مشكلة في برنامج الكلك 2000 ~

M

MezajyDesign

زيزوومي جديد
إنضم
14 أبريل 2009
المشاركات
10
مستوى التفاعل
0
النقاط
20
الإقامة
..
غير متصل
:
:

سلام عليكم ،،

آخبآركم إن شاء الله مرتاحيـن ~

مبروك عليكم الاجازة الصيفيه :p:


الله لا يهينكم عندي مشكله في برنامج الكلك 2000 :er:


لمن افتحه يطلع لي كذا :er:


klk.jpg


مع العلم اني حملته من كذا رآببط وحذفته وسويت له ستب ثآني مرة ،

وكان الوندوز عندي sp2 وحدثته إلى sp3 :q:

قلت يمكن من الرامات وغيرتها :er:

وللحين نفس البربلم :b:

بإنتظار مساعدتكم :u:

أهم شي لا أحد يقولي فورمات لأن النسخه الي مثبت أصلية والسيدي مدري وين طار :d:

وهذا تقرير شفت العالم كلها مسلمة تقارير حالات قلت تقرير تقرير وش نسوي <- تقرير طبي خخخ :d:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:58:28 م, on 11/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{7CE0543D-FA47-42FF-AC6A-6843D2A42783}: NameServer = 192.168.1.254,192.168.1.255
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 9015 bytes




:er:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حياك اخوي

اعمل الاتي
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 
توقيع : KoNaMi
تأييد 0
ComboFix 09-07-09.08 - MezajyDesign 07/11/2009 18:24.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2302.1771 [GMT 3:00]
Running from: c:\documents and settings\MezajyDesign\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\78f69.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.
2009-07-11 13:58 . 2009-07-11 13:58 -------- d-----w- c:\program files\Trend Micro
2009-07-11 13:11 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-11 12:50 . 2008-04-14 15:59 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-11 12:50 . 2001-09-18 11:05 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-11 12:50 . 2008-04-14 15:59 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-11 12:50 . 2001-09-18 11:06 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-11 12:50 . 2001-09-18 11:06 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-11 12:50 . 2001-09-18 11:06 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-07-11 12:50 . 2001-08-17 09:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-07-11 12:50 . 2004-08-03 19:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-11 12:50 . 2004-08-03 19:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-07-11 12:50 . 2008-04-14 15:59 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-07-11 12:49 . 2004-08-03 19:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-07-11 12:49 . 2001-09-18 10:38 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-07-11 12:47 . 2001-08-17 09:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-07-11 12:46 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-11 12:45 . 2001-08-17 09:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-07-11 12:44 . 2001-08-17 09:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-07-11 12:43 . 2001-09-18 11:05 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2009-07-11 12:42 . 2001-09-18 10:27 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-07-11 12:41 . 2001-08-17 09:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-07-11 12:40 . 2001-08-17 10:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2009-07-11 12:39 . 2001-08-17 09:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2009-07-11 12:39 . 2008-04-13 18:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2009-07-11 12:39 . 2001-09-18 11:03 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-07-11 12:39 . 2001-08-17 09:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-07-11 12:39 . 2001-08-17 09:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-07-11 12:39 . 2001-09-18 10:46 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-07-11 12:39 . 2001-08-17 10:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-07-11 12:39 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-07-11 12:39 . 2001-08-17 09:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-07-11 12:39 . 2001-08-17 09:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-07-11 12:39 . 2001-08-17 09:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-07-11 12:39 . 2004-08-03 21:48 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-07-11 12:37 . 2001-08-17 11:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-07-11 12:37 . 2001-08-17 10:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-07-11 12:37 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-07-11 12:37 . 2001-08-17 10:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-07-11 12:35 . 2001-08-17 10:28 797500 -c--a-w- c:\windows\system32\dllcache\ltsmt.sys
2009-07-11 12:34 . 2008-04-14 15:58 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-07-11 12:33 . 2001-09-18 11:04 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-07-11 12:32 . 2001-08-17 10:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-07-11 12:31 . 2008-04-13 18:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2009-07-11 12:30 . 2001-08-17 09:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2009-07-11 12:29 . 2001-09-18 10:46 629984 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2009-07-11 12:28 . 2001-08-17 09:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2009-07-11 12:27 . 2001-09-18 11:03 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2009-07-11 12:26 . 2001-09-18 11:03 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2009-07-11 12:25 . 2001-09-18 10:31 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-07-11 12:24 . 2001-09-18 11:03 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2009-07-11 12:23 . 2001-08-17 11:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-07-11 12:22 . 2001-09-18 11:03 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-07-11 08:09 . 2009-07-11 08:09 -------- d-----w- c:\windows\l2schemas
2009-07-11 08:09 . 2009-07-11 08:09 -------- d-----w- c:\windows\system32\ar
2009-07-11 08:09 . 2009-07-11 08:09 -------- d-----w- c:\windows\system32\bits
2009-07-11 08:06 . 2009-07-11 08:10 -------- d-----w- c:\windows\ServicePackFiles
2009-07-11 04:30 . 2004-08-03 19:29 73216 -c--a-w- c:\windows\system32\dllcache\atintuxx.sys
2009-07-11 03:47 . 2009-07-11 03:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-11 03:40 . 2009-07-11 03:40 -------- d-----w- c:\windows\ie8updates
2009-07-11 03:35 . 2009-07-11 03:35 -------- d-----w- c:\program files\MSXML 4.0
2009-07-11 03:10 . 2008-06-14 17:31 271616 -c--a-w- c:\windows\system32\dllcache\bthport.sys
2009-07-11 03:10 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-11 03:07 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-11 03:07 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-11 03:07 . 2009-04-30 21:13 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-11 03:07 . 2009-04-30 21:13 11064832 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2009-07-11 03:04 . 2009-02-09 11:22 2146816 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-11 03:04 . 2009-02-09 11:22 2025472 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-11 02:46 . 2009-07-11 13:19 -------- d--h--w- c:\windows\$hf_mig$
2009-07-11 02:28 . 2009-07-11 02:28 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-11 02:28 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-11 02:28 . 2009-07-11 02:28 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-11 02:27 . 2009-07-11 02:27 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-11 02:26 . 2009-07-11 02:26 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-10 10:38 . 2009-07-10 10:38 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-10 10:38 . 2009-07-10 10:38 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-10 10:38 . 2009-07-10 10:38 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-10 10:38 . 2009-07-10 10:38 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-10 10:38 . 2009-07-10 10:38 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-10 10:37 . 2009-07-10 10:37 296976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-10 10:37 . 2009-07-10 10:37 128016 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-10 10:37 . 2009-07-10 10:37 296976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-10 10:37 . 2009-07-10 10:37 128016 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-10 10:24 . 2009-07-10 10:24 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-10 10:21 . 2009-07-10 10:21 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-10 10:21 . 2009-07-10 10:21 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-10 10:20 . 2009-07-11 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-10 10:20 . 2009-07-10 10:20 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-10 10:07 . 2009-07-10 10:07 172032 ------w- c:\windows\Setup1.exe
2009-07-10 10:07 . 2009-07-10 10:07 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-07-10 10:07 . 2009-07-10 10:07 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-10 10:04 . 2009-07-10 10:05 468326 ----a-w- c:\documents and settings\MezajyDesign\Application Data\IDM\DwnlData\MezajyDesign\kis8.0.0.506en_312\kis8.0.0.506en.exe
2009-07-10 10:01 . 2009-07-10 10:03 542113 ----a-w- c:\documents and settings\MezajyDesign\Application Data\IDM\DwnlData\MezajyDesign\kis9.0.0.459EN_310\kis9.0.0.459EN.exe
2009-07-10 02:11 . 2009-07-10 02:11 198064 ----a-w- c:\documents and settings\MezajyDesign\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-09 10:06 . 2009-07-09 10:08 -------- d-----w- c:\program files\Microsoft Expression
2009-07-09 10:05 . 2009-07-09 10:05 -------- d--h--r- C:\MSOCache
2009-07-09 04:49 . 2009-07-09 04:49 -------- d-----w- c:\program files\uTorrent
2009-07-09 04:48 . 2009-07-11 08:19 -------- d-----w- c:\documents and settings\MezajyDesign\Application Data\uTorrent
2009-07-09 01:53 . 2009-07-11 13:26 -------- d-----w- c:\program files\Kelk 2000
2009-07-09 00:57 . 1999-06-17 11:59 28672 ----a-w- c:\windows\system32\Hlsuinst.exe
2009-07-09 00:57 . 2009-07-10 00:50 -------- d-----w- c:\program files\HL-Server
2009-07-09 00:48 . 2008-12-23 06:40 1077248 ----a-w- c:\program files\Common Files\Kelk2K.exe
2009-07-08 23:56 . 2009-07-08 23:56 0 ----a-w- c:\windows\system\PRNCCTt.DRV
2009-07-08 23:55 . 2009-07-08 23:55 -------- d-----w- c:\program files\Sinasoft
2009-07-08 21:57 . 2009-07-09 03:37 -------- d-----w- c:\documents and settings\MezajyDesign\Local Settings\Application Data\Conduit
2009-07-08 21:56 . 2009-07-09 03:37 -------- d-----w- c:\program files\Conduit
2009-07-08 21:56 . 2009-07-09 03:37 -------- d-----w- c:\program files\Hotspot_Shield
2009-07-08 21:55 . 2009-07-08 22:18 -------- d-----w- c:\program files\Hotspot Shield
2009-07-08 19:22 . 2009-07-08 19:22 -------- d-----w- c:\program files\Real Alternative
2009-07-08 19:22 . 2009-07-08 19:22 -------- d-----w- c:\documents and settings\MezajyDesign\Local Settings\Application Data\Real
2009-07-08 07:47 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-08 07:47 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-08 07:47 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-08 07:47 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-08 07:47 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-08 07:47 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-08 07:47 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-08 07:47 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-08 07:47 . 2009-07-08 07:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-08 06:32 . 2008-04-14 15:59 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-08 06:31 . 2004-08-03 21:55 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-08 06:30 . 2009-07-08 06:30 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-08 06:28 . 2009-07-08 06:29 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-07 21:25 . 2009-07-07 21:25 -------- d--h--w- c:\windows\PIF
2009-07-07 06:16 . 2009-07-07 06:16 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 15:37 . 2001-09-19 12:00 57646 ----a-w- c:\windows\system32\perfc001.dat
2009-07-11 15:37 . 2001-09-19 12:00 326182 ----a-w- c:\windows\system32\perfh001.dat
2009-07-11 08:21 . 2009-06-21 17:48 -------- d-----w- c:\program files\Google
2009-07-11 02:27 . 2009-06-21 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-11 02:20 . 2009-06-21 17:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-10 10:37 . 2009-05-24 12:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-10 05:14 . 2009-06-21 17:44 -------- d-----w- c:\program files\Internet Download Manager
2009-07-10 02:08 . 2009-06-21 17:58 611712 ----a-w- c:\documents and settings\MezajyDesign\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 06:46 . 2009-06-21 16:54 -------- d-----w- c:\program files\Common Files\Real
2009-07-08 06:45 . 2009-06-21 16:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-08 06:45 . 2009-06-21 16:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 05:43 . 2009-06-21 17:53 -------- d-----w- c:\program files\Yahoo!
2009-07-08 05:37 . 2009-06-21 16:54 -------- d-----w- c:\program files\Real
2009-07-06 18:14 . 2009-06-21 16:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-03 07:11 . 2009-06-21 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-03 07:10 . 2009-06-21 17:24 -------- d-----w- c:\program files\QuickTime
2009-07-02 00:35 . 2009-06-21 17:52 -------- d-----w- c:\program files\LeapFTP
2009-06-23 22:10 . 2009-06-21 16:29 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-21 18:12 . 2009-06-21 17:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 18:11 . 2009-06-21 18:11 -------- d-----w- c:\program files\Microsoft.NET
2009-06-21 17:58 . 2009-06-21 17:58 -------- d-----w- c:\documents and settings\MezajyDesign\Application Data\TuneUp Software
2009-06-21 17:58 . 2009-06-21 17:58 -------- d-----w- c:\documents and settings\MezajyDesign\Application Data\ATI
2009-06-21 17:53 . 2009-06-21 17:53 -------- d-----w- c:\program files\SWiSHmax
2009-06-21 17:53 . 2009-06-21 17:53 -------- d-----w- c:\program files\CCleaner
2009-06-21 17:49 . 2009-06-21 17:49 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-06-21 17:49 . 2009-06-21 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-06-21 17:49 . 2009-06-21 17:49 -------- d-----w- c:\program files\ACD Systems
2009-06-21 17:47 . 2009-06-21 17:47 2678 ----a-w- c:\windows\java\Packages\Data\BTF1BV9Z.DAT
2009-06-21 17:47 . 2009-06-21 17:47 2678 ----a-w- c:\windows\java\Packages\Data\SZLF1JDN.DAT
2009-06-21 17:47 . 2009-06-21 17:47 2678 ----a-w- c:\windows\java\Packages\Data\Q05BPNBL.DAT
2009-06-21 17:47 . 2009-06-21 17:47 2678 ----a-w- c:\windows\java\Packages\Data\J5VFXRBH.DAT
2009-06-21 17:47 . 2009-06-21 17:47 2678 ----a-w- c:\windows\java\Packages\Data\6NLZZXNX.DAT
2009-06-21 17:45 . 2009-06-21 17:45 2232 ----a-w- c:\windows\java\Packages\Data\9NJZPJJL.DAT
2009-06-21 17:45 . 2009-06-21 17:45 155995 ----a-w- c:\windows\java\Packages\SRV1N9ZJ.ZIP
2009-06-21 17:44 . 2009-06-21 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-06-21 17:44 . 2009-06-21 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-06-21 17:44 . 2009-06-21 17:44 165296 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-21 17:40 . 2009-06-21 17:40 -------- d-----w- c:\program files\CONEXANT
2009-06-21 17:38 . 2009-06-21 17:38 -------- d-----w- c:\program files\Atheros
2009-06-21 17:37 . 2009-06-21 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-06-21 17:36 . 2009-06-21 17:31 -------- d-----w- c:\program files\Realtek
2009-06-21 17:36 . 2009-06-21 17:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-21 17:35 . 2009-06-21 17:35 -------- d-----w- c:\program files\WIDCOMM
2009-06-21 17:34 . 2009-06-21 17:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-06-21 17:29 . 2009-06-21 17:29 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-06-21 17:29 . 2009-06-21 17:28 -------- d-----w- c:\program files\Acoustica Mixcraft 4
2009-06-21 17:28 . 2009-06-21 17:28 -------- d-----w- c:\program files\VST
2009-06-21 17:28 . 2009-06-21 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-06-21 17:27 . 2009-06-21 17:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-06-21 17:20 . 2009-06-21 17:15 -------- d-----w- c:\program files\ATI Technologies
2009-06-21 17:16 . 2009-06-21 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-21 17:14 . 2009-06-21 17:14 -------- d-----w- c:\program files\Launch Manager
2009-06-21 17:13 . 2009-06-21 17:13 -------- d-----w- c:\program files\DIFX
2009-06-21 16:43 . 2009-06-21 16:43 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-21 16:36 . 2009-06-21 16:36 27264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 16:30 . 2009-06-21 16:30 -------- d-----w- c:\program files\microsoft frontpage
2009-06-21 16:25 . 2009-06-21 16:25 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-05 10:57 . 2009-06-05 10:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-05-25 02:21 . 2009-05-25 02:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 02:18 . 2009-05-25 02:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 14:46 . 2008-04-30 14:06 31760 ------w- c:\windows\system32\drivers\klim5.sys
2009-05-13 05:02 . 2004-08-03 21:55 915456 ------w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 21:55 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:47 . 2004-08-03 21:46 1847040 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2004-08-03 21:55 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2004-08-03 21:56 540672 EF34827229B786E17000C5CCD091775F c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 16:00 546304 D0C650E78BC92AFDCAB03CC6457BCF6F c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 16:00 506880 BCEDF9DCCBC807108CE34C9834074C34 c:\windows\SoftwareDistribution\Download\7ddc38335814ac754f158e6c7fa2b6cb\winlogon.exe
[-] 2008-04-14 16:00 546304 D0C650E78BC92AFDCAB03CC6457BCF6F c:\windows\system32\winlogon.exe
[7] 2008-04-14 16:00 506880 BCEDF9DCCBC807108CE34C9834074C34 c:\windows\VistaMizer\old\winlogon.exe
[-] 2008-04-14 15:59 1551360 2ECAC19E272C438B5BF3197C4E15C4B0 c:\windows\explorer.exe
[-] 2004-08-03 21:56 1549824 C399E03BF295C8C5D9D79FFB8028BFBF c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 15:59 1551360 2ECAC19E272C438B5BF3197C4E15C4B0 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 15:59 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\SoftwareDistribution\Download\7ddc38335814ac754f158e6c7fa2b6cb\explorer.exe
[7] 2008-04-14 15:59 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\VistaMizer\old\explorer.exe
[-] 2004-08-03 21:56 25088 D1442B32E926BBD6A3F5674AAAC9EA0E c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 15:59 25088 FBEE0FDB7D471CAFA30B2CB55B0D9130 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 15:59 15360 252F972131EB23596C20B82CA190DC5C c:\windows\SoftwareDistribution\Download\7ddc38335814ac754f158e6c7fa2b6cb\ctfmon.exe
[-] 2008-04-14 15:59 25088 FBEE0FDB7D471CAFA30B2CB55B0D9130 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 15:59 15360 252F972131EB23596C20B82CA190DC5C c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-07-10 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-08 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^REALTEK USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\REALTEK USB Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK USB Wireless LAN Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^SnagIt 9.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\SnagIt 9.lnk
backup=c:\windows\pss\SnagIt 9.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [09/01/2007 07:17 م 20539]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [11/07/2009 05:28 ص 604416]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [21/06/2009 09:12 م 235648]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys --> c:\windows\system32\DRIVERS\br3gmdm.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: {7CE0543D-FA47-42FF-AC6A-6843D2A42783} = 192.168.1.254,192.168.1.255
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://174.36.238.27/imscp/talks3n.cab
FF - ProfilePath - c:\documents and settings\MezajyDesign\Application Data\Mozilla\Firefox\Profiles\6swewt7x.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13928&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\documents and settings\MezajyDesign\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-11 18:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(948)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(3952)
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\MSVCP60.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\dsuiext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-11 18:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 15:40
Pre-Run: 58,551,861,248 bytes free
Post-Run: 58,488,819,712 bytes free
366 --- E O F --- 2009-07-11 03:43
 
تأييد 0
اوكي اخوي الحين هات تقرير جديد للهاجيك
 
توقيع : KoNaMi
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:46:38 م, on 11/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
D:\NeW\مجلد جديد\u95\u95.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{7CE0543D-FA47-42FF-AC6A-6843D2A42783}: NameServer = 192.168.1.254,192.168.1.255
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8523 bytes
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى