الشاشه سوداء

م

مفلح

زيزوومى متألق
إنضم
15 يوليو 2009
المشاركات
379
مستوى التفاعل
6
النقاط
470
الإقامة
ينبع
غير متصل
السلام عليكم

الشاشه عندي سودا والجهاز يطلع رسايل كثيره ومخبط

ابغى برنامج الهايجك علشان اعطيكم تقرير

في الانتظار
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام


حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدها اغلق جميع البرامج وخصوصا الانترنت اكسبلورر والماسنجر
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : SUL6AN
تأييد 0
لقيت الهايجك وهذا تقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:16 ص, on 15/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\killer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\75305626\75305626.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\smss.exe
C:\Documents and Settings\ostaz\restorer32_a.exe
C:\Documents and Settings\ostaz\Application Data\seres.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ostaz\Application Data\svcst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\ostaz\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
D:\smss.exe
C:\DOCUME~1\ostaz\LOCALS~1\Temp\uakvb.exe
C:\smss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ostaz\LOCALS~1\Temp\nneuw.exe
C:\DOCUME~1\ostaz\LOCALS~1\Temp\slwti.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe, killer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv981254007820.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKLM\..\Run: [75305626] C:\DOCUME~1\ALLUSE~1\APPLIC~1\75305626\75305626.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Runonce] C:\WINDOWS\smss.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ostaz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobily Connect Card\Mobily Connect Card.exe"
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\ostaz\restorer32_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\ostaz\Application Data\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\ostaz\Application Data\svcst.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wbhwin32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{61AF3B17-5B11-493D-BEEA-304409A24CFF}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

--
End of file - 9665 bytes
 
تأييد 0
اشكرك اخوي على سرعة الرد
الرجاء المساعده ارفقت لكم تقرير
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

بالتوفيق
 
توقيع : SUL6AN
تأييد 0
جاري التحميل
بس سطح المكتب كله اسود مقدر احط الاداه على سطح المكتب
حطيتها في المستندات وجاري التحميل
 
