بطء بالجهاز واستفسار عن svchost

  • بادئ الموضوع بادئ الموضوع Rmmomy
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,639
R

Rmmomy

زيزوومي جديد
إنضم
8 يوليو 2009
المشاركات
35
مستوى التفاعل
0
النقاط
40
غير متصل
اخواني الكرام منذ فترة وأنا ألاحظ بطء في كمبيوتري ..

المهم فتحت إدارة المهام ...

لاحظت برنامج متشعب في جهازي إسمه svchost.exe

هل هذا فيروس ؟؟

وهذه صورة ... شوفوا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
هذا من ملفات النظام وعذرا بنقل الموضوع للقسم الانسب مع تعديل العنوان حسب القوانين
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
حتى بعض الأحيان فجأة تطلع لي هذه الرسالة .... وينقطع النت

ويخبص الجهاز ... اضطر اعيده



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Demo-dash قال:
اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​
أنقر للتوسيع...


أخي الفاضل طلع مستند نصي مكتب فيه :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:10:27 ص, on 13/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Desktop\IDMan.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchrObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\FILERA~1\Searchr.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [Vista Eyes] C:\Program Files\Vista Eyes 2.0\VistaEyes.exe
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "User"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\User\Desktop\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "User"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-HCSIN.lnk = C:\Documents and Settings\User\Desktop\Virus Removal Tool\is-HCSIN\startup.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\User\Desktop\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\User\Desktop\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\User\Desktop\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B94FC04-90EE-4264-90C8-8A0F264C0303}: NameServer = 84.23.102.172 84.23.101.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B94FC04-90EE-4264-90C8-8A0F264C0303}: NameServer = 84.23.102.172 84.23.101.84
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
--
End of file - 9636 bytes

 
تأييد 0
مرحبا .. عطل الكاسبر كليك يمين من جنب الساعه ثم Exit


وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
هذا اللي طلع يا أخوي :b: والله بهذلتني هذه المشكلة :mad:


ComboFix 09-07-12.03 - User 07/13/2009 5:31.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.511.249 [GMT 3:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1060284298-484061587-725345543-1007
c:\recycler\S-1-5-21-1060284298-484061587-725345543-500
c:\windows\hosts
c:\windows\Installer\106c2df.msi
c:\windows\Installer\1ddb49.msi
c:\windows\Installer\348eea.msp
c:\windows\Installer\348ef5.msp
c:\windows\Installer\348efd.msp
c:\windows\Installer\51519.msi
c:\windows\Installer\75c397.msp
c:\windows\Installer\75c3d6.msp
c:\windows\Installer\75c3ee.msp
c:\windows\Installer\75c405.msp
c:\windows\svchost.ini
c:\windows\system32\user32.dat
c:\windows\system32\atmpvcn.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys

((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.
2009-07-13 01:29 . 2009-07-13 01:29 932368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-13 01:29 . 2009-07-13 01:29 678416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-13 01:29 . 2009-07-13 01:29 604688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-13 01:29 . 2009-07-13 01:29 1096208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-13 01:29 . 2009-07-13 01:29 522768 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-09 03:31 . 2009-07-09 03:31 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-09 03:31 . 2009-07-09 03:31 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-08 15:26 . 2009-07-13 03:38 52795424 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-08 00:03 . 2009-07-08 00:03 -------- d-----w- c:\documents and settings\tazebama.dl_
2009-07-07 23:29 . 2008-07-08 11:54 148496 ----a-w- c:\windows\system32\drivers\49012684.sys
2009-07-07 17:41 . 2009-07-07 20:12 -------- d-----w- c:\windows\system32\SupportAppXL
2009-07-07 17:32 . 2009-07-07 17:32 122368 ----a-w- c:\windows\system32\catsr.dll
2009-07-07 16:23 . 2009-07-07 16:23 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-07 15:47 . 2009-07-07 15:47 -------- d-----w- c:\windows\system32\f
2009-07-04 23:56 . 2009-07-04 23:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InterVideo
2009-07-04 23:56 . 2008-04-01 18:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-07-04 23:56 . 2008-04-01 18:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-07-04 23:56 . 2008-04-01 18:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-07-04 23:56 . 2008-04-01 18:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-07-04 23:56 . 2008-04-01 18:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-07-04 23:56 . 2008-04-01 18:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2009-07-04 23:40 . 2009-07-05 01:05 -------- d-----w- c:\program files\Corel
2009-07-04 23:40 . 2009-07-04 23:40 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2009-07-03 12:48 . 2009-07-03 12:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 12:45 . 2009-07-03 12:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-07-03 12:10 . 2009-07-03 12:10 59992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe
2009-07-02 20:25 . 2009-07-10 16:41 -------- d-----w- c:\program files\FXTS2
2009-07-02 20:25 . 2009-07-02 20:25 -------- d-----w- c:\program files\Candleworks
2009-07-01 17:51 . 2009-07-11 18:45 3638 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_66b46747.exe
2009-07-01 17:51 . 2009-07-11 18:45 3638 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_43654e38.exe
2009-07-01 17:51 . 2009-07-11 18:45 3638 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_159f4fe2.exe
2009-07-01 17:51 . 2009-07-11 18:45 1078 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_2f0c549b.exe
2009-07-01 17:51 . 2009-07-11 18:45 1078 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E1A96E9C-6E4A-4209-B03A-60B8E81E0FC3}\_2ba528e2.exe
2009-07-01 17:51 . 2009-07-11 23:01 -------- d-----w- c:\program files\blueMSX
2009-06-27 15:22 . 2009-06-27 15:36 -------- d-----w- c:\windows\Themes
2009-06-27 15:01 . 2009-06-27 15:01 -------- d-----w- c:\program files\Vista Eyes 2.0
2009-06-27 14:58 . 2009-06-27 14:58 -------- d-----w- c:\program files\Watermill 3D Screensaver
2009-06-27 14:58 . 2008-03-31 09:11 844800 ----a-w- c:\windows\system32\Watermill_3D_Screensaver.scr
2009-06-27 14:58 . 2008-03-31 09:11 9029120 ----a-w- c:\windows\system32\Watermill 3D Screensaver.exe
2009-06-27 14:56 . 2009-06-27 14:56 -------- d-----w- c:\program files\Ancient Castle 3D Screensaver
2009-06-27 14:54 . 2009-06-27 14:54 -------- d-----w- c:\program files\The Lost Watch 3D Screensaver
2009-06-27 14:54 . 2009-01-19 23:59 972288 ----a-w- c:\windows\system32\The_Lost_Watch_3D_Screensaver.scr
2009-06-27 14:54 . 2009-01-19 23:59 3133440 ----a-w- c:\windows\system32\The Lost Watch 3D Screensaver.exe
2009-06-27 14:52 . 2009-06-27 14:52 -------- d-----w- c:\program files\Discovery 3D Screensaver
2009-06-27 14:52 . 2008-03-31 08:55 5051392 ----a-w- c:\windows\system32\Discovery 3D Screensaver.exe
2009-06-27 14:52 . 2008-03-28 15:33 854528 ----a-w- c:\windows\system32\Discovery_3D_Screensaver.scr
2009-06-27 14:44 . 2009-06-27 14:44 -------- d-----w- c:\program files\Fantasy Moon 3D Screensaver
2009-06-27 14:44 . 2008-03-31 08:52 3848192 ----a-w- c:\windows\system32\Fantasy Moon 3D Screensaver.exe
2009-06-27 14:44 . 2008-03-28 15:28 844288 ----a-w- c:\windows\system32\Fantasy_Moon_3D_Screensaver.scr
2009-06-27 14:30 . 2009-06-27 14:30 -------- d-----w- c:\windows\system32\3Planesoft
2009-06-27 14:30 . 2009-06-27 14:30 -------- d-----w- c:\program files\3Planesoft Screensaver Manager
2009-06-27 14:30 . 2009-04-21 11:47 659968 ----a-w- c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2009-06-27 11:17 . 2009-06-27 11:19 -------- d-----w- c:\documents and settings\User\Application Data\Marine Aquarium 3
2009-06-27 11:17 . 2009-01-28 13:14 6234112 ----a-w- c:\windows\system32\MarineAquarium3.scr
2009-06-24 14:26 . 2009-07-10 21:53 -------- d-----w- c:\documents and settings\User\Application Data\Folder Guard
2009-06-24 14:20 . 2009-07-10 21:53 -------- d-----w- c:\program files\Folder Guard Pro
2009-06-22 03:13 . 2009-07-07 20:11 -------- d-----w- C:\maar95
2009-06-21 22:42 . 2009-06-21 22:42 -------- d-----w- c:\documents and settings\User\Application Data\URSoft
2009-06-21 22:42 . 2009-06-21 22:42 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-21 22:21 . 2009-06-21 22:22 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Hotspot_Shield
2009-06-17 13:37 . 2009-06-21 22:59 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Conduit
2009-06-17 13:34 . 2009-06-21 22:59 -------- d-----w- c:\program files\Conduit
2009-06-17 13:34 . 2009-06-21 22:59 -------- d-----w- c:\program files\Hotspot_Shield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 03:37 . 2008-09-28 04:10 -------- d-----w- c:\documents and settings\User\Application Data\DMCache
2009-07-13 02:39 . 2009-07-08 15:26 618668 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-13 02:37 . 2007-09-25 01:52 108288 ----a-w- c:\windows\system32\atmpvcn.dll
2009-07-13 01:12 . 2008-02-27 18:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2009-07-12 23:37 . 2008-02-27 18:15 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-12 23:34 . 2008-01-25 21:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2009-07-12 22:47 . 2007-08-21 07:16 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-12 21:27 . 2009-04-22 09:22 95744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-07-12 08:06 . 2009-05-24 12:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-08 15:53 . 2008-11-07 15:05 -------- d-----w- c:\program files\Internet Download Manager
2009-07-08 15:26 . 2004-11-03 08:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 07:45 . 2006-08-22 15:45 157464 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 07:31 . 2006-08-22 20:41 -------- d-----w- c:\documents and settings\User\Application Data\Ulead Systems
2009-07-04 23:54 . 2005-11-02 00:04 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-29 22:19 . 2007-08-13 07:09 -------- d-----w- c:\program files\BitComet
2009-06-27 14:31 . 2004-06-02 02:53 -------- d-----w- c:\program files\MSN Messenger
2009-06-27 11:17 . 2009-02-06 23:46 -------- d-----w- c:\program files\SereneScreen
2009-06-24 12:21 . 2005-11-02 00:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-06-22 01:14 . 2007-10-05 22:02 5120 ----a-w- c:\windows\system32\drivers\ydvudvwe.dat
2009-06-21 23:26 . 2008-09-23 09:15 -------- d-----w- c:\program files\BT Engine
2009-06-21 23:24 . 2008-08-12 04:18 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-17 12:24 . 2008-04-29 16:02 -------- d-----w- c:\program files\Google
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 14:46 . 2009-05-13 14:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
.
------- Sigcheck -------
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\backup\tcpip.sys
[-] 2009-02-23 07:04 359808 DE891AD282E856ACFD40990094A63B6F c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-02-23 07:04 359808 DE891AD282E856ACFD40990094A63B6F c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2003-10-08 198144]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"IDMan"="c:\documents and settings\User\Desktop\IDMan.exe" [2008-12-15 2594224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160]
"FG_Monitor"="c:\program files\Folder Guard Pro\FGKey.exe" [2008-01-04 118600]
"Vista Eyes"="c:\program files\Vista Eyes 2.0\VistaEyes.exe" [2005-01-01 606208]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="c:\program files\Webroot\Washer\WashIdx.exe" [2003-10-08 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2004-11-9 192512]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinManager.lnk - c:\program files\PC-TV\WinManager\WinManager.exe [2008-12-24 49152]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-6-2 118784]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BitComet\\BitCometTracker_0.5\\BitCometTracker.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\User\\Desktop\\IDMan.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23663:TCP"= 23663:TCP:BitComet 23663 TCP
"23663:UDP"= 23663:UDP:BitComet 23663 UDP
"26936:TCP"= 26936:TCP:BitComet 26936 TCP
"26936:UDP"= 26936:UDP:BitComet 26936 UDP
"24473:TCP"= 24473:TCP:BitComet 24473 TCP
"24473:UDP"= 24473:UDP:BitComet 24473 UDP
"24656:TCP"= 24656:TCP:BitComet 24656 TCP
"24656:UDP"= 24656:UDP:BitComet 24656 UDP
"27382:TCP"= 27382:TCP:BitComet 27382 TCP
"27382:UDP"= 27382:UDP:BitComet 27382 UDP
"27443:TCP"= 27443:TCP:BitComet 27443 TCP
"27443:UDP"= 27443:UDP:BitComet 27443 UDP
"25196:TCP"= 25196:TCP:BitComet 25196 TCP
"25196:UDP"= 25196:UDP:BitComet 25196 UDP
"65534:TCP"= 65534:TCP:BitComet 65534 TCP
"65534:UDP"= 65534:UDP:BitComet 65534 UDP
"23312:TCP"= 23312:TCP:BitComet 23312 TCP
"23312:UDP"= 23312:UDP:BitComet 23312 UDP
"7282:TCP"= 7282:TCP:BitComet 7282 TCP
"7282:UDP"= 7282:UDP:BitComet 7282 UDP
"21482:TCP"= 21482:TCP:BitComet 21482 TCP
"21482:UDP"= 21482:UDP:BitComet 21482 UDP
"27214:TCP"= 27214:TCP:BitComet 27214 TCP
"27214:UDP"= 27214:UDP:BitComet 27214 UDP
"27737:TCP"= 27737:TCP:BitComet 27737 TCP
"27737:UDP"= 27737:UDP:BitComet 27737 UDP
"8194:TCP"= 8194:TCP:BitComet 8194 TCP
"8194:UDP"= 8194:UDP:BitComet 8194 UDP
"26720:TCP"= 26720:TCP:BitComet 26720 TCP
"26720:UDP"= 26720:UDP:BitComet 26720 UDP
"24520:TCP"= 24520:TCP:BitComet 24520 TCP
"24520:UDP"= 24520:UDP:BitComet 24520 UDP
"25142:TCP"= 25142:TCP:BitComet 25142 TCP
"25142:UDP"= 25142:UDP:BitComet 25142 UDP
"25818:TCP"= 25818:TCP:BitComet 25818 TCP
"25818:UDP"= 25818:UDP:BitComet 25818 UDP
"19352:TCP"= 19352:TCP:BitComet 19352 TCP
"19352:UDP"= 19352:UDP:BitComet 19352 UDP
"30997:TCP"= 30997:TCP:BitComet 30997 TCP
"30997:UDP"= 30997:UDP:BitComet 30997 UDP
"44166:TCP"= 44166:TCP:BitComet 44166 TCP
"44166:UDP"= 44166:UDP:BitComet 44166 UDP
"26883:TCP"= 26883:TCP:BitComet 26883 TCP
"26883:UDP"= 26883:UDP:BitComet 26883 UDP
"62232:TCP"= 62232:TCP:BitComet 62232 TCP
"62232:UDP"= 62232:UDP:BitComet 62232 UDP
"23021:TCP"= 23021:TCP:BitComet 23021 TCP
"23021:UDP"= 23021:UDP:BitComet 23021 UDP
"24432:TCP"= 24432:TCP:BitComet 24432 TCP
"24432:UDP"= 24432:UDP:BitComet 24432 UDP
"27376:TCP"= 27376:TCP:BitComet 27376 TCP
"27376:UDP"= 27376:UDP:BitComet 27376 UDP
"26037:TCP"= 26037:TCP:BitComet 26037 TCP
"26037:UDP"= 26037:UDP:BitComet 26037 UDP
"26432:TCP"= 26432:TCP:BitComet 26432 TCP
"26432:UDP"= 26432:UDP:BitComet 26432 UDP
"26323:TCP"= 26323:TCP:BitComet 26323 TCP
"26323:UDP"= 26323:UDP:BitComet 26323 UDP
"25672:TCP"= 25672:TCP:BitComet 25672 TCP
"25672:UDP"= 25672:UDP:BitComet 25672 UDP
"27617:TCP"= 27617:TCP:BitComet 27617 TCP
"27617:UDP"= 27617:UDP:BitComet 27617 UDP
"26212:TCP"= 26212:TCP:BitComet 26212 TCP
"26212:UDP"= 26212:UDP:BitComet 26212 UDP
"25128:TCP"= 25128:TCP:BitComet 25128 TCP
"25128:UDP"= 25128:UDP:BitComet 25128 UDP
"27115:TCP"= 27115:TCP:BitComet 27115 TCP
"27115:UDP"= 27115:UDP:BitComet 27115 UDP
"44402:TCP"= 44402:TCP:BitComet 44402 TCP
"44402:UDP"= 44402:UDP:BitComet 44402 UDP
"24309:TCP"= 24309:TCP:BitComet 24309 TCP
"24309:UDP"= 24309:UDP:BitComet 24309 UDP
"24349:TCP"= 24349:TCP:BitComet 24349 TCP
"24349:UDP"= 24349:UDP:BitComet 24349 UDP
"24745:TCP"= 24745:TCP:BitComet 24745 TCP
"24745:UDP"= 24745:UDP:BitComet 24745 UDP
"26120:TCP"= 26120:TCP:BitComet 26120 TCP
"26120:UDP"= 26120:UDP:BitComet 26120 UDP
"24149:TCP"= 24149:TCP:BitComet 24149 TCP
"24149:UDP"= 24149:UDP:BitComet 24149 UDP
"27102:TCP"= 27102:TCP:BitComet 27102 TCP
"27102:UDP"= 27102:UDP:BitComet 27102 UDP
"25088:TCP"= 25088:TCP:BitComet 25088 TCP
"25088:UDP"= 25088:UDP:BitComet 25088 UDP
"27657:TCP"= 27657:TCP:BitComet 27657 TCP
"27657:UDP"= 27657:UDP:BitComet 27657 UDP
"26004:TCP"= 26004:TCP:BitComet 26004 TCP
"26004:UDP"= 26004:UDP:BitComet 26004 UDP
"25007:TCP"= 25007:TCP:BitComet 25007 TCP
"25007:UDP"= 25007:UDP:BitComet 25007 UDP
"25281:TCP"= 25281:TCP:BitComet 25281 TCP
"25281:UDP"= 25281:UDP:BitComet 25281 UDP
"24727:TCP"= 24727:TCP:BitComet 24727 TCP
"24727:UDP"= 24727:UDP:BitComet 24727 UDP
"27123:TCP"= 27123:TCP:BitComet 27123 TCP
"27123:UDP"= 27123:UDP:BitComet 27123 UDP
"25888:TCP"= 25888:TCP:BitComet 25888 TCP
"25888:UDP"= 25888:UDP:BitComet 25888 UDP
"24901:TCP"= 24901:TCP:BitComet 24901 TCP
"24901:UDP"= 24901:UDP:BitComet 24901 UDP
"24856:TCP"= 24856:TCP:BitComet 24856 TCP
"24856:UDP"= 24856:UDP:BitComet 24856 UDP
"26854:TCP"= 26854:TCP:BitComet 26854 TCP
"26854:UDP"= 26854:UDP:BitComet 26854 UDP
"24592:TCP"= 24592:TCP:BitComet 24592 TCP
"24592:UDP"= 24592:UDP:BitComet 24592 UDP
"25223:TCP"= 25223:TCP:BitComet 25223 TCP
"25223:UDP"= 25223:UDP:BitComet 25223 UDP
"27303:TCP"= 27303:TCP:BitComet 27303 TCP
"27303:UDP"= 27303:UDP:BitComet 27303 UDP
"26954:TCP"= 26954:TCP:BitComet 26954 TCP
"26954:UDP"= 26954:UDP:BitComet 26954 UDP
"25510:TCP"= 25510:TCP:BitComet 25510 TCP
"25510:UDP"= 25510:UDP:BitComet 25510 UDP
"26482:TCP"= 26482:TCP:BitComet 26482 TCP
"26482:UDP"= 26482:UDP:BitComet 26482 UDP
"26800:TCP"= 26800:TCP:BitComet 26800 TCP
"26800:UDP"= 26800:UDP:BitComet 26800 UDP
"25893:TCP"= 25893:TCP:BitComet 25893 TCP
"25893:UDP"= 25893:UDP:BitComet 25893 UDP
"26372:TCP"= 26372:TCP:BitComet 26372 TCP
"26372:UDP"= 26372:UDP:BitComet 26372 UDP
"25760:TCP"= 25760:TCP:BitComet 25760 TCP
"25760:UDP"= 25760:UDP:BitComet 25760 UDP
"26531:TCP"= 26531:TCP:BitComet 26531 TCP
"26531:UDP"= 26531:UDP:BitComet 26531 UDP
"25134:TCP"= 25134:TCP:BitComet 25134 TCP
"25134:UDP"= 25134:UDP:BitComet 25134 UDP
"26420:TCP"= 26420:TCP:BitComet 26420 TCP
"26420:UDP"= 26420:UDP:BitComet 26420 UDP
"8127:TCP"= 8127:TCP:yiclrzn
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R0 wgaucvfj;wgaucvfj;c:\windows\system32\drivers\qhgnkqdt.dat --> c:\windows\system32\drivers\qhgnkqdt.dat [?]
R1 is-HCSINdrv;is-HCSINdrv;c:\windows\system32\drivers\49012684.sys [08/07/2009 02:29 ص 148496]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [03/06/2008 10:12 ص 87264]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [24/06/2009 05:20 م 54008]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [10/09/2007 06:33 ص 35200]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [23/02/2009 02:40 ص 100096]
R3 DstAudio;DstAudio;c:\windows\system32\drivers\DstAudio.sys [24/12/2008 07:01 م 8506]
R3 DstVideo;DstVideo;c:\windows\system32\drivers\DstVideo.sys [02/01/2002 01:40 ص 19171]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [12/10/2006 10:49 ص 20352]
S3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [20/06/2004 10:28 ص 10330]
S3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [20/06/2004 10:28 ص 25600]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\drivers\swnc8u12.sys [12/03/2007 04:17 م 102272]
S3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\drivers\swumx12.sys [12/03/2007 04:18 م 72576]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xdhaqhumj
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Device Detector - DevDetect.exe
HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-SystemBackup - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download all links with IDM - c:\documents and settings\User\Desktop\IEGetAll.htm
IE: Download FLV video content with IDM - c:\documents and settings\User\Desktop\IEGetVL.htm
IE: Download with IDM - c:\documents and settings\User\Desktop\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-13 06:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wgaucvfj]
"ImagePath"="system32\drivers\qhgnkqdt.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C18270C8-376E-A2EF-24B0-8DDAF38497FF}*]
"bbpnjocnlhdhnanbledblhfejfajjaejloom"=hex:61,62,62,61,6a,63,68,6f,6f,62,62,6d,
66,63,6b,6e,66,6a,6d,62,6d,6b,65,61,61,64,63,69,62,66,66,67,6c,6f,00,77
"abpnjocnlhdhnanblegaeglcoflbpfadem"=hex:61,62,6b,63,6c,66,6d,6b,6d,67,6f,69,
68,64,63,66,6b,69,6b,67,6a,69,63,68,6d,64,69,6d,70,67,62,61,70,70,00,77
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):15,95,42,fe,a4,85,31,56,e3,c4,d5,cc,01,2b,63,98,c0,8f,35,8f,53,
24,1d,d8,14,bf,2a,e5,1d,f3,d2,86,5d,bb,73,97,9c,eb,7d,cd,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b4bd4802-9bd2-4df7-9f56-4954b386f24f}]
@Denied: (Full) (Everyone)
"Model"=dword:0000004a
"Therad"=dword:0000001c
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,d1,61,5e,4b,94,f6,05,68,a0,c2,32,b4,ba,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3868)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\progra~1\FOLDER~1\FGKey.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\Webshots\webshots.scr
.
**************************************************************************
.
Completion time: 2009-07-13 6:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 03:43
Pre-Run: 3,225,677,824 bytes free
Post-Run: 3,737,018,368 bytes free
420

 
تأييد 0
ودايماً تطلع هذه الرسالة فجأة وتقطع الأتصال ...

وبعدها ما يتصل إلا إذا عدت تشغيل الكمبيوتر !

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
UP
 
تأييد 0
مرحباً ...

عن أذن حبيبي ديمو ...

أعمل التالي ...

hacker قال:
قم بتحميل التحديثين التاليين

إذا كان النظام انجليزي أو انجليزي معرب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


----------------

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


********************

اما إذا كان النظام عربي من الاساس حمل التحديث التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


-----------------

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وقم بتثبيته على جهازك

وبعدها قم بحذف الملفات التالية عن طريق الوضع الامن

اكتب الاوامر التالية واحداً تلو الاخر

في قائمة تشغيل run عن طريق قائمة ابدأ

وسيفتح معك مجلد يحتوي على ملفات

تقوم بحذفه بالضغط على shift + delete

الأوامر

الأوامر

temp

%temp%

prefetch

recent

ثم كتابة الامر التالي

cleanmgr
أنقر للتوسيع...

+

ريستارد للجهاز ...

و بعدين هات لنتيجة ...
 
توقيع : MMA_LORD_735
تأييد 0
الأخ lord إذا سمحت !

كيف أعرف ما هو نوع النظام الذي عندي ؟

هو عربي ... لكن ما أدري هل عربي من الأساس ... أو انجلبزي معرب
 
تأييد 0
lord ???
 
تأييد 0
Rmmomy قال:
ودايماً تطلع هذه الرسالة فجأة وتقطع الأتصال ...

وبعدها ما يتصل إلا إذا عدت تشغيل الكمبيوتر !

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...

هذا حل المشكلة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبالنسبه لرد اخي الغالي لورد قم بتحميل الملفين كلها

كلها حجمها 4 ميقا

سوف يتثبت احداهما
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
أخي الغالي ديمو ربي يحفظك ... هل من طريقه لأعرف ما نوع النظام عندي ؟

طبعاً هو عربي .. لكن ما أدري عربي من الأساس أو انجليزي معرب
 
تأييد 0
سويت تثبيت الانجليزي .. نجح

لكن لما سويت العربي ... رفض وطلع مكتوب لا يمكن التثبيت لأن اللغة على النظام تختلف عن لغة التحديث

معناه ان جهازي انجليزي من الأساس لكن معرب ... بارك الله فيك دنيا وآخرة ... أخوك رامي
 
تأييد 0
وياك يالغالي

بعد ماتسوي الي بالموضوع وتثبيت التحديثات شوف هل زالت المشاكل ام لا
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Demo-dash قال:
وياك يالغالي​



بعد ماتسوي الي بالموضوع وتثبيت التحديثات شوف هل زالت المشاكل ام لا​
أنقر للتوسيع...


والله ما زالت نفس المشكلة يا Demo-dash

شوف توها طلعت لي ..
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
ألا يوجد حل يا أخواني ؟
 
تأييد 0
up
 
تأييد 0
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى