مشكلة\\عند فصل النت تظهر لي هذه النافذه

ح

حفيد ابن الخطاب

زيزوومي جديد
إنضم
24 يونيو 2009
المشاركات
59
مستوى التفاعل
0
النقاط
50
غير متصل
ea45993c6ahl5.gif


اخواني الاعزاء عندما اقوم بفصل الانترنت من الكبل عمداً او بغير عمد تظهر شاشة زرقاااء فيها الكثير من الكتابات ومنها كلمة STOP وبعدها يعاد تشغيل الجهاز وتظهر لي هذه النافذه ولا اعرف لماذا
cvv.jpg



وهذا تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:22:19 م, on 11/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
F:\الشامل\البرامج\برامج منوعه\cpe17antiautorun1330.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\NT1+Multi\calltray.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\AlFahdawy\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [protect_autorun] F:\الشامل\البرامج\برامج منوعه\cpe17antiautorun1330.exe /start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: CAPI Monitor.lnk = C:\Program Files\NT1+Multi\calltray.exe
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 7984 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اخواني في الله الان تطورت المشكله فأصبح الكمبيوتر يفصل بالصوره المذكورة مسبقاً من غير فصل كبل الانترنت
وتظهر هذه الصوره مع الصوره الاولى الموضوعه في البداية
19071430040659.jpg
 
تأييد 0
اخوي لاهنت صور الشاشه الزرقا

اعمل الاتي

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم[/B]
 
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد 0
اخي الفاضل KoNaMi جزاك الله خيراً
ولكن لا استطيع تصوير الشاشة الزرقاء لانه يعيد الاقلاع مباشرةً بعد ضهورها والتقرير في الاعلى في بداية المشاركة
 
تأييد 0
اعمل الاتي اخوي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : KoNaMi
تأييد 0
اخي في الله KoNaMi عملت مثل ماقلت انت ونزلت هذه الاداة ولكن حين التشغيل تظهر لي هذه النافذه

19071430053940.jpg
 
تأييد 0
اخوي في البدايه لابد من تعطيل جيمع برامج الحمايه
لاتغير اسم الاداة
احفظها على سطح المكتب
تأكد من وقت وتاريخ الجهاز

بعدين شغل الاداة
 
توقيع : KoNaMi
تأييد 0
السلام عليكم
قمت بتشغيل الاداة ولكن لم يقم الكمبيوتر بعمل ريستارت وتظهر لي هذه الصور خلال تشغيل الاداة

i22291_hjhfttfhy.jpg


i22292_ghgfgrfgf.jpg


وبعدها يظهر التقرير ولا يعمل ريستارت

وهذا التقرير
ComboFix 09-06-28.02 - AlFahdawy 07/11/2009 19:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.767.293 [GMT 3:00]
Running from: c:\documents and settings\AlFahdawy\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.
2009-07-09 15:15 . 2009-07-09 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\VertusTech
2009-07-08 20:03 . 2009-07-08 20:49 -------- d-----w- c:\program files\ClickZap
2009-07-08 20:03 . 2009-07-08 20:03 -------- d-----w- c:\windows\system32\Scripts
2009-07-08 20:03 . 2002-11-14 11:55 57344 ----a-w- c:\windows\system32\CZDrv.dll
2009-07-08 12:28 . 2009-07-08 12:28 7680 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Thinstall\Adobe Photoshop CS2\400000500002i\AcroRd32Info.exe
2009-07-08 12:28 . 2009-07-08 12:28 7680 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Thinstall\Adobe Photoshop CS2\1000000b00002i\verclsid.exe
2009-07-06 15:42 . 2009-07-06 15:54 -------- d-----w- c:\documents and settings\AlFahdawy\Local Settings\Application Data\Temporary Projects
2009-07-05 20:43 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-07-05 20:42 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-07-05 20:40 . 2009-07-05 20:40 -------- d-----w- c:\windows\system32\RsFx
2009-07-05 20:39 . 2009-07-05 20:39 -------- d-----w- c:\program files\MSXML 6.0
2009-07-05 20:25 . 2009-07-05 20:41 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-05 20:25 . 2009-07-05 20:25 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-05 20:25 . 2009-07-05 20:25 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-07-05 20:25 . 2009-07-05 20:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-05 20:24 . 2009-07-05 20:24 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-07-05 20:23 . 2009-07-05 20:23 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-05 20:20 . 2009-07-05 20:25 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-07-05 20:19 . 2009-07-05 20:19 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-05 20:18 . 2009-07-05 21:41 204480 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-05 20:17 . 2009-07-05 20:17 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-05 20:17 . 2009-07-05 20:17 -------- d-----w- c:\program files\Reference Assemblies
2009-07-05 20:16 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-05 20:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-05 20:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-05 20:16 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-05 20:16 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-05 20:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-05 20:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-03 13:05 . 2009-07-03 18:55 -------- d-----w- c:\program files\Paltalk Messenger
2009-07-02 10:40 . 2009-07-02 10:40 65857 ----a-w- c:\windows\BricoPackUninst.cmd
2009-07-02 10:35 . 2009-07-02 10:40 6120 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-07-02 10:34 . 2009-07-02 10:34 -------- d-----w- c:\windows\BricoPacks
2009-07-02 10:00 . 2009-07-08 19:58 -------- d-----w- c:\documents and settings\AlFahdawy\Contacts
2009-07-02 09:58 . 2009-07-02 09:58 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-02 09:58 . 2009-07-02 09:58 -------- d-----w- c:\program files\MSN Messenger
2009-07-01 14:02 . 2009-07-01 14:02 1915520 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Macromedia\Flash Player\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-06-30 08:24 . 2009-06-30 08:24 7680 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Thinstall\Adobe Photoshop CS2\400000134e00002i\ImageReady.exe
2009-06-30 08:07 . 2009-06-30 08:07 -------- d-----w- c:\windows\system32\scripting
2009-06-30 08:07 . 2009-06-30 08:07 -------- d-----w- c:\windows\l2schemas
2009-06-30 08:07 . 2009-06-30 08:07 -------- d-----w- c:\windows\system32\en
2009-06-30 08:07 . 2009-06-30 08:07 -------- d-----w- c:\windows\system32\bits
2009-06-30 08:03 . 2009-06-30 08:08 -------- d-----w- c:\windows\ServicePackFiles
2009-06-30 07:48 . 2009-06-30 07:48 7680 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Thinstall\Adobe Photoshop CS2\400000ef00002i\AdobeUpdater.exe
2009-06-30 07:47 . 2009-06-30 07:47 7680 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Thinstall\Adobe Photoshop CS2\4000001700003i\Adobelmsvc.exe
2009-06-30 07:46 . 2009-06-30 07:46 7680 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Thinstall\Adobe Photoshop CS2\1000000b00002i\rundll32.exe
2009-06-30 04:15 . 2006-05-31 19:25 25088 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-29 17:54 . 2009-06-29 17:54 -------- d-----w- c:\documents and settings\AlFahdawy\Application Data\Desktopicon
2009-06-29 17:53 . 2009-06-29 17:54 -------- d-----w- c:\program files\FormatFactory
2009-06-29 17:23 . 2009-06-29 17:23 -------- d-----w- c:\documents and settings\AlFahdawy\Application Data\Media Player Classic
2009-06-29 17:23 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-29 17:23 . 2009-06-29 17:23 -------- d-----w- c:\program files\Real Alternative
2009-06-29 17:23 . 2009-06-29 17:23 -------- d-----w- c:\documents and settings\AlFahdawy\Local Settings\Application Data\Real
2009-06-29 17:22 . 2009-06-29 17:22 7680 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Thinstall\The KMPlayer (remove only)\300000003400002i\dwwin.exe
2009-06-29 17:22 . 2009-06-29 17:22 -------- d-----w- c:\documents and settings\AlFahdawy\Local Settings\Application Data\Thinstall
2009-06-29 14:34 . 2004-08-03 18:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-06-29 11:47 . 2009-06-29 11:47 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-29 08:42 . 2009-06-29 08:42 7168 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Thinstall\Microsoft Text-to-Speech Engine 4.0 (English)\4000005e00002i\vcmd.exe
2009-06-28 19:56 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-28 19:56 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-28 19:56 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-28 19:56 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-28 19:56 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-28 19:56 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-28 19:56 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-28 19:56 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-28 19:56 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-28 19:56 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-28 19:56 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-28 19:56 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-28 17:24 . 2009-06-28 17:24 -------- d-----w- c:\program files\MSECache
2009-06-28 13:50 . 2009-06-28 13:50 8704 ----a-w- c:\documents and settings\AlFahdawy\Application Data\Thinstall\PHOTOSHOP\1000000b00002h\rundll32.exe
2009-06-28 13:50 . 2009-06-30 07:46 -------- d-----w- c:\documents and settings\AlFahdawy\Application Data\Thinstall
2009-06-28 13:33 . 2009-06-28 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-28 13:33 . 2009-06-28 13:33 -------- d-----w- c:\program files\TechSmith
2009-06-28 13:33 . 2009-06-28 13:33 -------- d-----w- c:\documents and settings\AlFahdawy\Local Settings\Application Data\TechSmith
2009-06-28 13:33 . 2009-06-28 13:33 -------- d-----w- c:\program files\WinWatermark 2.2
2009-06-28 13:32 . 2009-06-30 11:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-28 13:14 . 2009-06-28 13:14 -------- d-----w- c:\program files\Avramovic Web Solutions
2009-06-28 10:28 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-28 08:52 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-28 08:52 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-28 08:36 . 2009-06-28 08:36 198064 ----a-w- c:\documents and settings\AlFahdawy\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-06-28 08:36 . 2009-07-11 16:17 -------- d-----w- c:\documents and settings\AlFahdawy\Application Data\DMCache
2009-06-28 08:36 . 2009-07-09 19:11 -------- d-----w- c:\documents and settings\AlFahdawy\Application Data\IDM
2009-06-28 08:35 . 2009-06-28 08:49 -------- d-----w- c:\program files\Internet Download Manager
2009-06-28 08:17 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-06-28 08:15 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-28 08:13 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-28 07:45 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-28 07:30 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-28 07:30 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-28 07:24 . 2009-06-30 08:30 -------- d--h--w- c:\windows\$hf_mig$
2009-06-27 19:34 . 2009-06-27 19:34 -------- d-----w- c:\documents and settings\AlFahdawy\Local Settings\Application Data\Yahoo
2009-06-27 19:09 . 2009-06-27 19:09 -------- d-----w- c:\windows\system32\LogFiles
2009-06-27 19:08 . 2009-06-27 19:09 -------- d-----w- c:\windows\system32\drivers\umdf
2009-06-27 19:03 . 2009-06-27 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-27 19:03 . 2008-09-19 12:41 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-27 19:03 . 2009-06-27 19:03 -------- d-----w- c:\program files\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 15:15 . 2004-08-03 23:56 1024 ----a-w- c:\windows\system32\b5rgwhq.dll
2009-07-09 15:15 . 2004-08-03 23:56 204 ----a-w- c:\windows\system32\w9n46s1.dll
2009-07-09 15:15 . 2004-08-03 23:56 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-07-09 15:15 . 2004-08-03 23:56 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-07-09 15:15 . 2004-08-03 23:56 100 ----a-w- c:\windows\system32\prsgrc.dll
2009-07-09 15:15 . 2004-08-03 23:56 72 ----a-w- c:\windows\system32\ssprs.dll
2009-07-09 15:15 . 2004-08-03 23:56 1024 ----a-w- c:\windows\system32\clauth2.dll
2009-07-09 15:15 . 2004-08-03 23:56 1024 ----a-w- c:\windows\system32\clauth1.dll
2009-07-08 17:39 . 2009-06-27 14:53 102448 ----a-w- c:\documents and settings\AlFahdawy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 20:39 . 2009-06-27 15:52 -------- d-----w- c:\program files\Microsoft.NET
2009-07-05 20:24 . 2009-06-27 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-05 20:17 . 2009-06-27 15:53 -------- d-----w- c:\program files\MSBuild
2009-07-02 10:40 . 2004-08-03 23:56 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-06-30 08:10 . 2009-06-27 14:46 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-27 18:28 . 2009-06-27 15:22 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-06-27 17:36 . 2009-06-27 17:36 -------- d-----w- c:\documents and settings\AlFahdawy\Application Data\shamela
2009-06-27 17:36 . 2009-06-27 17:35 -------- d-----w- c:\program files\shamela library
2009-06-27 17:35 . 2009-06-27 17:36 737280 ----a-w- c:\windows\iun6002.exe
2009-06-27 15:56 . 2009-06-27 15:56 16299862 ------w- C:\$Persi0.sys
2009-06-27 15:56 . 2009-06-27 15:56 -------- d-----w- c:\program files\Faronics
2009-06-27 15:53 . 2009-06-27 15:53 -------- d-----w- c:\program files\Microsoft Works
2009-06-27 15:49 . 2009-06-27 15:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-27 15:30 . 2009-06-27 15:30 -------- d-----w- c:\program files\NT1+Multi
2009-06-27 15:30 . 2009-06-27 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 15:30 . 2009-06-27 15:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-27 15:28 . 2009-06-27 15:28 -------- d-----w- c:\program files\PowerForPhone
2009-06-27 15:28 . 2009-06-27 15:20 -------- d-----w- c:\program files\ASUS
2009-06-27 15:23 . 2009-06-27 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-27 15:22 . 2009-06-27 15:22 -------- d-----w- c:\program files\Avira
2009-06-27 15:21 . 2009-06-27 15:21 17542 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{57B15AD4-8C9D-4164-82BB-E33D8644E757}\_294823.exe
2009-06-27 15:21 . 2009-06-27 15:21 17542 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}\_294823.exe
2009-06-27 15:19 . 2009-06-27 14:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-27 15:16 . 2009-06-27 15:16 -------- d-----w- c:\program files\Atheros
2009-06-27 15:15 . 2009-06-27 15:15 -------- d-----w- c:\documents and settings\AlFahdawy\Application Data\InstallShield
2009-06-27 15:15 . 2009-06-27 15:15 -------- d-----w- c:\program files\Wireless Console 2
2009-06-27 15:13 . 2009-06-27 15:13 -------- d-----w- c:\program files\Attansic
2009-06-27 15:12 . 2009-06-27 15:12 -------- d-----w- c:\program files\Synaptics
2009-06-27 15:09 . 2009-06-27 15:09 -------- d-----w- c:\program files\Realtek
2009-06-27 15:09 . 2009-06-27 15:09 -------- d-----w- c:\program files\Toshiba
2009-06-27 15:08 . 2009-06-27 15:08 -------- d-----w- c:\documents and settings\AlFahdawy\Application Data\ATI
2009-06-27 15:04 . 2009-06-27 14:56 -------- d-----w- c:\program files\ATI Technologies
2009-06-27 15:04 . 2009-06-27 15:04 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}\ARPPRODUCTICON.exe
2009-06-27 15:04 . 2009-06-27 15:04 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{C6D7BC96-A608-0908-F6E7-53C118423087}\ARPPRODUCTICON.exe
2009-06-27 15:04 . 2009-06-27 15:04 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}\ARPPRODUCTICON.exe
2009-06-27 15:04 . 2009-06-27 15:04 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{6AF75C96-2093-51F4-0412-501CB317A7F9}\ARPPRODUCTICON.exe
2009-06-27 15:04 . 2009-06-27 15:04 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}\ARPPRODUCTICON.exe
2009-06-27 15:04 . 2009-06-27 15:04 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}\ARPPRODUCTICON.exe
2009-06-27 15:04 . 2009-06-27 15:04 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{8BE3174F-3BFE-8822-4493-A0519D1E4E94}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{137C5C08-8B6F-497A-1529-502359B3BA88}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{B02A3921-F7B7-C73F-395B-8172C9EE4006}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{5B701396-48C3-A3FA-43DB-FF975446759C}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{0EA06F05-4320-E4DC-4374-E6C0986C964D}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}\ARPPRODUCTICON.exe
2009-06-27 15:02 . 2009-06-27 15:02 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}\ARPPRODUCTICON.exe
2009-06-27 15:01 . 2009-06-27 15:01 9158 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}\NewShortcut1_45160C5661F6468DA5B09FAE2C3E68D6.exe
2009-06-27 15:01 . 2009-06-27 15:01 10134 ----a-r- c:\documents and settings\AlFahdawy\Application Data\Microsoft\Installer\{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}\ARPPRODUCTICON.exe
2009-06-27 14:47 . 2009-06-27 14:47 -------- d-----w- c:\program files\microsoft frontpage
2009-06-27 14:43 . 2009-06-27 14:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-07 15:32 . 2004-08-03 23:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-08-03 23:56 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-03 22:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 23:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-11-17 348249]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone\PowerForPhone.exe" [2006-06-29 774144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"protect_autorun"="f:\الشامل\البرامج\برامج منوعه\cpe17antiautorun1330.exe" [2009-02-11 139264]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\AlFahdawy\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-5-24 49152]
CAPI Monitor.lnk - c:\program files\NT1+Multi\calltray.exe [2009-6-27 147456]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2009-6-27 491520]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D /k:E /k:F *
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [28/06/2007 08:45 م 131472]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [27/06/2009 06:22 م 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [27/06/2009 06:22 م 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [27/06/2009 06:22 م 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/06/2009 06:22 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [27/06/2009 06:22 م 434945]
R2 capi;ELCON NT1+Multi Driver capi;c:\windows\system32\drivers\capi.sys [27/06/2009 06:31 م 28723]
R2 capifw;ELCON NT1+Multi Driver capifw;c:\windows\system32\drivers\capifw.sys [27/06/2009 06:31 م 225332]
R2 fwmm;ELCON NT1+Multi Driver fwmm;c:\windows\system32\drivers\fwmm.sys [27/06/2009 06:31 م 26686]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [27/06/2009 06:22 م 69632]
R3 l1utah;ELCON NT1+Multi Driver l1utah;c:\windows\system32\drivers\l1utah.sys [27/06/2009 06:31 م 61794]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [27/06/2009 06:20 م 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [27/06/2009 06:20 م 7808]
R3 vmdmc;ELCON VCOMM Port Driver;c:\windows\system32\drivers\vmdmc.sys [27/06/2009 06:30 م 355953]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [27/06/2009 06:16 م 54432]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 03:28 ص 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 02:49 ص 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 03:28 ص 369688]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-11 19:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = c:\windows\system32\userinit.exe,????$?|_'?|??@???A?????????????'$?|?'?|??@?,????????????????????'?|X?????A?????????~??|??@???A????????|????A?????????????B~??@?k???????????????????Y|B~????????????????????$W@???????@?0???????0g@???????????@???????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):16,b3,52,2c,60,22,3a,60,53,45,3a,1c,27,42,f5,b7,3d,f2,13,b3,bd,
78,3f,d8,63,3e,fa,38,08,5f,e9,f0,62,ea,0f,cd,a1,50,80,9c,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{885dd296-923f-4c36-ac8d-7c1b7a2e1fc6}]
@Denied: (Full) (Everyone)
"Model"=dword:000000bf
"Therad"=dword:0000000e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1408)
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2732)
c:\program files\ASUS\Asus MultiFrame\HookTitle.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-11 19:19
ComboFix-quarantined-files.txt 2009-07-11 16:19
ComboFix2.txt 2009-07-11 15:36
ComboFix3.txt 2009-06-29 11:48
Pre-Run: 26,409,492,480 bytes free
Post-Run: 26,387,349,504 bytes free
303 --- E O F --- 2009-07-06 09:01
 
تأييد 0
وهذه ثاني مرة ارفعه من غير الانتظار
 
تأييد 0
اخواني في الله لماذا تظهر لي هذه النافذه عند تشغيل اداة combofix مع العلم ان احفظها على سطح المكتب ولا اقوم بتغير اسمها



19071430053940.jpg
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى