جهازي يعلق

ع

عيوون قطر

زيزوومي نشيط
إنضم
7 فبراير 2008
المشاركات
112
مستوى التفاعل
0
النقاط
120
الإقامة
Doha
غير متصل
السلام عليكم ورحمه الله وبركاته


شخباركم


شباب جهازي يعلق وايد عندي ويندوز فيستا


وهذا تقرير هايجك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:52 م, on 21/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\WebCam Control\CamTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TTMessenger\spool\PDFSaver.exe
C:\Program Files\TTMessenger\ttmessenger2.exe
C:\winnt_\winntR2.exe
C:\winnt_\winnt4.exe
C:\winnt_\winnt5.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TTMessengerPDF] "C:\Program Files\TTMessenger\spool\PDFSaver.exe"
O4 - HKCU\..\Run: [TTMessenger] "C:\Program Files\TTMessenger\ttmessenger2.exe"
O4 - HKCU\..\Run: [winntR2] C:\winnt_\winntR2.exe
O4 - HKCU\..\Run: [winnt4] C:\winnt_\winnt4.exe
O4 - HKCU\..\Run: [winnt5] C:\winnt_\winnt5.exe
O4 - HKCU\..\Run: [winnt6] C:\winnt_\winnt6.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\Windows\system32\rserver30\RServer3.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
--
End of file - 11408 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
جهـآزك مفيرس ياغالي :q:​

عطل جميع برامج الحمآية

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
 
توقيع : Corporation
تأييد 0
تفضل اخوي

ComboFix 09-07-20.05 - Mohammed 07/21/2009 22:15.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.974.1033.18.1791.834 [GMT 3:00]
Running from: c:\users\Mohammed\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.
2009-07-21 18:58 . 2009-07-21 18:58 -------- d-----w- c:\program files\Trend Micro
2009-07-21 10:14 . 2009-07-21 10:14 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmifw.exe
2009-07-21 10:14 . 2009-07-21 10:14 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmiav.exe
2009-07-21 10:14 . 2009-07-21 10:14 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmias.exe
2009-07-20 11:04 . 2009-07-20 11:05 -------- d--h--w- C:\winnt_
2009-07-17 09:11 . 2009-07-17 09:11 -------- d-----w- c:\program files\Photoshine
2009-07-16 10:28 . 2003-11-15 19:27 118872 ----a-w- c:\windows\system32\PXC25uis.dll
2009-07-16 10:28 . 2003-09-15 00:36 390656 ----a-w- c:\windows\system32\pdfxclib.dll
2009-07-16 10:28 . 2003-08-15 21:15 109568 ----a-w- c:\windows\system32\pdfxcpro.dll
2009-07-16 10:28 . 2003-08-15 21:12 144896 ----a-w- c:\windows\system32\xc_parse.dll
2009-07-16 10:28 . 2003-07-31 16:02 8704 ----a-w- c:\windows\system32\pdfxcds.dll
2009-07-16 10:28 . 2003-05-18 16:37 157184 ----a-w- c:\windows\system32\img_xchg.dll
2009-07-16 10:28 . 2003-04-13 22:08 185344 ----a-w- c:\windows\system32\Img_cdx.dll
2009-07-16 10:28 . 2003-02-05 18:06 45142 ----a-w- c:\windows\system32\PXC25s.dll
2009-07-16 10:28 . 2002-12-27 16:33 20569 ----a-w- c:\windows\system32\PXC25pm.dll
2009-07-16 10:28 . 2009-07-16 10:28 -------- d-----w- c:\program files\TTMessenger
2009-07-14 21:24 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 21:24 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 21:24 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 21:24 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 21:24 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-10 21:39 . 2003-08-15 11:55 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2009-07-10 21:39 . 2009-07-10 21:39 -------- d-----w- c:\program files\Acoustica MP3 Audio Mixer
2009-07-10 21:24 . 2009-07-10 21:24 -------- d-----w- c:\program files\Mini-stream
2009-07-10 21:03 . 2009-07-10 21:03 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Thinstall
2009-07-03 14:37 . 2009-07-03 14:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-03 14:36 . 2009-07-03 14:36 -------- d-----w- c:\program files\Java
2009-07-01 13:17 . 2009-07-01 13:17 20 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0003.dat.com
2009-06-28 06:44 . 2009-07-21 19:16 -------- d-----w- c:\users\Mohammed\AppData\Local\SlipStream
2009-06-28 06:38 . 2009-06-28 06:39 -------- d-----w- c:\program files\ONSPEED
2009-06-28 06:38 . 2008-07-23 14:24 114688 ----a-w- c:\windows\sliprt.dll
2009-06-27 16:28 . 2009-06-27 16:28 44808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-06-27 16:28 . 2009-07-21 10:14 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-06-27 16:28 . 2009-06-27 16:28 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-06-27 16:28 . 2009-06-27 16:28 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys
2009-06-27 16:02 . 2009-06-27 16:28 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-27 16:02 . 2009-06-27 16:28 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-27 16:02 . 2009-07-21 10:26 491552 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-27 16:02 . 2009-07-21 09:55 -------- d-----w- c:\programdata\Kaspersky Lab
2009-06-27 16:02 . 2009-07-21 09:52 2386976 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-27 16:02 . 2009-06-27 16:02 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-26 13:35 . 2009-06-26 13:35 -------- d-----w- c:\program files\vPlug Files Center
2009-06-24 18:49 . 2009-06-24 18:49 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Radmin
2009-06-24 18:46 . 2009-06-24 18:46 -------- d-----w- c:\windows\system32\rserver30
2009-06-24 18:45 . 2009-06-24 18:47 -------- d-----w- c:\users\Mohammed\AppData\Local\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 19:11 . 2009-06-06 19:07 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Skype
2009-07-21 09:52 . 2009-06-27 16:02 3780 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-21 09:52 . 2009-06-27 16:02 20776 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-21 09:52 . 2009-05-15 22:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-15 00:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-10 21:26 . 2004-09-28 03:38 114688 ----a-w- c:\windows\system32\wmatimer.dll
2009-06-27 16:28 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-27 15:57 . 2009-05-15 15:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-27 15:33 . 2008-03-16 19:48 -------- d-----w- c:\program files\Acer GameZone
2009-06-27 15:32 . 2009-05-18 18:19 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Uniblue
2009-06-27 15:32 . 2009-05-18 18:19 -------- d-----w- c:\programdata\DriverScanner
2009-06-27 15:32 . 2009-05-18 18:19 -------- d-----w- c:\program files\Uniblue
2009-06-27 15:31 . 2009-05-22 07:18 -------- d-----w- c:\program files\Yahoo!
2009-06-19 07:56 . 2009-06-19 07:56 -------- d-----w- c:\program files\Netlog Music Tool
2009-06-19 07:42 . 2009-06-19 07:42 -------- d-----w- c:\program files\Video Enhancer
2009-06-19 07:39 . 2009-06-19 07:39 -------- d-----w- c:\program files\Witcobber
2009-06-17 20:20 . 2009-05-15 19:16 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-16 19:08 . 2009-06-16 19:08 -------- d-----w- c:\programdata\Farm Mania
2009-06-16 17:33 . 2009-06-16 17:33 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Farm Mania
2009-06-07 18:52 . 2008-03-16 19:28 -------- d-----w- c:\programdata\Microsoft Help
2009-06-06 19:06 . 2009-06-06 19:06 -------- d-----r- c:\program files\Skype
2009-06-06 19:06 . 2009-06-06 19:06 -------- d-----w- c:\programdata\Skype
2009-06-05 18:05 . 2009-05-15 15:33 70944 ----a-w- c:\users\Mohammed\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 07:29 . 2009-06-01 07:29 -------- d-----w- c:\program files\Ozone
2009-05-31 20:33 . 2009-05-31 20:33 -------- d-----w- c:\program files\MSECache
2009-05-30 16:20 . 2009-05-30 16:16 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Super-Cow
2009-05-29 20:04 . 2009-05-29 20:04 -------- d-----w- c:\program files\East Imperial Soft
2009-05-28 19:12 . 2009-05-17 20:15 -------- d-----w- c:\program files\PC Camera
2009-05-27 15:18 . 2008-03-16 19:20 -------- d-----w- c:\programdata\NVIDIA
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-27 15:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-27 15:03 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-24 15:11 . 2009-05-24 15:08 -------- d-----w- c:\program files\Creative
2009-05-23 19:49 . 2008-03-16 19:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 19:26 . 2009-05-23 19:26 -------- d-----w- c:\program files\ma-config.com
2009-05-23 19:26 . 2009-05-23 19:26 -------- d-----w- c:\programdata\ma-config.com
2009-05-20 06:00 . 2009-05-20 06:00 2232 ----a-w- c:\windows\Java\Packages\Data\B5Z7BV13.DAT
2009-05-20 06:00 . 2009-05-20 06:00 155995 ----a-w- c:\windows\Java\Packages\YQPBZ9RN.ZIP
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\S0DBDZF1.DAT
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\VFDZVRPN.DAT
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\PNZLJHVT.DAT
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\ISJXRFXB.DAT
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\6U1VZRB5.DAT
2009-05-16 00:00 . 2008-03-16 19:03 1908 ----a-w- c:\windows\CLEANUP.CMD
2009-05-15 16:03 . 2008-03-16 19:25 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-15 15:54 . 2009-05-15 15:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-15 15:54 . 2009-05-15 15:54 172032 ------w- c:\windows\Setup1.exe
2009-04-24 16:02 . 2009-06-11 19:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 12:15 . 2009-06-11 19:22 828416 ----a-w- c:\windows\system32\wininet.dll
2009-04-23 12:15 . 2009-06-11 19:23 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-11 19:23 623616 ----a-w- c:\windows\system32\localspl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"Netlog Music Tool"="c:\program files\Netlog Music Tool\NetlogMusicTool.exe" [2009-06-19 1728456]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"TTMessengerPDF"="c:\program files\TTMessenger\spool\PDFSaver.exe" [2004-03-22 61440]
"TTMessenger"="c:\program files\TTMessenger\ttmessenger2.exe" [2008-01-22 585728]
"winntR2"="c:\winnt_\winntR2.exe" [2009-07-20 747008]
"winnt4"="c:\winnt_\winnt4.exe" [2009-07-20 664576]
"winnt5"="c:\winnt_\winnt5.exe" [2009-07-20 1462272]
"winnt6"="c:\winnt_\winnt6.exe" [2009-07-20 1450496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-15 24064]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-15 151597]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Creative WebCam Tray"="c:\program files\Creative\WebCam Control\CAMTRAY.EXE" [1999-04-26 18944]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"SlipStream"="c:\program files\ONSPEED\onspeedcore.exe" [2008-07-23 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-03 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336]
ONSPEED.lnk - c:\program files\ONSPEED\onspeedgui.exe [2009-6-28 229376]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):26,f5,69,1d,de,de,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{E3DD444C-D62C-4036-8584-0172484064AF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{5C2F66F4-58AA-4818-836D-8F9BF8433911}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:msnmsgr
"{2132ECB3-01C0-4F2C-93FD-58C12E30C448}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:msnmsgr
"{F6E715FA-499D-4D41-A51D-7F4AC86D2D0E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1C8717DD-A18E-43F5-BF1A-D8A7A711D92E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{20ACAD5F-6606-4098-AC3D-0F74B4F73774}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{14BACCA7-7400-48C2-86BB-5E0BB6D063B8}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2FB454E9-1863-4BC1-AE04-49D0AF011335}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{27B3B947-2B87-4D34-BAB5-0A8094D654E3}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{55EBAE8F-5123-4233-B21D-BCC8C4E27BDA}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{18F65A61-C2DF-4DBC-926A-08CA6D636E03}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{9DB05B7D-0B30-4DEF-B8BF-F410C6CF2BF2}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{820F257A-E3EE-46D0-9529-DB42D1445250}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{A1CE494E-C168-4485-B4CC-AAD439C90DB7}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{DA34388B-F33D-48CA-80F6-AB38FB5963A1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD852586-7580-4A38-885D-F8656E88CFC3}"= UDP:c:\windows\System32\rserver30\rserver3.exe:Radmin Server 3
"{59D09C85-CB54-49BF-8884-82BFF72DD4E8}"= TCP:c:\windows\System32\rserver30\rserver3.exe:Radmin Server 3
"TCP Query User{049C5A08-496F-4165-9B70-CE070D3A4E27}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F48574AC-3C51-42A6-903F-F094747A3F71}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 06:28 م 20496]
R1 raddrvv3;raddrvv3;c:\windows\System32\rserver30\raddrvv3.sys [24/04/2008 08:49 ص 45848]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [16/03/2008 10:47 م 269448]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
R3 mirrorv3;mirrorv3;c:\windows\System32\drivers\rminiv3.sys [01/11/2006 06:01 ص 3328]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [16/05/2009 03:00 ص 42528]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\System32\drivers\RTS5121.sys [18/05/2009 09:38 م 157696]
R3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 02:54 م 52080]
S2 RServer3;Radmin Server V3;c:\windows\System32\rserver30\rserver3.exe [24/04/2008 08:44 ص 1238344]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/05/2009 06:31 م 24064]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [13/05/2009 02:37 م 234864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd
HKLM-Run-eRecoveryService - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.qa/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4001&s=1&o=vp32&d=0509&m=aspire_m5641
uInternet Settings,ProxyServer = http=127.0.0.1:5405
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5405;*.apple.com.edgesuite.net;;*.bbt.yahoo.co.jp;;*.car4rental.com;;*.click2service.tele2.se;;mail.*.yahoo.com;;*.hotmail.com;;*.hotmail.msn.com;;*.mail.yahoo.com;;*.microsoft.com;;*.mysite.orange.co.uk;;*.mysite.wanadoo-members.co.uk;;*.nai.com;;*.nerim.net;;*.networkassociates.com;;*.phobos.apple.com;;*.symantec.com;;*.update.microsoft.com;;*.webdevleti.com;;*update.microsoft.com;;*windowsupdate.com;;*windowsupdate.microsoft.com;;.apple.com.edgesuite.net;;.bbt.yahoo.co.jp;;.car4rental.com;;.click2service.tele2.se;;.yahoo.com;;.hotmail.com;;.hotmail.msn.com;;.mail.yahoo.com;;.microsoft.com;;.mysite.orange.co.uk;;.mysite.wanadoo-members.co.uk;;.nai.com;;.nerim.net;;.networkassociates.com;;.phobos.apple.com;;.symantec.com;;.update.microsoft.com;;.webdevleti.com;;update.microsoft.com;;windowsupdate.com;;windowsupdate.microsoft.com;;10.*;;192.*;;activex.microsoft.com;;appldnld.apple.com.edgesuite.net;;c.microsoft.com;;click2service.tele2.se;;codecs.microsoft.com;;download.mcafee.com;;download.microsoft.com;;download.onshare.com;;download.onspeed.com;;idisk.apple.com;;liveupdate.symantec.com;;liveupdate.symantecliveupdate.com;;mail.live.com;;mail.tesco.net;;mysite.orange.co.uk;;service1.symantec.com;;sitebuilder.wanadoo.co.uk;;sitename.mysite.orange.co.uk;;sitename.mysite.wanadoo-members.co.uk;;stats.microsoft.com;;swupdate.apple.com;;update.adobe.com;;update.microsoft.com;;wanadoo-members.co.uk;;webmail.*.*;;webmail.tugab.bg;;windowsupdate.microsoft.com;;wsidecar.apple.com;;localhost;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Show All Original Images - c:\program files\ONSPEED\gui_resource.dll/327
IE: Show Original Image - c:\program files\ONSPEED\gui_resource.dll/328
LSP: c:\progra~1\ONSPEED\sliplsp.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-21 22:20
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-21 22:22
ComboFix-quarantined-files.txt 2009-07-21 19:22
Pre-Run: 108,309,151,744 bytes free
Post-Run: 108,511,416,320 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,7
281 --- E O F --- 2009-07-20 14:34
 
تأييد 0
نفضل


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:52 م, on 21/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\WebCam Control\CamTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TTMessenger\spool\PDFSaver.exe
C:\Program Files\TTMessenger\ttmessenger2.exe
C:\winnt_\winntR2.exe
C:\winnt_\winnt4.exe
C:\winnt_\winnt5.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TTMessengerPDF] "C:\Program Files\TTMessenger\spool\PDFSaver.exe"
O4 - HKCU\..\Run: [TTMessenger] "C:\Program Files\TTMessenger\ttmessenger2.exe"
O4 - HKCU\..\Run: [winntR2] C:\winnt_\winntR2.exe
O4 - HKCU\..\Run: [winnt4] C:\winnt_\winnt4.exe
O4 - HKCU\..\Run: [winnt5] C:\winnt_\winnt5.exe
O4 - HKCU\..\Run: [winnt6] C:\winnt_\winnt6.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\Windows\system32\rserver30\RServer3.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
--
End of file - 11408 bytes
 
تأييد 0
عذرا من الغالي

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة


 
توقيع : فارس الملاك
تأييد 0
تفضل

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6002 Service Pack 2
22/07/2009 10:22:12 م
mbam-log-2009-07-22 (22-22-12).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 191128
Time elapsed: 35 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
تأييد 0
طيب ممكن تقرير هايجاك جديد
 
توقيع : فارس الملاك
تأييد 0

في الاانتظار
 
توقيع : فارس الملاك
تأييد 0
تفضلو


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:52 م, on 21/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\WebCam Control\CamTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TTMessenger\spool\PDFSaver.exe
C:\Program Files\TTMessenger\ttmessenger2.exe
C:\winnt_\winntR2.exe
C:\winnt_\winnt4.exe
C:\winnt_\winnt5.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TTMessengerPDF] "C:\Program Files\TTMessenger\spool\PDFSaver.exe"
O4 - HKCU\..\Run: [TTMessenger] "C:\Program Files\TTMessenger\ttmessenger2.exe"
O4 - HKCU\..\Run: [winntR2] C:\winnt_\winntR2.exe
O4 - HKCU\..\Run: [winnt4] C:\winnt_\winnt4.exe
O4 - HKCU\..\Run: [winnt5] C:\winnt_\winnt5.exe
O4 - HKCU\..\Run: [winnt6] C:\winnt_\winnt6.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\Windows\system32\rserver30\RServer3.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
--
End of file - 11408 bytes
 
تأييد 0
:d: متابع بصمت
 
توقيع : bizzare
تأييد 0
اهلا فيك اخي الكريم عيون قطر ان شاء الله راح احاول اساعدك باللي اقدر عليه :smile:

راح نستخدم برنامج combofix بالطريقة التالية

انسخ جميع الكلام الموجود هنا والصقه في مفكرة ثم قم بحفظ المفكرة بأسم cfscript
كود: 
folder::
C:\winnt_
file::
C:\winnt_\winntR2.exe
C:\winnt_\winnt4.exe
C:\winnt_\winnt5.exe
الان قم بسحب المفكرة فوق برنامج combofix كما هو واضح في هذه الصورة

cfscript.gif


سيعمل برنامج combofix ليقوم بعمل فحص لجهازك بعد نهاية الفحص سوف يظهر لك تقرير قم بلصقه في ردك القادم


الان قم بتحميل برنامج superantispyware من هذا الرابط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



قم بتثبيت البرنامج وسيقوم البرنامج اثناء عملية التثبيت بالاتصال بموقع الشركة لتحديث قاعدة البييانات ثم يقوم بجمع معلومات تشخيصية عن جهازك سيستمر التثبيت مايقارب من 5 الى 10 دقائق على حسب سرعة اتصالك ، بعد نهاية التثبيت سيأتي لك مربع حوار يسألك فيه ما اذا اردت حماية صفحة البداية لمتصفح انترنت اكسبلورر اضغط على

esf.png



الان ستظهر الواجهة الرسومية للبرنامج اضغط على ايقونة Scan your computer



efsasdf.png


ثم اضغط على ايقونة
54646453.png
ليقوم البرنامج بعمل فحص شامل لجهازك قد يستمر الفحص من 15 الى 25 دقيقة كن صبورا :smile:

بعد نهاية الفحص قد يطلب منك البرنامج عمل اعادة تشغيل لازالة بعض الملفات الضارة اضغط على موافق بعد اعادة تشغيل الجهاز قم بفتح البرنامج واضغط على ايقونة
2245.png
ثم
esdfsd.png
من القائمة log قم بتحديد التقرير ثم اضغط على view log سيظهر لك التقرير على شكل مفكرة قم بنسخ الكلام ولصقه في ردك القادم مع تقرير الـ combofix
 
تأييد 0
تقرير
combofix

ComboFix 09-07-22.05 - Mohammed 07/23/2009 12:59.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.974.1033.18.1791.651 [GMT 3:00]
Running from: c:\users\Mohammed\Desktop\ComboFix.exe
Command switches used :: c:\users\Mohammed\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\winnt_\winnt4.exe"
"c:\winnt_\winnt5.exe"
"c:\winnt_\winntR2.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\winnt_
c:\winnt_\id
c:\winnt_\winnt4.exe
c:\winnt_\winnt5.exe
c:\winnt_\winnt6.exe
c:\winnt_\winntR2.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.
2009-07-22 10:51 . 2009-07-22 10:57 3775175 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-22 10:50 . 2009-07-22 10:50 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Malwarebytes
2009-07-22 10:50 . 2009-07-13 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 10:50 . 2009-07-13 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 10:50 . 2009-07-22 10:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 10:50 . 2009-07-22 10:50 -------- d-----w- c:\programdata\Malwarebytes
2009-07-21 18:58 . 2009-07-21 18:58 -------- d-----w- c:\program files\Trend Micro
2009-07-21 10:14 . 2009-07-21 10:14 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmifw.exe
2009-07-21 10:14 . 2009-07-21 10:14 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmiav.exe
2009-07-21 10:14 . 2009-07-21 10:14 12816 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\wmias.exe
2009-07-17 09:11 . 2009-07-17 09:11 -------- d-----w- c:\program files\Photoshine
2009-07-16 10:28 . 2003-11-15 19:27 118872 ----a-w- c:\windows\system32\PXC25uis.dll
2009-07-16 10:28 . 2003-09-15 00:36 390656 ----a-w- c:\windows\system32\pdfxclib.dll
2009-07-16 10:28 . 2003-08-15 21:15 109568 ----a-w- c:\windows\system32\pdfxcpro.dll
2009-07-16 10:28 . 2003-08-15 21:12 144896 ----a-w- c:\windows\system32\xc_parse.dll
2009-07-16 10:28 . 2003-07-31 16:02 8704 ----a-w- c:\windows\system32\pdfxcds.dll
2009-07-16 10:28 . 2003-05-18 16:37 157184 ----a-w- c:\windows\system32\img_xchg.dll
2009-07-16 10:28 . 2003-04-13 22:08 185344 ----a-w- c:\windows\system32\Img_cdx.dll
2009-07-16 10:28 . 2003-02-05 18:06 45142 ----a-w- c:\windows\system32\PXC25s.dll
2009-07-16 10:28 . 2002-12-27 16:33 20569 ----a-w- c:\windows\system32\PXC25pm.dll
2009-07-16 10:28 . 2009-07-16 10:28 -------- d-----w- c:\program files\TTMessenger
2009-07-14 21:24 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 21:24 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 21:24 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 21:24 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 21:24 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-10 21:39 . 2003-08-15 11:55 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2009-07-10 21:39 . 2009-07-10 21:39 -------- d-----w- c:\program files\Acoustica MP3 Audio Mixer
2009-07-10 21:24 . 2009-07-10 21:24 -------- d-----w- c:\program files\Mini-stream
2009-07-10 21:03 . 2009-07-10 21:03 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Thinstall
2009-07-03 14:37 . 2009-07-03 14:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-03 14:36 . 2009-07-03 14:36 -------- d-----w- c:\program files\Java
2009-07-01 13:17 . 2009-07-01 13:17 20 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0003.dat.com
2009-06-28 06:44 . 2009-07-23 10:04 -------- d-----w- c:\users\Mohammed\AppData\Local\SlipStream
2009-06-28 06:38 . 2009-06-28 06:39 -------- d-----w- c:\program files\ONSPEED
2009-06-28 06:38 . 2008-07-23 14:24 114688 ----a-w- c:\windows\sliprt.dll
2009-06-27 16:28 . 2009-06-27 16:28 44808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-06-27 16:28 . 2009-07-21 10:14 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-06-27 16:28 . 2009-06-27 16:28 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-06-27 16:28 . 2009-06-27 16:28 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys
2009-06-27 16:02 . 2009-06-27 16:28 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-27 16:02 . 2009-06-27 16:28 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-27 16:02 . 2009-07-23 09:55 524320 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-27 16:02 . 2009-07-22 18:44 -------- d-----w- c:\programdata\Kaspersky Lab
2009-06-27 16:02 . 2009-07-22 18:39 3799072 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-27 16:02 . 2009-06-27 16:02 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-26 13:35 . 2009-06-26 13:35 -------- d-----w- c:\program files\vPlug Files Center
2009-06-24 18:49 . 2009-06-24 18:49 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Radmin
2009-06-24 18:46 . 2009-06-24 18:46 -------- d-----w- c:\windows\system32\rserver30
2009-06-24 18:45 . 2009-06-24 18:47 -------- d-----w- c:\users\Mohammed\AppData\Local\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 10:04 . 2009-06-06 19:07 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Skype
2009-07-23 09:48 . 2009-06-27 16:02 3892 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-22 18:39 . 2009-06-27 16:02 31808 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-22 18:39 . 2009-05-15 22:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-15 00:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-10 21:26 . 2004-09-28 03:38 114688 ----a-w- c:\windows\system32\wmatimer.dll
2009-06-27 16:28 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-27 15:57 . 2009-05-15 15:48 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-27 15:33 . 2008-03-16 19:48 -------- d-----w- c:\program files\Acer GameZone
2009-06-27 15:32 . 2009-05-18 18:19 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Uniblue
2009-06-27 15:32 . 2009-05-18 18:19 -------- d-----w- c:\programdata\DriverScanner
2009-06-27 15:32 . 2009-05-18 18:19 -------- d-----w- c:\program files\Uniblue
2009-06-27 15:31 . 2009-05-22 07:18 -------- d-----w- c:\program files\Yahoo!
2009-06-19 07:56 . 2009-06-19 07:56 -------- d-----w- c:\program files\Netlog Music Tool
2009-06-19 07:42 . 2009-06-19 07:42 -------- d-----w- c:\program files\Video Enhancer
2009-06-19 07:39 . 2009-06-19 07:39 -------- d-----w- c:\program files\Witcobber
2009-06-17 20:20 . 2009-05-15 19:16 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-16 19:08 . 2009-06-16 19:08 -------- d-----w- c:\programdata\Farm Mania
2009-06-16 17:33 . 2009-06-16 17:33 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Farm Mania
2009-06-07 18:52 . 2008-03-16 19:28 -------- d-----w- c:\programdata\Microsoft Help
2009-06-06 19:06 . 2009-06-06 19:06 -------- d-----r- c:\program files\Skype
2009-06-06 19:06 . 2009-06-06 19:06 -------- d-----w- c:\programdata\Skype
2009-06-05 18:05 . 2009-05-15 15:33 70944 ----a-w- c:\users\Mohammed\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 07:29 . 2009-06-01 07:29 -------- d-----w- c:\program files\Ozone
2009-05-31 20:33 . 2009-05-31 20:33 -------- d-----w- c:\program files\MSECache
2009-05-30 16:20 . 2009-05-30 16:16 -------- d-----w- c:\users\Mohammed\AppData\Roaming\Super-Cow
2009-05-29 20:04 . 2009-05-29 20:04 -------- d-----w- c:\program files\East Imperial Soft
2009-05-28 19:12 . 2009-05-17 20:15 -------- d-----w- c:\program files\PC Camera
2009-05-27 15:18 . 2008-03-16 19:20 -------- d-----w- c:\programdata\NVIDIA
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-27 15:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-27 15:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-27 15:03 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-24 15:11 . 2009-05-24 15:08 -------- d-----w- c:\program files\Creative
2009-05-20 06:00 . 2009-05-20 06:00 2232 ----a-w- c:\windows\Java\Packages\Data\B5Z7BV13.DAT
2009-05-20 06:00 . 2009-05-20 06:00 155995 ----a-w- c:\windows\Java\Packages\YQPBZ9RN.ZIP
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\S0DBDZF1.DAT
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\VFDZVRPN.DAT
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\PNZLJHVT.DAT
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\ISJXRFXB.DAT
2009-05-20 06:00 . 2009-05-20 06:00 2678 ----a-w- c:\windows\Java\Packages\Data\6U1VZRB5.DAT
2009-05-16 00:00 . 2008-03-16 19:03 1908 ----a-w- c:\windows\CLEANUP.CMD
2009-05-15 16:03 . 2008-03-16 19:25 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-15 15:54 . 2009-05-15 15:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-15 15:54 . 2009-05-15 15:54 172032 ------w- c:\windows\Setup1.exe
2009-04-24 16:02 . 2009-06-11 19:22 78336 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-21_19.20.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-23 10:04 . 2009-07-22 18:41 16384 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-23 10:04 . 2009-07-22 18:41 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2009-07-23 10:04 . 2009-07-22 18:41 16384 c:\windows\Temp\Cookies\index.dat
+ 2008-01-21 01:58 . 2009-07-22 18:45 49064 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-22 18:45 73400 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-05-15 05:19 . 2009-07-21 19:13 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-15 05:19 . 2009-07-23 09:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-15 05:19 . 2009-07-23 09:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-15 05:19 . 2009-07-21 19:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-15 05:19 . 2009-07-21 19:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-15 05:19 . 2009-07-23 09:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-15 15:33 . 2009-07-22 18:45 5364 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2001987848-1868707492-1461574173-1000_UserData.bin
- 2009-07-21 09:53 . 2009-07-21 09:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-22 18:40 . 2009-07-22 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-22 18:40 . 2009-07-22 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-21 09:53 . 2009-07-21 09:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-07-21 09:58 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-22 18:45 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-22 18:45 101052 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-21 09:58 101052 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"Netlog Music Tool"="c:\program files\Netlog Music Tool\NetlogMusicTool.exe" [2009-06-19 1728456]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"TTMessengerPDF"="c:\program files\TTMessenger\spool\PDFSaver.exe" [2004-03-22 61440]
"TTMessenger"="c:\program files\TTMessenger\ttmessenger2.exe" [2008-01-22 585728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-15 24064]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-15 151597]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Creative WebCam Tray"="c:\program files\Creative\WebCam Control\CAMTRAY.EXE" [1999-04-26 18944]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"SlipStream"="c:\program files\ONSPEED\onspeedcore.exe" [2008-07-23 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-03 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336]
ONSPEED.lnk - c:\program files\ONSPEED\onspeedgui.exe [2009-6-28 229376]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):26,f5,69,1d,de,de,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{E3DD444C-D62C-4036-8584-0172484064AF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{5C2F66F4-58AA-4818-836D-8F9BF8433911}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:msnmsgr
"{2132ECB3-01C0-4F2C-93FD-58C12E30C448}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:msnmsgr
"{F6E715FA-499D-4D41-A51D-7F4AC86D2D0E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1C8717DD-A18E-43F5-BF1A-D8A7A711D92E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{20ACAD5F-6606-4098-AC3D-0F74B4F73774}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{14BACCA7-7400-48C2-86BB-5E0BB6D063B8}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2FB454E9-1863-4BC1-AE04-49D0AF011335}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{27B3B947-2B87-4D34-BAB5-0A8094D654E3}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{55EBAE8F-5123-4233-B21D-BCC8C4E27BDA}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{18F65A61-C2DF-4DBC-926A-08CA6D636E03}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{9DB05B7D-0B30-4DEF-B8BF-F410C6CF2BF2}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{820F257A-E3EE-46D0-9529-DB42D1445250}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{A1CE494E-C168-4485-B4CC-AAD439C90DB7}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{DA34388B-F33D-48CA-80F6-AB38FB5963A1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD852586-7580-4A38-885D-F8656E88CFC3}"= UDP:c:\windows\System32\rserver30\rserver3.exe:Radmin Server 3
"{59D09C85-CB54-49BF-8884-82BFF72DD4E8}"= TCP:c:\windows\System32\rserver30\rserver3.exe:Radmin Server 3
"TCP Query User{049C5A08-496F-4165-9B70-CE070D3A4E27}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F48574AC-3C51-42A6-903F-F094747A3F71}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 06:28 م 20496]
R1 raddrvv3;raddrvv3;c:\windows\System32\rserver30\raddrvv3.sys [24/04/2008 08:49 ص 45848]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [16/03/2008 10:47 م 269448]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
R3 mirrorv3;mirrorv3;c:\windows\System32\drivers\rminiv3.sys [01/11/2006 06:01 ص 3328]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [16/05/2009 03:00 ص 42528]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\System32\drivers\RTS5121.sys [18/05/2009 09:38 م 157696]
S2 RServer3;Radmin Server V3;c:\windows\System32\rserver30\rserver3.exe [24/04/2008 08:44 ص 1238344]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/05/2009 06:31 م 24064]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [13/05/2009 02:37 م 234864]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 02:54 م 52080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-winntR2 - c:\winnt_\winntR2.exe
HKCU-Run-winnt4 - c:\winnt_\winnt4.exe
HKCU-Run-winnt5 - c:\winnt_\winnt5.exe
HKCU-Run-winnt6 - c:\winnt_\winnt6.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.qa/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4001&s=1&o=vp32&d=0509&m=aspire_m5641
uInternet Settings,ProxyServer = http=127.0.0.1:5405
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5405;*.apple.com.edgesuite.net;;*.bbt.yahoo.co.jp;;*.car4rental.com;;*.click2service.tele2.se;;mail.*.yahoo.com;;*.hotmail.com;;*.hotmail.msn.com;;*.mail.yahoo.com;;*.microsoft.com;;*.mysite.orange.co.uk;;*.mysite.wanadoo-members.co.uk;;*.nai.com;;*.nerim.net;;*.networkassociates.com;;*.phobos.apple.com;;*.symantec.com;;*.update.microsoft.com;;*.webdevleti.com;;*update.microsoft.com;;*windowsupdate.com;;*windowsupdate.microsoft.com;;.apple.com.edgesuite.net;;.bbt.yahoo.co.jp;;.car4rental.com;;.click2service.tele2.se;;.yahoo.com;;.hotmail.com;;.hotmail.msn.com;;.mail.yahoo.com;;.microsoft.com;;.mysite.orange.co.uk;;.mysite.wanadoo-members.co.uk;;.nai.com;;.nerim.net;;.networkassociates.com;;.phobos.apple.com;;.symantec.com;;.update.microsoft.com;;.webdevleti.com;;update.microsoft.com;;windowsupdate.com;;windowsupdate.microsoft.com;;10.*;;192.*;;activex.microsoft.com;;appldnld.apple.com.edgesuite.net;;c.microsoft.com;;click2service.tele2.se;;codecs.microsoft.com;;download.mcafee.com;;download.microsoft.com;;download.onshare.com;;download.onspeed.com;;idisk.apple.com;;liveupdate.symantec.com;;liveupdate.symantecliveupdate.com;;mail.live.com;;mail.tesco.net;;mysite.orange.co.uk;;service1.symantec.com;;sitebuilder.wanadoo.co.uk;;sitename.mysite.orange.co.uk;;sitename.mysite.wanadoo-members.co.uk;;stats.microsoft.com;;swupdate.apple.com;;update.adobe.com;;update.microsoft.com;;wanadoo-members.co.uk;;webmail.*.*;;webmail.tugab.bg;;windowsupdate.microsoft.com;;wsidecar.apple.com;;localhost;localhost
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Show All Original Images - c:\program files\ONSPEED\gui_resource.dll/327
IE: Show Original Image - c:\program files\ONSPEED\gui_resource.dll/328
LSP: c:\progra~1\ONSPEED\sliplsp.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-23 13:06
ComboFix-quarantined-files.txt 2009-07-23 10:05
ComboFix2.txt 2009-07-23 09:56
ComboFix3.txt 2009-07-21 19:22
Pre-Run: 109,044,469,760 bytes free
Post-Run: 108,994,641,920 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,7
305 --- E O F --- 2009-07-20 14:34

والثاني

SUPERAntiSpyware Scan Log
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Generated 07/23/2009 at 01:53 PM
Application Version : 4.26.1006
Core Rules Database Version : 4012
Trace Rules Database Version: 1952
Scan type : Quick Scan
Total Scan Time : 00:20:30
Memory items scanned : 778
Memory threats detected : 0
Registry items scanned : 531
Registry threats detected : 0
File items scanned : 22225
File threats detected : 16
Adware.Tracking Cookie
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@apmebf[1].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@serving-sys[2].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@ad.yieldmanager[1].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@adv.6rb[1].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@doubleclick[2].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@media6degrees[1].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@atdmt[1].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@bs.serving-sys[2].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@zedo[2].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@adinterax[1].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@ads.pointroll[1].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@m1.webstats.motigo[1].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@2o7[2].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@ads.us.e-planning[1].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@questionmarket[2].txt
C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Cookies\mohammed@eas.apm.emediate[1].txt
 
تأييد 0
كيف جهازك الان هل فيه مشاكل والا اختفت ؟
 
تأييد 0
لا عادي بس هل توجد مشاكل او فايروسات ؟
 
تأييد 0
جهازك الان نظيف وخالي من الفيروسات تماما :smile:

اهتم ببرنامج الفيروسات وقم بتحديثه بين فترة واخرى لحمايتك من الفيروسات واخطار الانترنت:smile: بالتوفيق ياغالي
 
تأييد 0
تسلمون ماقصرتو شباب
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى