ثقل بالجهاز + مرفق بالتقرير

ALA39000 · 22 يوليو 2009

في الآونة الأخيرة جهازي يتسم بثقل عجيب مش عارف من واش
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:43, on 23-07-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
D:\Program Files\Everything\Everything.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DeskSpace\deskspace.exe
D:\Program Files\CursorXP\CursorXP.exe
D:\Program Files\Ela-Salaty\Salaty.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz0.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz0.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB09257 - {F8C564CD-2FA0-4534-AF8D-52F3D054C0EF} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O3 - Toolbar: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz0.dll
O3 - Toolbar: AmanLinks_Beta_0.0.4 - {0C55A48A-97DC-4003-8729-7D0B159B40D3} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB Antivirus] D:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [Everything] "D:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DeskSpace] D:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [CursorXP] D:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = D:\Program Files\Ela-Salaty\Salaty.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9d3d6b3a5504a) (gupdate1c9d3d6b3a5504a) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Watch IP and store the Row Packets (IPPackwatch1) - Profiler3D - C:\Program Files\Profiler3D\Scannet 3.9\IPPWatch.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 11216 bytes

AbOdy · 22 يوليو 2009

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

ALA39000 · 23 يوليو 2009

ComboFix 09-07-22.01 - S.ALA 07/24/2009 0:43.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.213.1033.18.511.136 [GMT 2:00]
Running from: c:\documents and settings\S.ALA\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090722-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\4886bf.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-22 11:39 . 2009-07-22 11:39 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Globe7
2009-07-22 11:39 . 2009-07-22 11:39 -------- d-----w- c:\program files\Globe7
2009-07-22 11:02 . 2009-07-22 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-07-22 11:01 . 2009-07-22 11:01 -------- d-----w- c:\program files\Siber Systems
2009-07-21 11:45 . 2009-07-21 11:45 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Paltalk
2009-07-21 11:45 . 2009-07-22 10:19 -------- d-----w- c:\program files\Paltalk Messenger
2009-07-21 11:45 . 2009-07-22 10:19 -------- d-----w- c:\windows\PaltalkScene
2009-07-20 22:27 . 2009-07-20 22:27 -------- d-----w- c:\program files\Common Files\Skype
2009-07-18 11:17 . 2009-07-18 11:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
2009-07-18 11:17 . 2009-02-25 04:13 2816144 -c--a-w- c:\documents and settings\All Users\Application Data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}\IconPackager.exe
2009-07-12 22:49 . 2009-07-12 22:49 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Google
2009-07-12 15:18 . 2009-07-12 15:18 -------- d-----w- c:\windows\USB Vibration
2009-07-11 21:09 . 2008-04-13 15:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-11 21:09 . 2008-04-13 15:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-11 21:09 . 2001-08-17 13:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-11 21:09 . 2008-04-13 20:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-11 11:36 . 2009-07-12 10:11 -------- d-----w- c:\program files\Stardock
2009-07-11 10:00 . 2009-07-11 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-11 10:00 . 2009-07-11 11:45 -------- d-----w- c:\program files\NOS
2009-07-10 16:33 . 2009-07-10 16:33 -------- d-----w- C:\downloads
2009-07-10 15:25 . 2009-07-10 15:25 -------- d-----w- c:\windows\system32\msmq
2009-07-10 15:25 . 2009-07-10 15:25 -------- d-----w- C:\Inetpub
2009-07-09 16:42 . 2009-07-09 16:42 -------- d-----w- c:\windows\system32\RMBin
2009-07-09 16:42 . 2009-07-09 16:42 -------- d-----w- c:\program files\Real_SC
2009-07-08 18:18 . 2009-07-08 18:18 -------- d-----w- c:\program files\MatriX
2009-07-08 13:46 . 2009-07-13 21:34 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-07-08 13:35 . 2008-09-28 20:00 439440 ----a-w- c:\program files\un_Internet Download Manager_16575.exe
2009-07-08 10:53 . 2009-07-08 10:53 -------- d-----w- c:\program files\VersalSoft
2009-07-08 10:53 . 2009-07-08 12:42 -------- d-----w- c:\program files\Universal
2009-07-07 18:47 . 2009-07-07 18:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-06 12:22 . 2009-07-06 12:22 -------- d-----w- c:\program files\Trend Micro
2009-07-05 21:28 . 2009-07-05 21:28 -------- d-----w- c:\program files\Common Files\Stardock
2009-07-05 14:03 . 2008-04-13 15:15 59520 -c--a-w- c:\windows\system32\dllcache\usbhub.sys
2009-07-05 14:03 . 2008-04-13 15:15 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-07-05 07:39 . 2009-07-05 07:39 -------- d-----w- c:\program files\ma-config.com
2009-07-05 07:39 . 2009-07-05 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-07-02 19:35 . 2009-07-02 19:35 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Sonic
2009-06-30 22:13 . 2009-07-01 20:28 -------- d-----w- c:\program files\Phone Remote Control
2009-06-30 22:13 . 2009-07-01 17:23 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\PhoneRemoteControl
2009-06-30 12:54 . 2009-06-30 12:54 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Anix Software
2009-06-30 12:54 . 2009-06-30 12:54 -------- d-----w- c:\program files\Common Files\Anix Shared
2009-06-30 08:39 . 2009-06-30 08:39 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\IndigoRose
2009-06-30 08:35 . 2005-04-27 02:17 643072 ----a-w- c:\windows\system32\DVDProX2.dll
2009-06-29 23:16 . 2009-06-29 23:16 -------- d-----w- c:\program files\AmanLinks_Beta_0.0.4
2009-06-29 01:18 . 2008-04-13 15:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-06-29 01:18 . 2009-06-29 01:18 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Ulead Systems
2009-06-29 01:16 . 2004-03-18 13:56 40960 ----a-w- c:\windows\system32\Ulead Photo Express ScreenSaver.scr
2009-06-29 01:16 . 2003-09-11 08:49 114688 ------w- c:\windows\system32\UPSCR.Scr
2009-06-29 01:15 . 2009-06-29 01:15 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-29 01:15 . 2009-06-29 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-06-28 16:47 . 2008-04-13 15:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2009-06-28 16:47 . 2008-04-13 15:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-06-28 16:47 . 2008-04-13 15:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2009-06-28 16:47 . 2008-04-13 20:42 151552 ----a-w- c:\windows\system32\irftp.exe
2009-06-28 16:47 . 2008-04-13 20:42 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-06-28 16:47 . 2008-04-13 20:41 28160 ----a-w- c:\windows\system32\irmon.dll
2009-06-28 16:47 . 2008-04-13 15:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-06-27 14:00 . 2009-06-27 20:55 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 22:50 . 2008-09-30 15:05 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\DMCache
2009-07-23 22:50 . 2008-09-30 16:03 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Skype
2009-07-23 22:16 . 2009-04-21 14:54 -------- d-----w- c:\program files\Common Files\Akamai
2009-07-23 22:03 . 2008-09-30 16:05 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\skypePM
2009-07-23 22:02 . 2009-04-21 14:40 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Metacafe
2009-07-23 21:23 . 2008-09-30 15:05 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\IDM
2009-07-23 20:15 . 2009-01-12 03:43 -------- d-----w- c:\program files\Google
2009-07-21 00:59 . 2009-01-02 15:08 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\uTorrent
2009-07-20 22:27 . 2008-09-30 16:03 -------- d-----r- c:\program files\Skype
2009-07-20 22:27 . 2008-09-30 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-12 22:59 . 2009-06-20 10:54 -------- d-----w- c:\documents and settings\Guest\Application Data\Skype
2009-07-12 22:59 . 2009-06-19 14:50 -------- d-----w- c:\documents and settings\Guest\Application Data\skypePM
2009-07-12 15:18 . 2009-01-12 02:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 15:00 . 2009-05-09 22:05 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Kingston
2009-07-10 16:33 . 2008-09-30 14:49 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Orbit
2009-07-08 21:17 . 2008-09-30 14:10 8 ----a-w- c:\windows\system32\nvModes.dat
2009-07-08 20:42 . 2009-04-11 17:36 -------- d-----w- c:\program files\Internet Download Manager
2009-07-08 13:48 . 2009-07-08 13:35 6288 ----a-w- c:\program files\un_Internet Download Manager_16575.txt
2009-07-01 17:17 . 2008-12-30 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-29 21:41 . 2009-06-20 01:53 113368 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 01:21 . 2008-09-30 12:35 113368 ----a-w- c:\documents and settings\S.ALA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 19:32 . 2009-01-06 16:09 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\FarStone
2009-06-22 11:56 . 2008-09-30 12:35 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\OtakuSoftware
2009-06-20 22:56 . 2009-06-20 22:56 -------- d-----w- c:\documents and settings\Guest\Application Data\Fomine Software
2009-06-20 22:18 . 2009-06-20 22:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avant Profiles
2009-06-20 15:22 . 2009-04-05 00:24 -------- d-----w- c:\program files\Yahoo!
2009-06-19 14:51 . 2009-06-19 14:51 -------- d-----w- c:\documents and settings\Guest\Application Data\Avant Profiles
2009-06-17 20:32 . 2009-04-27 19:32 -------- d-----w- c:\program files\EJP DAR EL-HILLEL
2009-06-16 14:36 . 2008-04-13 22:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-04-13 22:41 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 10:05 . 2009-04-16 00:47 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-06-13 13:21 . 2009-06-13 13:21 -------- d-----w- c:\program files\USB Vibration
2009-06-10 19:53 . 2009-06-10 19:53 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Darq Software
2009-06-10 19:39 . 2009-06-10 19:39 -------- d-----w- c:\program files\Darq Software
2009-06-10 15:39 . 2009-01-11 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-09 14:34 . 2009-06-09 14:34 -------- d-----w- c:\program files\AAALOGO2009
2009-06-09 13:05 . 2009-03-28 12:07 -------- d-----w- c:\program files\TechniSat DVB
2009-06-08 14:33 . 2009-04-07 20:36 0 ----a-w- c:\windows\Infob.dat
2009-06-08 14:33 . 2009-04-07 20:36 0 ----a-w- c:\windows\Infoa.dat
2009-06-06 19:07 . 2009-04-18 10:58 -------- d-----w- c:\program files\Realtek
2009-06-03 19:09 . 2008-04-28 09:20 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 00:14 . 2009-05-31 23:57 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Notepad++
2009-05-31 23:57 . 2009-05-31 23:57 -------- d-----w- c:\program files\Notepad++
2009-05-31 23:29 . 2008-12-31 04:40 -------- d-----w- c:\program files\Circle Developement
2009-05-31 18:24 . 2009-05-31 18:24 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\AlMAdinahMushaf
2009-05-31 13:50 . 2009-01-15 08:51 -------- d-----w- c:\docume~1\S.ALA\APPLIC~1\Thinstall
2009-05-25 15:50 . 2009-04-17 12:36 -------- d-----w- c:\program files\aboal7roof
2009-05-13 05:15 . 2008-04-28 09:25 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-13 22:41 345600 ----a-w- c:\windows\system32\localspl.dll
.

------- Sigcheck -------

[-] 2008-03-20 18:36 578560 F92D8964B5286DE225BD2B6BF89764BE c:\windows\system32\user32.dll

[-] 2008-04-28 09:24 547328 A55B8899D2EA2E800061BCFD456E34DC c:\windows\system32\winlogon.exe

[-] 2008-08-18 18:17 1616384 4A90F51B778FA0157F60D206E8B37D2A c:\windows\explorer.exe

[-] 2008-04-28 09:22 25088 B5E8782D4AF1B3756F38E11E7C157BBE c:\windows\system32\ctfmon.exe

[-] 2008-04-28 09:18 1390080 CB75214525D36F923D3948DA3CD1562D c:\windows\system32\comres.dll

[-] 2008-04-28 09:18 724992 AF8ED52D2A32C7729C7F91C72B8CCB10 c:\windows\system32\comctl32.dll
[7] 2004-08-04 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-13 22:42 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-26 03:58 1614848 BC298B78B311397B421D4D52B44B49EC c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3aaa6ede-0f45-43da-8b81-608a1d8108a2}"= "c:\program files\zyzoom\tbzyz0.dll" [2009-06-25 2094616]

[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
2009-06-25 20:49 2094616 ----a-w- c:\program files\zyzoom\tbzyz0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8C564CD-2FA0-4534-AF8D-52F3D054C0EF}]
2007-11-15 12:36 2293760 ----a-w- c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3aaa6ede-0f45-43da-8b81-608a1d8108a2}"= "c:\program files\zyzoom\tbzyz0.dll" [2009-06-25 2094616]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [2007-11-15 2293760]

[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]

[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3AAA6EDE-0F45-43DA-8B81-608A1D8108A2}"= "c:\program files\zyzoom\tbzyz0.dll" [2009-06-25 2094616]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [2007-11-15 2293760]

[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]

[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-28 25088]
"SuperCopier2.exe"="d:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-28 2815408]
"DeskSpace"="d:\program files\DeskSpace\deskspace.exe" [2007-09-18 1066496]
"CursorXP"="d:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"USB Antivirus"="d:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-07-08 2283120]
"Everything"="d:\program files\Everything\Everything.exe" [2009-03-13 602624]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-28 194560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-04 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-28 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\S.ALA\Start Menu\Programs\Startup\
Ela-Salaty.lnk - d:\program files\Ela-Salaty\Salaty.exe [2007-3-5 5205504]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-2-17 145736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-2-17 145736]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^aboal7roof.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\aboal7roof.lnk
backup=c:\windows\pss\aboal7roof.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^S.ALA^Start Menu^Programs^Startup^Babuki.lnk]
path=c:\documents and settings\S.ALA\Start Menu\Programs\Startup\Babuki.lnk
backup=c:\windows\pss\Babuki.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^S.ALA^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk]
path=c:\documents and settings\S.ALA\Start Menu\Programs\Startup\Need for Speed™ Undercover Registration.lnk
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^S.ALA^Start Menu^Programs^Startup^PalNetaware.lnk]
path=c:\documents and settings\S.ALA\Start Menu\Programs\Startup\PalNetaware.lnk
backup=c:\windows\pss\PalNetaware.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^S.ALA^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\S.ALA\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^S.ALA^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\S.ALA\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^S.ALA^Start Menu^Programs^Startup^Vienna Navigator.lnk]
path=c:\documents and settings\S.ALA\Start Menu\Programs\Startup\Vienna Navigator.lnk
backup=c:\windows\pss\Vienna Navigator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"h:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"i:\\ORBIT\\utorrent.exe"=
"d:\\Program Files\\Wyzo\\wyzo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
"1663:TCP"= 1663:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1595:TCP"= 1595:TCP:Akamai NetSession Interface
"1292:TCP"= 1292:TCP:Akamai NetSession Interface
"1130:TCP"= 1130:TCP:Akamai NetSession Interface
"1136:TCP"= 1136:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1086:TCP"= 1086:TCP:Akamai NetSession Interface
"1060:TCP"= 1060:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"1375:TCP"= 1375:TCP:Akamai NetSession Interface
"1077:TCP"= 1077:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"1994:TCP"= 1994:TCP:Akamai NetSession Interface
"1879:TCP"= 1879:TCP:Akamai NetSession Interface
"2073:TCP"= 2073:TCP:Akamai NetSession Interface
"2461:TCP"= 2461:TCP:Akamai NetSession Interface
"1107:TCP"= 1107:TCP:Akamai NetSession Interface
"2441:TCP"= 2441:TCP:Akamai NetSession Interface
"2651:TCP"= 2651:TCP:Akamai NetSession Interface
"2771:TCP"= 2771:TCP:Akamai NetSession Interface
"4881:TCP"= 4881:TCP:Akamai NetSession Interface
"1876:TCP"= 1876:TCP:Akamai NetSession Interface
"1895:TCP"= 1895:TCP:Akamai NetSession Interface
"1147:TCP"= 1147:TCP:Akamai NetSession Interface
"3315:TCP"= 3315:TCP:Akamai NetSession Interface
"1683:TCP"= 1683:TCP:Akamai NetSession Interface
"1809:TCP"= 1809:TCP:Akamai NetSession Interface
"2630:TCP"= 2630:TCP:Akamai NetSession Interface
"1115:TCP"= 1115:TCP:Akamai NetSession Interface
"1119:TCP"= 1119:TCP:Akamai NetSession Interface
"3109:TCP"= 3109:TCP:Akamai NetSession Interface
"3761:TCP"= 3761:TCP:Akamai NetSession Interface
"2396:TCP"= 2396:TCP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1093:TCP"= 1093:TCP:Akamai NetSession Interface
"1170:TCP"= 1170:TCP:Akamai NetSession Interface
"1838:TCP"= 1838:TCP:Akamai NetSession Interface
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"1029:TCP"= 1029:TCP:Akamai NetSession Interface
"1030:TCP"= 1030:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"3135:TCP"= 3135:TCP:Akamai NetSession Interface
"1192:TCP"= 1192:TCP:Akamai NetSession Interface
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1934:TCP"= 1934:TCP:Akamai NetSession Interface
"1141:TCP"= 1141:TCP:Akamai NetSession Interface
"2789:TCP"= 2789:TCP:Akamai NetSession Interface
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"1133:TCP"= 1133:TCP:Akamai NetSession Interface
"1087:TCP"= 1087:TCP:Akamai NetSession Interface
"1940:TCP"= 1940:TCP:Akamai NetSession Interface
"1149:TCP"= 1149:TCP:Akamai NetSession Interface
"1073:TCP"= 1073:TCP:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:Akamai NetSession Interface
"4497:TCP"= 4497:TCP:Akamai NetSession Interface
"2957:TCP"= 2957:TCP:Akamai NetSession Interface
"3299:TCP"= 3299:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"2329:TCP"= 2329:TCP:Akamai NetSession Interface
"1055:TCP"= 1055:TCP:Akamai NetSession Interface
"1575:TCP"= 1575:TCP:Akamai NetSession Interface
"1311:TCP"= 1311:TCP:Akamai NetSession Interface
"1102:TCP"= 1102:TCP:Akamai NetSession Interface
"1081:TCP"= 1081:TCP:Akamai NetSession Interface
"1090:TCP"= 1090:TCP:Akamai NetSession Interface
"1089:TCP"= 1089:TCP:Akamai NetSession Interface
"1099:TCP"= 1099:TCP:Akamai NetSession Interface
"1071:TCP"= 1071:TCP:Akamai NetSession Interface
"1120:TCP"= 1120:TCP:Akamai NetSession Interface
"1295:TCP"= 1295:TCP:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"2853:TCP"= 2853:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"4129:TCP"= 4129:TCP:Akamai NetSession Interface
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"2247:TCP"= 2247:TCP:Akamai NetSession Interface
"1153:TCP"= 1153:TCP:Akamai NetSession Interface
"2528:TCP"= 2528:TCP:Akamai NetSession Interface
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"2787:TCP"= 2787:TCP:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"3814:TCP"= 3814:TCP:Akamai NetSession Interface
"4281:TCP"= 4281:TCP:Akamai NetSession Interface
"1615:TCP"= 1615:TCP:Akamai NetSession Interface
"3966:TCP"= 3966:TCP:Akamai NetSession Interface
"3712:TCP"= 3712:TCP:Akamai NetSession Interface
"2324:TCP"= 2324:TCP:Akamai NetSession Interface
"1212:TCP"= 1212:TCP:Akamai NetSession Interface
"1341:TCP"= 1341:TCP:Akamai NetSession Interface
"1420:TCP"= 1420:TCP:Akamai NetSession Interface
"3556:TCP"= 3556:TCP:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"2590:TCP"= 2590:TCP:Akamai NetSession Interface
"1343:TCP"= 1343:TCP:Akamai NetSession Interface
"2435:TCP"= 2435:TCP:Akamai NetSession Interface
"2444:TCP"= 2444:TCP:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"1067:TCP"= 1067:TCP:Akamai NetSession Interface
"1238:TCP"= 1238:TCP:Akamai NetSession Interface
"1639:TCP"= 1639:TCP:Akamai NetSession Interface
"1619:TCP"= 1619:TCP:Akamai NetSession Interface
"1525:TCP"= 1525:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1112:TCP"= 1112:TCP:Akamai NetSession Interface
"1519:TCP"= 1519:TCP:Akamai NetSession Interface
"1566:TCP"= 1566:TCP:Akamai NetSession Interface
"1126:TCP"= 1126:TCP:Akamai NetSession Interface
"1378:TCP"= 1378:TCP:Akamai NetSession Interface
"1132:TCP"= 1132:TCP:Akamai NetSession Interface
"1214:TCP"= 1214:TCP:Akamai NetSession Interface
"1573:TCP"= 1573:TCP:Akamai NetSession Interface
"2226:TCP"= 2226:TCP:Akamai NetSession Interface
"1312:TCP"= 1312:TCP:Akamai NetSession Interface
"1083:TCP"= 1083:TCP:Akamai NetSession Interface
"3296:TCP"= 3296:TCP:Akamai NetSession Interface
"3622:TCP"= 3622:TCP:Akamai NetSession Interface
"3985:TCP"= 3985:TCP:Akamai NetSession Interface
"1111:TCP"= 1111:TCP:Akamai NetSession Interface
"1592:TCP"= 1592:TCP:Akamai NetSession Interface
"4997:TCP"= 4997:TCP:Akamai NetSession Interface
"2159:TCP"= 2159:TCP:Akamai NetSession Interface
"3482:TCP"= 3482:TCP:Akamai NetSession Interface
"1210:TCP"= 1210:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1092:TCP"= 1092:TCP:Akamai NetSession Interface
"4174:TCP"= 4174:TCP:Akamai NetSession Interface
"4739:TCP"= 4739:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"1151:TCP"= 1151:TCP:Akamai NetSession Interface
"1764:TCP"= 1764:TCP:Akamai NetSession Interface
"2112:TCP"= 2112:TCP:Akamai NetSession Interface
"1300:TCP"= 1300:TCP:Akamai NetSession Interface
"2347:TCP"= 2347:TCP:Akamai NetSession Interface
"2663:TCP"= 2663:TCP:Akamai NetSession Interface
"1096:TCP"= 1096:TCP:Akamai NetSession Interface
"1364:TCP"= 1364:TCP:Akamai NetSession Interface
"3617:TCP"= 3617:TCP:Akamai NetSession Interface
"1622:TCP"= 1622:TCP:Akamai NetSession Interface
"2242:TCP"= 2242:TCP:Akamai NetSession Interface
"1196:TCP"= 1196:TCP:Akamai NetSession Interface
"2920:TCP"= 2920:TCP:Akamai NetSession Interface
"3517:TCP"= 3517:TCP:Akamai NetSession Interface
"1456:TCP"= 1456:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"3283:TCP"= 3283:TCP:Akamai NetSession Interface
"1103:TCP"= 1103:TCP:Akamai NetSession Interface
"1624:TCP"= 1624:TCP:Akamai NetSession Interface
"2463:TCP"= 2463:TCP:Akamai NetSession Interface
"4607:TCP"= 4607:TCP:Akamai NetSession Interface
"2759:TCP"= 2759:TCP:Akamai NetSession Interface
"4215:TCP"= 4215:TCP:Akamai NetSession Interface
"1270:TCP"= 1270:TCP:Akamai NetSession Interface
"1285:TCP"= 1285:TCP:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"1104:TCP"= 1104:TCP:Akamai NetSession Interface
"1529:TCP"= 1529:TCP:Akamai NetSession Interface
"2008:TCP"= 2008:TCP:Akamai NetSession Interface
"2407:TCP"= 2407:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"2020:TCP"= 2020:TCP:Akamai NetSession Interface
"2143:TCP"= 2143:TCP:Akamai NetSession Interface
"2908:TCP"= 2908:TCP:Akamai NetSession Interface
"3595:TCP"= 3595:TCP:Akamai NetSession Interface
"1264:TCP"= 1264:TCP:Akamai NetSession Interface
"1181:TCP"= 1181:TCP:Akamai NetSession Interface
"2624:TCP"= 2624:TCP:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"4170:TCP"= 4170:TCP:Akamai NetSession Interface
"3396:TCP"= 3396:TCP:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"1169:TCP"= 1169:TCP:Akamai NetSession Interface
"2501:TCP"= 2501:TCP:Akamai NetSession Interface
"1589:TCP"= 1589:TCP:Akamai NetSession Interface
"1160:TCP"= 1160:TCP:Akamai NetSession Interface
"1550:TCP"= 1550:TCP:Akamai NetSession Interface
"1792:TCP"= 1792:TCP:Akamai NetSession Interface
"1095:TCP"= 1095:TCP:Akamai NetSession Interface
"1187:TCP"= 1187:TCP:Akamai NetSession Interface
"2836:TCP"= 2836:TCP:Akamai NetSession Interface
"1268:TCP"= 1268:TCP:Akamai NetSession Interface
"1075:TCP"= 1075:TCP:Akamai NetSession Interface
"3633:TCP"= 3633:TCP:Akamai NetSession Interface
"1841:TCP"= 1841:TCP:Akamai NetSession Interface
"4894:TCP"= 4894:TCP:Akamai NetSession Interface
"1532:TCP"= 1532:TCP:Akamai NetSession Interface
"1162:TCP"= 1162:TCP:Akamai NetSession Interface
"1040:TCP"= 1040:TCP:Akamai NetSession Interface
"1332:TCP"= 1332:TCP:Akamai NetSession Interface
"3468:TCP"= 3468:TCP:Akamai NetSession Interface
"2568:TCP"= 2568:TCP:Akamai NetSession Interface
"2092:TCP"= 2092:TCP:Akamai NetSession Interface
"1425:TCP"= 1425:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1457:TCP"= 1457:TCP:Akamai NetSession Interface
"1409:TCP"= 1409:TCP:Akamai NetSession Interface
"1166:TCP"= 1166:TCP:Akamai NetSession Interface
"4441:TCP"= 4441:TCP:Akamai NetSession Interface
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"1916:TCP"= 1916:TCP:Akamai NetSession Interface
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"1610:TCP"= 1610:TCP:Akamai NetSession Interface
"2804:TCP"= 2804:TCP:Akamai NetSession Interface
"10004:TCP"= 10004:TCP:OnLANServer
"10005:TCP"= 10005:TCP:OnLANServer
"10007:TCP"= 10007:TCP:OnLANServer
"8887:TCP"= 8887:TCP:OnLANServer
"8888:TCP"= 8888:TCP:OnLANServer
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"1469:TCP"= 1469:TCP:Akamai NetSession Interface
"3262:TCP"= 3262:TCP:Akamai NetSession Interface
"3023:TCP"= 3023:TCP:Akamai NetSession Interface
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"1289:TCP"= 1289:TCP:Akamai NetSession Interface
"1781:TCP"= 1781:TCP:Akamai NetSession Interface
"1299:TCP"= 1299:TCP:Akamai NetSession Interface
"3610:TCP"= 3610:TCP:Akamai NetSession Interface

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30-12-2008 18:01 111184]
R1 tvtool;tvtool;d:\program files\TVTool\TVTOOL.SYS [03-04-1996 20:33 5248]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14-04-2008 0:42 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30-12-2008 18:01 20560]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [08-07-2009 15:46 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S0 fvdscsi;fvdscsi;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S1 archlp;archlp; [x]
S2 gupdate1c9d3d6b3a5504a;Google Update Service (gupdate1c9d3d6b3a5504a);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06-06-2009 21:07 1684736]
S3 IPPackwatch1;Watch IP and store the Row Packets;c:\program files\Profiler3D\Scannet 3.9\IPPWatch.exe [25-02-2007 14:45 520192]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29-05-2009 17:13 234864]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual Camera;c:\windows\system32\drivers\mr97310v.sys [18-03-2009 22:42 114105]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [16-03-2009 13:58 510992]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-23 c:\windows\Tasks\User_Feed_Synchronization-{0398404B-AEDC-4261-8BB4-5136CCFD5A9A}.job
- c:\windows\system32\msfeedssync.exe [2008-04-26 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://speedtouch.lan/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: تخصيص القائمه - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: حفظ النماذج - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: شريط ادوات روبوفورم - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: ملئ النماذج - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
LSP: c:\windows\system32\idmmbc.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\docume~1\S.ALA\APPLIC~1\Mozilla\Firefox\Profiles\7bgymmgw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1654009&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1654009&SearchSource=2&q=
FF - component: c:\documents and settings\S.ALA\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\S.ALA\Application Data\Mozilla\Firefox\Profiles\7bgymmgw.default\extensions\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-24 00:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\S.ALA\LOCALS~1\Temp\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1767777339-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{52dd3621-f5af-49b8-a4da-6afe05208da8}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a5
"Therad"=dword:0000001a
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,c3,67,64,f5,f8,29,ee,ed,ac,f1,80,c7,b4,3a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):76,97,6f,76,1f,f5,1f,e6,aa,7e,de,05,cb,83,9c,a2,5a,1e,9f,cb,fa,
e1,9c,86,12,53,0b,e8,5f,4f,94,24,da,09,c3,63,4c,6a,97,29,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5f1237d9-c0f8-4b84-b65a-ed580d976065}]
@Denied: (Full) (Everyone)
"Model"=dword:00000007
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e4,34,17,90,3a,c2,18,57,7a,61,71,c8,ee,89,41,7c,78,fb,27,bc,72,
12,f1,25,e4,2f,df,77,ba,27,1b,6e,b3,9b,23,ec,28,13,1f,ee,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\setupapi.dll
c:\windows\system32\idmmbc.dll
.
Completion time: 2009-07-23 0:53
ComboFix-quarantined-files.txt 2009-07-23 22:53

Pre-Run: 1,678,368,768 bytes free
Post-Run: 1,710,080,000 bytes free

574 --- E O F --- 2009-07-22 23:05

ALA39000 · 23 يوليو 2009

:cr: :?:

AbOdy · 23 يوليو 2009

عطني تقرير هايجاك الأن

ALA39000 · 23 يوليو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:13, on 24-07-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
D:\Program Files\Everything\Everything.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
D:\Program Files\Ela-Salaty\Salaty.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\The KMPlayer\KMPlayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz0.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz0.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB09257 - {F8C564CD-2FA0-4534-AF8D-52F3D054C0EF} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O3 - Toolbar: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz0.dll
O3 - Toolbar: AmanLinks_Beta_0.0.4 - {0C55A48A-97DC-4003-8729-7D0B159B40D3} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB Antivirus] D:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [Everything] "D:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\qsb.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DeskSpace] D:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [CursorXP] D:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = D:\Program Files\Ela-Salaty\Salaty.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9d3d6b3a5504a) (gupdate1c9d3d6b3a5504a) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Watch IP and store the Row Packets (IPPackwatch1) - Profiler3D - C:\Program Files\Profiler3D\Scannet 3.9\IPPWatch.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 12291 bytes

ALA39000 · 23 يوليو 2009

مع ملاحضة انه في منتصف التقرير طلع مسج لما اضغط علي OK يفتح هالصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ALA39000 · 23 يوليو 2009

:er: :?:
:er: :?:
:er: :?:
:er: :?:
:er: :?:
:er: :?:
:er: :?:

virus and spyware · 24 يوليو 2009

احذف هذي القيمة
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

اتوقع الجهاز بطيء لان موجود الافاست

ALA39000 · 24 يوليو 2009

كنت اضن ان الأفاست اخف برنامج حماية
وش تنصحني

virus and spyware · 24 يوليو 2009

نصيحة : الافيرا مع اعدادته موجودين في قسم الحماية

ثقل بالجهاز + مرفق بالتقرير

ALA39000

زيزوومى مميز

توقيع : ALA39000

AbOdy

عضو شرف

توقيع : AbOdy

ALA39000

زيزوومى مميز

توقيع : ALA39000

ALA39000

زيزوومى مميز

توقيع : ALA39000

AbOdy

عضو شرف

توقيع : AbOdy

ALA39000

زيزوومى مميز

توقيع : ALA39000

ALA39000

زيزوومى مميز

توقيع : ALA39000

ALA39000

زيزوومى مميز

توقيع : ALA39000

virus and spyware

زيزوومي جديد

توقيع : virus and spyware

ALA39000

زيزوومى مميز

توقيع : ALA39000

virus and spyware

زيزوومي جديد

توقيع : virus and spyware

NTLite Business 2025.8.10552 X64