Bo.SaQeR
زيزوومى متألق
- إنضم
- 16 أبريل 2009
- المشاركات
- 457
- مستوى التفاعل
- 5
- النقاط
- 470
غير متصل
-
تصميم Ramy Badraan
برنامج الحماية الشاملة AVG Internet Security أحدث اصدار نسخة مفعلة مسبقا لغاية سنة 2031 وتنصيب صامت تصميم Ramy Badraan
WinRAR - أداة متكاملة لتحميل وتثبيت وتفعيل WinRAR7.11 اخر اصدار تلقائيًا وبثلاث لغات) تصميم Ramy Badraan
متصفح القوة والسرعة Google Chrome 116.0.5845.97 Stable تصميم Ramy Badraan
الأسطوانة العربية** Ar Windows 10-11 (2019-2021-2024) IoT Enterprise LTSC (x64) Update April 2025 تصميم Ramy Badraan
Windows Video Converter 2025 v9.9.9.17 برنامج تحويل وتحرير الفيديو الكل في واحد تصميم Ramy Badraan
27.00.0300 XYplorer Pro لإدارة الملفات والمجلدات والبحث عنها بسرعة تصميم Ramy Badraan
ويندوز 11 اندكس برو -عربي إنكليزي فرنسي من غير متطلبات ومفعلWindows11PRO_24H2(Ar-En-Fr)26100.3909-Activ_NO TPM تصميم Ramy Badraan
Foxit PDF Editor 2025 .1.0.27937 تصميم Ramy Badraan
CoolUtils Total Doc Converter 5.1.0.364 Repack & Portable لتحويل الملفات الكتابية إلى عدة صيغ تصميم Ramy Badraan
Cisdem Video Compressor 2.2.0 برنامج لضغط الفيديوهات مع المحافظة على الجودة قدر الإمكان - مع التفعيل تصميم Ramy Badraan
تعال سجل Internet Download Manager باسمك -تفعيل تحديث مع IDM Activation Assistant v1.0 تصميم Ramy Badraan
PDF-XChange Editor Plus+PRO v10.6.0.396 تصميم Ramy Badraan
Office 2013-2024 C2R Install + Lite v7.7.7.7 r26 | Install Office and Activate لتحميل وتفعيل الأوفيس تصميم Ramy Badraan
برنامج الحماية الرهيب Webroot Secure Anywhere CE 25.2 والتفعيل بسيريال لمدة 700 يوم تصميم Ramy Badraan
العملاق الأندونيسي Smadav Pro 2025 v15.4 كامل ومحدث مع التفعيل الحصري تصميم Ramy Badraan
Zyzoom Driver Booster Tool - عملاق جلب التعريفات Iobit Driver Booster فى اصداره النهائى مفعل - تنصيب صامت) تصميم Ramy Badraan
Zyzoom Process Lasso Tool - Wise Care 365 Pro 7.2.4.697 RePack & Portable البرنامج الشامل للصيانة وإصلاح النظام) تصميم Ramy Badraan
TechsmithSnagit 25.1.0.6239 x64 Silent Install عملاق تصوير الشاشة وعمل الشروحات تصميم Ramy Badraan
Glary Utilities Pro 6.24.0.28 RePack & Portable لصيانة النظام وتنظيفه من الملفات التالفة تصميم Ramy Badraan
Zyzoom Process Lasso Tool - عملاق تسريع المعالج وتنظيم العمليات فى اصداره الاخير - تنصيب صامت) 
- بادئ الموضوع Bo.SaQeR
- تاريخ البدء
النقيب
زيزوومي جديد
غير متصلحمل هذا البرنامج[/FONT]
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
شغل البرنامج[/FONT] ==> واضغط على[/FONT]
[/FONT] Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة[/FONT]==>قم بنسخه ولصقه في ردك القاادم[/FONT] ,,توقيع : النقيب
تأييد 0Bo.SaQeR
زيزوومى متألق
- إنضم
- 16 أبريل 2009
- المشاركات
- 457
- مستوى التفاعل
- 5
- النقاط
- 470
غير متصليعطيك العآفيه أخوي ،،
تقرير الهآي جآك ،،
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:24, on 25/08/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\wuauclt.exe
C:\Users\RooT KsA\Desktop\TiGeR-Firewall.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\4shared Desktop\desktop.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\RooT KsA\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\Drgtodsc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: AutorunsDisabled
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\ACFXAU32.exe
--
End of file - 5726 bytes
توقيع : Bo.SaQeR
تأييد 0النقيب
زيزوومي جديد
غير متصل[/FONT]عطل برامج الحماية عن العمل[/FONT]
[/FONT]ثم [/FONT]
[/FONT]حمل الاداة التالية واحفظها على سطح المكتب[/FONT]
[/FONT]يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
[/FONT]عند تشغيلها بتظهر لك رسالة ,, اضغط على [/FONT]>> Yes[/FONT]
[/FONT]بعدها بتظهر لك رساله ثانيه ,, اضغط على [/FONT]>> Yes[/FONT]
[/FONT]اثناء الفحص ممكن يعاد تشغيل الجهاز[/FONT]
[/FONT]وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه[/FONT]
[/FONT]لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي[/FONT]
[/FONT]انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة[/FONT][/FONT]توقيع : النقيب
تأييد 0Bo.SaQeR
زيزوومى متألق
- إنضم
- 16 أبريل 2009
- المشاركات
- 457
- مستوى التفاعل
- 5
- النقاط
- 470
غير متصلComboFix 09-08-24.06 - RooT KsA 08/25/2009 16:39.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1256.966.1025.18.1014.245 [GMT 3:00]
Running from: c:\users\RooT KsA\Desktop\ComboFix.exe
AV: AVG 7.5.425 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Default\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\config\systemprofile\ntuser.dat{350e4ef8-c7c1-11dc-b86a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\oem11.inf
c:\users\RooT KsA\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.
2009-08-25 13:19 . 2009-08-25 13:19 -------- d-----w- c:\users\RooT KsA\s
2009-08-25 13:19 . 2009-08-25 13:19 -------- d-----w- c:\users\RooT KsA\AppData\Local\Temporary Internet Files
2009-08-25 13:19 . 2009-08-25 13:19 -------- d-----w- c:\users\RooT KsA\AppData\Local\History
2009-08-25 13:19 . 2009-08-25 13:19 -------- d-----w- C:\Temp
2009-08-25 12:33 . 2009-08-25 12:33 -------- d-----w- c:\program files\uTorrent
2009-08-25 12:31 . 2009-08-25 13:19 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\uTorrent
2009-08-25 12:20 . 2009-08-25 12:20 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 12:20 . 2009-08-25 12:20 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 12:20 . 2009-08-25 12:20 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-25 12:20 . 2009-08-25 12:20 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 12:20 . 2009-08-25 12:20 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 12:20 . 2009-08-25 12:20 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-24 23:40 . 2009-08-25 10:48 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\4shared Desktop
2009-08-24 23:34 . 2009-08-24 23:34 -------- d-----w- c:\program files\4shared Desktop
2009-08-23 23:27 . 2009-08-23 23:27 -------- d-----w- c:\programdata\WindowsSearch
2009-08-23 21:28 . 2009-08-23 21:31 -------- d-----w- c:\program files\Common Files\delet
2009-08-23 13:36 . 2009-08-23 13:36 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\GPass-4
2009-08-23 13:36 . 2009-08-23 13:36 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\GPass
2009-08-22 01:20 . 2009-08-25 13:48 25657568 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-22 01:20 . 2008-07-08 11:54 148496 ----a-w- c:\windows\system32\drivers\27281834.sys
2009-08-21 19:28 . 2009-08-21 19:28 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-08-21 19:13 . 2009-08-21 19:13 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-21 19:13 . 2009-08-21 19:13 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-21 19:11 . 2009-08-25 12:24 -------- d-----w- c:\programdata\Kaspersky Lab
2009-08-21 19:11 . 2009-08-21 19:11 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-21 19:05 . 2009-08-21 19:05 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-08-20 00:26 . 2009-08-20 00:26 -------- d-----w- c:\program files\CodeLifter5
2009-08-19 19:56 . 2009-08-19 19:56 -------- d-----w- c:\users\RooT KsA\AppData\Local\Opera
2009-08-19 19:55 . 2009-08-19 19:55 -------- d-----w- c:\program files\Opera
2009-08-19 04:23 . 2009-08-19 04:23 -------- d-----w- c:\users\RooT KsA\AppData\Local\TechSmith
2009-08-18 23:24 . 2009-08-21 02:59 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\TeamViewer
2009-08-18 23:24 . 2009-08-21 02:59 -------- d-----w- c:\program files\TeamViewer
2009-08-18 23:23 . 2009-08-18 23:23 -------- d-----w- c:\users\RooT KsA\temp
2009-08-17 20:34 . 2009-08-17 20:34 -------- d-----w- c:\windows\Processes Arab v3.4
2009-08-17 19:06 . 2009-08-18 15:54 -------- d-----w- c:\users\RooT KsA\AppData\Local\Icon Constructor 3
2009-08-17 19:06 . 2009-08-17 19:06 -------- d-----w- c:\programdata\Icon Constructor 3
2009-08-17 19:06 . 2009-08-19 22:54 -------- d-----w- c:\program files\Icon Constructor 3
2009-08-16 13:04 . 2009-08-16 13:04 -------- d-----w- c:\users\RooT KsA\AppData\Local\Runscanner.net
2009-08-16 05:36 . 2009-08-16 05:36 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\Resource Tuner
2009-08-16 05:35 . 2009-08-25 00:21 -------- d-----w- c:\program files\Resource Tuner
2009-08-15 12:20 . 2009-08-15 12:21 -------- d-----w- c:\users\RooT KsA\AppData\Local\Xenocode
2009-08-15 09:01 . 2009-08-17 11:41 -------- d-----w- c:\users\RooT KsA\AppData\Local\Adobe
2009-08-15 07:48 . 2009-08-21 19:02 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\COWON
2009-08-14 04:24 . 2009-08-14 04:24 -------- d-----w- c:\program files\BreakPoint Software
2009-08-14 04:05 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 04:05 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 04:05 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 04:05 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 04:05 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 04:05 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 04:05 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 04:05 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-14 01:04 . 2009-08-14 01:04 3942047 ----a-w- c:\users\RooT KsA\AppData\Roaming\Thinstall\Malwarebytes' Anti-Malware\%Common AppData%\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-14 00:59 . 2009-08-14 00:59 479744 ----a-w- c:\users\RooT KsA\AppData\Roaming\Thinstall\Trojan Remover 6.7.5\%ProgramFilesDir%\Trojan Remover\Trshlex.dll
2009-08-14 00:59 . 2009-08-14 00:59 1068424 ----a-w- c:\users\RooT KsA\AppData\Roaming\Thinstall\Trojan Remover 6.7.5\%ProgramFilesDir%\Trojan Remover\Trjscan.exe
2009-08-14 00:58 . 2009-08-05 16:29 3036024 ----a-w- c:\users\RooT KsA\AppData\Roaming\Thinstall\Trojan Remover 6.7.5\%ProgramFilesDir%\Trojan Remover\Rmvtrjan.exe
2009-08-14 00:56 . 2009-08-17 20:55 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\Thinstall
2009-08-14 00:56 . 2009-08-14 00:56 -------- d-----w- c:\users\RooT KsA\AppData\Local\Thinstall
2009-08-13 11:18 . 2009-08-19 22:56 -------- d-----w- c:\program files\Common Files\Webroot Shared
2009-08-13 02:40 . 2009-08-19 02:22 -------- d-----w- c:\users\RooT KsA\AppData\Local\Google
2009-08-13 02:40 . 2009-08-13 02:40 -------- d-----w- c:\users\RooT KsA\AppData\Local\Apps
2009-08-13 02:40 . 2009-08-13 02:40 -------- d-----w- c:\users\RooT KsA\AppData\Local\Deployment
2009-08-13 00:27 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 00:27 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 00:26 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 00:26 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 00:26 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 00:26 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 00:26 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 00:26 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 10:03 . 2008-03-11 23:37 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-08-12 10:02 . 2009-08-12 10:02 -------- d-----w- c:\windows\system32\QuickTime
2009-08-11 08:51 . 2009-08-11 08:58 -------- d-----w- c:\users\RooT KsA\AppData\Local\Microsoft Games
2009-08-11 07:54 . 2009-08-11 07:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-08-10 20:09 . 2009-08-10 20:09 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\Media Player Classic
2009-08-10 19:47 . 2009-08-10 19:47 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\aicon
2009-08-10 19:45 . 2009-08-10 19:44 729088 ----a-w- c:\windows\iun6002.exe
2009-08-10 19:45 . 2009-08-10 19:56 -------- d-----w- C:\WM
2009-08-10 05:01 . 2009-08-10 05:02 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\Download Manager
2009-08-10 00:05 . 2009-08-10 00:05 -------- d-----w- c:\windows\system32\Macromed
2009-08-09 23:59 . 2009-08-13 01:34 -------- d-----w- c:\programdata\Messenger Plus!
2009-08-09 23:59 . 2009-08-09 23:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-09 23:28 . 2009-08-09 23:35 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-08-09 23:27 . 2009-08-09 23:35 -------- d-----w- c:\program files\Windows Live
2009-08-09 23:27 . 2009-08-09 23:27 -------- d-----w- c:\programdata\WLInstaller
2009-08-08 04:10 . 2009-08-08 04:10 -------- d-----w- c:\program files\CCleaner
2009-08-08 03:21 . 2009-08-08 04:12 -------- d-----w- c:\program files\Unlocker
2009-08-07 22:56 . 2009-08-07 22:56 -------- d-----w- c:\users\RooT KsA\AppData\Local\Roxio
2009-08-07 22:47 . 2009-08-21 19:03 -------- d-----w- c:\program files\UltraISO
2009-08-07 21:48 . 2009-08-08 03:29 198064 ----a-w- c:\users\RooT KsA\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-08-07 21:48 . 2009-08-25 01:24 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\IDM
2009-08-07 21:48 . 2009-08-25 13:49 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\DMCache
2009-08-07 21:48 . 2009-08-08 04:13 -------- d-----w- c:\program files\Internet Download Manager
2009-08-07 20:16 . 2009-08-07 20:16 -------- d-----w- c:\program files\EASEUS
2009-08-07 20:07 . 2009-08-07 20:07 -------- d-----w- C:\Removable Data Recovery
2009-08-06 10:38 . 2008-05-27 05:18 439808 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-08-06 10:37 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-06 10:17 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-06 10:17 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-06 10:17 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-06 10:17 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-06 10:17 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-06 10:17 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-06 10:17 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-06 10:11 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-06 10:11 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-06 10:11 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-06 10:11 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-06 10:11 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-06 10:09 . 2009-08-06 10:09 0 ----a-w- c:\windows\nsreg.dat
2009-08-06 10:09 . 2009-08-06 10:09 -------- d-----w- c:\users\RooT KsA\AppData\Local\Mozilla
2009-08-06 10:08 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-08-06 10:08 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-08-06 10:08 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-08-06 10:05 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-06 10:03 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-08-06 10:03 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-06 10:03 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-06 10:03 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-08-06 10:01 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-08-06 10:01 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-08-06 10:01 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-08-06 10:01 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-08-06 10:01 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-08-06 10:01 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 13:47 . 2009-08-22 01:20 301004 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-21 20:52 . 2009-08-21 18:37 4239360 ----a-w- c:\users\RooT KsA\AppData\Roaming\zyzcleaner\PrivacySuite.exe
2009-08-21 20:51 . 2009-08-21 18:37 135168 ----a-w- c:\users\RooT KsA\AppData\Roaming\zyzcleaner\2.exe
2009-08-21 20:51 . 2009-08-21 18:37 65536 ----a-w- c:\users\RooT KsA\AppData\Roaming\zyzcleaner\1.exe
2009-08-21 19:02 . 2008-11-19 10:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-21 18:38 . 2009-08-21 18:37 -------- d-----w- c:\users\RooT KsA\AppData\Roaming\zyzcleaner
2009-08-18 02:27 . 2008-11-19 21:01 78446 ----a-w- c:\windows\system32\perfc001.dat
2009-08-18 02:27 . 2008-11-19 21:01 439186 ----a-w- c:\windows\system32\perfh001.dat
2009-08-14 02:08 . 2009-08-14 02:08 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-14 00:03 . 2008-11-19 11:07 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 00:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-06 10:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-06 09:44 . 2009-08-06 09:44 71088 ----a-w- c:\users\RooT KsA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-18 16:06 . 2009-08-06 10:06 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-06 10:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-06 10:06 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-03 12:48 . 2009-07-03 12:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 12:45 . 2009-07-03 12:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-07-03 12:10 . 2009-07-03 12:10 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe
2009-06-15 15:20 . 2009-08-06 10:05 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-06 10:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-08-06 10:05 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-15 11:01 . 2009-06-15 11:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-05-30 18:00 . 2009-08-21 18:37 625485 ----a-w- c:\users\RooT KsA\AppData\Roaming\zyzcleaner\run.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\Drgtodsc.exe" [2007-07-27 1133040]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-04 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-04 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-02-04 4907008]
c:\users\RooT KsA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
is-2BEJE.lnk - c:\users\RooT KsA\Desktop\Virus Removal Tool\is-2BEJE\startup.exe [2009-8-22 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A28AFAC-48F1-4A52-B083-FBC08661C160}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{12EDC0FC-4CC4-48BD-A473-BBCCFA7BEB25}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A6F335E2-5C9A-4B02-ADBE-790C89C86CF0}c:\\users\\root ksa\\desktop\\! bad boy ! bifrost priv8 2.exe"= UDP:c:\users\root ksa\desktop\! bad boy ! bifrost priv8 2.exe:! bad boy ! bifrost priv8 2.exe
"UDP Query User{3EED2F1B-DC6D-4074-962A-A3FF6A3002FE}c:\\users\\root ksa\\desktop\\! bad boy ! bifrost priv8 2.exe"= TCP:c:\users\root ksa\desktop\! bad boy ! bifrost priv8 2.exe:! bad boy ! bifrost priv8 2.exe
"TCP Query User{2313517F-6AFB-42F5-94BD-2747E015549B}c:\\users\\root ksa\\desktop\\sniper port.exe"= UDP:c:\users\root ksa\desktop\sniper port.exe:sniper port.exe
"UDP Query User{DFE70A74-09D6-47EA-9142-41906715E554}c:\\users\\root ksa\\desktop\\sniper port.exe"= TCP:c:\users\root ksa\desktop\sniper port.exe:sniper port.exe
"{A3AF771F-D6CB-4D73-A553-4B0115D1F72D}"= UDP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewer Remote Control Application
"{969D141E-6457-4848-BD06-C73607897682}"= TCP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewer Remote Control Application
"{4F696277-8163-4BBB-922E-4DE03F61381A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1F714B76-34CA-49C1-AE82-86FDD5EDC8EC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/08 20:41 33808]
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [14/11/05 13:28 34176]
R1 is-2BEJEdrv;is-2BEJEdrv;c:\windows\System32\drivers\27281834.sys [22/08/09 04:20 148496]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/09 18:50 21008]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [19/11/08 13:24 77824]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [11/08/09 17:01 185640]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/09 20:59 19472]
S3 acfva;acfva;c:\windows\System32\drivers\ACFVA32.sys [19/11/08 13:37 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\System32\drivers\ACFDCP32.sys [19/11/08 13:37 28928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com.sa/
uInternet Settings,ProxyOverride = local
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\RooT KsA\AppData\Roaming\Mozilla\Firefox\Profiles\u6gg4vbc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\RooT KsA\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-08-25 16:49
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1880657966-2922549016-4236818249-1002_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):d7,72,b9,a9,5a,af,55,ef,3a,72,f7,42,cf,59,b4,ea,b1,a7,71,56,03,
e3,f3,24,9c,cd,ab,b7,f4,56,ca,f3,59,b0,2b,bf,2a,4f,9e,a0,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-1880657966-2922549016-4236818249-1002_Classes\CLSID\{b142a7a1-5deb-4208-b008-47c6c6bea3ad}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ec
"Therad"=dword:00000013
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\wlanext.exe
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\windows\System32\drivers\ACFXAU32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2009-08-25 16:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-25 13:54
Pre-Run: 55,478,874,112 bytes free
Post-Run: 57,200,558,080 bytes free
342 --- E O F --- 2009-08-24 15:25
توقيع : Bo.SaQeR
تأييد 0النقيب
زيزوومي جديد
غير متصل[/FONT]
حمل هذا البرنامج [/FONT]
ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير[/FONT]يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة[/FONT]توقيع : النقيب
تأييد 0Bo.SaQeR
زيزوومى متألق
- إنضم
- 16 أبريل 2009
- المشاركات
- 457
- مستوى التفاعل
- 5
- النقاط
- 470
غير متصلMalwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6001 Service Pack 1
25/08/09 18:29:06
mbam-log-2009-08-25 (18-29-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 159672
Time elapsed: 39 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
توقيع : Bo.SaQeR
تأييد 0Bo.SaQeR
زيزوومى متألق
- إنضم
- 16 أبريل 2009
- المشاركات
- 457
- مستوى التفاعل
- 5
- النقاط
- 470
غير متصل،،
هذي المشكله أخوي الواجهه مو رآضيه تطلع لي ،، :b:
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
خيآر تصغير موجود مع أن نافذهـ الكآسبر مو طآلعه ،، :?:
توقيع : Bo.SaQeR
تأييد 0
MAAX
عضوشرف
غير متصلحمل هذا البرنامج
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادمالتعديل الأخير بواسطة المشرف:تأييد 0- الحالة
