بطء شديد عندما افتح الاميل يوجد تقرير

  • بادئ الموضوع بادئ الموضوع الحساس
  • تاريخ البدء تاريخ البدء
  • المشاهدات 846
ا

الحساس

زيزوومي جديد
إنضم
16 مارس 2009
المشاركات
44
مستوى التفاعل
0
النقاط
50
غير متصل
السلام عليكم ياكرماء

المشكله عندي عندما افتح الايميل وصندوق الرسائل يثقل الجهاز والتصفح سيئ جدآ جدآ
ياليت نشوف وين المشكله مع اني استخدمت بعدها ادوات التنظيف الموجودة في المنتدى
وكمان استخدمت اداة زيزوم لفايروس المسنجر للفحص ولم يظهر شي ياليت مساعدتي.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:31, on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\premieropinion\pmropn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: PremierOpinion - c:\program files\premieropinion\pmls.dll
O23 - Service: 0247401245301837mcinstcleanup - - (no file)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 5593 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اخي في الله احذف التالي
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)

O20 - Winlogon Notify: PremierOpinion - c:\program files\premieropinion\pmls.dll




طريقة الحذف
hay1.jpg



hay2.jpg



وقم بالبحث عن هذه القيمه وقم بحذفها c:\program files\premieropinion\pmropn.exe

وابحث عن هذه القيمه وتفحصها بأنتي فايروس فعال ومحدث O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
توقيع : ناصر الاسلام
تأييد 0
بارك الله فيك ياعزيزي شاكر ومقدر لك تم حذف القيم لاكن هذي مانحذفت
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc
وذهبت C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
وسويت ساكن عليه والنتائج سليمه وللعلم الكاسبر كل ساعه احدثه وهذا تقرير جديد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:59, on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\premieropinion\pmropn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\7bce2bbf-b8a7-44d3-9a6f-5cdace3087fd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 0247401245301837mcinstcleanup - - (no file)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 5739 bytes
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
تقرير الأداة

ComboFix 09-07-01.01 - home user 07/02/2009 6:57.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1023.678 [GMT 3:00]
Running from: c:\documents and settings\home user\سطح المكتب\ComboFix.exe
AV: AVG 7.5.516 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-07-02 02:17 . 2009-07-02 02:17 61440 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%SystemSystem%\drivers\lyqpxgq.sys
2009-07-02 02:17 . 2009-07-02 02:17 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\10000006600002h\regedit.exe
2009-07-01 13:25 . 2009-07-01 13:25 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0003.dat.com
2009-06-29 03:29 . 2009-06-29 21:55 -------- d-----w- c:\program files\PremierOpinion
2009-06-29 03:28 . 2009-06-29 03:28 -------- d-----w- c:\program files\CEDP Stealer 6.0 for Messenger
2009-06-26 10:58 . 2009-06-26 11:00 -------- dc-h--w- c:\windows\ie8
2009-06-26 09:41 . 2009-06-26 09:41 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\1000000b00002h\rundll32.exe
2009-06-26 09:41 . 2009-06-26 09:41 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\4000009c00002h\IEXPLORE.EXE
2009-06-26 09:39 . 2009-06-26 09:39 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\40000013d00002h\mbam.exe
2009-06-23 22:32 . 2009-06-23 22:32 -------- d-----w- c:\program files\aseel
2009-06-23 16:04 . 2009-06-23 16:04 7168 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\eTeSoft Video Converter 1.00.8.115\300000003400002i\dwwin.exe
2009-06-23 11:35 . 2009-06-23 11:35 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-23 11:06 . 2009-07-01 15:49 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-20 02:06 . 2009-07-01 03:15 -------- d-----w- c:\documents and settings\home user\Application Data\dvdcss
2009-06-20 01:40 . 2009-07-01 17:09 -------- d-----w- c:\documents and settings\home user\Application Data\vlc
2009-06-17 22:44 . 2009-06-17 22:44 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-17 15:47 . 2009-06-17 15:47 -------- d-----w- c:\documents and settings\home user\Application Data\URSoft
2009-06-17 15:29 . 2009-07-02 02:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 11:30 . 2009-07-02 01:00 -------- d-----w- c:\program files\Trend Micro
2009-06-16 15:02 . 2009-06-16 15:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-16 15:02 . 2009-06-22 22:58 -------- d-----w- c:\documents and settings\home user\Application Data\skypePM
2009-06-16 14:12 . 2009-06-22 23:09 -------- d-----w- c:\documents and settings\home user\Application Data\Skype
2009-06-16 14:12 . 2009-06-16 14:12 -------- d-----w- c:\program files\Common Files\Skype
2009-06-16 14:12 . 2009-06-16 14:12 -------- d-----r- c:\program files\Skype
2009-06-16 14:12 . 2009-06-16 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-11 13:22 . 2009-06-11 13:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-11 13:22 . 2009-06-11 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-06-11 13:22 . 2009-06-11 13:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-11 13:21 . 2009-06-11 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-11 12:37 . 2009-06-11 12:37 -------- d-----w- c:\program files\CCleaner
2009-06-11 03:58 . 2009-06-16 16:45 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-11 03:56 . 2009-06-11 03:57 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-09 23:47 . 2009-05-26 16:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-08 15:34 . 2009-06-08 15:34 152576 ----a-w- c:\documents and settings\home user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-08 13:29 . 2009-06-08 13:29 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-08 13:28 . 2009-06-08 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-06-07 16:05 . 2009-06-07 16:05 -------- d-----w- c:\documents and settings\home user\Application Data\FastStone
2009-06-07 16:04 . 2009-06-16 16:45 -------- d-----w- c:\program files\FastStone Photo Resizer
2009-06-05 11:38 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-05 11:29 . 2009-06-05 11:37 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-05 11:29 . 2009-06-05 11:29 -------- d-----w- c:\program files\MSBuild
2009-06-05 11:29 . 2009-06-05 11:29 -------- d-----w- c:\program files\Reference Assemblies
2009-06-05 11:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-05 11:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-05 11:28 . 2009-06-05 11:29 -------- d-----w- C:\3b65ca07e8a6f16a91bb67e0
2009-06-05 11:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-05 00:28 . 2009-06-05 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\CCTV
2009-06-05 00:05 . 2009-06-05 00:05 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-05 00:05 . 2009-06-05 00:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-02 22:14 . 2009-06-02 22:14 -------- d-----w- c:\documents and settings\home user\Application Data\Uniblue
2009-06-02 10:56 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 02:52 . 2009-02-16 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-02 02:49 . 2009-03-12 17:45 117760 ----a-w- c:\documents and settings\home user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-02 02:48 . 2009-02-16 18:46 5680 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-02 02:48 . 2009-02-16 18:46 426016 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-02 02:48 . 2009-02-16 18:46 229472 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-02 02:48 . 2009-02-16 18:46 19222560 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-01 15:50 . 2009-02-16 19:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-01 14:21 . 2009-03-16 16:34 -------- d-----w- c:\documents and settings\home user\Application Data\cleaner
2009-07-01 03:15 . 2009-05-26 12:23 -------- d-----w- c:\program files\MPlayer for Windows
2009-07-01 02:52 . 2009-05-15 15:09 -------- d-----w- c:\documents and settings\home user\Application Data\Spider Player
2009-06-28 12:57 . 2009-02-25 13:53 -------- d-----w- c:\documents and settings\home user\Application Data\Thinstall
2009-06-26 09:39 . 2009-04-24 08:54 692496 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%ProgramFilesDir%\Malwarebytes' Anti-Malware\unins000.exe
2009-06-26 09:33 . 2009-04-24 08:53 3561743 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%Common AppData%\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-23 22:32 . 2009-03-05 11:11 823296 -c--a-w- c:\windows\system32\agsaamh.dll
2009-06-23 22:32 . 2009-03-05 11:11 680061 -c--a-w- c:\windows\system32\agsaame.dll
2009-06-23 22:32 . 2009-03-05 11:11 655360 -c--a-w- c:\windows\system32\agsaamd.dll
2009-06-23 22:32 . 2009-03-05 11:11 638976 -c--a-w- c:\windows\system32\agsaamb.dll
2009-06-23 22:32 . 2009-03-05 11:11 315392 -c--a-w- c:\windows\system32\agsaama.dll
2009-06-23 22:32 . 2009-03-05 11:11 196608 -c--a-w- c:\windows\system32\agsaamc.dll
2009-06-23 22:32 . 2009-03-05 11:11 1839104 -c--a-w- c:\windows\system32\agsaamg.dll
2009-06-23 22:32 . 2009-03-05 11:11 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-23 22:32 . 2008-04-14 15:59 1388544 -c--a-w- c:\windows\system32\msvbvm60.dll
2009-06-19 17:41 . 2001-09-19 12:00 66028 ----a-w- c:\windows\system32\perfc001.dat
2009-06-19 17:41 . 2001-09-19 12:00 364174 ----a-w- c:\windows\system32\perfh001.dat
2009-06-19 15:59 . 2009-05-24 21:59 -------- d-----w- c:\program files\temp
2009-06-17 22:44 . 2009-02-16 15:33 -------- d-----w- c:\program files\Common Files\Real
2009-06-17 08:27 . 2009-04-24 08:54 38160 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%SystemSystem%\drivers\mbamswissarmy.sys
2009-06-17 08:27 . 2009-04-24 08:54 79632 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%ProgramFilesDir%\Malwarebytes' Anti-Malware\zlib.dll
2009-06-17 08:27 . 2009-04-24 08:54 195856 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%ProgramFilesDir%\Malwarebytes' Anti-Malware\mbamservice.exe
2009-06-17 08:27 . 2009-04-24 08:54 414992 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%ProgramFilesDir%\Malwarebytes' Anti-Malware\mbamgui.exe
2009-06-17 08:27 . 2009-04-24 08:54 1287440 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%ProgramFilesDir%\Malwarebytes' Anti-Malware\mbam.exe
2009-06-17 08:27 . 2009-04-24 08:54 19096 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%SystemSystem%\drivers\mbam.sys
2009-06-16 16:57 . 2009-03-14 01:16 -------- d-----w- c:\program files\MSECache
2009-06-14 15:48 . 2009-05-18 11:12 718880 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\a2service.exe
2009-06-09 23:47 . 2009-02-16 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-08 11:38 . 2009-05-18 11:14 553600 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\engine.dll
2009-06-08 11:38 . 2009-03-20 13:23 6076920 -c--a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\t3.dll
2009-06-08 11:37 . 2009-05-18 11:13 521360 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\a2framework.dll
2009-06-08 11:37 . 2009-05-18 11:12 586888 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\a2update.dll
2009-06-05 11:50 . 2009-02-16 14:36 93584 -c--a-w- c:\documents and settings\home user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 00:05 . 2009-02-16 15:29 -------- d-----w- c:\program files\Windows Live
2009-06-03 06:16 . 2009-02-16 15:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 12:55 . 2009-03-08 18:22 -------- d-----w- c:\program files\Unlocker
2009-05-31 05:57 . 2009-05-31 05:57 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\40000013c00002h\mbam.exe
2009-05-31 05:57 . 2009-05-31 05:57 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\4000006e00002h\mbamgui.exe
2009-05-31 05:55 . 2009-05-31 05:54 3371384 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%Profile%\Local Settings\Temporary Internet Files\Content.IE5\G0W68B0X\mbam-setup[1].exe
2009-05-29 13:15 . 2009-05-29 13:15 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-05-27 00:30 . 2009-05-27 00:30 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-05-27 00:30 . 2009-05-27 00:30 -------- d-----w- c:\program files\SplitCam
2009-05-26 13:39 . 2009-03-05 11:11 196608 -c--a-w- c:\windows\system32\maag.dll
2009-05-26 13:39 . 2009-03-05 11:11 1245184 -c--a-w- c:\windows\system32\bkll.dll
2009-05-26 13:39 . 2009-03-05 11:11 1212416 -c--a-w- c:\windows\system32\ckll.dll
2009-05-26 13:39 . 2009-03-05 11:11 90112 -c--a-w- c:\windows\system32\agsaami.dll
2009-05-26 13:39 . 2009-03-05 11:11 2535424 -c--a-w- c:\windows\system32\agsaamj.dll
2009-05-26 13:39 . 2009-03-05 11:11 1986560 -c--a-w- c:\windows\system32\akll.dll
2009-05-26 13:39 . 2009-05-26 13:39 -------- d-----w- c:\program files\Real_SC
2009-05-24 16:57 . 2009-05-24 16:57 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-24 16:57 . 2009-05-24 16:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-24 16:57 . 2009-05-24 16:57 -------- d-----w- c:\program files\Real
2009-05-24 16:44 . 2009-05-23 14:40 -------- d-----w- c:\program files\Common Files\delet
2009-05-24 01:48 . 2009-05-24 01:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-24 00:37 . 2009-05-23 23:25 -------- d-----w- c:\program files\Raptor
2009-05-23 15:34 . 2009-03-15 16:25 -------- d-----w- c:\documents and settings\home user\Application Data\IDM
2009-05-20 15:05 . 2009-02-16 18:47 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-20 15:05 . 2009-02-16 18:47 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-18 11:14 . 2009-05-18 11:14 224400 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\a2freecontmenu.dll
2009-05-18 11:14 . 2009-05-18 11:14 302736 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\a2freecontmenu64.dll
2009-05-18 11:13 . 2009-05-18 11:14 1191536 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\a2free.exe
2009-05-18 11:13 . 2009-05-18 11:13 101000 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\a2upd.exe
2009-05-18 11:13 . 2009-05-18 11:13 253072 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\a-squared Free 4.0\%ProgramFilesDir%\A-SQUARED FREE\a2cmd.exe
2009-05-15 15:09 . 2009-05-15 15:08 -------- d-----w- c:\program files\Spider Player
2009-05-13 05:02 . 2004-08-03 21:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 14:10 . 2009-05-12 11:47 -------- d-----w- c:\program files\Google
2009-05-12 06:06 . 2009-05-12 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-05-12 06:05 . 2009-02-16 19:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-12 06:04 . 2009-04-23 10:37 -------- d-----w- c:\program files\WinWatermark 2.2
2009-05-07 15:32 . 2004-08-03 21:55 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-24 11:02 . 2009-04-24 11:02 61440 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%SystemSystem%\drivers\dclnv.sys
2009-04-24 11:02 . 2009-04-24 11:02 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\4000006500002h\mbam-dor.exe
2009-04-24 08:54 . 2009-04-24 08:54 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\40000013b00002h\mbam.exe
2009-04-24 08:54 . 2009-04-24 08:54 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\1000000500002h\regsvr32.exe
2009-04-24 08:54 . 2009-04-24 08:54 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\4000006a00002h\mbamgui.exe
2009-04-24 08:54 . 2009-04-24 08:54 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\40000013a00002h\mbam.exe
2009-04-24 08:53 . 2009-04-24 08:53 8704 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\4000001400002h\mbam-setup.exe
2009-04-24 08:53 . 2009-04-24 08:53 2967800 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%Profile%\Local Settings\Temporary Internet Files\Content.IE5\GFV6GXC2\mbam-setup[1].exe
2009-04-19 19:47 . 2004-08-03 21:46 1847040 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2004-08-03 21:55 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 12:32 . 2009-04-24 08:54 73360 ----a-w- c:\documents and settings\home user\Application Data\Thinstall\Malwarebytes' Anti-Malware\%ProgramFilesDir%\Malwarebytes' Anti-Malware\mbam.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-06-17_23.00.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-02 02:50 . 2009-07-02 02:50 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 1999-11-24 15:40 . 1998-12-24 11:23 40960 c:\windows\system32\VBAME.DLL
- 1999-11-24 15:40 . 1999-11-24 15:40 40960 c:\windows\system32\VBAME.DLL
+ 2009-06-11 03:59 . 2009-01-07 15:20 17440 c:\windows\system32\spmsg.dll
+ 2001-09-19 12:00 . 2009-06-19 17:41 65924 c:\windows\system32\perfc009.dat
- 2001-09-19 12:00 . 2009-06-05 11:34 65924 c:\windows\system32\perfc009.dat
+ 2009-02-16 14:27 . 2009-07-02 00:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-16 14:27 . 2009-06-17 22:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 14:27 . 2009-07-02 00:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-16 14:27 . 2009-06-17 22:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-16 14:27 . 2009-07-02 00:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-16 14:27 . 2009-06-17 22:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-08-26 17:25 . 2001-08-26 17:25 69632 c:\windows\system32\akrip32.dll
- 2009-06-10 02:43 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\update\spcustom.dll
- 2009-06-10 02:43 . 2007-11-30 12:39 17784 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\spmsg.dll
- 2009-06-10 02:43 . 2009-04-30 21:18 12800 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3QFE\xpshims.dll
- 2009-06-10 02:43 . 2009-04-30 21:18 25600 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3QFE\jsproxy.dll
- 2009-06-10 02:43 . 2009-04-30 21:13 12800 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\xpshims.dll
- 2009-06-10 02:43 . 2009-04-30 21:13 25600 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\jsproxy.dll
+ 2009-06-23 11:23 . 2009-06-23 11:23 80395 c:\windows\Installer\{83502B7E-BE3F-436D-8F5D-268560AA3681}\MsblIco.Exe
- 2009-03-22 13:29 . 2009-03-22 13:29 80395 c:\windows\Installer\{83502B7E-BE3F-436D-8F5D-268560AA3681}\MsblIco.Exe
+ 2009-06-26 11:01 . 2008-07-08 12:58 17784 c:\windows\ie8updates\KB971930-IE8\spmsg.dll
+ 2009-06-26 11:01 . 2008-07-08 12:58 26488 c:\windows\ie8updates\KB971930-IE8\spcustom.dll
+ 2009-06-26 11:00 . 2009-03-08 01:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
- 2009-06-10 02:51 . 2009-03-08 01:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-26 11:00 . 2007-11-30 12:39 17784 c:\windows\ie8updates\KB969897-IE8\spmsg.dll
+ 2009-06-26 11:00 . 2007-11-30 12:39 26488 c:\windows\ie8updates\KB969897-IE8\spcustom.dll
+ 2009-06-26 11:00 . 2009-03-08 01:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
- 2009-06-10 02:51 . 2009-03-08 01:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2009-06-26 10:59 . 2009-03-08 13:08 58448 c:\windows\ie8\spuninst\iecustom.dll
- 2009-05-08 23:18 . 2009-03-08 13:08 58448 c:\windows\ie8\spuninst\iecustom.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 44544 c:\windows\ie8\pngfilt.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 44544 c:\windows\ie8\pngfilt.dll
+ 2009-06-26 10:58 . 2007-08-13 15:01 48128 c:\windows\ie8\mshtmler.dll
- 2009-05-08 23:17 . 2007-08-13 15:01 48128 c:\windows\ie8\mshtmler.dll
- 2009-05-08 23:17 . 2007-08-13 15:32 45568 c:\windows\ie8\mshta.exe
+ 2009-06-26 10:58 . 2007-08-13 15:32 45568 c:\windows\ie8\mshta.exe
- 2009-05-08 23:17 . 2007-08-13 15:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-06-26 10:58 . 2007-08-13 15:36 12288 c:\windows\ie8\msfeedssync.exe
- 2009-05-08 23:17 . 2009-02-20 16:50 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-06-26 10:58 . 2007-08-13 15:44 40960 c:\windows\ie8\licmgr10.dll
- 2009-05-08 23:17 . 2007-08-13 15:44 40960 c:\windows\ie8\licmgr10.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 27648 c:\windows\ie8\jsproxy.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 27648 c:\windows\ie8\jsproxy.dll
+ 2009-06-26 10:58 . 2007-08-13 15:39 92672 c:\windows\ie8\inseng.dll
- 2009-05-08 23:17 . 2007-08-13 15:39 92672 c:\windows\ie8\inseng.dll
+ 2009-06-26 10:58 . 2007-08-13 15:36 36352 c:\windows\ie8\imgutil.dll
- 2009-05-08 23:17 . 2007-08-13 15:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-06-26 10:58 . 2007-08-13 15:39 55296 c:\windows\ie8\iesetup.dll
- 2009-05-08 23:17 . 2007-08-13 15:39 55296 c:\windows\ie8\iesetup.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 44544 c:\windows\ie8\iernonce.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 44544 c:\windows\ie8\iernonce.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 78336 c:\windows\ie8\ieencode.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 78336 c:\windows\ie8\ieencode.dll
+ 2009-06-26 10:58 . 2009-02-20 10:20 70656 c:\windows\ie8\ie4uinit.exe
- 2009-05-08 23:17 . 2009-02-20 10:20 70656 c:\windows\ie8\ie4uinit.exe
- 2009-05-08 23:17 . 2009-02-20 16:50 63488 c:\windows\ie8\icardie.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 63488 c:\windows\ie8\icardie.dll
- 2009-05-08 23:17 . 2007-08-13 15:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-06-26 10:58 . 2007-08-13 15:18 60416 c:\windows\ie8\hmmapi.dll
- 2009-05-08 23:17 . 2008-04-14 15:59 35328 c:\windows\ie8\corpol.dll
+ 2009-06-26 10:58 . 2008-04-14 15:59 35328 c:\windows\ie8\corpol.dll
+ 2009-06-26 10:58 . 2007-08-13 15:39 71680 c:\windows\ie8\admparse.dll
- 2009-05-08 23:17 . 2007-08-13 15:39 71680 c:\windows\ie8\admparse.dll
+ 2009-06-26 11:01 . 2009-03-08 01:35 2048 c:\windows\ie8updates\KB971930-IE8\iecompat.dll
+ 2001-09-19 12:00 . 2009-06-19 17:41 428974 c:\windows\system32\perfh009.dat
- 2001-09-19 12:00 . 2009-06-05 11:34 428974 c:\windows\system32\perfh009.dat
- 2009-06-10 02:43 . 2008-07-09 07:34 380792 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\update\updspapi.dll
- 2009-06-10 02:43 . 2007-11-30 11:18 752504 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\update\update.exe
- 2009-06-10 02:43 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\spuninst.exe
- 2009-06-10 02:43 . 2009-05-13 05:07 915456 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3QFE\wininet.dll
- 2009-06-10 02:43 . 2009-04-30 21:18 246272 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3QFE\ieproxy.dll
- 2009-06-10 02:43 . 2009-04-30 21:18 385536 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3QFE\iedkcs32.dll
- 2009-06-10 02:43 . 2009-04-30 10:45 173056 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3QFE\ie4uinit.exe
- 2009-06-10 02:43 . 2009-05-13 05:02 915456 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\wininet.dll
- 2009-06-10 02:43 . 2009-04-30 21:13 246272 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\ieproxy.dll
- 2009-06-10 02:43 . 2009-04-30 21:13 385536 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\iedkcs32.dll
- 2009-06-10 02:43 . 2009-04-30 11:21 173056 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\ie4uinit.exe
+ 2009-06-26 11:01 . 2008-07-08 12:58 380792 c:\windows\ie8updates\KB971930-IE8\updspapi.dll
+ 2009-06-26 11:01 . 2008-07-08 12:58 752504 c:\windows\ie8updates\KB971930-IE8\update.exe
+ 2009-06-26 11:01 . 2008-07-08 12:58 380792 c:\windows\ie8updates\KB971930-IE8\spuninst\updspapi.dll
+ 2009-06-26 11:01 . 2008-07-08 12:58 231288 c:\windows\ie8updates\KB971930-IE8\spuninst\spuninst.exe
+ 2009-06-26 11:01 . 2008-07-08 12:58 231288 c:\windows\ie8updates\KB971930-IE8\spuninst.exe
+ 2009-06-26 11:00 . 2009-03-08 01:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
- 2009-06-10 02:51 . 2009-03-08 01:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-26 11:00 . 2008-07-09 07:34 380792 c:\windows\ie8updates\KB969897-IE8\updspapi.dll
+ 2009-06-26 11:00 . 2007-11-30 11:18 752504 c:\windows\ie8updates\KB969897-IE8\update.exe
- 2009-06-10 02:51 . 2008-07-09 07:34 380792 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-26 11:00 . 2008-07-09 07:34 380792 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-26 11:00 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
- 2009-06-10 02:51 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-26 11:00 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst.exe
+ 2009-06-26 11:00 . 2009-03-08 01:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
- 2009-06-10 02:51 . 2009-03-08 01:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-26 11:00 . 2009-03-08 11:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
- 2009-06-10 02:51 . 2009-03-08 11:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-26 11:00 . 2009-03-08 01:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
- 2009-06-10 02:51 . 2009-03-08 01:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
- 2009-05-08 23:17 . 2009-03-03 00:06 826368 c:\windows\ie8\wininet.dll
+ 2009-06-26 10:58 . 2009-03-03 00:06 826368 c:\windows\ie8\wininet.dll
+ 2009-06-26 10:58 . 2007-08-13 15:45 206336 c:\windows\ie8\winfxdocobj.exe
- 2009-05-08 23:17 . 2007-08-13 15:45 206336 c:\windows\ie8\winfxdocobj.exe
- 2009-05-08 23:17 . 2009-02-20 16:50 233472 c:\windows\ie8\webcheck.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 233472 c:\windows\ie8\webcheck.dll
- 2009-05-08 23:17 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2009-06-26 10:58 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2009-06-26 10:58 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
- 2009-05-08 23:17 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 105984 c:\windows\ie8\url.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 105984 c:\windows\ie8\url.dll
- 2009-05-08 23:18 . 2009-01-07 15:20 380448 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-06-26 10:59 . 2009-01-07 15:20 380448 c:\windows\ie8\spuninst\updspapi.dll
- 2009-05-08 23:18 . 2009-01-07 15:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-06-26 10:59 . 2009-01-07 15:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-06-26 10:58 . 2006-09-06 14:42 213216 c:\windows\ie8\spuninst.exe
- 2009-05-08 23:17 . 2006-09-06 14:42 213216 c:\windows\ie8\spuninst.exe
+ 2009-06-26 10:58 . 2009-02-20 16:50 102912 c:\windows\ie8\occache.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 102912 c:\windows\ie8\occache.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 671232 c:\windows\ie8\mstime.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 671232 c:\windows\ie8\mstime.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 193024 c:\windows\ie8\msrating.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 193024 c:\windows\ie8\msrating.dll
- 2009-05-08 23:17 . 2007-08-13 15:54 156160 c:\windows\ie8\msls31.dll
+ 2009-06-26 10:58 . 2007-08-13 15:54 156160 c:\windows\ie8\msls31.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 477696 c:\windows\ie8\mshtmled.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 477696 c:\windows\ie8\mshtmled.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 459264 c:\windows\ie8\msfeeds.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 459264 c:\windows\ie8\msfeeds.dll
- 2009-05-08 23:17 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-06-26 10:58 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
- 2009-05-08 23:17 . 2009-02-28 04:54 636072 c:\windows\ie8\iexplore.exe
+ 2009-06-26 10:58 . 2009-02-28 04:54 636072 c:\windows\ie8\iexplore.exe
+ 2009-06-26 10:58 . 2007-08-13 15:54 180736 c:\windows\ie8\ieui.dll
- 2009-05-08 23:17 . 2007-08-13 15:54 180736 c:\windows\ie8\ieui.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 268288 c:\windows\ie8\iertutil.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 268288 c:\windows\ie8\iertutil.dll
- 2009-05-08 23:17 . 2007-08-13 15:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-06-26 10:58 . 2007-08-13 15:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-06-26 10:58 . 2007-08-13 15:54 191488 c:\windows\ie8\iepeers.dll
- 2009-05-08 23:17 . 2007-08-13 15:54 191488 c:\windows\ie8\iepeers.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 385024 c:\windows\ie8\iedkcs32.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 383488 c:\windows\ie8\ieapfltr.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 383488 c:\windows\ie8\ieapfltr.dll
- 2009-05-08 23:17 . 2009-02-20 05:14 161792 c:\windows\ie8\ieakui.dll
+ 2009-06-26 10:58 . 2009-02-20 05:14 161792 c:\windows\ie8\ieakui.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 230400 c:\windows\ie8\ieaksie.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 230400 c:\windows\ie8\ieaksie.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 153088 c:\windows\ie8\ieakeng.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 153088 c:\windows\ie8\ieakeng.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 214528 c:\windows\ie8\dxtrans.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 214528 c:\windows\ie8\dxtrans.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 347136 c:\windows\ie8\dxtmsft.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 124928 c:\windows\ie8\advpack.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 124928 c:\windows\ie8\advpack.dll
- 2009-06-10 02:43 . 2009-04-30 21:18 1207808 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3QFE\urlmon.dll
- 2009-06-10 02:43 . 2009-05-13 05:07 5936128 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3QFE\mshtml.dll
- 2009-06-10 02:43 . 2009-04-30 21:18 1985024 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3QFE\iertutil.dll
- 2009-06-10 02:43 . 2009-04-30 21:13 1207808 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\urlmon.dll
- 2009-06-10 02:43 . 2009-05-13 05:02 5936128 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\mshtml.dll
- 2009-06-10 02:43 . 2009-04-30 21:13 1985024 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\iertutil.dll
+ 2009-06-26 11:00 . 2009-03-08 01:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
- 2009-06-10 02:51 . 2009-03-08 01:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
- 2009-06-10 02:51 . 2009-03-08 01:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-26 11:00 . 2009-03-08 01:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
- 2009-06-10 02:51 . 2009-03-08 01:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-06-26 11:00 . 2009-03-08 01:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 1160192 c:\windows\ie8\urlmon.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 1160192 c:\windows\ie8\urlmon.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 3595264 c:\windows\ie8\mshtml.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 3595264 c:\windows\ie8\mshtml.dll
+ 2009-06-26 10:58 . 2009-02-20 16:50 6066176 c:\windows\ie8\ieframe.dll
- 2009-05-08 23:17 . 2009-02-20 16:50 6066176 c:\windows\ie8\ieframe.dll
+ 2009-06-26 10:58 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
- 2009-05-08 23:17 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
- 2009-06-10 02:43 . 2009-04-30 21:13 11064832 c:\windows\SoftwareDistribution\Download\4f76fb212f3378e706442f5b1c986910\SP3GDR\ieframe.dll
- 2009-06-10 02:51 . 2009-03-08 01:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
+ 2009-06-26 11:00 . 2009-03-08 01:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-16 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-17 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBrowserOptions"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 08:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^SnagIt 8.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\SnagIt 8.lnk
backup=c:\windows\pss\SnagIt 8.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\program files\\premieropinion\\pmropn.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [08/06/2009 04:29 م 33408]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [02/06/2009 01:56 م 28544]
R1 is-7KMBBdrv;is-7KMBBdrv;c:\windows\system32\drivers\92716846.sys [16/03/2009 05:15 م 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 04:17 م 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 04:17 م 55024]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [30/08/2008 06:34 م 81356]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [30/08/2008 06:36 م 9804]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S2 0247401245301837mcinstcleanup;0247401245301837mcinstcleanup; [x]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\documents and settings\home user\Local Settings\Temp\{10BEB1C4-4E3C-4652-9836-B9814379764F}\fsgk.sys --> c:\documents and settings\home user\Local Settings\Temp\{10BEB1C4-4E3C-4652-9836-B9814379764F}\fsgk.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [11/03/2009 12:42 م 33752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 04:17 م 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-07-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
FF - ProfilePath - c:\documents and settings\home user\Application Data\Mozilla\Firefox\Profiles\84k41vgv.default\
FF - component: c:\documents and settings\home user\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\PremierOpinion\components\pmxg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PremierOpinion
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-02 07:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\home user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Completion time: 2009-07-02 7:03
ComboFix-quarantined-files.txt 2009-07-02 04:03
ComboFix2.txt 2009-05-23 12:45
ComboFix3.txt 2009-04-24 20:38
ComboFix4.txt 2009-03-10 15:01
Pre-Run: 69,046,185,984 bytes free
Post-Run: 69,022,765,056 bytes free
457 --- E O F --- 2009-06-23 22:55
 
تأييد 0
كيــــــــــــــــــــــــــــف المشكلة تمام
حمل هدة الاداة بس شغل الاداة من الوضع الامن لجهاز
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي





2Aj2D-lj8I_65879520.gif
 
تأييد 0
تم تحميل وتشغيلها على الوضع الأمن ولم نشاهد فيروسات بارك الله فيك يالغالي

وننتظر مديرنا المحبوب maax

هل تحتاج تقرير الاداة اخوي عاشق يوجد لدي
 
تأييد 0
اعمل تقرير هايجاك جديد اخي
 
تأييد 0
تقرير هايجاك اخي ماكس

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:54:44, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 0247401245301837mcinstcleanup - - (no file)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 5226 bytes

=======

الغريب رابط بت ديفندر ولايوجد عندي شاهدة اخي ماكس في تقريري
 
تأييد 0
رابط البتديفندر هو الاكتف تبع الفحص الاون لاين
اذا تحب احذفه ماله اي تأثير

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وايضا احذف

O23 - Service: 0247401245301837mcinstcleanup - - (no file

طريقة الحذف

mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ونظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة

002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

هل باقي اي مشاكل ؟؟
 
تأييد 0
مشكور يالغالي والله يديمك تم عمل اللازم

سلامي
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى