fahad-1984
زيزوومى متألق
- إنضم
- 17 مايو 2008
- المشاركات
- 354
- مستوى التفاعل
- 30
- النقاط
- 430
غير متصل
- بادئ الموضوع fahad-1984
- تاريخ البدء
- 894
KoNaMi
زيزوومى فضى
غير متصل
الله يحييك اخوي
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد
0
fahad-1984
زيزوومى متألق
- إنضم
- 17 مايو 2008
- المشاركات
- 354
- مستوى التفاعل
- 30
- النقاط
- 430
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:03 ص, on 30/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B87D9F44-E2B4-4DB9-A3D6-BA5D27A962DE}: NameServer = 84.235.7.58 84.235.6.58
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 8647 bytes
Scan saved at 12:06:03 ص, on 30/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B87D9F44-E2B4-4DB9-A3D6-BA5D27A962DE}: NameServer = 84.235.7.58 84.235.6.58
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 8647 bytes
تأييد
0
fahad-1984
زيزوومى متألق
- إنضم
- 17 مايو 2008
- المشاركات
- 354
- مستوى التفاعل
- 30
- النقاط
- 430
غير متصل
تم الرفع
تأييد
0
fahad-1984
زيزوومى متألق
- إنضم
- 17 مايو 2008
- المشاركات
- 354
- مستوى التفاعل
- 30
- النقاط
- 430
غير متصل
تأييد
0
KoNaMi
زيزوومى فضى
غير متصل
المعذرة على التأخير يالغلاا
اعمل الاتي
اعمل الاتي
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
توقيع : KoNaMi
تأييد
0
fahad-1984
زيزوومى متألق
- إنضم
- 17 مايو 2008
- المشاركات
- 354
- مستوى التفاعل
- 30
- النقاط
- 430
غير متصل
ComboFix 09-07-29.04 - cpu 07/31/2009 19:08.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1256.966.1025.18.2006.1172 [GMT 3:00]
Running from: c:\users\cpu\Documents\Downloads\Programs\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 16:40 . 2009-07-31 16:42 -------- d-----w- c:\users\cpu\AppData\Local\temp
2009-07-30 15:09 . 2009-07-30 15:09 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\USBVaccine_470\USBVaccine.exe
2009-07-30 15:09 . 2009-07-30 15:09 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\USBVaccine_469\USBVaccine.exe
2009-07-29 04:15 . 2009-07-29 04:19 9662 ----a-r- c:\users\cpu\AppData\Roaming\Microsoft\Installer\{A2AEEA94-F4E1-4D63-82E9-964FF50B6B7F}\_74AAEE50B03B7204B4C35B.exe
2009-07-29 04:15 . 2009-07-29 04:19 9662 ----a-r- c:\users\cpu\AppData\Roaming\Microsoft\Installer\{A2AEEA94-F4E1-4D63-82E9-964FF50B6B7F}\_14BC531F117C8FB8A545A6.exe
2009-07-29 04:15 . 2009-07-29 04:19 3638 ----a-r- c:\users\cpu\AppData\Roaming\Microsoft\Installer\{A2AEEA94-F4E1-4D63-82E9-964FF50B6B7F}\_A5925C1803D8C5277D60D6.exe
2009-07-29 04:15 . 2009-07-29 04:18 -------- d-----w- C:\Mostashary
2009-07-29 04:15 . 2009-07-29 04:15 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2009-07-28 16:04 . 2009-07-28 16:04 687104 ----a-w- c:\windows\is-PJ215.exe
2009-07-28 09:13 . 2009-07-28 09:13 -------- d-----w- c:\users\cpu\AppData\Roaming\Malwarebytes
2009-07-28 09:12 . 2009-07-30 10:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 10:58 . 2009-07-26 10:58 -------- d-----w- c:\program files\GlobFX
2009-07-26 03:13 . 2009-07-26 03:13 198064 ----a-w- c:\users\cpu\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-26 03:11 . 2009-07-26 03:11 -------- d-----w- c:\program files\Internet Download Manager
2009-07-23 23:54 . 2009-07-30 10:25 -------- d-----w- c:\program files\USB Disk Security
2009-07-21 11:35 . 2009-07-21 11:35 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmifw.exe
2009-07-21 11:35 . 2009-07-21 11:35 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmiav.exe
2009-07-21 11:34 . 2009-07-21 11:34 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmias.exe
2009-07-21 02:53 . 2009-07-31 00:24 -------- d-----w- c:\program files\Common Files\delet
2009-07-20 15:12 . 2009-07-20 15:12 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\Zyzoom_kis2010_9.0.0.463AR_442\Zyzoom_kis2010_9.0.0.463AR.exe
2009-07-20 15:12 . 2009-07-20 15:12 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\Zyzoom_kis2010_9.0.0.463AR_441\Zyzoom_kis2010_9.0.0.463AR.exe
2009-07-20 15:09 . 2009-07-20 15:09 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\Zyzoom_kis2010_9.0.0.463AR_440\Zyzoom_kis2010_9.0.0.463AR.exe
2009-07-19 10:01 . 2009-07-19 13:29 -------- d-----w- c:\program files\Clean Disk Security
2009-07-16 02:26 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 02:26 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 02:26 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-16 02:26 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 21:59 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-14 21:59 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-13 13:20 . 2009-07-13 13:22 -------- d-----w- c:\users\cpu\AppData\Roaming\Desktopicon
2009-07-13 13:20 . 2009-07-13 13:20 -------- d-----w- c:\program files\FreeTime
2009-07-11 15:51 . 2009-07-28 09:12 -------- d-----w- c:\programdata\Malwarebytes
2009-07-10 06:39 . 2007-09-18 09:25 114688 ----a-w- c:\windows\system32\BTCamVideoSource.dll
2009-07-10 06:39 . 2009-07-10 06:39 -------- d-----w- c:\program files\Mobiola Remote Control
2009-07-10 01:25 . 2009-07-02 17:21 3561744 ----a-w- c:\programdata\Malwarebytes\setup\mbam-setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 15:59 . 2009-06-12 13:08 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-31 15:55 . 2009-06-12 13:08 696352 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-31 15:55 . 2009-06-12 13:08 4508 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-31 15:55 . 2009-06-12 13:08 3885088 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-31 15:55 . 2009-06-12 13:08 32480 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-31 15:55 . 2009-03-05 08:02 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-31 14:37 . 2009-04-10 16:22 -------- d-----w- c:\users\cpu\AppData\Roaming\DMCache
2009-07-29 14:49 . 2009-07-22 22:57 -------- d-----w- c:\users\cpu\AppData\Roaming\zyzcleaner
2009-07-26 03:13 . 2009-04-10 16:22 -------- d-----w- c:\users\cpu\AppData\Roaming\IDM
2009-07-24 13:23 . 2009-03-05 07:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 11:34 . 2009-06-12 13:36 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-17 05:36 . 2009-03-29 18:38 -------- d-----w- c:\programdata\Microsoft Help
2009-07-12 05:38 . 2009-06-27 05:24 -------- d-----w- c:\users\cpu\AppData\Roaming\MessengerDiscovery 2
2009-07-03 16:51 . 2009-06-29 15:20 -------- d-----w- c:\users\cpu\AppData\Roaming\Orbit
2009-06-29 16:49 . 2009-06-29 16:49 -------- d-----w- c:\program files\Recuva
2009-06-29 16:49 . 2009-06-29 16:49 -------- d-----w- c:\users\cpu\AppData\Roaming\Yahoo!
2009-06-29 15:20 . 2009-06-29 15:20 -------- d-----w- c:\users\cpu\AppData\Roaming\GrabPro
2009-06-29 15:20 . 2009-03-29 19:47 6080 ----a-w- c:\users\cpu\AppData\Local\d3d9caps.dat
2009-06-29 15:02 . 2009-04-16 22:41 -------- d-----w- c:\users\cpu\AppData\Roaming\Thinstall
2009-06-28 23:57 . 2009-06-28 23:57 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\winzip120_366\winzip120.exe
2009-06-28 23:56 . 2009-06-28 23:56 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\winzip120_365\winzip120.exe
2009-06-28 23:54 . 2009-06-28 23:54 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\winzip120_364\winzip120.exe
2009-06-28 23:53 . 2009-06-28 23:53 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\winzip120_363\winzip120.exe
2009-06-19 10:19 . 2009-06-17 17:02 -------- d-----w- c:\program files\Flash Memory Toolkit
2009-06-12 13:36 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-12 13:36 . 2009-06-12 13:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-12 13:36 . 2009-06-12 13:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-12 13:36 . 2009-06-12 13:36 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-12 13:36 . 2009-06-12 13:36 239120 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista\klif.sys
2009-06-12 13:08 . 2009-06-12 13:08 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-12 13:04 . 2009-06-12 13:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-12 12:48 . 2009-03-31 12:14 -------- d-----w- c:\programdata\Avira
2009-06-02 12:01 . 2009-03-29 19:23 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-30 18:00 . 2009-07-22 22:57 625485 ----a-w- c:\users\cpu\AppData\Roaming\zyzcleaner\run.exe
2009-05-30 07:14 . 2009-05-30 07:14 28672 ----a-w- c:\windows\ClearMyData.dll
2009-05-08 17:56 . 2009-05-08 17:56 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-03-05 23:04 . 2009-03-05 22:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-07-31_15.33.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-31 16:00 57182 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 01:58 . 2009-07-31 14:42 57182 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-31 16:00 98612 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-29 18:12 . 2009-07-31 14:43 14212 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1395873063-611203932-3907430871-1000_UserData.bin
+ 2009-03-29 18:12 . 2009-07-31 16:00 14212 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1395873063-611203932-3907430871-1000_UserData.bin
+ 2009-03-29 18:05 . 2009-07-31 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-29 18:05 . 2009-07-31 14:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-29 18:05 . 2009-07-31 14:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-29 18:05 . 2009-07-31 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-29 18:05 . 2009-07-31 14:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-29 18:05 . 2009-07-31 16:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-31 14:40 . 2009-07-31 14:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-31 15:56 . 2009-07-31 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-31 15:56 . 2009-07-31 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-31 14:40 . 2009-07-31 14:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-05 08:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^سرعة تشغيل Adobe Reader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\سرعة تشغيل Adobe Reader.lnk
backup=c:\windows\pss\سرعة تشغيل Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^cpu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mobiola Remote Control.lnk]
path=c:\users\cpu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mobiola Remote Control.lnk
backup=c:\windows\pss\Mobiola Remote Control.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^cpu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\cpu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BA78CAE0-C1BA-4725-988B-ABC4AA70E240}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{317E9259-5311-45E8-96D5-16AFCF0BA83E}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{FD3DE603-5F78-4988-8E4D-BAC1FBEFD71D}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{1B84C6B4-9714-4E12-92CA-92AAB62EB882}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{A933D498-CF31-4CFB-8545-0408F1A77680}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DA3654E3-5F44-42D9-BC7A-FE0558DBF384}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F2484437-0094-4044-8A64-0B4D53D8966B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A5DB6222-E788-4598-BC09-313C07E62E48}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3B2743B2-F3DB-429C-BFF9-CCEC4011B74A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DF7B98D9-3749-42DF-8ED0-AE525FDE266E}"= UDP:80:HTTP
"TCP Query User{F3C16A32-AE09-4F28-8CD7-2F5D5DD20863}c:\\program files\\abcontrol\\abclient.exe"= UDP:c:\program files\abcontrol\abclient.exe:ABClient Application
"UDP Query User{82B35DFA-DC47-4BB5-8FB1-D63EAABBD3AA}c:\\program files\\abcontrol\\abclient.exe"= TCP:c:\program files\abcontrol\abclient.exe:ABClient Application
"TCP Query User{C464B1E7-2E6B-45D8-A305-B178BA025C56}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{8D89C7B2-E0A3-467A-9001-5B49F18BC57E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 05:28 م 20496]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [06/03/2009 02:23 ص 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [06/03/2009 02:23 ص 212992]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [05/03/2009 10:59 ص 29736]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\System32\drivers\cmnsusbser.sys [26/05/2009 02:18 م 103424]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\System32\drivers\facap.sys [24/09/2008 02:36 م 232832]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\System32\drivers\OA008Ufd.sys [06/03/2009 02:23 ص 144672]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\System32\drivers\OA008Vid.sys [06/03/2009 02:23 ص 269536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-31 19:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ani"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cur"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djvu"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.eps"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iff"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1395873063-611203932-3907430871-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.lbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcd"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcx"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pgm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1395873063-611203932-3907430871-1000)
"Progid"="ACDSee 9.0.png"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ppm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psd"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psp"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ras"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raw"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgb"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sgi"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.srf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbmp"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xpm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000_Classes\CLSID\{517d66a0-2582-4155-9769-4658292a0887}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b3
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,28,5f,03,8a,17,f3,8f,ea,d4,bf,31,12,7c,76,\
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a8,48,91,c2,0b,09,77,c5,b3,9e,8a,46,05,12,2c,75,a4,30,f4,7c,6a,
c5,3a,5d,1a,41,60,6f,26,c0,65,a2,59,d1,a7,a0,dc,2c,41,30,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-31 19:54
ComboFix-quarantined-files.txt 2009-07-31 16:54
ComboFix2.txt 2009-07-31 15:47
Pre-Run: 215,603,302,400 bytes free
Post-Run: 215,542,374,400 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
513 --- E O F --- 2009-07-30 00:02
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1256.966.1025.18.2006.1172 [GMT 3:00]
Running from: c:\users\cpu\Documents\Downloads\Programs\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 16:40 . 2009-07-31 16:42 -------- d-----w- c:\users\cpu\AppData\Local\temp
2009-07-30 15:09 . 2009-07-30 15:09 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\USBVaccine_470\USBVaccine.exe
2009-07-30 15:09 . 2009-07-30 15:09 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\USBVaccine_469\USBVaccine.exe
2009-07-29 04:15 . 2009-07-29 04:19 9662 ----a-r- c:\users\cpu\AppData\Roaming\Microsoft\Installer\{A2AEEA94-F4E1-4D63-82E9-964FF50B6B7F}\_74AAEE50B03B7204B4C35B.exe
2009-07-29 04:15 . 2009-07-29 04:19 9662 ----a-r- c:\users\cpu\AppData\Roaming\Microsoft\Installer\{A2AEEA94-F4E1-4D63-82E9-964FF50B6B7F}\_14BC531F117C8FB8A545A6.exe
2009-07-29 04:15 . 2009-07-29 04:19 3638 ----a-r- c:\users\cpu\AppData\Roaming\Microsoft\Installer\{A2AEEA94-F4E1-4D63-82E9-964FF50B6B7F}\_A5925C1803D8C5277D60D6.exe
2009-07-29 04:15 . 2009-07-29 04:18 -------- d-----w- C:\Mostashary
2009-07-29 04:15 . 2009-07-29 04:15 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2009-07-28 16:04 . 2009-07-28 16:04 687104 ----a-w- c:\windows\is-PJ215.exe
2009-07-28 09:13 . 2009-07-28 09:13 -------- d-----w- c:\users\cpu\AppData\Roaming\Malwarebytes
2009-07-28 09:12 . 2009-07-30 10:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 10:58 . 2009-07-26 10:58 -------- d-----w- c:\program files\GlobFX
2009-07-26 03:13 . 2009-07-26 03:13 198064 ----a-w- c:\users\cpu\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-26 03:11 . 2009-07-26 03:11 -------- d-----w- c:\program files\Internet Download Manager
2009-07-23 23:54 . 2009-07-30 10:25 -------- d-----w- c:\program files\USB Disk Security
2009-07-21 11:35 . 2009-07-21 11:35 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmifw.exe
2009-07-21 11:35 . 2009-07-21 11:35 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmiav.exe
2009-07-21 11:34 . 2009-07-21 11:34 12888 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\wmias.exe
2009-07-21 02:53 . 2009-07-31 00:24 -------- d-----w- c:\program files\Common Files\delet
2009-07-20 15:12 . 2009-07-20 15:12 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\Zyzoom_kis2010_9.0.0.463AR_442\Zyzoom_kis2010_9.0.0.463AR.exe
2009-07-20 15:12 . 2009-07-20 15:12 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\Zyzoom_kis2010_9.0.0.463AR_441\Zyzoom_kis2010_9.0.0.463AR.exe
2009-07-20 15:09 . 2009-07-20 15:09 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\Zyzoom_kis2010_9.0.0.463AR_440\Zyzoom_kis2010_9.0.0.463AR.exe
2009-07-19 10:01 . 2009-07-19 13:29 -------- d-----w- c:\program files\Clean Disk Security
2009-07-16 02:26 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 02:26 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 02:26 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-16 02:26 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 21:59 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-14 21:59 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-13 13:20 . 2009-07-13 13:22 -------- d-----w- c:\users\cpu\AppData\Roaming\Desktopicon
2009-07-13 13:20 . 2009-07-13 13:20 -------- d-----w- c:\program files\FreeTime
2009-07-11 15:51 . 2009-07-28 09:12 -------- d-----w- c:\programdata\Malwarebytes
2009-07-10 06:39 . 2007-09-18 09:25 114688 ----a-w- c:\windows\system32\BTCamVideoSource.dll
2009-07-10 06:39 . 2009-07-10 06:39 -------- d-----w- c:\program files\Mobiola Remote Control
2009-07-10 01:25 . 2009-07-02 17:21 3561744 ----a-w- c:\programdata\Malwarebytes\setup\mbam-setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 15:59 . 2009-06-12 13:08 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-31 15:55 . 2009-06-12 13:08 696352 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-31 15:55 . 2009-06-12 13:08 4508 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-31 15:55 . 2009-06-12 13:08 3885088 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-31 15:55 . 2009-06-12 13:08 32480 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-31 15:55 . 2009-03-05 08:02 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-31 14:37 . 2009-04-10 16:22 -------- d-----w- c:\users\cpu\AppData\Roaming\DMCache
2009-07-29 14:49 . 2009-07-22 22:57 -------- d-----w- c:\users\cpu\AppData\Roaming\zyzcleaner
2009-07-26 03:13 . 2009-04-10 16:22 -------- d-----w- c:\users\cpu\AppData\Roaming\IDM
2009-07-24 13:23 . 2009-03-05 07:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 11:34 . 2009-06-12 13:36 208616 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-17 05:36 . 2009-03-29 18:38 -------- d-----w- c:\programdata\Microsoft Help
2009-07-12 05:38 . 2009-06-27 05:24 -------- d-----w- c:\users\cpu\AppData\Roaming\MessengerDiscovery 2
2009-07-03 16:51 . 2009-06-29 15:20 -------- d-----w- c:\users\cpu\AppData\Roaming\Orbit
2009-06-29 16:49 . 2009-06-29 16:49 -------- d-----w- c:\program files\Recuva
2009-06-29 16:49 . 2009-06-29 16:49 -------- d-----w- c:\users\cpu\AppData\Roaming\Yahoo!
2009-06-29 15:20 . 2009-06-29 15:20 -------- d-----w- c:\users\cpu\AppData\Roaming\GrabPro
2009-06-29 15:20 . 2009-03-29 19:47 6080 ----a-w- c:\users\cpu\AppData\Local\d3d9caps.dat
2009-06-29 15:02 . 2009-04-16 22:41 -------- d-----w- c:\users\cpu\AppData\Roaming\Thinstall
2009-06-28 23:57 . 2009-06-28 23:57 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\winzip120_366\winzip120.exe
2009-06-28 23:56 . 2009-06-28 23:56 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\winzip120_365\winzip120.exe
2009-06-28 23:54 . 2009-06-28 23:54 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\winzip120_364\winzip120.exe
2009-06-28 23:53 . 2009-06-28 23:53 0 ----a-w- c:\users\cpu\AppData\Roaming\IDM\DwnlData\cpu\winzip120_363\winzip120.exe
2009-06-19 10:19 . 2009-06-17 17:02 -------- d-----w- c:\program files\Flash Memory Toolkit
2009-06-12 13:36 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-12 13:36 . 2009-06-12 13:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-12 13:36 . 2009-06-12 13:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-12 13:36 . 2009-06-12 13:36 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-12 13:36 . 2009-06-12 13:36 239120 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista\klif.sys
2009-06-12 13:08 . 2009-06-12 13:08 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-12 13:04 . 2009-06-12 13:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-12 12:48 . 2009-03-31 12:14 -------- d-----w- c:\programdata\Avira
2009-06-02 12:01 . 2009-03-29 19:23 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-30 18:00 . 2009-07-22 22:57 625485 ----a-w- c:\users\cpu\AppData\Roaming\zyzcleaner\run.exe
2009-05-30 07:14 . 2009-05-30 07:14 28672 ----a-w- c:\windows\ClearMyData.dll
2009-05-08 17:56 . 2009-05-08 17:56 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-03-05 23:04 . 2009-03-05 22:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-07-31_15.33.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-31 16:00 57182 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 01:58 . 2009-07-31 14:42 57182 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-31 16:00 98612 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-29 18:12 . 2009-07-31 14:43 14212 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1395873063-611203932-3907430871-1000_UserData.bin
+ 2009-03-29 18:12 . 2009-07-31 16:00 14212 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1395873063-611203932-3907430871-1000_UserData.bin
+ 2009-03-29 18:05 . 2009-07-31 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-29 18:05 . 2009-07-31 14:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-29 18:05 . 2009-07-31 14:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-29 18:05 . 2009-07-31 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-29 18:05 . 2009-07-31 14:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-29 18:05 . 2009-07-31 16:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-31 14:40 . 2009-07-31 14:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-31 15:56 . 2009-07-31 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-31 15:56 . 2009-07-31 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-31 14:40 . 2009-07-31 14:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-05 08:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^سرعة تشغيل Adobe Reader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\سرعة تشغيل Adobe Reader.lnk
backup=c:\windows\pss\سرعة تشغيل Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^cpu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mobiola Remote Control.lnk]
path=c:\users\cpu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mobiola Remote Control.lnk
backup=c:\windows\pss\Mobiola Remote Control.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^cpu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\cpu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BA78CAE0-C1BA-4725-988B-ABC4AA70E240}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{317E9259-5311-45E8-96D5-16AFCF0BA83E}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{FD3DE603-5F78-4988-8E4D-BAC1FBEFD71D}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{1B84C6B4-9714-4E12-92CA-92AAB62EB882}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{A933D498-CF31-4CFB-8545-0408F1A77680}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DA3654E3-5F44-42D9-BC7A-FE0558DBF384}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F2484437-0094-4044-8A64-0B4D53D8966B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A5DB6222-E788-4598-BC09-313C07E62E48}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3B2743B2-F3DB-429C-BFF9-CCEC4011B74A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DF7B98D9-3749-42DF-8ED0-AE525FDE266E}"= UDP:80:HTTP
"TCP Query User{F3C16A32-AE09-4F28-8CD7-2F5D5DD20863}c:\\program files\\abcontrol\\abclient.exe"= UDP:c:\program files\abcontrol\abclient.exe:ABClient Application
"UDP Query User{82B35DFA-DC47-4BB5-8FB1-D63EAABBD3AA}c:\\program files\\abcontrol\\abclient.exe"= TCP:c:\program files\abcontrol\abclient.exe:ABClient Application
"TCP Query User{C464B1E7-2E6B-45D8-A305-B178BA025C56}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{8D89C7B2-E0A3-467A-9001-5B49F18BC57E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 05:28 م 20496]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [06/03/2009 02:23 ص 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [06/03/2009 02:23 ص 212992]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [05/03/2009 10:59 ص 29736]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\System32\drivers\cmnsusbser.sys [26/05/2009 02:18 م 103424]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\System32\drivers\facap.sys [24/09/2008 02:36 م 232832]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\System32\drivers\OA008Ufd.sys [06/03/2009 02:23 ص 144672]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\System32\drivers\OA008Vid.sys [06/03/2009 02:23 ص 269536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-31 19:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ani"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cur"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djvu"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.eps"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iff"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1395873063-611203932-3907430871-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.lbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcd"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcx"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pgm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1395873063-611203932-3907430871-1000)
"Progid"="ACDSee 9.0.png"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ppm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psd"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psp"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ras"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raw"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgb"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sgi"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.srf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbmp"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xbm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xpm"
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000_Classes\CLSID\{517d66a0-2582-4155-9769-4658292a0887}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b3
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,28,5f,03,8a,17,f3,8f,ea,d4,bf,31,12,7c,76,\
[HKEY_USERS\S-1-5-21-1395873063-611203932-3907430871-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a8,48,91,c2,0b,09,77,c5,b3,9e,8a,46,05,12,2c,75,a4,30,f4,7c,6a,
c5,3a,5d,1a,41,60,6f,26,c0,65,a2,59,d1,a7,a0,dc,2c,41,30,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-31 19:54
ComboFix-quarantined-files.txt 2009-07-31 16:54
ComboFix2.txt 2009-07-31 15:47
Pre-Run: 215,603,302,400 bytes free
Post-Run: 215,542,374,400 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
513 --- E O F --- 2009-07-30 00:02
تأييد
0
fahad-1984
زيزوومى متألق
- إنضم
- 17 مايو 2008
- المشاركات
- 354
- مستوى التفاعل
- 30
- النقاط
- 430
غير متصل
يعطيك العافيه استفار يوجد مشاركه سابقه وقمت برفع تقرير
HijackThisونصحوني بحذف هذة القيمه
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
عند حذف هذة القيمه يصبح الجهاز سريع لاكن عن ايقاف تشغيل الجهاز وتشغيله ترجع ويعلق الجهاز وعند الحذف يصبح سريع
HijackThisونصحوني بحذف هذة القيمه
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
عند حذف هذة القيمه يصبح الجهاز سريع لاكن عن ايقاف تشغيل الجهاز وتشغيله ترجع ويعلق الجهاز وعند الحذف يصبح سريع
تأييد
0