المشاكل بشرح الصور >ظهور ملفات غريبة>

سماء المحبة · 6 أغسطس 2009

السلام عليكم

وهذي بعد

وشكرا لكم

وأراجو الافادة

أستخدم كاسبر سكيورتي 2010 للعلم

سماء المحبة · 6 أغسطس 2009

للعلم الجهاز بطيء جدا جدا أرجووو الاإفادة

shaded · 6 أغسطس 2009

وعليكم السلام ورحممة الله .. حل المشكلة الاولى ..

ابدا ---- لوحة التحكم --- خيارات المجلد ---- عرض --- استعادة الافتراضيات --- تطبيق --- موافق ..

اما الملفات اللي في القرص d اعتقد انها ملفات الريكفري للجهاز .. ماانصحك بحذفها ..

ثانيا ..

حملي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم

سماء المحبة · 6 أغسطس 2009

ممكن شرح بالانجليزي لاب توب إنجليزي أو بصور أسف

shaded · 6 أغسطس 2009

سماء المحبة قال:
ممكن شرح بالانجليزي لاب توب إنجليزي أو بصور أسف

Start ---- contrlo panel ----- folder option ----- view ------ restore defaults

سماء المحبة · 6 أغسطس 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:14:03 م, on 06/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\TTMessenger\spool\PDFSaver.exe
C:\Program Files\TTMessenger\ttmessenger2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Downloads\Software\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.squ.edu.om:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NtrigApplet] C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [TTMessengerPDF] "C:\Program Files\TTMessenger\spool\PDFSaver.exe"
O4 - HKCU\..\Run: [TTMessenger] "C:\Program Files\TTMessenger\ttmessenger2.exe"
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\Free Download Manager\dllink.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
--
End of file - 14110 bytes

shaded · 6 أغسطس 2009

هاه هل انتهت مشكلة الملفات .؟؟

ثانيا ..

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

سماء المحبة · 6 أغسطس 2009

shaded قال:
Start ---- contrlo panel ----- folder option ----- view ------ restore defaults

لاب توب فيستا

shaded · 6 أغسطس 2009

اختار من على اليسار .. Classic view وتظهر لك ان شاء الله

سماء المحبة · 6 أغسطس 2009

وهذا بعد

ComboFix 09-08-04.04 - Noor 08/06/2009 16:43.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.968.1033.18.1788.1022 [GMT 4:00]
Running from: c:\users\Noor\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1603533787-1356425562-2703407415-500
c:\$recycle.bin\S-1-5-21-3957994511-1794872648-940375807-500
c:\windows\Installer\228ade.msi
c:\windows\Installer\256c7.msi
c:\windows\Installer\256cb.msi
c:\windows\Installer\256cf.msi
c:\windows\Installer\256d3.msi
c:\windows\Installer\256d7.msi
.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.
2009-08-06 12:51 . 2009-08-06 12:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-07-30 10:58 . 2009-07-30 10:58 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-30 10:58 . 2009-07-30 10:58 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-30 10:58 . 2009-07-30 10:58 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-30 10:58 . 2009-07-30 10:58 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-30 10:58 . 2009-07-30 10:58 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-30 10:57 . 2009-07-30 10:57 280592 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys
2009-07-30 10:57 . 2009-07-30 10:57 128016 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-30 10:57 . 2009-07-30 10:57 280592 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys
2009-07-30 10:57 . 2009-07-30 10:57 128016 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-30 10:47 . 2009-07-30 10:47 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-30 10:41 . 2009-07-30 10:41 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-30 10:41 . 2009-07-30 10:41 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-30 10:39 . 2009-08-06 10:30 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-30 10:39 . 2009-07-30 10:39 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-24 22:06 . 2009-07-24 22:06 -------- d-----w- C:\New Folder
2009-07-16 19:54 . 2003-11-15 18:27 118872 ----a-w- c:\windows\system32\PXC25uis.dll
2009-07-16 19:54 . 2003-09-14 23:36 390656 ----a-w- c:\windows\system32\pdfxclib.dll
2009-07-16 19:54 . 2003-08-15 20:15 109568 ----a-w- c:\windows\system32\pdfxcpro.dll
2009-07-16 19:54 . 2003-08-15 20:12 144896 ----a-w- c:\windows\system32\xc_parse.dll
2009-07-16 19:54 . 2003-07-31 15:02 8704 ----a-w- c:\windows\system32\pdfxcds.dll
2009-07-16 19:54 . 2003-05-18 15:37 157184 ----a-w- c:\windows\system32\img_xchg.dll
2009-07-16 19:54 . 2003-04-13 21:08 185344 ----a-w- c:\windows\system32\Img_cdx.dll
2009-07-16 19:54 . 2003-02-05 17:06 45142 ----a-w- c:\windows\system32\PXC25s.dll
2009-07-16 19:54 . 2002-12-27 15:33 20569 ----a-w- c:\windows\system32\PXC25pm.dll
2009-07-16 19:53 . 2009-07-16 19:54 -------- d-----w- c:\program files\TTMessenger
2009-07-16 19:37 . 2009-07-16 19:42 -------- d-----w- c:\program files\filehippo.com
2009-07-16 13:17 . 2009-07-16 13:17 -------- d-----w- c:\users\Noor\AppData\Roaming\Globe7
2009-07-16 13:16 . 2009-07-16 13:16 -------- d-----w- c:\program files\Globe7
2009-07-14 20:55 . 2009-07-14 20:55 7168 ----a-w- c:\windows\system32\drivers\uti0odm2.sys
2009-07-14 20:20 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 20:20 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 20:20 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 20:20 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 20:20 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 19:33 . 2009-07-14 22:22 6740000 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-14 19:04 . 2009-07-30 10:36 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 12:51 . 2009-05-27 06:54 -------- d-----w- c:\users\Noor\AppData\Roaming\Free Download Manager
2009-08-06 09:20 . 2008-12-26 09:31 4268 ----a-w- c:\windows\bthservsdp.dat
2009-08-02 21:18 . 2009-06-24 17:03 -------- d-----w- c:\users\Noor\AppData\Roaming\vlc
2009-08-02 09:59 . 2009-05-29 09:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 10:57 . 2009-05-24 11:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-26 15:15 . 2008-11-19 18:04 -------- d-----w- c:\program files\EasyBits For Kids
2009-07-24 21:55 . 2009-06-26 20:39 -------- d-----w- c:\users\Noor\AppData\Roaming\dvdcss
2009-07-21 21:52 . 2009-07-30 08:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 08:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 08:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 08:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 19:58 . 2009-05-25 15:39 164360 ----a-w- c:\users\Noor\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-14 22:22 . 2009-07-14 19:33 81104 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-14 21:09 . 2009-06-19 14:24 680 ----a-w- c:\users\Noor\AppData\Local\d3d9caps.dat
2009-07-14 20:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 20:44 . 2008-11-19 17:46 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 19:13 . 2008-11-19 16:57 -------- d-----w- c:\programdata\Norton
2009-07-09 09:18 . 2009-07-07 12:43 -------- dc-h--w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-07 12:45 . 2009-07-07 12:45 -------- d-----w- c:\users\Noor\AppData\Roaming\Uniblue
2009-06-29 05:01 . 2009-07-07 12:45 2568247 -c----w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-06-25 12:35 . 2009-06-25 12:35 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-25 12:35 . 2009-06-25 12:35 -------- d-----w- c:\program files\Common Files\Real
2009-06-25 12:35 . 2009-06-25 12:35 -------- d-----w- c:\program files\Real
2009-06-25 12:34 . 2009-06-25 12:34 -------- d-----w- c:\programdata\GRETECH
2009-06-25 12:34 . 2009-06-25 12:34 -------- d-----w- c:\users\Noor\AppData\Roaming\GRETECH
2009-06-25 12:33 . 2009-05-28 19:39 -------- d-----w- c:\program files\GRETECH
2009-06-24 16:20 . 2009-06-24 16:20 -------- d-----w- c:\program files\VideoLAN
2009-06-24 16:10 . 2009-06-24 16:10 -------- d-----w- c:\users\Noor\AppData\Roaming\URSoft
2009-06-23 17:45 . 2009-06-23 17:44 -------- d-----w- c:\program files\QuickTime
2009-06-23 17:44 . 2009-06-23 17:44 -------- d-----w- c:\programdata\Apple Computer
2009-06-23 17:42 . 2009-06-23 17:42 -------- d-----w- c:\program files\Apple Software Update
2009-06-23 17:42 . 2009-06-23 17:42 -------- d-----w- c:\programdata\Apple
2009-06-19 15:11 . 2009-06-19 15:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-19 14:53 . 2009-06-10 18:18 -------- d-----w- c:\programdata\Installations
2009-06-19 14:46 . 2009-06-10 18:19 -------- d-----w- c:\program files\Nokia
2009-06-19 14:44 . 2009-06-19 14:44 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-19 14:44 . 2009-06-19 14:44 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-19 14:44 . 2009-06-19 14:44 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-19 14:44 . 2009-06-19 14:44 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-19 14:43 . 2009-06-19 14:44 24376008 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13EN.exe
2009-06-19 14:25 . 2009-06-19 14:25 -------- d-----w- c:\programdata\Nokia
2009-06-19 13:39 . 2009-06-19 13:39 86016 ----a-w- c:\programdata\Installations\{F07858E3-A424-49EE-AD9F-C53911FF87FF}\Packages\NPCIA\CustomActions\uninstall.exe
2009-06-19 13:39 . 2009-06-19 13:39 53248 ----a-w- c:\programdata\Installations\{F07858E3-A424-49EE-AD9F-C53911FF87FF}\Installer\CommonCustomActions\closeapp.exe
2009-06-19 13:37 . 2009-06-19 13:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-18 08:45 . 2008-11-19 17:54 -------- d-----w- c:\programdata\CyberLink
2009-06-18 08:43 . 2008-12-26 10:19 36864 ----a-w- c:\programdata\Temp\{67626E09-5366-4480-8F1E-93FADF50CA15}\PostBuild.exe
2009-06-16 19:49 . 2008-11-19 17:33 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 19:00 . 2009-05-30 19:13 -------- d-----w- c:\users\Noor\AppData\Roaming\CyberLink
2009-06-10 18:31 . 2009-06-10 18:28 -------- d-----w- c:\users\Noor\AppData\Roaming\PC Suite
2009-06-10 18:31 . 2009-06-10 18:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-06-10 18:30 . 2009-06-10 18:27 -------- d-----w- c:\users\Noor\AppData\Roaming\Nokia
2009-06-10 18:30 . 2009-06-10 18:28 -------- d-----w- c:\programdata\PC Suite
2009-06-10 18:30 . 2009-06-10 18:30 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-06-10 18:23 . 2009-06-10 18:23 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-10 18:18 . 2009-06-10 18:18 8192 ----a-w- c:\programdata\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-10 18:18 . 2009-06-10 18:18 61440 ----a-w- c:\programdata\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-10 18:18 . 2009-06-10 18:18 10240 ----a-w- c:\programdata\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-08 13:41 . 2009-06-08 13:41 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-03 20:48 . 2009-06-03 20:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 09:22 . 2009-05-28 09:22 172032 ------w- c:\windows\Setup1.exe
2009-05-28 09:22 . 2009-05-28 09:22 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-26 21:41 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-26 19:53 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-25 18:37 . 2009-05-25 18:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-25 18:37 . 2008-11-19 18:04 8292 ----a-w- c:\windows\system32\ezdigsgn.dat
2009-05-25 18:36 . 2009-05-25 18:36 93640 ----a-w- c:\windows\system32\ezUninst.exe
2009-05-25 18:36 . 2009-05-25 18:36 51656 ----a-w- c:\windows\system32\ezUPBHook.dll
2009-05-25 18:36 . 2009-05-25 18:36 271304 ----a-w- c:\windows\system32\ezSetup.exe
2009-05-25 18:36 . 2009-05-25 18:36 18376 ----a-w- c:\windows\system32\ezMAPIHelper.exe
2009-05-25 18:36 . 2009-05-25 18:36 115656 ----a-w- c:\windows\system32\ezShellStart.exe
2009-05-25 01:21 . 2009-05-25 01:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 01:18 . 2009-05-25 01:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-16 16:59 . 2009-05-16 16:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-15 14:50 . 2009-05-15 14:50 21008 ----a-w- c:\windows\system32\drivers\klim6.sys
2008-11-19 18:14 . 2008-11-19 18:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"TTMessengerPDF"="c:\program files\TTMessenger\spool\PDFSaver.exe" [2004-03-22 61440]
"TTMessenger"="c:\program files\TTMessenger\ttmessenger2.exe" [2008-01-22 585728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-09-23 1208320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-09-24 6335008]
"NtrigApplet"="c:\program files\N-trig\N-trig Software Bundle\NtrigApplet.exe" [2008-10-04 2256896]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-30 1160488]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-30 189736]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-10-21 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-07-15 814144]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-09-05 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-03 148888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-22 206120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-25 185896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
c:\users\Noor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OneNote Table Of Contents.onetoc2 [2009-6-4 3656]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-20 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,7c,ff,5c,96,de,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9DDAC3BA-71C4-499F-99DA-E82FD21D724F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBAEDF9F-CBD4-4C77-9EA2-6EC278BCC540}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5546A2B9-4A13-4376-8D25-D4E22D8EB511}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{09FD5B89-21D6-4FD8-9786-7E45EB129BFB}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
"{91778DE9-E21F-48AB-A04A-344AF4DF5FCA}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{A0A691C9-CF2C-44D5-AE4D-78A6DDD5827C}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
"{D37F1374-D9E9-4ACC-8DEC-8AF050EDD356}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{A876EC76-B29C-4C9B-928B-9F643064F4BA}"= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{E896A583-B3D8-478A-B448-0378CA1CA8E9}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD
"{2D52CE05-8A13-49C8-8E12-5B3715725115}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{61D56107-5957-4BE1-8DB9-545904FBE2BC}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{BD67C359-0A46-48E1-AE08-D4BCF525C252}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{FD676938-291F-404B-8F71-2755D9AD4E64}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{5866F0EB-DD84-4A65-B5EB-B69B0B4A58F5}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{89080F1E-7EEC-45B0-B54C-A5D3F3C92799}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{6148935E-1BB5-4094-9C94-828D51A68E7F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{27F7A5B7-5974-4D9B-975B-EBAD342A56D2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3BD51205-193C-4D92-836D-1B74EEE14581}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC95C720-58EC-48E0-8242-A60167E96FED}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{329E8758-DB3A-4119-AF38-FA60D98A944B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3A93EEC-AB94-45A1-ABF2-5CDF6694F5AE}"= c:\program files\Hewlett-Packard\Media\TV\QP.exe:Quick Play
"{58195C34-0E5B-433E-B051-4C93D66504AA}"= c:\program files\Hewlett-Packard\Media\TV\QPService.exe:Quick Play Resident Program
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/2009 06:50 م 21008]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [26/09/2008 02:36 م 59376]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [26/12/2008 01:42 م 81920]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 06:23 ص 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [19/11/2008 10:12 م 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [22/04/2009 10:53 م 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [22/04/2009 10:53 م 116104]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [19/11/2008 09:10 م 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04/09/2008 09:47 م 54784]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\System32\drivers\NtrigDigitizerUSBLowerFilter.sys [26/12/2008 01:45 م 5632]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [26/12/2008 01:44 م 22072]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [29/05/2009 01:10 م 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 06:08 م 533360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 01:48 م 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 01:48 م 8320]
S3 uti0odm2;AVZ Kernel Driver;c:\windows\System32\drivers\uti0odm2.sys [15/07/2009 12:55 ص 7168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-06 c:\windows\Tasks\User_Feed_Synchronization-{EC747422-32C8-4120-99B4-617169EFD109}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyServer = proxy.squ.edu.om:80
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free Download Manager تحميل الفيديو بواسطة -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlfvideo.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: تحميل المحددة بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlselected.htm
IE: تنزيل الكل بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlall.htm
IE: تنزيل بفري داونلود مانيجر -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dllink.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-06 16:51
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\users\Noor\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2009-08-06 16:55
ComboFix-quarantined-files.txt 2009-08-06 12:55
Pre-Run: 151,110,270,976 bytes free
Post-Run: 151,178,612,736 bytes free
336 --- E O F --- 2009-08-03 17:42

shaded · 6 أغسطس 2009

هاه كيف الاوضاع الان اخوي ؟؟

سماء المحبة · 6 أغسطس 2009

بعد بطيئ لاب توب واجد أسف أخوي تعبتك واجد

shaded · 6 أغسطس 2009

سماء المحبة قال:
بعد بطيئ لاب توب واجد أسف أخوي تعبتك واجد

لا عادي يالغالي ..

طيب والمشكلة الاولى . حقت الملفات .. هل اختفت ؟؟

ثانيا ..

عطل استعادة النظام حسب الشرح التالي

بعد التعطيل ,,

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

سماء المحبة · 6 أغسطس 2009

هذا الصور وبعد

في ملف بس أعتقد من اول

سماء المحبة · 6 أغسطس 2009

أخوي أنا أول ما أضغط على السيستم ريستور تظهر لي رسالة حاولت أحطها لك بس للأسف ما رضى يعمل برنت سكرين

سماء المحبة · 6 أغسطس 2009

سماء المحبة قال:
هذا الصور وبعد

في ملف بس أعتقد من اول

?????????????????????

سماء المحبة · 6 أغسطس 2009

<AVZ_CollectSysInfo>
--------------------
Start time: 06/08/2009 08:12:13 م
Duration: 00:05:13
Finish time: 06/08/2009 08:17:26 م

<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
06/08/2009 08:12:14 م Windows version: Windows Vista (TM) Home Premium, Build=6002, SP="Service Pack 2"
06/08/2009 08:12:14 م System Restore: enabled
06/08/2009 08:12:17 م 1.1 Searching for user-mode API hooks
06/08/2009 08:12:17 م Analysis: kernel32.dll, export table found in section .text
06/08/2009 08:12:17 م Function kernel32.dll:CreateProcessA (151) intercepted, method ProcAddressHijack.GetProcAddress ->760B1C28->61F03F42
06/08/2009 08:12:17 م Hook kernel32.dll:CreateProcessA (151) blocked
06/08/2009 08:12:17 م Function kernel32.dll:CreateProcessW (154) intercepted, method ProcAddressHijack.GetProcAddress ->760B1BF3->61F04040
06/08/2009 08:12:17 م Hook kernel32.dll:CreateProcessW (154) blocked
06/08/2009 08:12:17 م Function kernel32.dll:FreeLibrary (335) intercepted, method ProcAddressHijack.GetProcAddress ->760F3DB4->61F041FC
06/08/2009 08:12:17 م Hook kernel32.dll:FreeLibrary (335) blocked
06/08/2009 08:12:17 م Function kernel32.dll:GetModuleFileNameA (503) intercepted, method ProcAddressHijack.GetProcAddress ->760FB6BD->61F040FB
06/08/2009 08:12:17 م Hook kernel32.dll:GetModuleFileNameA (503) blocked
06/08/2009 08:12:17 م Function kernel32.dll:GetModuleFileNameW (504) intercepted, method ProcAddressHijack.GetProcAddress ->760FB27E->61F041A0
06/08/2009 08:12:17 م Hook kernel32.dll:GetModuleFileNameW (504) blocked
06/08/2009 08:12:17 م Function kernel32.dll:GetProcAddress (548) intercepted, method ProcAddressHijack.GetProcAddress ->760F903B->61F04648
06/08/2009 08:12:17 م Hook kernel32.dll:GetProcAddress (548) blocked
06/08/2009 08:12:17 م Function kernel32.dll:LoadLibraryA (759) intercepted, method ProcAddressHijack.GetProcAddress ->760D94DC->61F03C6F
06/08/2009 08:12:17 م Hook kernel32.dll:LoadLibraryA (759) blocked
06/08/2009 08:12:17 م >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
06/08/2009 08:12:17 م Function kernel32.dll:LoadLibraryExA (760) intercepted, method ProcAddressHijack.GetProcAddress ->760D94B4->61F03DAF
06/08/2009 08:12:17 م Hook kernel32.dll:LoadLibraryExA (760) blocked
06/08/2009 08:12:17 م >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
06/08/2009 08:12:17 م Function kernel32.dll:LoadLibraryExW (761) intercepted, method ProcAddressHijack.GetProcAddress ->760D9109->61F03E5A
06/08/2009 08:12:17 م Hook kernel32.dll:LoadLibraryExW (761) blocked
06/08/2009 08:12:17 م Function kernel32.dll:LoadLibraryW (762) intercepted, method ProcAddressHijack.GetProcAddress ->760D9362->61F03D0C
06/08/2009 08:12:17 م Hook kernel32.dll:LoadLibraryW (762) blocked
06/08/2009 08:12:17 م IAT modification detected: LoadLibraryW - 01A70010<>760D9362
06/08/2009 08:12:17 م Analysis: ntdll.dll, export table found in section .text
06/08/2009 08:12:17 م Analysis: user32.dll, export table found in section .text
06/08/2009 08:12:17 م Analysis: advapi32.dll, export table found in section .text
06/08/2009 08:12:18 م Analysis: ws2_32.dll, export table found in section .text
06/08/2009 08:12:18 م Analysis: wininet.dll, export table found in section .text
06/08/2009 08:12:18 م Analysis: rasapi32.dll, export table found in section .text
06/08/2009 08:12:18 م Analysis: urlmon.dll, export table found in section .text
06/08/2009 08:12:18 م Analysis: netapi32.dll, export table found in section .text
06/08/2009 08:12:21 م 1.2 Searching for kernel-mode API hooks
06/08/2009 08:12:21 م Driver loaded successfully
06/08/2009 08:12:21 م SDT found (RVA=137B00)
06/08/2009 08:12:21 م Kernel ntkrnlpa.exe found in memory at address 8204C000
06/08/2009 08:12:21 م SDT = 82183B00
06/08/2009 08:12:21 م KiST = 820F882C (391)
06/08/2009 08:12:22 م Function NtAlpcCreatePort (16) intercepted (8220691F->8819AF84), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtAlpcSendWaitReceivePort (26) intercepted (822893D9->8819B014), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtClose (30) intercepted (8228672F->88199DF8), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtConnectPort (36) intercepted (82219AA7->8819A4EA), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtCreateEvent (3A) intercepted (8225E953->8819A816), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtCreateFile (3C) intercepted (8228DD59->88199F66), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtCreateMutant (43) intercepted (8226C3AC->8819A6EE), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtCreateNamedPipeFile (44) intercepted (8221A6F4->881999D2), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtCreatePort (47) intercepted (821D1A40->8819A5AA), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtCreateSection (4B) intercepted (8227D803->88199B8C), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtCreateSemaphore (4C) intercepted (8222398B->8819A948), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtCreateWaitablePort (73) intercepted (821C6D04->8819A64C), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtFsControlFile (96) intercepted (82291B02->8819A0C4), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtOpenEvent (B8) intercepted (822459E7->8819A8B8), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtOpenFile (BA) intercepted (82251F99->88199E34), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtOpenMutant (BF) intercepted (8225D70D->8819A786), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtOpenSection (C5) intercepted (8225D219->8819B45C), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtOpenSemaphore (C6) intercepted (821F1EC2->8819A9EA), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtQueryDirectoryObject (DB) intercepted (8225D2DA->8819B214), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtReplyPort (10E) intercepted (8222D372->8819AD74), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtReplyWaitReceivePort (10F) intercepted (822858C7->8819AC3A), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtSecureConnectPort (11E) intercepted (82219680->8819A1F0), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:22 م Function NtSetInformationToken (133) intercepted (82211C0A->8819B2C8), hook C:\Windows\system32\DRIVERS\klif.sys
06/08/2009 08:12:22 م >>> Function restored successfully !
06/08/2009 08:12:22 م >>> Hook code blocked
06/08/2009 08:12:23 م Functions checked: 391, intercepted: 23, restored: 23
06/08/2009 08:12:23 م 1.3 Checking IDT and SYSENTER
06/08/2009 08:12:23 م Analysis for CPU 1
06/08/2009 08:12:24 م Analysis for CPU 2
06/08/2009 08:12:24 م Checking IDT and SYSENTER - complete
06/08/2009 08:12:29 م 1.4 Searching for masking processes and drivers
06/08/2009 08:12:29 م Checking not performed: extended monitoring driver (AVZPM) is not installed
06/08/2009 08:12:29 م Driver loaded successfully
06/08/2009 08:12:29 م 1.5 Checking of IRP handlers
06/08/2009 08:12:30 م \driver\tcpip[IRP_MJ_CREATE_NAMED_PIPE] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:30 م \driver\tcpip[IRP_MJ_READ] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:30 م \driver\tcpip[IRP_MJ_WRITE] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:30 م \driver\tcpip[IRP_MJ_QUERY_INFORMATION] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:31 م \driver\tcpip[IRP_MJ_SET_INFORMATION] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:31 م \driver\tcpip[IRP_MJ_QUERY_EA] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:31 م \driver\tcpip[IRP_MJ_SET_EA] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:31 م \driver\tcpip[IRP_MJ_FLUSH_BUFFERS] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:31 م \driver\tcpip[IRP_MJ_QUERY_VOLUME_INFORMATION] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:32 م \driver\tcpip[IRP_MJ_SET_VOLUME_INFORMATION] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:32 م \driver\tcpip[IRP_MJ_DIRECTORY_CONTROL] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:32 م \driver\tcpip[IRP_MJ_FILE_SYSTEM_CONTROL] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:33 م \driver\tcpip[IRP_MJ_SHUTDOWN] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:33 م \driver\tcpip[IRP_MJ_LOCK_CONTROL] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:33 م \driver\tcpip[IRP_MJ_CREATE_MAILSLOT] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:33 م \driver\tcpip[IRP_MJ_QUERY_SECURITY] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:34 م \driver\tcpip[IRP_MJ_SET_SECURITY] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:34 م \driver\tcpip[IRP_MJ_POWER] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:34 م \driver\tcpip[IRP_MJ_SYSTEM_CONTROL] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:34 م \driver\tcpip[IRP_MJ_DEVICE_CHANGE] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:35 م \driver\tcpip[IRP_MJ_QUERY_QUOTA] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:35 م \driver\tcpip[IRP_MJ_SET_QUOTA] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:35 م \driver\tcpip[IRP_MJ_PNP] = 820749D2 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
06/08/2009 08:12:35 م Checking - complete
06/08/2009 08:12:37 م C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll --> Suspicion for Keylogger or Trojan DLL
06/08/2009 08:12:37 م C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll>>> Behavioral analysis
06/08/2009 08:12:37 م Behaviour typical for keyloggers not detected
06/08/2009 08:12:37 م C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL --> Suspicion for Keylogger or Trojan DLL
06/08/2009 08:12:37 م C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL>>> Behavioral analysis
06/08/2009 08:12:37 م Behaviour typical for keyloggers not detected
06/08/2009 08:12:37 م C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL --> Suspicion for Keylogger or Trojan DLL
06/08/2009 08:12:37 م C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL>>> Behavioral analysis
06/08/2009 08:12:37 م Behaviour typical for keyloggers not detected
06/08/2009 08:12:38 م C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL --> Suspicion for Keylogger or Trojan DLL
06/08/2009 08:12:38 م C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL>>> Behavioral analysis
06/08/2009 08:12:38 م Behaviour typical for keyloggers not detected
06/08/2009 08:12:38 م Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
06/08/2009 08:12:56 م Latent loading of libraries through AppInit_DLLs suspected: "C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
06/08/2009 08:12:57 م >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
06/08/2009 08:12:57 م >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
06/08/2009 08:12:57 م >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
06/08/2009 08:12:57 م > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
06/08/2009 08:12:57 م >> Security: disk drives' autorun is enabled
06/08/2009 08:12:57 م >> Security: administrative shares (C$, D$ ...) are enabled
06/08/2009 08:12:57 م >> Security: anonymous user access is enabled
06/08/2009 08:12:57 م >> Security: sending Remote Assistant queries is enabled
06/08/2009 08:13:03 م >> Disable HDD autorun
06/08/2009 08:13:03 م >> Disable autorun from network drives
06/08/2009 08:13:03 م >> Disable CD/DVD autorun
06/08/2009 08:13:04 م >> Disable removable media autorun
06/08/2009 08:13:04 م System Analysis in progress
06/08/2009 08:17:26 م System Analysis - complete
06/08/2009 08:17:26 م Delete file:C:\Users\Noor\Desktop\Virus Removal Tool1\is-JQ8V9\LOG\avptool_syscheck.htm
06/08/2009 08:17:26 م Delete file:C:\Users\Noor\Desktop\Virus Removal Tool1\is-JQ8V9\LOG\avptool_syscheck.xml
06/08/2009 08:17:26 م Deleting service/driver: uti0odm2
06/08/2009 08:17:26 م Delete file:C:\Windows\system32\Drivers\uti0odm2.sys
06/08/2009 08:17:26 م Deleting service/driver: uji0odm2
06/08/2009 08:17:26 م Script executed without errors

سماء المحبة · 6 أغسطس 2009

وينكم شباب الاخبراء

سماء المحبة · 6 أغسطس 2009

?????????????????

سماء المحبة · 6 أغسطس 2009

يرفع ؟؟؟؟؟؟؟؟

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى فضى

توقيع : shaded

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى فضى

توقيع : shaded

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى فضى

توقيع : shaded

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى فضى

توقيع : shaded

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى فضى

توقيع : shaded

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى فضى

توقيع : shaded

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى مميز

توقيع : سماء المحبة

زيزوومى مميز

توقيع : سماء المحبة