 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-05-26 22:28 . 2008-12-23 23:11 -------- d-----w- c:\programdata\Messenger Plus!
2009-05-20 08:42 . 2008-12-22 17:38 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-05-20 08:42 . 2008-12-22 17:38 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-05-20 08:42 . 2008-12-22 17:38 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-05-20 08:42 . 2008-12-22 17:38 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-05-20 08:42 . 2008-12-22 17:38 1986560 ----a-w- c:\windows\system32\akll.dll
2009-05-20 08:42 . 2008-12-22 17:38 196608 ----a-w- c:\windows\system32\maag.dll
2009-05-20 08:42 . 2008-12-22 17:38 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-05-20 08:42 . 2008-12-22 17:38 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-05-07 00:50 . 2009-05-07 00:50 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
2009-05-04 11:01 . 2009-04-25 04:30 290816 ----a-w- c:\programdata\EXIT 1\InternetToolUserTick.exe
2009-05-04 11:01 . 2009-05-04 11:01 720384 ----a-w- c:\programdata\EXIT 1\xhrjqzln.exe
2009-05-04 11:01 . 2009-04-25 04:30 -------- d-----w- c:\programdata\pure coal bone thunk
2009-05-04 11:01 . 2009-04-25 04:28 -------- d-----w- c:\programdata\EXIT 1
2009-05-04 11:00 . 2009-04-25 04:28 708608 ----a-w- c:\programdata\EXIT 1\meta lite cdrom.exe
2009-04-28 00:51 . 2009-04-28 00:51 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
2009-04-25 04:30 . 2009-04-25 04:30 692224 ----a-w- c:\programdata\EXIT 1\bytprtua.exe
2009-04-25 04:27 . 2008-12-22 17:36 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-24 20:17 . 2009-04-24 20:12 -------- d-----w- c:\program files\Mobily Connect Card
2009-04-19 00:55 . 2009-04-19 00:55 -------- d-----w- c:\program files\Selteco
2009-04-18 08:38 . 2009-04-18 08:38 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
2009-04-17 09:11 . 2008-12-22 15:39 138976 ----a-w- c:\users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-10 15:27 . 2009-04-10 15:27 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe
2009-03-30 15:27 . 2009-03-30 15:27 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe
2009-03-21 15:27 . 2009-03-21 15:27 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-14_16.54.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 10:33 . 2009-06-14 16:57 613046 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-14 16:42 613046 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-14 16:57 104768 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-14 16:42 104768 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooze close"="c:\programdata\bore axis axis.17qvb9q" [X]
"bone thunk axis copy"="c:\programdata\Road ref draw.mtkx84" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-02-18 1232896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-23 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-23 129560]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-22 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-27 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-10 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3160215249-2213099434-3398452171-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file)

.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.searchgateway.net/search/%s
IE: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-14 20:14
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E]
@Class="Shell"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E\OpenWithList]
@Class="Shell"
"a"="Photoshop.exe"
"MRUList"="a"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E\OpenWithProgids]
"م_auto_file"=hex(0):
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000_Classes\.*E]
@Allowed: (Read) (RestrictedCode)
@="م_auto_file"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):11,ff,e0,f5,84,be,7b,7a,ff,3d,d0,61,da,1f,e4,53,94,04,38,ca,51,
82,6e,80,99,63,44,f0,5c,80,76,88,ae,6d,28,15,84,b8,51,a5,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000_Classes\CLSID\{aaf1e1a7-c077-4ffa-9f1e-51c9d7239947}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000020
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,e6,0a,99,22,30,89,f6,35,96,94,16,7a,19,d5,dc,a7,3f,cb,c4,3f,5b,b9,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-14 20:15
ComboFix-quarantined-files.txt 2009-06-14 17:15
ComboFix2.txt 2009-06-14 16:56
Pre-Run: 48,882,769,920 bytes free
Post-Run: 48,858,980,352 bytes free
449 --- E O F --- 2009-06-11 17:45
 
تأييد 0
تقرير هااك جديد :)
 
تأييد 0


ComboFix 09-06-14.02 - USER 06/14/2009 21:19.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1256.966.1025.18.2038.1101 [GMT 3:00]
Running from: c:\users\USER\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-14 18:21 . 2009-06-14 18:21 -------- d-----w- c:\users\USER\AppData\Local\temp
2009-06-14 07:51 . 2009-06-14 07:51 -------- d-----w- c:\program files\Trend Micro
2009-06-11 17:44 . 2009-06-11 17:44 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 17:43 . 2009-06-11 17:43 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-11 17:42 . 2009-06-11 17:42 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-06-11 17:42 . 2009-06-11 17:42 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-06-11 17:42 . 2009-06-11 17:42 268800 ----a-w- c:\windows\system32\es.dll
2009-06-11 17:40 . 2009-06-11 17:40 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-06-11 17:40 . 2009-06-11 17:40 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-06-11 17:40 . 2009-06-11 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-06-11 17:39 . 2009-06-11 17:39 696832 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 17:36 . 2009-06-11 17:36 7680 ----a-w- c:\windows\system32\lsass.exe
2009-06-11 17:36 . 2009-06-11 17:36 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-11 17:36 . 2009-06-11 17:36 25600 ----a-w- c:\windows\system32\amxread.dll
2009-06-11 17:36 . 2009-06-11 17:36 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-06-11 17:36 . 2009-06-11 17:36 1233408 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-11 17:35 . 2009-06-11 17:35 269824 ----a-w- c:\windows\system32\schannel.dll
2009-06-11 17:33 . 2009-06-11 17:33 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-11 14:00 . 2009-06-11 14:00 0 ----a-w- c:\users\USER\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-05-29 10:06 . 2009-05-29 10:06 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-29 10:06 . 2009-05-29 10:06 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg7\RealPlayer11.exe
2009-05-28 17:25 . 2009-05-28 17:25 -------- d-----w- c:\program files\MSECache
2009-05-23 12:25 . 2009-05-23 12:24 177664 ----a-w- c:\windows\cbuninstall.exe
2009-05-23 12:25 . 2009-05-23 12:26 -------- d-----w- C:\Chatterbox
2009-05-20 08:47 . 2003-08-15 11:55 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2009-05-20 04:21 . 2009-05-20 04:21 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg6\RealPlayer11.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 18:19 . 2009-02-08 10:42 -------- d-----w- c:\users\USER\AppData\Roaming\ReGet Software
2009-06-14 16:57 . 2006-12-05 05:23 82094 ----a-w- c:\windows\system32\perfc001.dat
2009-06-14 16:57 . 2006-12-05 05:23 463314 ----a-w- c:\windows\system32\perfh001.dat
2009-06-14 16:55 . 2009-05-04 11:01 721408 ----a-w- c:\programdata\pure coal bone thunk\license plus.exe
2009-06-11 17:30 . 2009-06-11 17:30 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-11 17:30 . 2009-06-11 17:30 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-11 17:30 . 2009-06-11 17:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-11 17:30 . 2009-06-11 17:30 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-06-11 17:30 . 2009-06-11 17:30 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-11 17:30 . 2009-06-11 17:30 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-05-26 22:28 . 2008-12-23 23:11 -------- d-----w- c:\programdata\Messenger Plus!
2009-05-20 08:42 . 2008-12-22 17:38 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-05-20 08:42 . 2008-12-22 17:38 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-05-20 08:42 . 2008-12-22 17:38 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-05-20 08:42 . 2008-12-22 17:38 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-05-20 08:42 . 2008-12-22 17:38 1986560 ----a-w- c:\windows\system32\akll.dll
2009-05-20 08:42 . 2008-12-22 17:38 196608 ----a-w- c:\windows\system32\maag.dll
2009-05-20 08:42 . 2008-12-22 17:38 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-05-20 08:42 . 2008-12-22 17:38 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-05-07 00:50 . 2009-05-07 00:50 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
2009-05-04 11:01 . 2009-04-25 04:30 290816 ----a-w- c:\programdata\EXIT 1\InternetToolUserTick.exe
2009-05-04 11:01 . 2009-05-04 11:01 720384 ----a-w- c:\programdata\EXIT 1\xhrjqzln.exe
2009-05-04 11:01 . 2009-04-25 04:30 -------- d-----w- c:\programdata\pure coal bone thunk
2009-05-04 11:01 . 2009-04-25 04:28 -------- d-----w- c:\programdata\EXIT 1
2009-05-04 11:00 . 2009-04-25 04:28 708608 ----a-w- c:\programdata\EXIT 1\meta lite cdrom.exe
2009-04-28 00:51 . 2009-04-28 00:51 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
2009-04-25 04:30 . 2009-04-25 04:30 692224 ----a-w- c:\programdata\EXIT 1\bytprtua.exe
2009-04-25 04:27 . 2008-12-22 17:36 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-24 20:17 . 2009-04-24 20:12 -------- d-----w- c:\program files\Mobily Connect Card
2009-04-19 00:55 . 2009-04-19 00:55 -------- d-----w- c:\program files\Selteco
2009-04-18 08:38 . 2009-04-18 08:38 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
2009-04-17 09:11 . 2008-12-22 15:39 138976 ----a-w- c:\users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-10 15:27 . 2009-04-10 15:27 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe
2009-03-30 15:27 . 2009-03-30 15:27 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe
2009-03-21 15:27 . 2009-03-21 15:27 390664 ----a-w- c:\users\USER\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-14_16.54.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:02 . 2009-06-14 17:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-06-14 16:51 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-06-14 16:51 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-06-14 17:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-06-14 16:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-06-14 17:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-06-14 16:57 613046 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-14 16:42 613046 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-14 16:42 104768 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-14 16:57 104768 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooze close"="c:\programdata\bore axis axis.17qvb9q" [X]
"bone thunk axis copy"="c:\programdata\Road ref draw.mtkx84" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-02-18 1232896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-23 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-23 129560]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-22 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-27 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-10 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3160215249-2213099434-3398452171-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file)

.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.searchgateway.net/search/%s
IE: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-14 21:21
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E]
@Class="Shell"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E\OpenWithList]
@Class="Shell"
"a"="Photoshop.exe"
"MRUList"="a"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E\OpenWithProgids]
"م_auto_file"=hex(0):
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000_Classes\.*E]
@Allowed: (Read) (RestrictedCode)
@="م_auto_file"
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):11,ff,e0,f5,84,be,7b,7a,ff,3d,d0,61,da,1f,e4,53,94,04,38,ca,51,
82,6e,80,99,63,44,f0,5c,80,76,88,ae,6d,28,15,84,b8,51,a5,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-3160215249-2213099434-3398452171-1000_Classes\CLSID\{aaf1e1a7-c077-4ffa-9f1e-51c9d7239947}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000020
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,e6,0a,99,22,30,89,f6,35,96,94,16,7a,19,d5,dc,a7,3f,cb,c4,3f,5b,b9,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-14 21:22
ComboFix-quarantined-files.txt 2009-06-14 18:22
ComboFix2.txt 2009-06-14 17:15
ComboFix3.txt 2009-06-14 16:56
Pre-Run: 48,776,298,496 bytes free
Post-Run: 48,749,027,328 bytes free
456 --- E O F --- 2009-06-11 17:45
 
تأييد 0
هدا وجود فايرس في الجهاز يمنع فتح البرامج
 
تأييد 0
الله يرضى عليك

اقصد تقرير من الهاكات مثل ماعملت في اول الموضوع
 
تأييد 0
اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​
 
تأييد 0
اوكي
والله اني تعبتكم معااااااي ,,
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:11 بسمه, on 14/06/09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\ReGet Software\ReGet Deluxe\ReGetDx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ooze close] "C:\ProgramData\bore axis axis.17qvb9q"
O4 - HKCU\..\Run: [bone thunk axis copy] "C:\ProgramData\Road ref draw.mtkx84"
O4 - HKCU\..\Run: [ColdWare] C:\Users\USER\AppData\Local\Temp\3F16.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 9061 bytes
 
تأييد 0
عن اذنكم اخواني

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

اعمل تحديث قبل الفحص
 
تأييد 0
Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 6.0.6000
15/06/09 04:35:57 بسمه
mbam-log-2009-06-15 (04-35-57).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 105632
Time elapsed: 1 hour(s), 19 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
تأييد 0
اعمل تقرير للهايجاك

شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:02:20 بسمه, on 15/06/09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\tazebama.dl_
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ooze close] "C:\ProgramData\bore axis axis.17qvb9q"
O4 - HKCU\..\Run: [bone thunk axis copy] "C:\ProgramData\Road ref draw.mtkx84"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 6362 bytes
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى