-
تصميم Ramy Badraan
Cisdem Video Compressor 2.2.0 برنامج لضغط الفيديوهات مع المحافظة على الجودة قدر الإمكان - مع التفعيل تصميم Ramy Badraan
PDF-XChange Editor Plus+PRO v10.6.0.396 تصميم Ramy Badraan
WinRAR - أداة متكاملة لتحميل وتثبيت وتفعيل WinRAR7.11 اخر اصدار تلقائيًا وبثلاث لغات) تصميم Ramy Badraan
متصفح القوة والسرعة Google Chrome 116.0.5845.97 Stable تصميم Ramy Badraan
الأسطوانة العربية** Ar Windows 10-11 (2019-2021-2024) IoT Enterprise LTSC (x64) Update April 2025 تصميم Ramy Badraan
Windows Video Converter 2025 v9.9.9.17 برنامج تحويل وتحرير الفيديو الكل في واحد تصميم Ramy Badraan
27.00.0300 XYplorer Pro لإدارة الملفات والمجلدات والبحث عنها بسرعة تصميم Ramy Badraan
ويندوز 11 اندكس برو -عربي إنكليزي فرنسي من غير متطلبات ومفعلWindows11PRO_24H2(Ar-En-Fr)26100.3909-Activ_NO TPM تصميم Ramy Badraan
Foxit PDF Editor 2025 .1.0.27937 تصميم Ramy Badraan
CoolUtils Total Doc Converter 5.1.0.364 Repack & Portable لتحويل الملفات الكتابية إلى عدة صيغ تصميم Ramy Badraan
تعال سجل Internet Download Manager باسمك -تفعيل تحديث مع IDM Activation Assistant v1.0 تصميم Ramy Badraan
Office 2013-2024 C2R Install + Lite v7.7.7.7 r26 | Install Office and Activate لتحميل وتفعيل الأوفيس تصميم Ramy Badraan
برنامج الحماية الرهيب Webroot Secure Anywhere CE 25.2 والتفعيل بسيريال لمدة 700 يوم تصميم Ramy Badraan
العملاق الأندونيسي Smadav Pro 2025 v15.4 كامل ومحدث مع التفعيل الحصري تصميم Ramy Badraan
Zyzoom Driver Booster Tool - عملاق جلب التعريفات Iobit Driver Booster فى اصداره النهائى مفعل - تنصيب صامت) تصميم Ramy Badraan
Zyzoom Process Lasso Tool - Wise Care 365 Pro 7.2.4.697 RePack & Portable البرنامج الشامل للصيانة وإصلاح النظام) تصميم Ramy Badraan
TechsmithSnagit 25.1.0.6239 x64 Silent Install عملاق تصوير الشاشة وعمل الشروحات تصميم Ramy Badraan
Glary Utilities Pro 6.24.0.28 RePack & Portable لصيانة النظام وتنظيفه من الملفات التالفة تصميم Ramy Badraan
Zyzoom Process Lasso Tool - عملاق تسريع المعالج وتنظيم العمليات فى اصداره الاخير - تنصيب صامت) 
- بادئ الموضوع الزعيم
- تاريخ البدء
النقيب
زيزوومي جديد
غير متصلحمل هذا البرنامج[/FONT]
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
شغل البرنامج[/FONT] ==> واضغط على[/FONT]
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة[/FONT]==>قم بنسخه ولصقه في ردك القاادم[/FONT] ,,توقيع : النقيب
تأييد 0الزعيم
زيزوومى فعال
غير متصلهذا هو
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:18 م, on 23/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\npkcmsvc.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\user\LOCALS~1\Temp\winvtkddj.exe
C:\DOCUME~1\user\LOCALS~1\Temp\winthsops.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = BFD4865E7A9D2C20,plimus.com,,يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6DF9402-ABFD-44C5-9576-3155B7D38A49}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
--
End of file - 7837 bytesتأييد 0النقيب
زيزوومي جديد
غير متصل[/FONT]عطل برامج الحماية عن العمل[/FONT]
[/FONT]ثم [/FONT]
[/FONT]حمل الاداة التالية واحفظها على سطح المكتب[/FONT]
[/FONT]يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
[/FONT]عند تشغيلها بتظهر لك رسالة ,, اضغط على [/FONT]>> Yes[/FONT]
[/FONT]بعدها بتظهر لك رساله ثانيه ,, اضغط على [/FONT]>> Yes[/FONT]
[/FONT]اثناء الفحص ممكن يعاد تشغيل الجهاز[/FONT]
[/FONT]وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه[/FONT]
[/FONT]لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي[/FONT]
[/FONT]انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة[/FONT]توقيع : النقيب
تأييد 0
KoNaMi
زيزوومى فضى
غير متصلهذا فايروس ستالي
بعد استخدام اداة الكمبوفكس
اعمل الاتي
عطل استعادة النظام حسب الشرح التالي
بعدين
ادخل هذه الصفحة
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقمالتقرير noor_mcafeeيجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
وارفعه على هذا الموقع
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
وارفق رابط التحميل بمشاركتك القادمةتوقيع : KoNaMi
تأييد 0الزعيم
زيزوومى فعال
غير متصلComboFix 09-08-24.06 - user 08/23/2009 21:08.8.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2039.1623 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\22yj2fy1.exe
C:\6rxt26.exe
C:\8b3.bat
C:\8dtyjjf.exe
C:\9u.exe
C:\autorun.inf
c:\docume~1\user\LOCALS~1\Temp\cvasds0.dll
c:\docume~1\user\LOCALS~1\Temp\cvasds1.dll
C:\f2.bat
C:\hm1bfpuj.exe
C:\kgji.exe
C:\lcw.exe
C:\ljnhwt.bat
C:\m1eqos3.exe
C:\m9ma.exe
C:\mqhnawe.bat
C:\qothmn.cmd
C:\rx.exe
C:\u0riu2.exe
C:\ukfbi3aw.exe
c:\windows\AhnRpta.exe
c:\windows\crypted.exe
c:\windows\Downloaded Program Files\PurpleBean.exe
c:\windows\system32\e8main0.dll
c:\windows\system32\e8main1.dll
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
C:\xs6kpr0.exe
D:\22yj2fy1.exe
D:\6rxt26.exe
D:\8b3.bat
D:\8dtyjjf.exe
D:\9u.exe
D:\autorun.inf
D:\f2.bat
D:\hm1bfpuj.exe
D:\kgji.exe
D:\lcw.exe
D:\ljnhwt.bat
D:\m1eqos3.exe
D:\m9ma.exe
D:\mqhnawe.bat
D:\qothmn.cmd
D:\rx.exe
D:\u0riu2.exe
D:\ukfbi3aw.exe
D:\xs6kpr0.exe
F:\22yj2fy1.exe
F:\6rxt26.exe
F:\8b3.bat
F:\8dtyjjf.exe
F:\9u.exe
F:\Autorun.inf
F:\f2.bat
F:\hm1bfpuj.exe
F:\kgji.exe
F:\lcw.exe
F:\ljnhwt.bat
F:\m1eqos3.exe
F:\m9ma.exe
F:\mqhnawe.bat
F:\qothmn.cmd
F:\rx.exe
F:\u0riu2.exe
F:\ukfbi3aw.exe
F:\xs6kpr0.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.
2009-08-23 17:55 . 2009-08-23 17:55 -------- d-----w- c:\program files\Trend Micro
2009-08-23 16:54 . 2009-08-23 16:54 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-23 16:54 . 2009-08-23 16:54 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-23 16:54 . 2009-08-23 16:54 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-23 16:54 . 2009-08-23 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-23 16:53 . 2009-08-23 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-19 14:13 . 2009-07-02 21:34 83376 ----a-w- c:\temp\npijjiautoinstallpluginff.dll
2009-08-19 14:13 . 2009-07-02 21:34 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-08-19 14:13 . 2009-07-01 07:25 61440 ----a-w- c:\windows\system32\uc_atlantica_launching.dll
2009-08-19 14:13 . 2009-06-23 10:21 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
2009-08-19 14:13 . 2009-03-31 14:43 53248 ----a-w- c:\windows\system32\uc_luminary_launching.dll
2009-08-19 14:13 . 2009-03-11 15:20 208384 ----a-w- c:\windows\system32\uc_rohan_launching.dll
2009-08-19 14:13 . 2009-08-19 14:13 -------- d-----w- c:\program files\ijji
2009-08-19 14:10 . 2009-01-29 08:53 87472 ----a-w- c:\windows\system32\ijjiChannelingPlugin.dll
2009-08-17 12:45 . 2009-08-17 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\hsswpr
2009-08-15 09:42 . 2007-01-11 10:20 194304 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2009-08-15 09:38 . 2005-05-31 10:12 49224 ----a-w- c:\windows\system32\athgina.dll
2009-08-15 09:38 . 2005-05-24 22:39 465952 ----a-w- c:\windows\system32\ar5211.sys
2009-08-15 09:38 . 2005-05-31 10:12 36864 ----a-w- c:\windows\system32\acs.exe
2009-08-15 09:38 . 2005-05-31 10:00 192512 ----a-w- c:\windows\system32\AegisI5.exe
2009-08-15 09:38 . 2005-05-31 10:12 385024 ----a-w- c:\windows\system32\athcfg11.dll
2009-08-15 09:38 . 2005-05-31 10:10 77824 ----a-w- c:\windows\system32\athcfg11res.dll
2009-08-15 09:38 . 2005-05-31 10:10 249856 ----a-w- c:\windows\system32\wgapi.dll
2009-08-15 09:38 . 2005-05-31 10:09 237568 ----a-w- c:\windows\system32\wcapi.dll
2009-08-15 09:38 . 2005-05-31 10:00 1396835 ----a-w- c:\windows\system32\AegisE5.dll
2009-08-15 09:38 . 2009-08-15 09:38 -------- d-----w- c:\program files\Atheros
2009-08-15 09:37 . 2009-08-19 14:13 -------- d-----w- C:\temp
2009-08-13 18:17 . 2004-08-03 21:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-29 16:54 . 2009-07-29 20:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-28 17:47 . 2009-07-28 17:46 214925 ----a-w- C:\qr.exe
2009-07-28 13:17 . 2009-07-28 17:58 210930 ----a-w- C:\mb9x.exe
2009-07-25 17:24 . 2009-07-25 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-07-25 17:16 . 2009-07-25 17:16 -------- d-----w- c:\program files\Pando Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 17:48 . 2009-04-21 11:00 337197168 ----a-w- c:\documents and settings\user\Application Data\ijjigame\U_SFInstaller.exe
2009-08-23 12:40 . 2009-05-19 11:31 -------- d-----w- c:\program files\Ventrilo
2009-08-19 14:13 . 2009-04-14 02:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-17 04:48 . 2009-06-18 07:46 158952 ----a-w- c:\windows\system32\PubPlugin.dll
2009-08-02 03:38 . 2009-04-14 10:33 -------- d-----w- c:\documents and settings\user\Application Data\Ventrilo
2009-07-29 01:51 . 2009-04-13 04:36 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-07-22 13:52 . 2009-07-22 13:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-16 09:20 . 2009-07-16 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-07-16 00:28 . 2009-04-21 20:40 -------- d-----w- c:\documents and settings\user\Application Data\TeamViewer
2009-07-12 14:02 . 2009-07-12 14:02 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-10 16:46 . 2009-07-10 16:46 -------- d-----w- c:\program files\Conduit
2009-07-08 20:02 . 2009-07-08 20:02 62464 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\38\37c7a6a6-6dafa780-n\avutil-49.dll
2009-07-08 20:02 . 2009-07-08 20:02 516096 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\38\37c7a6a6-6dafa780-n\ivjni.dll
2009-07-08 20:02 . 2009-07-08 20:02 288361 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\38\37c7a6a6-6dafa780-n\libmp3lame-0.dll
2009-07-08 20:02 . 2009-07-08 20:02 1941504 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\38\37c7a6a6-6dafa780-n\avcodec-51.dll
2009-07-08 20:02 . 2009-07-08 20:02 107520 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\38\37c7a6a6-6dafa780-n\avformat-52.dll
2009-07-08 19:52 . 2009-07-08 19:52 -------- d-----w- c:\program files\LtUcx
2009-07-06 19:02 . 2009-07-06 19:02 62464 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\55\52c77577-65efe442-n\avutil-49.dll
2009-07-06 19:02 . 2009-07-06 19:02 516096 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\55\52c77577-65efe442-n\ivjni.dll
2009-07-06 19:02 . 2009-07-06 19:02 288361 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\55\52c77577-65efe442-n\libmp3lame-0.dll
2009-07-06 19:02 . 2009-07-06 19:02 107520 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\55\52c77577-65efe442-n\avformat-52.dll
2009-07-06 19:02 . 2009-07-06 19:02 1941504 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\55\52c77577-65efe442-n\avcodec-51.dll
2009-07-02 21:34 . 2009-04-21 10:58 787888 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-07-02 21:34 . 2009-04-21 10:58 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-06-27 13:24 . 2009-06-27 13:24 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2009-06-16 10:05 . 2008-08-27 16:26 313880 ----a-w- c:\windows\system32\npkagt.exe
2009-06-16 10:03 . 2007-09-11 23:14 226624 ----a-w- c:\windows\system32\DivXCodecVersionChecker.exe
2009-06-16 09:45 . 2009-04-22 17:39 2667792 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\Microsoft Windows Installer 3.1\mWinRun.dll\unicode\update.exe
2009-06-16 09:45 . 2009-04-22 17:39 110592 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\Microsoft Windows Installer 3.1\mWinRun.dll\ansi\msiinst.exe
2009-06-16 09:45 . 2009-04-22 17:39 157184 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\Microsoft Windows Installer 3.1\mWinRun.dll\ansi\msiexec.exe
2009-06-16 09:45 . 2009-04-22 18:00 80455 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\CD77AC88\3DFD6AB6\DriverScannerApi.exe
2009-06-16 09:45 . 2009-04-22 18:00 290816 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\5C40AA7E\8F9F9DCD\DriverScanner.exe
2009-06-16 09:45 . 2009-04-22 18:00 139264 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\3E39C89\2FB6E586\DriverScannerApi.exe
2009-06-12 10:29 . 2009-06-12 10:18 5593 ----a-w- c:\windows\system32\unins000.dat
2009-06-12 10:29 . 2009-06-12 10:18 635337 ----a-w- c:\windows\system32\unins000.exe
2009-06-05 09:03 . 2009-04-18 08:22 341344 ----a-w- c:\windows\system32\sayax0.dll
2009-06-04 15:59 . 2009-06-04 15:59 137800 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\English\setup.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-12_10.58.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2006-12-01 21:46 . 2006-12-01 21:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-01 21:08 . 2006-12-01 21:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 21:08 . 2006-12-01 21:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 21:08 . 2006-12-01 21:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 21:08 . 2006-12-01 21:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 21:08 . 2006-12-01 21:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 21:08 . 2006-12-01 21:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 21:08 . 2006-12-01 21:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 21:08 . 2006-12-01 21:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 21:08 . 2006-12-01 21:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2009-08-23 18:15 . 2009-08-23 18:15 16384 c:\windows\temp\Perflib_Perfdata_834.dat
+ 2009-06-22 13:25 . 2008-10-16 11:09 43544 c:\windows\system32\wups2.dll
+ 2009-04-13 04:23 . 2008-10-16 11:08 34328 c:\windows\system32\wups.dll
+ 2009-04-13 04:23 . 2008-10-16 11:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-06-22 13:25 . 2008-10-16 11:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
- 2009-04-13 18:03 . 2004-04-05 20:05 65602 c:\windows\system32\RMBin\codecs\cook.dll
+ 2001-08-23 11:00 . 2009-07-06 17:38 40972 c:\windows\system32\perfc009.dat
- 2001-08-23 11:00 . 2001-08-23 11:00 35840 c:\windows\system32\narrhook.dll
+ 2009-07-04 22:56 . 2005-03-22 10:43 12800 c:\windows\system32\mpnatapi.dll
+ 2008-01-14 12:15 . 2008-01-14 12:15 81920 c:\windows\system32\frapsvid.dll
- 2008-01-23 21:25 . 2008-01-23 21:25 27136 c:\windows\system32\drivers\tapvpn.sys
+ 2008-01-23 21:25 . 2006-10-26 08:48 27136 c:\windows\system32\drivers\tapvpn.sys
- 2009-04-12 21:18 . 2004-08-03 22:59 57472 c:\windows\system32\drivers\redbook.sys
+ 2009-05-25 02:18 . 2009-05-25 02:18 27507 c:\windows\system32\drivers\klopp.dat
+ 2009-05-16 17:59 . 2009-05-16 17:59 19472 c:\windows\system32\drivers\klmouflt.sys
+ 2009-05-13 14:46 . 2009-05-13 14:46 31760 c:\windows\system32\drivers\klim5.sys
+ 2008-12-15 17:41 . 2008-12-15 17:41 33808 c:\windows\system32\drivers\klbg.sys
+ 2009-04-13 04:23 . 2008-10-16 11:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2009-04-13 04:23 . 2008-10-16 11:09 51224 c:\windows\system32\dllcache\wuauclt.exe
- 2001-08-23 11:00 . 2001-08-23 11:00 35840 c:\windows\system32\dllcache\narrhook.dll
+ 2004-08-03 21:56 . 2008-10-16 11:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2001-08-17 13:52 . 2001-08-17 10:52 18688 c:\windows\system32\dllcache\cdaudio.sys
+ 2004-08-03 21:56 . 2008-10-16 11:09 92696 c:\windows\system32\cdm.dll
+ 2009-04-21 10:58 . 2009-07-02 21:34 87472 c:\windows\Downloaded Program Files\ijjiPreStarter2.exe
- 2009-04-21 10:58 . 2008-06-11 20:01 87472 c:\windows\Downloaded Program Files\ijjiPreStarter2.exe
- 2009-04-21 10:58 . 2008-06-11 20:01 79280 c:\windows\Downloaded Program Files\ijjiPreNotify2.exe
+ 2009-04-21 10:58 . 2009-07-02 21:34 79280 c:\windows\Downloaded Program Files\ijjiPreNotify2.exe
+ 2009-04-21 10:58 . 2009-07-02 21:34 50608 c:\windows\Downloaded Program Files\ijjiNotify2.exe
- 2009-04-21 10:58 . 2008-06-11 20:01 50608 c:\windows\Downloaded Program Files\ijjiNotify2.exe
- 2001-08-23 11:00 . 2001-08-23 11:00 8192 c:\windows\system32\mag_hook.dll
- 2001-08-23 11:00 . 2001-08-23 11:00 8192 c:\windows\system32\dllcache\mag_hook.dll
- 2001-08-23 11:00 . 2001-08-23 11:00 4608 c:\windows\system32\dllcache\bootok.exe
- 2001-08-23 11:00 . 2001-08-23 11:00 4608 c:\windows\system32\bootok.exe
+ 2009-07-22 13:52 . 2009-07-22 13:52 2560 c:\windows\_MSRSTRT.EXE
+ 2008-07-29 05:05 . 2008-07-29 05:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 00:54 . 2008-07-29 00:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-04-13 04:23 . 2008-10-16 11:12 202776 c:\windows\system32\wuweb.dll
+ 2009-04-13 04:23 . 2008-10-16 11:12 323608 c:\windows\system32\wucltui.dll
+ 2009-04-13 04:23 . 2008-10-16 11:12 561688 c:\windows\system32\wuapi.dll
+ 2009-06-22 13:25 . 2008-10-16 11:12 561688 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll
+ 2001-08-23 11:00 . 2009-07-06 17:38 314644 c:\windows\system32\perfh009.dat
+ 2009-05-25 02:21 . 2009-05-25 02:21 219664 c:\windows\system32\klogon.dll
+ 2009-08-23 16:53 . 2009-08-23 16:53 296976 c:\windows\system32\drivers\klif.sys
+ 2009-05-24 12:30 . 2009-05-24 12:30 128016 c:\windows\system32\drivers\kl1.sys
+ 2009-04-13 04:23 . 2008-10-16 11:12 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2009-04-13 04:23 . 2008-10-16 11:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2009-04-13 04:23 . 2008-10-16 11:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2009-04-13 05:07 . 2009-04-13 05:07 100352 c:\windows\Installer\f3d00.msi
+ 2009-05-19 11:31 . 2009-05-19 11:31 683008 c:\windows\Installer\bd0a40.msi
+ 2009-04-22 18:00 . 2009-04-22 18:00 408064 c:\windows\Installer\a5152.msi
+ 2009-04-13 17:33 . 2009-04-13 17:33 803328 c:\windows\Installer\38603a.msi
+ 2009-07-15 22:54 . 2009-07-15 22:54 228352 c:\windows\Installer\32830e6.msi
+ 2009-07-15 22:51 . 2009-07-15 22:51 331264 c:\windows\Installer\32830df.msi
+ 2009-04-13 04:29 . 2009-04-13 04:29 264704 c:\windows\Installer\1d551.msi
+ 2009-04-21 10:58 . 2009-06-16 10:02 640472 c:\windows\Downloaded Program Files\PLauncher.exe
- 2009-04-21 10:58 . 2009-05-27 08:14 640472 c:\windows\Downloaded Program Files\PLauncher.exe
+ 2006-09-22 10:31 . 2006-09-22 10:31 397312 c:\windows\Downloaded Program Files\imcv1.dll
- 2009-04-21 10:58 . 2008-06-16 15:15 480688 c:\windows\Downloaded Program Files\ijjistarter2.exe
+ 2009-04-21 10:58 . 2009-07-02 21:34 480688 c:\windows\Downloaded Program Files\ijjistarter2.exe
+ 2008-07-29 05:05 . 2008-07-29 05:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-04-13 04:23 . 2008-10-16 11:13 1809944 c:\windows\system32\wuaueng.dll
+ 2004-07-17 08:35 . 2004-07-17 08:35 1326080 c:\windows\system32\webfldrs.msi
+ 2009-04-13 04:23 . 2008-10-16 11:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-04-13 05:06 . 2009-04-13 05:06 6152192 c:\windows\Installer\f3cfa.msi
+ 2009-04-13 04:56 . 2009-04-13 04:56 1480704 c:\windows\Installer\f3cf2.msi
+ 2009-04-13 04:55 . 2009-04-13 04:55 3504640 c:\windows\Installer\f3cee.msi
+ 2009-04-13 04:46 . 2009-04-13 04:46 3060224 c:\windows\Installer\f3ce8.msi
+ 2009-04-13 04:44 . 2009-04-13 04:44 7423488 c:\windows\Installer\f3ce4.msi
+ 2009-04-14 00:56 . 2009-04-14 00:56 1112064 c:\windows\Installer\4db10.msi
+ 2009-04-14 00:54 . 2009-04-14 00:54 5922816 c:\windows\Installer\4db0a.msi
+ 2009-08-23 16:54 . 2009-08-23 16:54 3154944 c:\windows\Installer\1521c2a.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-06-16 5801840]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-06-16 1745408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-06-16 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 255528]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2009-06-16 202128]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-06-16 226864]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 376832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-14 195584]
REALTEK USB Wireless LAN Utility.lnk - c:\program files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2009-4-13 790528]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-13 188480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"SpecialForce.exe"= SpecialForce.exe:½؛ئن¼بئ÷½؛
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"=
"c:\\Program Files\\Nero\\Nero 7\\InCD\\NBHGui.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\REALTEK USB Wireless LAN Driver and Utility\\RtWLan.exe"=
"c:\\Program Files\\JetAudio\\jetAudio.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\IDT\\WDM\\sttray.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Atheros\\ACU.exe"=
"c:\\WINDOWS\\system32\\CF22550.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58113:TCP"= 58113:TCP
ando Media Booster
"58113:UDP"= 58113:UDPando Media Booster
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [13/04/2009 09:21 م 38144]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\jojmkn.sys --> c:\windows\system32\drivers\jojmkn.sys [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [15/08/2009 12:42 م 194304]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [13/04/2009 09:25 م 207616]
.
- - - - ORPHANS REMOVED - - - -
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/divx6/new/en?rcv=1&dist=divxdotcom
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = BFD4865E7A9D2C20,plimus.com,,يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {E6DF9402-ABFD-44C5-9576-3155B7D38A49} = 208.67.222.222,208.67.220.220
DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.228.235.176:1999/ReadUid.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-08-23 21:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\athgina.dll
c:\windows\system32\athcfg11.dll
c:\windows\system32\athcfg11Res.dll
- - - - - - - > 'explorer.exe'(3276)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\npkcmsvc.exe
c:\program files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-08-23 21:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 18:17
ComboFix2.txt 2009-06-16 10:46
ComboFix3.txt 2009-06-16 06:41
ComboFix4.txt 2009-06-16 06:31
ComboFix5.txt 2009-08-23 18:07
Pre-Run: 60,266,172,416 bytes free
Post-Run: 64,479,965,184 bytes free
400تأييد 0النقيب
زيزوومي جديد
غير متصليجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
توقيع : النقيب
تأييد 0النقيب
زيزوومي جديد
غير متصلطيب
[/FONT]
حمل هذا البرنامج [/FONT]
ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير[/FONT]يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
[/FONT]
[/FONT]انسخ ما بداخل التقرير والصقه بمشاركتك القادمة[/FONT]توقيع : النقيب
تأييد 0الزعيم
زيزوومى فعال
غير متصلتفضل
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2
23/08/2009 10:18:58 م
mbam-log-2009-08-23 (22-18-58).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 109000
Time elapsed: 11 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)تأييد 0الزعيم
زيزوومى فعال
غير متصلLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:33 م, on 23/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\npkcmsvc.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\DOCUME~1\user\LOCALS~1\Temp\riwgdo.exe
C:\DOCUME~1\user\LOCALS~1\Temp\winurxoa.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = BFD4865E7A9D2C20,plimus.com,,يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6DF9402-ABFD-44C5-9576-3155B7D38A49}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
--
End of file - 7401 bytesتأييد 0النقيب
زيزوومي جديد
غير متصلاحذف القيم التاليه
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
[/FONT]
طريقة الحذف
[/FONT][/FONT]
[/FONT]
توقيع : النقيب
تأييد 0النقيب
زيزوومي جديد
غير متصل
عطل خاصية استعادة النظام
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
بعدها حمل هذا البرنامج
[/FONT][/FONT][/FONT]يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
واعمل سكان كامل للجهاز[/FONT]
[/FONT]توقيع : النقيب
تأييد 0- الحالة
