سعود سعد

زيزوومي جديد
إنضم
6 أغسطس 2009
المشاركات
25
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم

انا سويت اختبار لجهازي وطلع تقرير سي ارجو الحل وماععرف ايش اسوي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:39:56 ص, on 06/08/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = plimus.com;
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Program Files\Hewlett-Packard\HP UT"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Hide IP NG] C:\Program Files\Hide IP NG\hideipng.exe
O4 - HKCU\..\Run: [Blue joy] "C:\ProgramData\2 axis axis.p7uak"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Tray Manager First.04rr0sr"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [{9D71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\mesho\AppData\Roaming\win32\server.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user')
O4 - .DEFAULT User Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (User 'Default user')
O4 - Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DFServ - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: خدمة تحديث Google (gupdate1c9e276e71c4650) (gupdate1c9e276e71c4650) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: RtkHDMIService - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 18218 bytes


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
ساعدوني

(((حسبي الله على المتجسسين الله ياخذهم ... )) من القهر والله


وشكرا لكم
 

هلا بك يالغالي ..



عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : shaded
اوك جاري التنفيذ ياخي تسلم يدك
 
سوين نفس ماقلت لي بالضبط

لكن الجهاز مانعاد انت قلت يمكن .. صح

وهذا لتقرير


ComboFix 09-08-06.01 - mmm08/06/2009 22:45.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1033.18.2045.1102 [GMT 3:00]
Running from: c:\users\mesho\Desktop\ComboFix.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3083915160-2822946708-3022848120-500
c:\$recycle.bin\S-1-5-21-798034610-3320155097-791044998-500
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\mesho\AppData\Roaming\addons.dat
c:\users\mesho\AppData\Roaming\Bifrost
c:\users\mesho\AppData\Roaming\Bifrost\logg.dat
c:\users\mesho\AppData\Roaming\inst.exe
c:\users\mesho\WinAVI Video Converter .lnk
c:\windows\msnimport.exe
c:\windows\system32\SCLabel.ocx
c:\windows\system32\systeminfo3.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.
2009-08-06 03:56 . 2009-08-06 03:56 16336546 ------w- C:\Persi0.sys
2009-08-06 03:56 . 2009-08-06 03:56 -------- d-----w- c:\program files\Faronics
2009-08-04 03:55 . 2008-04-13 14:26 36396 ----a-w- c:\users\mesho\AppData\Roaming\BSplayer\AC3 Filter\uninstall.exe
2009-08-04 03:55 . 2007-07-05 00:33 892928 ----a-w- c:\users\mesho\AppData\Roaming\BSplayer\AC3 Filter\iconv.dll
2009-08-04 03:55 . 2007-08-18 06:54 20480 ----a-w- c:\users\mesho\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
2009-08-04 03:55 . 2007-08-18 06:53 16384 ----a-w- c:\users\mesho\AppData\Roaming\BSplayer\AC3 Filter\dialog_patch.exe
2009-08-04 03:47 . 2008-12-11 10:26 60273 ----a-w- c:\users\mesho\AppData\Roaming\BSplayer\FFDShow\pthreadGC2.dll
2009-08-04 03:39 . 2009-08-04 03:39 -------- d-----w- c:\program files\BS_Player
2009-08-04 03:16 . 2009-08-04 03:16 -------- d-----w- c:\users\mesho\AppData\Roaming\GRETECH
2009-08-04 03:15 . 2009-08-04 03:15 -------- d-----w- c:\program files\GRETECH
2009-07-31 12:13 . 2009-07-15 08:00 87888 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090730.007\NAVENG.SYS
2009-07-31 12:13 . 2009-07-15 08:00 875728 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090730.007\NAVEX15.SYS
2009-07-31 12:13 . 2009-05-13 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090730.007\EECTRL.SYS
2009-07-31 12:13 . 2009-05-13 08:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090730.007\ECMSVR32.DLL
2009-07-31 12:13 . 2009-05-13 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090730.007\CCERASER.DLL
2009-07-31 12:13 . 2009-05-13 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090730.007\NAVENG32.DLL
2009-07-31 12:13 . 2009-05-13 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090730.007\NAVEX32A.DLL
2009-07-31 12:13 . 2009-05-13 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090730.007\ERASER.SYS
2009-07-30 00:50 . 2009-07-30 00:52 -------- d-----w- c:\programdata\Roxio
2009-07-30 00:50 . 2009-07-30 00:50 -------- d-----w- c:\users\mesho\AppData\Roaming\Roxio
2009-07-28 05:58 . 2009-07-28 05:58 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-07-28 02:30 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-28 02:30 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-28 02:30 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-28 02:30 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-28 02:30 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-28 02:30 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-28 02:30 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-28 02:23 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-28 02:23 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-28 02:23 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-28 02:23 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-28 02:23 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-24 17:01 . 2009-07-15 08:00 87888 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090724.005\NAVENG.SYS
2009-07-24 17:01 . 2009-07-15 08:00 875728 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090724.005\NAVEX15.SYS
2009-07-24 17:01 . 2009-05-13 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090724.005\EECTRL.SYS
2009-07-24 17:01 . 2009-05-13 08:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090724.005\ECMSVR32.DLL
2009-07-24 17:01 . 2009-05-13 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090724.005\CCERASER.DLL
2009-07-24 17:01 . 2009-05-13 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090724.005\NAVENG32.DLL
2009-07-24 17:01 . 2009-05-13 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090724.005\NAVEX32A.DLL
2009-07-24 17:01 . 2009-05-13 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090724.005\ERASER.SYS
2009-07-21 18:02 . 2009-07-21 18:02 -------- d-----w- c:\program files\Secure Surfing Engine
2009-07-21 18:02 . 2009-07-21 18:02 -------- d-----w- c:\program files\Steganos Internet Anonym 2006
2009-07-21 17:28 . 2009-07-21 17:30 -------- d-----w- c:\program files\Hotspot_Shield
2009-07-17 16:09 . 2009-07-17 16:09 -------- d--h--w- c:\windows\PIF
2009-07-15 08:00 . 2009-07-15 08:00 87888 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-07-15 08:00 . 2009-07-15 08:00 875728 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-07-14 20:36 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 20:36 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 20:36 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 20:36 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-10 12:21 . 2009-07-10 12:21 75800 ----a-w- c:\windows\system32\drivers\ThwSpace.sys
2009-07-10 12:20 . 2009-07-10 12:20 152472 ----a-w- c:\windows\system32\drivers\DeepFrz.sys
2009-07-09 15:19 . 2008-09-26 15:04 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-07-09 15:19 . 2008-09-26 15:04 113152 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-07-09 15:19 . 2008-09-26 15:04 101760 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-07-09 15:19 . 2008-09-26 15:03 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 19:54 . 2008-11-09 02:29 -------- d-----w- c:\users\mesho\AppData\Roaming\uTorrent
2009-08-06 19:45 . 2009-05-29 16:10 66280 ----a-w- c:\users\mesho\AppData\Roaming\win32\server.exe
2009-08-06 18:55 . 2008-11-04 01:08 -------- d-----w- c:\users\mesho\AppData\Roaming\Image Zone Express
2009-08-06 03:57 . 2008-06-03 17:17 8252 ----a-w- c:\windows\bthservsdp.dat
2009-08-06 03:11 . 2006-11-02 12:57 67584 --s-a-w- c:\windows\bootstet.dat
2009-08-05 23:47 . 2008-11-01 20:25 -------- d-----w- c:\programdata\Google Updater
2009-08-05 15:16 . 2008-10-30 20:24 1356 ----a-w- c:\users\mesho\AppData\Local\d3d9caps.dat
2009-08-04 04:12 . 2009-02-14 14:57 -------- d-----w- c:\users\mesho\AppData\Roaming\BSplayer
2009-08-04 03:39 . 2008-11-02 22:08 -------- d-----w- c:\program files\Webteh
2009-07-29 02:21 . 2009-06-09 21:35 -------- d-----w- c:\users\mesho\AppData\Roaming\Ashampoo
2009-07-29 02:19 . 2009-06-09 21:34 -------- d-----w- c:\program files\Ashampoo
2009-07-28 06:00 . 2008-10-30 20:24 138200 ----a-w- c:\users\mesho\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-28 02:45 . 2008-06-27 01:50 -------- d-----w- c:\programdata\Microsoft Help
2009-07-28 02:42 . 2009-04-02 14:42 -------- d-----w- c:\program files\Microsoft Works
2009-07-21 21:52 . 2009-07-28 19:27 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 00:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-09 15:20 . 2009-07-06 19:41 -------- d-----w- c:\program files\Mobily Connect Card
2009-06-25 20:54 . 2009-06-25 20:54 45399 ----a-w- C:\irunin.dat
2009-06-25 20:54 . 2009-06-25 20:54 286720 ----a-w- c:\windows\iun506.exe
2009-06-14 00:10 . 2009-05-29 16:10 -------- d-----w- c:\users\mesho\AppData\Roaming\win32
2009-06-12 04:40 . 2009-06-12 04:40 -------- d-----w- c:\program files\SVflights
2009-06-12 03:19 . 2008-11-09 22:01 -------- d-----w- c:\program files\Internet Download Manager
2009-06-11 22:04 . 2009-06-11 22:04 0 ----a-w- c:\windows\system32\cd.dat
2009-06-11 21:59 . 2009-06-11 21:59 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-06-11 18:44 . 2009-03-02 21:53 -------- d-----w- c:\programdata\Okay meta anti lite
2009-06-11 16:48 . 2009-06-11 16:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-11 16:48 . 2009-06-11 16:43 -------- d-----w- c:\programdata\Symantec
2009-06-11 16:47 . 2009-06-11 16:43 -------- d-----w- c:\program files\Symantec
2009-06-11 16:47 . 2009-06-11 16:47 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-11 16:47 . 2009-06-11 16:47 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-11 16:47 . 2009-06-11 16:47 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-11 16:43 . 2009-06-11 16:43 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-11 16:34 . 2008-06-03 18:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-10 17:38 . 2009-06-01 05:06 -------- d-----w- c:\users\mesho\AppData\Roaming\Skype
2009-06-09 17:48 . 2009-06-09 17:35 -------- d-----w- c:\program files\Easy DVD Creator
2009-06-09 04:05 . 2009-06-05 16:30 -------- d-----w- c:\program files\WinAVI Video Converter
2009-06-09 04:05 . 2009-01-23 18:10 81920 ----a-w- c:\users\mesho\AppData\Roaming\ezpinst.exe
2009-06-09 04:05 . 2009-01-23 18:10 81920 ----a-w- c:\users\mesho\AppData\Roaming\ezpinst.exe
2009-06-09 04:05 . 2009-01-23 18:10 47360 ----a-w- c:\users\mesho\AppData\Roaming\pcouffin.sys
2009-06-09 04:05 . 2009-01-23 18:10 47360 ----a-w- c:\users\mesho\AppData\Roaming\pcouffin.sys
2009-06-09 04:05 . 2009-01-23 18:10 -------- d-----w- c:\users\mesho\AppData\Roaming\Vso
2009-06-08 22:15 . 2008-11-09 23:36 -------- d-----w- c:\users\mesho\AppData\Roaming\DMCache
2009-06-08 22:13 . 2009-06-08 22:13 -------- d-----w- c:\program files\DVDFab 6
2009-06-05 17:01 . 2009-06-05 17:01 734160 ----a-w- c:\users\mesho\VobSub_2.23.exe
2009-06-05 16:40 . 2009-06-05 16:40 70999 ----a-w- c:\users\mesho\WinAVIVideoConverter.zip
2009-06-05 16:30 . 2009-06-05 16:29 4526458 ----a-w- c:\users\mesho\WinAVI_Video_Converter.exe
2009-06-01 21:02 . 2009-06-01 21:02 390664 ----a-w- c:\users\mesho\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-01 21:02 . 2009-06-01 21:02 390664 ----a-w- c:\users\mesho\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
2009-05-27 18:56 . 2009-05-27 18:56 922605 ----a-w- c:\users\mesho\AVIAddXSub.zip
2009-05-22 20:25 . 2009-05-22 20:25 367686 ----a-r- c:\users\mesho\AppData\Roaming\Microsoft\Installer\{F6E30EBA-2DFE-4793-BF0F-DB02F18B061F}\icon.exe
2009-05-21 19:20 . 2009-05-21 19:19 2925904 ----a-w- c:\users\mesho\AppData\Roaming\IDM\idmupdt.exe
2009-05-21 17:38 . 2009-05-21 17:38 390664 ----a-w- c:\users\mesho\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
2009-05-13 08:00 . 2009-05-13 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-05-13 08:00 . 2009-05-13 08:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-05-13 08:00 . 2009-05-13 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-05-13 08:00 . 2009-05-13 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-05-13 08:00 . 2009-05-13 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-05-13 08:00 . 2009-05-13 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin1.dll" [2009-02-15 1881624]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-07-21 2215960]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-07-21 17:30 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHot1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2009-02-15 17:17 1881624 ----a-w- c:\program files\Mininova-Vuze\tbMin1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 07:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin1.dll" [2009-02-15 1881624]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-07-21 2215960]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\tbMin1.dll" [2009-02-15 1881624]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-07-21 2215960]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Blue joy"="c:\programdata\2 axis axis.p7uak" [X]
"ANTI LITE TITLE DEBUG"="c:\programdata\Tray Manager First.04rr0sr" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-05-30 262144]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-01 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-11-09 270128]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"{9D71D88C-C598-4935-C5D1-43AA4DB90836}"="c:\users\mesho\AppData\Roaming\win32\server.exe" [2009-08-06 66280]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"SIA2006"="c:\program files\Steganos Internet Anonym 2006\SIA2006.exe" [2005-11-09 3063808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-03-26 1093632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"HPUsageTracking"="c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe" [2007-11-03 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-01 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-07-14 1077248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-05-03 197936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-10-23 136080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-29 6111232]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SIA2006"="c:\program files\Steganos Internet Anonym 2006\SIA2006.exe" [2005-11-09 3063808]
c:\users\mesho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2008-6-27 4243232]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-17 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-16 00:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-504593342-3279585910-846782642-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AF83CA88-7547-4A37-8840-B33F0D8C2994}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ABD6BF85-78BE-4E04-8702-A7805F3752A0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{33FB8A72-F7B3-49ED-B8D7-261C6F936144}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50E29FDC-41E0-4991-8C74-0576D2B27828}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BF033A3F-227F-4537-83D4-45EDD729FDA7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A39F8C62-940C-40AC-8E70-E702AF54BE91}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{45B3F773-B59F-4364-8A67-9ED0CCD1919E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F69A7D24-3057-4917-BAED-74114B8BFF1A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AEA8F064-663E-4CC6-A8FF-EBB4D3DC7454}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B9B3EA2D-4A98-44ED-948D-4DDA5EA19AD6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2198359C-5028-4A5A-8E70-A8289E33F524}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A85322FD-8ACB-41C3-80FC-67CC38DCB6EF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0C6A1D6D-FB34-4B50-B644-DB025CA07549}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{95D92232-D547-4240-B584-8DC39F3175B7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5B5207E9-CAA0-4198-A8C1-5C1D4D7B11AF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{E6C231DB-8456-493A-BD96-A77B25C34A70}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6C1D6E21-F51C-4EA4-A2B5-4CD6C86BC607}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{04FFD459-8D4D-4945-8964-F22E2A878EC2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{73DDCC18-F97C-4F46-A757-78FFDA333A50}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F1CF132-EB6C-4642-B806-4AE311CA45F7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A611497F-0119-4188-B0F6-6C90E4588EE8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{61660CE7-D85F-4382-895F-002B947CEDD4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{044FBB49-9478-4E74-9CB0-869EC65EBA44}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{618BCF25-4F5E-4CF2-A109-58EE70994228}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AE3C21BE-19D1-47C5-AB6A-2B9CE95AB416}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D1599516-177D-4531-9CCC-0328613A53BC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D19E18CA-AB22-4C7C-9F03-CD33E881B704}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A7617B88-73FD-4E97-BF40-160188C9F38F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3C68CA07-94D6-476E-A6F1-1DC9E55F8861}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{40445378-AA4E-4CFE-BEA5-F46992A7E35A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BF995F83-08FE-42FF-A3F0-F23E8E2605F0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{867CEB1E-2A55-425B-A724-0C619AF75EDA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C0D0E722-3A04-402D-8C81-9DAA90D7EB7D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{80284A4A-2284-4BA5-B1D9-5CBADB25A732}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{293F4048-61F3-495C-BA6C-67B39DF73578}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{59F0FC7D-0AF8-4CBE-B20C-675B4F5302DC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9F367860-D481-4F58-8851-8BDA6C04CD53}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{37B2013A-7EB6-4E35-BB1E-EAB136B10224}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DEF68836-39AD-49D3-A730-502E557ECA4B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F8125E3B-BF94-4C31-B14B-5C7D9739C9BD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{02322321-8630-4DD5-B601-D2D5213A2D43}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8401BA2E-0831-4900-BDC9-29084605D798}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DD40EF39-765B-457E-A9E8-4FED091467BA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{847016DE-69E7-4085-9486-0C9D361263DC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1AAFCE53-F485-4F0A-A082-085AE070529E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F4D48C3C-652D-40E4-A935-3F3F2AD972D5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0AA7909C-DF1A-4DEA-A302-7CAE212C2C20}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9039E3A7-72B6-41B5-ACAF-10E1E233F224}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0E704EC5-174E-4B8C-A488-1F00F590F35F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{92D1721D-7B0B-4431-A71A-835FA88336B5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6231FC6F-6AB6-425F-981E-691F25F1C41D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8ACE8E97-E3DC-487E-94CA-D1BD92EE76F1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4CB959F3-C985-448A-8A1E-AE9722A4B2D6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9AABA271-5EEF-4B0A-88AC-84052300F425}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B1386174-0936-4CEA-95E2-8BD29EAB6D8C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F35652F-2264-4E06-8288-34714D27C263}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{163E8D75-8409-4F31-87B8-DF554A731453}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C24125C2-8664-41F3-8818-995E65EA6C06}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4E4D622D-5CE2-47F5-8DC7-88F4A4BF4788}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B364FF9-AA42-4E4C-8CB8-8387C9D5E391}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6601921F-4220-42ED-911D-F70368EB52A4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{30CB9E67-AAC6-450D-BB65-1C013388BCF9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0BB60C3B-1B68-4EC0-AC75-E3D8A82E7719}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{79CD5590-0B60-4845-BD47-A68D0A25E7D3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E007C15F-BADD-486D-95CC-16BE4509C7F1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A8D3C1E8-CC7F-4C5A-87AD-BC5A8FDA2EB2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{63378A46-96F6-4AF2-AB4E-B8BEFA26C560}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CA4C9A3D-177D-437A-8296-DB21D9074E76}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4D425FAA-8D3D-408C-AAAB-5525A47DB407}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C7DA1214-7DB2-4365-B211-46E5F489F99B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E8B04540-F91A-4C8F-8EB4-785A55743043}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{75AA8910-9878-4FB5-9B7E-70DFDF8A35C8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9D702C87-8D8A-47CF-933A-03F6D0A08FA1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B09E1C72-5649-4776-B4B1-ECBDAFBB8F0E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0E0900FC-592D-4AC5-B306-D69545DFB02F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{32E038CF-B875-42DD-A772-8BDDF1EC210D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{43710B77-B8C2-4C0A-96AB-1B98AB6012C0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F9EC0006-69D3-4910-A609-52D0CE703600}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BCB5BA09-2565-41BB-B093-8C97D5C3BA5E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E3FAB32A-93E2-429D-8690-E247696807C6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{19D97FB2-4CE6-461B-8EC1-283F691604F0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E61DA927-8C15-4BEF-ABF2-84DDF6A2E1D2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{35E35EAF-5D30-4D6F-84BC-5AC40A5C4364}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F5B226A2-B5D8-4588-AA95-52210227C9AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{04C8B3A4-AD86-490D-AB80-B21F320AE18F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DA0578CA-A71C-411B-804C-5C91CAE9855D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1DF7BB55-0FC9-405D-9E26-4EA9319EE97E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D9744D11-C975-4718-9798-29FC7D2204EB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{47231EC5-7153-4588-B002-6041E055D89D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1BBCDC1D-282B-4689-8C41-9E56518FFA23}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{51FED3B2-D885-44EE-85B7-805EBC09603D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{999FAD53-C4EC-4D0E-A656-F83C9106D284}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0158916C-E1AB-4BF6-9450-346D0C91E245}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B2BA74DC-F08A-4CE1-8C2F-FA03022560A9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F8AF7E07-4A4E-4CCD-A6CA-FF1A561E66C8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50B6D3FC-EB2A-43AE-815C-1F58F14EB5AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BB0A90AF-EC4F-442E-A614-ED5D9DBC0939}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{864C7B2E-8795-46F0-9C42-F432660EE541}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{350C45C0-C3B2-42C1-9AB5-5BE13FC5AAE4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{644BE9E8-0D52-41C1-8011-A55CBB3039F3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9C60DB62-D047-410C-8860-D49AF1FC568D}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9E145FA4-32A4-4B3E-9089-2D1B1D24AC5F}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{4FF232CC-C5D4-41A7-B43E-0C0999AB47C3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{862259B2-006C-43C7-BD89-C95C9AE78273}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9843E612-8F3B-4881-B5CE-BEDAFA124759}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D7D7D18E-124A-4205-9370-96A4991EE056}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{866EB84B-C96B-4DA0-9C98-04D4EC7DB105}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D9BE62B8-5661-4A66-9FEA-E6FD5EB32805}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{345BEE7A-6625-4175-9794-24F1E8EC42EC}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{40C3E7AD-D2E0-49A7-9301-9B8B6C148F7E}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{6A8BFAB7-84D6-4AE8-8621-DDBAB875ED1F}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{D8BED7AF-1E50-49B1-897F-726892DC4393}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{5D3A735B-DD1F-47B4-AA94-4CAE099A0F1D}c:\\balot.org\\balot\\balot.exe"= UDP:c:\balot.org\balot\balot.exe:Balot
"UDP Query User{B4E52E6A-B7A7-4810-8F9C-550A2DA1F0F7}c:\\balot.org\\balot\\balot.exe"= TCP:c:\balot.org\balot\balot.exe:Balot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Video Slice\\VideoSlice.exe"= c:\program files\River Past\Video Slice\VideoSlice.exe:*:Enabled:River Past Video Slice
R0 DeepFrz;DeepFrz;c:\windows\System32\drivers\DeepFrz.sys [10/07/09 03:20 م 152472]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [03/10/08 10:41 ص 87264]
R2 DFServ;DFServ;c:\program files\Faronics\Deep Freeze\Install C-0\DFServ.exe [10/07/09 03:12 م 1056256]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [27/06/08 05:17 ص 229376]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/07 06:09 ص 11032]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [03/06/08 10:59 م 98304]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [27/06/08 05:08 ص 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [04/06/08 07:28 م 411488]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [27/06/08 05:13 ص 333088]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [27/06/08 05:08 ص 17408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/06/09 08:31 م 101936]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [17/12/07 04:57 ص 9344]
S2 gupdate1c9e276e71c4650;خدمة تحديث Google (gupdate1c9e276e71c4650);c:\program files\Google\Update\GoogleUpdate.exe [01/06/09 08:06 ص 133104]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\System32\drivers\br3gmdm.sys [15/05/08 10:08 ص 104192]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [03/06/08 11:01 م 28464]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/07 11:22 م 34064]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [23/10/08 03:46 م 121744]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [27/06/08 05:16 ص 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [27/06/08 05:16 ص 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [27/06/08 05:16 ص 63328]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [27/06/08 05:13 ص 87328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
2009-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-27 18:48]
2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 05:05]
2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 05:05]
.
- - - - ORPHANS REMOVED - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
HKCU-Run-Hide IP NG - c:\program files\Hide IP NG\hideipng.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
Notify-DfLogon - LogonDll.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googel.com/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = plimus.com;
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Download All Files by HiDownload - c:\program files\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\HiDownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Secure Surfing Engine\sselsp.dll
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-504593342-3279585910-846782642-1003\Software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
[HKEY_USERS\S-1-5-21-504593342-3279585910-846782642-1003_Classes\CLSID\{2e054b10-0afc-4848-86d9-0db6151b9578}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000032
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,f8,0b,f2,c4,7d,43,2e,bd,6f,2d,dc,06,6f,b9,35,cf,ab,64,08,85,f0,d3,\
[HKEY_USERS\S-1-5-21-504593342-3279585910-846782642-1003_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):50,87,24,9e,a2,42,7a,48,1b,1a,53,46,84,f2,bf,19,5e,f9,71,2a,f2,
c7,54,c3,26,72,e0,36,f4,e6,28,da,05,ed,8d,ec,dc,2c,4b,19,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-504593342-3279585910-846782642-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):37,3c,aa,95,41,59,8e,81,6e,b2,10,2a,d2,7c,6a,d0,89,13,cd,7d,d6,
3f,00,85,e6,22,04,ff,91,8f,70,4d,2f,f3,25,38,de,28,7c,02,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-504593342-3279585910-846782642-1003_Classes\CLSID\{af0cb85c-3c4a-4497-8b16-18e44e2f3ef7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000000f
"Therad"=dword:0000000b
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,74,ff,e9,8d,ed,0f,34,a2,3c,30,8b,af,bb,13,91,72,d7,34,45,07,bf,10,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-06 22:57
ComboFix-quarantined-files.txt 2009-08-06 19:57
Pre-Run: 126,440,054,784 bytes free
Post-Run: 126,711,738,368 bytes free
571 --- E O F --- 2009-07-29 00:01



اتمنى افادتي
 
الله يرضى عليك ارجو الرد بسرعه
 
تكفى ياخوي خليك متطلع على موضوعي عشان باكون راد معك في نفس الوقت
 
موجود يالغالي موجود ..

للاسف جهازك فيه باتش اختراق .. حسبي الله ونعم الوكيل ...


اعمل التالي يالغالي .. حتى نتاكد من تنظيف الجهاز . ولا تخاف ان شاء الله كل شي سليم .. :ok:

عطل استعادة النظام حسب الشرح التالي



i7549_1.png



i7550_2.png



i7551_3.png



بعد التعطيل ,,


حمل اداة الكاسبر من الرابط التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل


تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير



zyzoom-7ce8879e89.png



zyzoom-cdd75c8aa3.png



zyzoom-89156f000e.png



zyzoom-6d533c4f2e.png



zyzoom-f20f3644d0.png



ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
التعديل الأخير بواسطة المشرف:
توقيع : shaded
ياخوي انا فيستا ومايطلع لي كذا نفس الخصائص
 
للاسف يالغالي .. انا ما عندي فيستا ..

بس دور على System Protection او System Restore

 
توقيع : shaded
الصورةاللي تطلعلي

image-d9a4f602db.jpg
[/url][/IMG]
 
يطلع لك كذا ... ؟؟

sasdh.png


اختار سيستم بروتيكشن ..

 
توقيع : shaded
اوك هذا انا فيه الحين لقيت System Protection
 
اوك وبعدين ...
 
اتبع الخطوات يالغالي

sasdu.png
 
توقيع : shaded
اوك تمام بس خليني احمل الاده وراجع يالطيب ..
 
توقيع : shaded
شكل الاسكان بيطول معي الله يستر بس
 
خله على راحته ... متى ما خلص ضع النتيجة ..
 
توقيع : shaded
خلص السكان بس شلون احط ملف
 
عودة
أعلى