أنت تستخدم أحد المتصفحات القديمة. قد لا يتم عرض هذا الموقع أو المواقع الأخرى بشكل صحيح.
يجب عليك ترقية متصفحك أو استخدام
أحد المتصفحات البديلة.
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
السلام عليكم ورحمة الله وبركاته
اسعد الله اوقاتكم بالخيرجميعا
لدي مشكله في المسنجر وهي عدم القدرة في بدء محادثه مع جميع جهات الإتصال الموجوده ,
وتقريبا لها 14 يوم وعند النقر المزدوج على جهة الاتصال تظهر رسالة كما هو موضح بالصورهـ
V
كذلك عدم القدرة على بدء اي نشاط مثل .. الالعاب والمحادثات وارسال اشكال او رموز صوتية .
قمت بحذف المسنجر بالكامل وتنصيبه مره اخرى لكن دون جدوى .ارجوا منكم اعزائي ايجاد حل
لهذه المشكله التي حلّت عليّ .. وصعب اني اعمل فورمات للجهاز حاليــاً ..
خالص ودي للجميع
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
وعليكم السلاام ورحمة الله وبركاته
حمل البرنامج
ثبت البرنامج ثم
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> قم بحفظه
التعديل الأخير بواسطة المشرف:
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
اعيد تثبيت الماسنجر يمكن يكون برنامج مساعد للماسنجر احذفة ..
حدث الجهاز من التحديثات التلقائية .. جرب اداوات اصلاح الماسنجر في مية حل ..
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
صباحكم ورد وياسمين
تسلم يامشرفنا على ردك والبرنامج
تم تحميل البرنامج وحفظ التقرير وارساله لك
بارك الله فيك
الجنتـــــل
قمت بحذف المسنجر عدة مرات ولكن دون جدوى
نورت الصفحه بحضورك وافكارك
الله لايحرمنا منك
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
ياعزيزي حفظت التقرير ولكن كيف ارسله لك ؟
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
انسخ أخوي الي في ملف المفكرة .. والصقه في ردك القادم
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:43 ص, on 05/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbappHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\مراقب الاجهزة24.exe
C:\WINDOWS\system32\sagermsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerDVD] "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" /autostart
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504780} (BMC Control) -
O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{62673422-5E49-4A0F-9B8B-8F30221DAC02}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7408 bytes
شاكر لك جهدك ومتابعتك يالغالي
احس ان الجهاز رايح فيها
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
شكل جهازك مصاب يالغالي .. لااهنت طبق التالي :
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
التعديل الأخير بواسطة المشرف:
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
هذا التقرير يامشرفنا العزيز
ComboFix 09-08-04.02 - User 08/05/2009 3:54.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.495.165 [GMT 3:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Favorites\Stars.net.sa . . ..url
c:\documents and settings\User\Favorites\مــــدونـــــة .?. ولـــيــــــــــد.url
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.3.0.790\Data\config.md
c:\program files\Media Access Startup\1.3.0.790\FF\chrome.manifest
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.3.0.790\FF\install.rdf
c:\program files\Media Access Startup\1.3.0.790\HPCommon.dll
c:\program files\Media Access Startup\1.3.0.790\hppx.exe
c:\program files\Media Access Startup\1.3.0.790\MAHelper.exe
c:\program files\Media Access Startup\1.3.0.790\unins000.dat
c:\program files\Media Access Startup\1.3.0.790\unins000.exe
c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
c:\windows\Installer\137d41c5.msp
c:\windows\Installer\282fd5d.msi
c:\windows\Installer\29e61ca.msp
c:\windows\Installer\322c721.msp
c:\windows\Installer\45db81.msp
c:\windows\Installer\4750b70.msp
c:\windows\Installer\4db1322.msp
c:\windows\Installer\509dfba.msp
c:\windows\Installer\51ddb9.msp
c:\windows\system\oeminfo.ini
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\WgaLogon.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_tcpsr
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.
2009-08-04 06:53 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-04 06:53 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-04 06:53 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-04 06:53 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-04 06:53 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-04 06:52 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-04 06:52 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-04 06:52 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-04 06:52 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-04 06:38 . 1999-12-09 09:19 147456 ----a-w- c:\windows\system32\vbzip10.dll
2009-08-04 05:47 . 2009-08-04 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-04 05:46 . 2009-08-04 05:46 -------- d-----w- c:\program files\AVG
2009-08-04 05:46 . 2009-08-04 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-22 04:38 . 2009-07-22 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-22 04:30 . 2009-07-22 04:30 -------- d-----w- c:\program files\Circle Developemen
2009-07-22 04:30 . 2009-07-22 04:30 -------- d-----w- c:\program files\Windows Live
2009-07-22 04:30 . 2009-07-22 04:30 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-20 09:46 . 2009-07-20 09:46 -------- d-sh--w- C:\FOUND.053
2009-07-19 21:37 . 2009-07-19 21:37 -------- d-----w- c:\program files\Advanced JPEG Compressor
2009-07-19 13:32 . 2009-07-19 13:33 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 22:07 . 2009-07-17 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-17 22:05 . 2009-07-17 22:05 23558 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{57430A5A-0F17-49B9-B192-C6301260E93C}\_294823.exe
2009-07-17 22:05 . 2009-07-17 22:05 23558 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{57430A5A-0F17-49B9-B192-C6301260E93C}\_18be6784.exe
2009-07-17 22:05 . 2009-07-17 22:05 -------- d-----w- c:\program files\الحاسبة المتطورة لـ Microsoft
2009-07-16 03:54 . 2009-07-16 03:55 -------- d-----w- c:\documents and settings\User\DoctorWeb
2009-07-16 02:37 . 2009-07-16 06:09 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-16 02:01 . 2009-07-16 02:01 -------- d-----w- c:\program files\Trend Micro
2009-07-15 19:06 . 2009-07-15 19:06 -------- d-sh--w- C:\FOUND.052
2009-07-13 04:38 . 2009-07-13 04:38 -------- d-----w- c:\documents and settings\User\Application Data\AdobeUM
2009-07-13 04:37 . 2009-07-13 04:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Adobe
2009-07-13 04:35 . 2009-07-13 04:35 -------- d-----w- c:\windows\Cache
2009-07-12 23:06 . 2009-07-12 23:06 -------- d-----w- C:\ALRASSAM
2009-07-12 12:24 . 2009-07-12 12:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Media Access Startup
2009-07-12 12:24 . 2009-07-12 12:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Internet Saving Optimizer
2009-07-11 01:19 . 2009-07-11 01:20 2927168 ----a-w- c:\documents and settings\User\Application Data\IDM\idmupdt.exe
2009-07-09 20:00 . 2009-07-09 20:00 -------- d-----w- c:\program files\AskPBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 00:53 . 2006-12-13 19:20 19505152 ----a-w- c:\windows\sys101win.dll
2009-07-16 06:09 . 2009-07-16 02:37 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-15 00:34 . 2007-05-21 04:00 16359424 ----a-w- c:\windows\back00.dll
2009-07-13 00:02 . 2008-07-02 08:31 110312 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-12 12:24 . 2009-07-12 12:23 593053 ----a-w- c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-07-01 21:23 . 2009-07-01 21:23 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-30 00:10 . 2008-07-10 03:53 230432 ----a-w- C:\StiImg.dat
2009-06-29 16:12 . 2004-08-04 05:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 05:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 05:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-23 22:30 . 2009-06-23 22:30 -------- d-----w- c:\program files\iVocalize Web Conference 4
2009-06-16 14:36 . 2004-08-04 05:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 18:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2004-08-04 05:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 05:46 . 2009-05-31 05:45 390664 ----a-w- c:\documents and settings\User\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-07 15:32 . 2004-08-04 05:56 345600 ----a-w- c:\windows\system32\localspl.dll
.
------- Sigcheck -------
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[-] 2004-08-04 05:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2004-08-04 05:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[-] 2004-08-04 05:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-04 04:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[-] 2004-08-04 05:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 04:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 04:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2004-08-04 05:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[-] 2004-08-04 05:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[-] 2004-08-04 05:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[-] 2004-08-04 05:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[-] 2004-08-04 05:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[-] 2004-08-04 08:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[-] 2004-08-04 05:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[-] 2004-08-04 05:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[-] 2004-08-04 05:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 03:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\system32\comres.dll
[-] 2004-08-04 05:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\system32\lpk.dll
[-] 2004-08-04 05:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2001-08-23 18:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys
[-] 2001-08-23 18:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 19:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\system32\mfc40u.dll
[-] 2001-08-23 18:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:12 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\system32\msgsvc.dll
[-] 2004-08-04 05:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 00:12 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\system32\comctl32.dll
[-] 2004-08-04 05:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2001-08-23 18:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2006-08-25 05:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-04 05:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2001-08-23 18:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\system32\sfc.dll
[-] 2004-08-04 05:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\system32\netlogon.dll
[-] 2004-08-04 05:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\system32\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 08:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 04:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2004-08-04 04:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\system32\srsvc.dll
[-] 2004-08-04 08:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\system32\wscntfy.exe
[-] 2004-08-04 05:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 05:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\system32\rasauto.dll
[-] 2004-08-04 05:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 05:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe" [2009-07-07 606488]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-02 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-15 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system004.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/08/2009 09:52 ص 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/08/2009 09:53 ص 20560]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [08/04/2005 10:46 ص 162176]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner.exe
HKCU-Run-PowerDVD - c:\program files\CyberLink\PowerDVD\PowerDVD.exe
Notify-NavLogon - (no file)
SafeBoot-ati0gvxx.sys
SafeBoot-ati1ffxx.sys
SafeBoot-ati1hhxx.sys
SafeBoot-ati1joxx.sys
SafeBoot-ati2sxxx.sys
SafeBoot-ati5wmxx.sys
SafeBoot-ati6jyxx.sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 192.168.1.1:8080
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
TCP: {62673422-5E49-4A0F-9B8B-8F30221DAC02} = 192.168.1.254
DPF: Microsoft XML Parser for Java -
DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} - hxxp://voice.swwsww.com/imscp/talkc38.cab
DPF: {7253A666-804A-1107-A4DC-00E04C504780} - hxxp://208.101.21.192/bmc.cab
DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} - hxxp://lan.emkanat.com/cp/files/talk3.cab
DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} - hxxp://75.126.240.58/imscp/talka.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.228.197.18:1999/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.125/imscp/talks3n.cab
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-08-05 04:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):92,1e,b5,98,db,cb,53,90,22,4d,03,ee,dc,28,58,08,66,fc,ed,68,ab,
f3,ca,f5,0f,56,17,84,c3,bc,1c,51,d5,7f,ef,e8,4c,3e,42,e3,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{95a499d6-9c82-4303-aa8e-422869a244bb}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d4
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1984)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1025\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1025\OWCI11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Completion time: 2009-08-05 4:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 01:03
Pre-Run: 17,389,912,064 bytes free
Post-Run: 18,360,041,472 bytes free
388 --- E O F --- 2009-08-05 00:00
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
الحمد لله حذفت الأداة بعض الفايروسات الي في جهازك
الآن طبق التالي بالترتيب :
حمل الأداة التالية :
اداة System Repair Engineer لتصفير اعدادات مسجل النظام
الحجم : 2.1 ميقابايت
التوافق : ويندوز فيستا & ويندوز اكسبي
ثم طبق التالي :
حمل اداة الكاسبر من الرابط التالي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم قم بضغط التقرير ورفعه هنا>>>>
بـ انتظار تقرير الكاسبر
التعديل الأخير بواسطة المشرف:
