[تم حل المشكلة]مشكلة في الفايرفوكس & الايميل + مرفق تقرير هايجاك

ديموقراطي · 6 أكتوبر 2009

المشكلة الاولى:

انا تواجهني مشكلة في فتح الفايرفوكس .. لما ابي افتحه يعطيني هالرسالة

______

المشكلة الثانية :

لما ابي افتح الايميل مايرضى يفتح معي لما شفت التفاصيل لقيت مكتوب رمز الخطأ اللي هو 8000401a

وهذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:36:39 ص, on 06/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\TUProgSt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MouseAround\MouseAround.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Opera 10 Preview\opera.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MouseAround] C:\Program Files\MouseAround\MouseAround.exe /AUTOSTART
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: GlobalSCAPE CuteFTP Server Home - GlobalSCAPE Texas, LP - C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe
O23 - Service: خدمة تحديث Google (gupdate1ca1710ffec1b0) (gupdate1ca1710ffec1b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\windows\System32\TUProgSt.exe

--
End of file - 11655 bytes

اتمنى تلقون حل لمشكلتي ..

ومشكورين

ديموقراطي · 6 أكتوبر 2009

للرفع

الجنتــــــل · 6 أكتوبر 2009

عيد تنصيب الفاير فوكس .. وتأكد من خلو جهازك من الفيروسات

و شوف لك برنامج اصلاح مشاكل الماسنجر ؟؟ هذا الي عندي

boob77 · 6 أكتوبر 2009

نزل هالملف وانقله الى هالمسار

C:\WINDOWS\system32

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

___________________

ثم طبق التالي

حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

يجب ان تكون جميع النوافذ مغلقة تماما
--------------------------------------------

( 2 )

حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
__________________________________

ديموقراطي · 6 أكتوبر 2009

هذا تقرير combofix

ComboFix 09-10-05.01 - Administrator 10/06/2009 10:47.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.958.277 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Desktopicon
c:\documents and settings\Administrator\Application Data\Desktopicon\config.ini
c:\documents and settings\Administrator\Application Data\Desktopicon\eBayShortcuts.exe
c:\windows\Installer\204a49a.msp
c:\windows\Installer\c98ea.msp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RkHit

((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-06 03:53 . 2009-10-06 04:10 -------- d-----w- c:\program files\The KMPlayer
2009-10-04 09:53 . 2009-10-04 09:53 -------- d-----w- c:\windows\system32\msmq
2009-10-04 09:53 . 2009-10-04 09:53 -------- d-----w- C:\Inetpub
2009-10-04 09:53 . 2009-10-04 09:53 -------- d-----w- c:\windows\system32\Logfiles
2009-10-04 09:01 . 2009-10-05 05:57 -------- d-----w- c:\program files\Unlocker
2009-10-01 06:38 . 2009-10-01 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft
2009-09-30 23:10 . 2009-09-30 23:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-09-29 21:39 . 2009-09-29 21:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Darq Software
2009-09-29 21:28 . 2009-09-29 21:28 -------- d-----w- c:\program files\Darq Software
2009-09-29 01:50 . 2009-09-29 01:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stilesoft
2009-09-29 01:27 . 2009-09-29 01:27 -------- d-----w- c:\program files\VerbAce Research
2009-09-28 07:24 . 2009-09-28 07:24 -------- d-----w- c:\program files\RAR Password Cracker
2009-09-27 22:16 . 2009-10-06 07:55 -------- d-----w- c:\program files\cFosSpeed
2009-09-27 22:16 . 2009-06-03 08:58 1006296 ----a-w- c:\windows\system32\drivers\cfosspeed.sys
2009-09-27 22:16 . 2009-06-03 08:58 288472 ----a-w- c:\windows\system32\cfosspeed.dll
2009-09-26 03:47 . 2009-09-26 03:47 40 ----a-w- C:\AdminAccount.dat
2009-09-25 22:11 . 2009-09-25 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-09-25 22:11 . 2009-09-25 22:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GlobalSCAPE
2009-09-25 21:41 . 2009-09-25 21:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlobalSCAPE
2009-09-25 21:40 . 2009-09-26 03:44 -------- d-----w- c:\program files\GlobalSCAPE
2009-09-24 02:57 . 2009-09-29 01:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Hotspot_Shield
2009-09-24 02:57 . 2009-09-24 02:57 -------- d-----w- c:\program files\Hotspot_Shield
2009-09-24 02:57 . 2009-09-24 02:57 -------- d-----w- C:\Hotspot Shield
2009-09-24 02:56 . 2009-09-24 02:58 -------- d-----w- c:\program files\Hotspot Shield
2009-09-24 00:04 . 2009-09-24 00:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-09-23 07:37 . 2009-09-23 07:45 -------- d-----w- C:\a990257f228e619f698a
2009-09-23 07:26 . 2009-08-05 19:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-23 07:21 . 2009-09-23 07:21 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-23 07:18 . 2009-09-23 07:18 -------- d-----w- c:\program files\Opera 10 Preview
2009-09-23 07:10 . 2009-09-23 07:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-09-23 06:46 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 06:45 . 2009-09-23 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 06:45 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-23 05:56 . 2009-09-23 07:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-23 05:55 . 2009-10-01 04:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-20 15:02 . 2009-09-20 15:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-18 19:46 . 2009-09-18 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-18 19:46 . 2009-09-18 19:46 -------- d-----w- c:\windows\system32\drivers\NSS
2009-09-18 19:46 . 2009-09-18 19:46 -------- d-----w- c:\program files\Norton Security Scan
2009-09-18 19:46 . 2009-09-18 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-18 19:46 . 2009-09-18 19:46 -------- d-----w- c:\program files\NortonInstaller
2009-09-18 19:46 . 2009-09-18 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-18 17:49 . 2009-09-18 17:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-09-18 17:49 . 2009-09-18 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-18 16:47 . 2009-09-23 05:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-09-18 16:45 . 2009-09-18 16:45 -------- d-----w- c:\windows\system32\Adobe
2009-09-17 22:17 . 2007-11-09 18:08 278 ----a-w- c:\windows\system32\register.reg
2009-09-17 22:16 . 2007-11-09 18:08 278 ----a-w- c:\windows\register.reg
2009-09-17 21:55 . 2009-09-17 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-09-17 21:54 . 2009-09-17 21:54 -------- d-----w- c:\program files\Siber Systems
2009-09-17 18:33 . 2009-09-17 18:33 52 ----a-w- c:\windows\system32\Flashvga.dat
2009-09-17 18:30 . 2009-09-18 02:40 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-16 02:17 . 2009-09-30 03:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-15 20:04 . 2009-09-15 20:04 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-13 03:00 . 2009-09-30 01:47 -------- d-----w- c:\program files\Analog Clock
2009-09-12 19:58 . 2009-09-12 19:58 -------- d-----w- c:\program files\ma-config.com
2009-09-12 19:58 . 2009-09-12 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-09-12 14:13 . 2009-09-12 14:14 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-11 00:12 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 13:57 . 2009-09-10 13:57 -------- d-----w- c:\program files\MouseAround
2009-09-10 12:34 . 2008-02-01 18:56 345 ----a-w- c:\windows\system32\folderbg.reg
2009-09-10 12:34 . 2008-02-01 18:56 315 ----a-w- c:\windows\system32\folderbg_remove.reg
2009-09-10 12:11 . 2009-09-10 12:11 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-10 12:11 . 2009-07-15 08:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-10 12:11 . 2009-09-10 12:11 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-10 12:11 . 2009-09-10 12:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-09-10 12:10 . 2009-09-10 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-10 12:10 . 2009-09-10 12:19 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-10 12:10 . 2009-09-10 12:10 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-10 10:59 . 2009-09-10 11:06 -------- d-----w- c:\windows\VistaMizer
2009-09-10 01:22 . 2009-09-10 01:22 -------- d-----w- c:\windows\system32\3Planesoft
2009-09-10 01:22 . 2009-09-10 01:22 -------- d-----w- c:\program files\3Planesoft Screensaver Manager
2009-09-10 01:22 . 2009-04-21 11:47 659968 ----a-w- c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2009-09-10 01:22 . 2009-05-29 09:24 995840 ----a-w- c:\windows\system32\Mechanical_Clock_3D_Screensaver.scr
2009-09-10 01:22 . 2009-09-10 01:22 -------- d-----w- c:\program files\Mechanical Clock 3D Screensaver
2009-09-10 00:07 . 2009-09-10 00:07 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-10 00:07 . 2009-09-10 00:07 -------- d-----w- c:\program files\MSBuild
2009-09-10 00:07 . 2009-09-10 00:07 -------- d-----w- c:\program files\Reference Assemblies
2009-09-10 00:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-10 00:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-10 00:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-10 00:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-10 00:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-10 00:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-10 00:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-10 00:06 . 2009-09-10 00:06 -------- d-----w- C:\1bafd1495c6e858a3c2a9e61
2009-09-09 17:46 . 2009-09-09 17:46 -------- d-----w- c:\program files\SuperCleaner
2009-09-09 15:55 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-09-09 03:36 . 2009-09-09 03:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-09-09 03:36 . 2009-09-09 03:36 -------- d-----w- c:\windows\PaltalkScene
2009-09-09 03:36 . 2009-09-09 03:37 -------- d-----w- c:\program files\Paltalk Messenger
2009-09-08 18:43 . 2009-09-08 18:43 -------- d-----w- c:\program files\EyeDefender
2009-09-08 18:42 . 2009-09-08 18:42 -------- d-----w- c:\program files\SpeedyFox
2009-09-08 15:56 . 2009-09-08 15:27 292 ----a-w- C:\reader.bin
2009-09-08 13:40 . 2009-09-08 13:40 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-07 13:06 . 2009-09-10 11:06 218624 -c--a-w- c:\windows\system32\dllcache\uxtheme.dll
2009-09-07 12:26 . 2009-09-07 12:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-07 12:26 . 2009-09-07 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-07 10:54 . 2009-09-07 10:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-09-07 10:54 . 2009-10-06 07:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-09-07 01:35 . 2009-09-09 20:18 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-09-06 23:43 . 2009-09-06 23:43 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 07:08 . 2009-08-05 22:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Software Informer
2009-10-06 00:00 . 2009-07-25 02:47 100016 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-05 06:00 . 2009-07-25 00:29 -------- d-----w- c:\program files\Google
2009-10-05 05:53 . 2009-08-11 02:22 -------- d-----w- c:\program files\FlashGet
2009-10-05 03:17 . 2009-07-25 03:01 -------- d-----w- c:\program files\Common Files\Real
2009-10-04 09:08 . 2009-07-29 15:40 -------- d-----w- c:\program files\Internet Download Manager
2009-10-04 01:41 . 2009-07-25 21:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\LIES 2 DENT
2009-10-01 04:50 . 2009-07-25 03:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-01 04:49 . 2009-07-25 03:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-30 02:01 . 2009-07-25 02:59 -------- d-----w- c:\program files\VideoLAN
2009-09-30 01:51 . 2009-07-25 03:04 -------- d-----w- c:\program files\Webteh
2009-09-28 07:23 . 2009-07-29 15:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-09-25 22:14 . 2009-07-26 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-23 07:41 . 2009-08-28 04:18 -------- d-----w- c:\program files\Ela-Salaty
2009-09-23 07:26 . 2009-07-25 21:11 -------- d-----w- c:\program files\Windows Live
2009-09-23 06:14 . 2009-07-26 19:55 -------- d-----w- c:\program files\DSL Speed
2009-09-23 00:41 . 2009-08-24 02:57 -------- d-----w- c:\program files\Findbasic
2009-09-23 00:41 . 2009-08-24 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Findbasic
2009-09-23 00:03 . 2009-07-29 05:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-09-18 17:54 . 2009-07-25 03:58 -------- d-----w- c:\program files\Microsoft Works
2009-09-17 23:13 . 2009-07-25 05:43 -------- d-----w- c:\program files\Ace Translator
2009-09-17 22:32 . 2009-08-05 22:36 -------- d-----w- c:\program files\Software Informer
2009-09-12 15:53 . 2009-07-25 21:11 -------- d-----w- c:\program files\Circle Developemen
2009-09-10 11:06 . 2002-12-31 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-09-09 13:34 . 2009-08-05 02:32 -------- d-----w- c:\program files\FormatFactory
2009-09-09 12:27 . 2009-09-05 13:38 -------- d-----w- c:\program files\FISCstream v1.9b
2009-09-09 12:27 . 2009-09-05 13:37 249856 ------w- c:\windows\Setup1.exe
2009-09-09 12:27 . 2009-09-05 13:37 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-08 13:37 . 2009-08-02 05:05 -------- d-----w- c:\program files\Microsoft
2009-09-07 18:51 . 2009-07-29 04:59 -------- d-----w- c:\program files\Java
2009-09-07 12:04 . 2009-08-24 03:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\translateclient
2009-08-26 19:58 . 2009-08-26 19:58 -------- d-----w- c:\program files\Opera
2009-08-24 02:57 . 2009-08-24 02:57 -------- d-----w- c:\program files\FileSubmit
2009-08-19 16:25 . 2009-08-19 16:25 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-17 16:20 . 2009-08-17 16:20 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-15 02:03 . 2009-08-15 02:03 -------- d-----w- c:\program files\AskBarDis
2009-08-14 03:02 . 2009-08-14 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Far Mills
2009-08-13 09:40 . 2009-08-13 09:40 -------- d-----w- c:\program files\Common Files\DirectX
2009-08-12 07:04 . 2009-08-12 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-12 07:03 . 2009-08-12 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Isotx
2009-08-11 20:11 . 2009-08-11 06:05 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-11 06:05 . 2009-08-11 06:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2009-08-11 02:36 . 2009-08-11 02:33 -------- d-----w- c:\program files\BitComet
2009-08-09 22:19 . 2009-08-09 22:19 -------- d-----w- c:\program files\Desktop Themes
2009-08-09 22:18 . 2009-08-09 22:18 -------- d-----w- c:\program files\Plus!
2009-08-09 03:59 . 2009-08-09 03:57 -------- d-----w- c:\program files\WinUHA SFX
2009-08-08 10:48 . 2009-08-08 10:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-08 08:44 . 2009-08-08 08:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-08 08:37 . 2009-08-08 08:37 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-07 10:05 . 2009-08-07 09:22 -------- d-----w- c:\program files\Melbourne Cup Challenge - Demo Version
2009-08-07 09:24 . 2009-08-07 09:24 -------- d-----w- c:\program files\directx
2009-08-07 03:36 . 2009-07-25 03:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-07 03:36 . 2009-07-25 03:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-05 21:16 . 2009-07-25 03:53 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2002-12-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 13:44 . 2009-07-26 13:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 19:21 . 2009-07-25 19:21 0 ----a-w- c:\windows\system32\cd.dat
2009-07-25 03:41 . 2009-07-25 03:41 0 ----a-w- c:\windows\nsreg.dat
2009-07-25 02:39 . 2009-07-25 02:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-25 02:23 . 2009-07-29 05:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-17 19:01 . 2002-12-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 19:21 . 2002-12-31 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 10:07 . 2009-07-10 10:07 306544 ----a-w- c:\windows\WLXPGSS.SCR
.

------- Sigcheck -------

[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 8E520CF839F65BC9F5AFB440F27C7593 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 8E520CF839F65BC9F5AFB440F27C7593 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2002-12-31 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2002-12-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2002-12-31 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2009-07-20 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-07-20 . 3C274FDD0A19B5EBA59435EC1083B062 . 3822592 . . [7.00.6000.16890] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2009-07-20 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\SoftwareDistribution\Download\33ec000c08e174dc768520b0fd388192\SP3GDR\mshtml.dll
[-] 2009-07-20 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\VistaMizer\old\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\SoftwareDistribution\Download\33ec000c08e174dc768520b0fd388192\SP3QFE\mshtml.dll
[7] 2009-07-18 . 7467941BE64DFC5F8E9F3DC1DE920806 . 3069440 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
[7] 2009-07-18 . 9A878C4D12BE5598B598B27BFEA1B3C2 . 3069440 . . [6.00.2900.3603] . . c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll
[7] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
[7] 2009-04-29 . 04AB92BFDDF275D50E3D42CDB4BF110E . 3060736 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll
[7] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll
[7] 2009-04-29 . 7BB862F4CBB8361551C34674291BA5EC . 3068928 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\mshtml.dll
[7] 2009-04-29 . 06CF679E3D24C3DF270556456A0F1EDA . 3069440 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2007-08-14 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\system32\mshtml.dll
[-] 2007-08-14 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2002-12-31 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB969897$\mshtml.dll

[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-02-06 . CEB0CD859FCAEDDD2D659DCB8B25B56B . 2402304 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-06 . CEB0CD859FCAEDDD2D659DCB8B25B56B . 2402304 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 . CEB0CD859FCAEDDD2D659DCB8B25B56B . 2402304 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2002-12-31 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe

[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 1F796B640B01A277B463E51CF0D79E10 . 587264 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[7] 2002-12-31 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\SoftwareDistribution\Download\33ec000c08e174dc768520b0fd388192\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-06-29 . 63125E82ADE380DC3E335D2661F48C7E . 928768 . . [7.00.6000.16876] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\SoftwareDistribution\Download\33ec000c08e174dc768520b0fd388192\SP3GDR\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\VistaMizer\old\wininet.dll
[7] 2009-06-26 . 70FFEA4793D7139A447B169CB0E500BC . 666624 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
[7] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[7] 2009-06-26 . CF0B7B2738BEF0EB87673393CB7EA06E . 668160 . . [6.00.2900.3592] . . c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[7] 2009-04-29 . 9D6E5AEB8F237E03D5892951EB3D6A7E . 659456 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[7] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[7] 2009-04-29 . 9E36A148748C5DE4EA1F47B9B625F412 . 668160 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
[7] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2007-08-14 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\system32\wininet.dll
[-] 2007-08-14 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\system32\dllcache\wininet.dll
[7] 2002-12-31 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB969897$\wininet.dll

[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2002-12-31 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . DCDEAA7B5698587F82C0F6CD7FB71967 . 1551872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[7] 2002-12-31 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2002-12-31 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-02-06 . CEEB75D60EEB34DF560EC5AFBB82B7EB . 2280960 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-06 . CEEB75D60EEB34DF560EC5AFBB82B7EB . 2280960 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 . CEEB75D60EEB34DF560EC5AFBB82B7EB . 2280960 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2002-12-31 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-07-02 07:18 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHots.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-09-24 02:56 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1832448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-25 39408]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-07 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-16 3118512]
"MouseAround"="c:\program files\MouseAround\MouseAround.exe" [2001-12-11 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-05 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-3-5 5349888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-1 113664]
VerbAce-Pro Startup Agent.lnk - c:\program files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe [2009-9-29 679936]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-19 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ace Translator\\AceTrans.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\games\\iron grip\\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Grip Warlord.Up By GALLANT\\Rip Games\\igwarlord.exe"=
"d:\\games\\MOTO GP 2\\MOTOGP2_KazaMiza.Com\\motogp2.exe"=
"d:\\games\\Street Racing\\European Street Racing.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\CyberLink\\DCC.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11368:TCP"= 11368:TCP:BitComet 11368 TCP
"11368:UDP"= 11368:UDP:BitComet 11368 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/07/2009 06:53 ص 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [23/09/2009 10:26 ص 54752]
R2 GlobalSCAPE CuteFTP Server Home;GlobalSCAPE CuteFTP Server Home;c:\program files\GlobalSCAPE\CuteFTP Server\cftpstes.exe [26/09/2009 06:44 ص 839680]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [15/09/2009 11:04 م 331824]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [10/09/2009 03:11 م 604488]
R3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [15/09/2009 11:04 م 32768]
S2 gupdate1ca1710ffec1b0;خدمة تحديث Google (gupdate1ca1710ffec1b0);c:\program files\Google\Update\GoogleUpdate.exe [07/08/2009 06:35 ص 133104]
S3 fsssvc;خدمة أمان العائلة في Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 م 704864]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [15/09/2009 11:29 م 57640]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [19/12/2008 04:54 م 195752]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 10:13 م 28592]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [15/08/2009 05:03 ص 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [15/08/2009 05:03 ص 234888]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{970EA2E9-E7B8-45E1-9CB5-0DEB37C2C28D}]
%SystemRoot%\System32\regsvr32.exe /s c:\program files\Microsoft\Microsoft Maren\Bin\TextService.dll
.
Contents of the 'Scheduled Tasks' folder

2009-10-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 07:54]

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 03:35]

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 03:35]

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1364589140-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-26 03:43]

2009-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1364589140-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-26 03:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الفيديو بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: تحميل الكل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل المحددة بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: تحميل بواسطة Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cfvjcna6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 4001
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 4001
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-10-06 10:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@DACL=(02 0011)
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fa,dc,56,09,ed,9a,70,fe,c5,1a,a8,1d,0d,5d,a9,31,9a,9c,90,cd,67,
e8,9c,61,3d,f1,07,e4,6b,6d,35,46,52,bc,94,31,f7,ec,7b,da,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c5,38,4e,b5,e1,c0,86,e5,d0,18,dd,7f,99,c7,db,60,8a,af,25,7f,75,
94,d2,4d,60,41,46,1b,58,b7,37,36,6e,34,13,d7,1e,99,14,12,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{920e5dd7-2f3d-4744-a4c5-620f804f0614}]
@Denied: (Full) (Everyone)
"Model"=dword:00000116
"Therad"=dword:0000000e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e7b882c1-efbf-41b9-aea8-0266d6d5f713}]
@Denied: (Full) (Everyone)
"Model"=dword:00000109
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,cf,ef,67,69,2d,65,0d,ca,30,b3,d6,b1,a9,0b,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0011)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1144)
c:\windows\system32\setupapi.dll
c:\windows\system32\idmmbc.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(700)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\cFosSpeed\spd.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2009-10-06 11:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 08:04
ComboFix2.txt 2009-09-09 12:02

Pre-Run: 11,877,343,232 bytes free
Post-Run: 11,798,962,176 bytes free

509 --- E O F --- 2009-09-12 19:08

ديموقراطي · 6 أكتوبر 2009

2) تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:14 ص, on 06/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\System32\TUProgSt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Ela-Salaty\Salaty.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MouseAround] C:\Program Files\MouseAround\MouseAround.exe /AUTOSTART
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: GlobalSCAPE CuteFTP Server Home - GlobalSCAPE Texas, LP - C:\Program Files\GlobalSCAPE\CuteFTP Server\cftpstes.exe
O23 - Service: خدمة تحديث Google (gupdate1ca1710ffec1b0) (gupdate1ca1710ffec1b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\windows\System32\TUProgSt.exe

--
End of file - 10884 bytes

ديموقراطي · 6 أكتوبر 2009

جزاك الله خير اخوي انحلت مشكلة الفايرفوكس بس مشكلة الايميل للحين مالقيت لها حل

مع اني حذفته وثبتت جديد لكن المشكلة مثل ماهي .. اتمنى القى حل لمشكلة الايميل

boob77 · 7 أكتوبر 2009

من اضافة وازالة البرامج احذف التالي

Toolbar: Google Toolbar

Toolbar: &Windows Live Toolbar

Toolbar: Hotspot Shield Toolbar

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وعشان الايميل قصدك الماسنجر ولا صفحة الايميل؟؟

اذا الماسنجر صورلي الرسالة الي تظهر

ديموقراطي · 7 أكتوبر 2009

هذي صورة لمشكلة الماسنجر

ومشكور اخوي على تعبك معي

ديموقراطي · 7 أكتوبر 2009

mr-mesh3l · 7 أكتوبر 2009

بالنسبه للماسنجر
تاكد من التاريخ والوقت بالجهاز
واذا كانت التاريخ صحيح
فتح قائمة ابدأ

Start> Run>regedit

ثم افتح عن
HKEY_CLASSES_ROOT \ AppID \ (380689D0-AFAA-47E6-B80E-A33436FE314B)

وقم بحذفها

boob77 · 7 أكتوبر 2009

mr-mesh3l قال:
بالنسبه للماسنجر
تاكد من التاريخ والوقت بالجهاز
واذا كانت التاريخ صحيح
فتح قائمة ابدأ

Start> Run>regedit

ثم افتح عن
HKEY_CLASSES_ROOT \ AppID \ (380689D0-AFAA-47E6-B80E-A33436FE314B)

وقم بحذفها

اضافة الى ذلك احذف هالتول بارات ادخل المسن اذا ما نفعت كل الحلول جرب احذفه وارجع ثبت الاصدرا 8.5

Toolbar: Google Toolbar -

Toolbar: &Windows Live Toolbar -

Toolbar: Hotspot Shield Toolbar

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ديموقراطي · 7 أكتوبر 2009

اشكرك اخوي boobانك ساعدتني باصلاح الماسنجر يمكن لي يومين ماقدرت افتحه والحين الحمد لله كل شي تمام

وهالكلمات ماتوفيك حقك لكن ان شاء الله قدرنا ولو بشي بسيط اننا نشكرك عليها

موفق باذن الله

boob77 · 7 أكتوبر 2009

العفو اخي بارك الله فيك

اي طريقة استخدمت لاصلاح المسن؟

boob77 · 8 أكتوبر 2009

يغلق للانتهاء

[تم حل المشكلة]مشكلة في الفايرفوكس & الايميل + مرفق تقرير هايجاك

ديموقراطي

زيزوومى فعال

ديموقراطي

زيزوومى فعال

الجنتــــــل

زيزوومى متألق

توقيع : الجنتــــــل

boob77

زيزوومى فضى

ديموقراطي

زيزوومى فعال

ديموقراطي

زيزوومى فعال

ديموقراطي

زيزوومى فعال

boob77

زيزوومى فضى

ديموقراطي

زيزوومى فعال

ديموقراطي

زيزوومى فعال

mr-mesh3l

زيزوومى فعال

توقيع : mr-mesh3l

boob77

زيزوومى فضى

ديموقراطي

زيزوومى فعال

boob77

زيزوومى فضى

boob77

زيزوومى فضى