تأييد 0
هذا تقرير الأداه

ComboFix 09-11-15.01 - ostaz 11/15/2009 0:44..1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.985.577 [GMT 3:00]
Running from: c:\documents and settings\ostaz\My Documents\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\All Users\Application Data\75305626
c:\documents and settings\All Users\Application Data\75305626\75305626.exe
c:\documents and settings\All Users\Documents\odarucikyr.vbs
c:\documents and settings\All Users\Documents\ykives.vbs
c:\documents and settings\ostaz\سطح المكتب\Security Tool.lnk
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\بدء التشغيل\wbhwin32.exe
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\AntivirusPro_2010
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\Security Tool.lnk
c:\documents and settings\ostaz\Application Data\.#
c:\documents and settings\ostaz\Application Data\bolapat.bat
c:\documents and settings\ostaz\Application Data\edeqyreb.vbs
c:\documents and settings\ostaz\Application Data\lizkavd.exe
c:\documents and settings\ostaz\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\ostaz\Application Data\seres.exe
c:\documents and settings\ostaz\Application Data\svcst.exe
c:\documents and settings\ostaz\Application Data\tazebama
c:\documents and settings\ostaz\Application Data\wiaserva.log
c:\documents and settings\ostaz\Cookies\anili.scr
c:\documents and settings\ostaz\Cookies\ewox.sys
c:\documents and settings\ostaz\Cookies\fucofit.lib
c:\documents and settings\ostaz\Cookies\gewohu.pif
c:\documents and settings\ostaz\Cookies\hibebasu.ban
c:\documents and settings\ostaz\Cookies\hoqe.pif
c:\documents and settings\ostaz\Cookies\inucyf._sy
c:\documents and settings\ostaz\Cookies\ipepehyqyf.dll
c:\documents and settings\ostaz\Cookies\ycoleze.exe
c:\documents and settings\ostaz\Local Settings\Application Data\mezak.inf
c:\documents and settings\ostaz\Local Settings\Application Data\nagoq.reg
c:\documents and settings\ostaz\Local Settings\Application Data\nuvag.reg
c:\documents and settings\ostaz\Local Settings\Application Data\zahitini.vbs
c:\documents and settings\ostaz\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Funny UST Scandal.avi.exe
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\Common Files\eceky.bat
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
C:\smss.exe
c:\windows\ALCMTR.EXE
c:\windows\autorun.inf
c:\windows\aweqefasi.vbs
c:\windows\ebekevoze.dll
c:\windows\fipycac.bat
c:\windows\Funny UST Scandal.exe
c:\windows\idorozoc.scr
c:\windows\killer.exe
c:\windows\osolax.vbs
c:\windows\smss.exe
c:\windows\system32\elapotete.reg
c:\windows\system32\ieuinit.inf
c:\windows\system32\juzuveg.vbs
c:\windows\system32\restorer32_a.exe
c:\windows\system32\wafam.inf
c:\windows\system32\ypatygi.reg
c:\windows\tekisuri.inf
c:\windows\ucatyfelo.dll
c:\windows\ujuf.dll
c:\windows\voni.dll
C:\zPharaoh.exe
D:\Autorun.inf
D:\Funny UST Scandal.avi.exe
D:\smss.exe
D:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.
2009-11-14 21:39 . 2009-11-14 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-14 21:35 . 2009-11-14 21:35 -------- d-----w- c:\program files\Yahoo!
2009-11-14 21:35 . 2009-11-14 21:41 -------- d-----w- c:\program files\CCleaner
2009-11-14 21:26 . 2009-11-14 21:26 -------- d-----w- c:\program files\Trend Micro
2009-11-14 21:16 . 2009-11-14 21:16 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-11-14 21:11 . 2009-11-14 21:11 -------- d-----w- C:\log
2009-11-14 20:46 . 2009-11-14 20:49 -------- d-----w- c:\program files\The KMPlayer
2009-10-30 00:07 . 2009-10-30 00:07 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-30 00:06 . 2009-10-30 00:06 -------- d-----w- c:\documents and settings\ostaz\Local Settings\Application Data\PCHealth
2009-10-30 00:04 . 2009-10-30 00:05 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-10-30 00:04 . 2009-10-30 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-10-29 23:52 . 2009-10-30 00:04 -------- d-----w- c:\program files\Windows Live
2009-10-29 23:30 . 2008-10-16 11:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-29 23:17 . 2009-10-29 23:17 -------- d-----w- c:\program files\4shared Desktop
2009-10-29 23:17 . 2009-10-29 23:17 -------- d-----w- c:\documents and settings\ostaz\Application Data\4shared Desktop
2009-10-16 19:22 . 2009-11-14 21:14 -------- d-----w- c:\documents and settings\ostaz\Application Data\HPAppData
2009-10-16 12:28 . 2009-10-16 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-10-15 22:38 . 2009-10-15 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-10-15 22:33 . 2009-10-16 12:28 173314 ----a-w- c:\windows\hphins26.dat
2009-10-15 22:33 . 2008-01-18 16:49 787 ------w- c:\windows\hphmdl26.dat
2009-10-15 22:33 . 2009-10-15 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-10-15 22:33 . 2007-10-20 15:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 21:51 . 2009-11-14 21:51 4096 ----a-w- c:\windows\system32\05.tmp
2009-11-14 21:13 . 2001-09-19 12:00 41138 ----a-w- c:\windows\system32\perfc001.dat
2009-11-14 21:13 . 2001-09-19 12:00 254402 ----a-w- c:\windows\system32\perfh001.dat
2009-11-01 16:04 . 2009-03-26 19:23 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-10-31 18:39 . 2009-10-31 18:39 4096 ----a-w- c:\windows\system32\04.tmp
2009-10-31 16:56 . 2009-10-31 16:56 4096 ----a-w- c:\windows\system32\03.tmp
2009-10-31 16:11 . 2009-10-31 16:11 4096 ----a-w- c:\windows\system32\02.tmp
2009-10-22 15:08 . 2009-10-22 15:08 4096 ----a-w- c:\windows\system32\01.tmp
2009-10-15 22:41 . 2009-04-09 21:48 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-15 22:38 . 2009-04-09 21:45 -------- d-----w- c:\program files\HP
2009-09-28 09:33 . 2009-09-28 09:33 18823 ----a-w- c:\program files\Common Files\norifir.exe
2009-09-28 09:33 . 2009-09-28 09:33 18680 ----a-w- c:\program files\Common Files\fuwohyj.scr
2009-09-28 09:33 . 2009-09-28 09:33 18474 ----a-w- c:\windows\ubezeraqak.com
2009-09-28 09:33 . 2009-09-28 09:33 15799 ----a-w- c:\windows\system32\usis.pif
2009-09-28 09:33 . 2009-09-28 09:33 14427 ----a-w- c:\program files\Common Files\qitetezano.dll
2009-09-28 09:33 . 2009-09-28 09:33 12128 ----a-w- c:\documents and settings\All Users\Application Data\nysizefyty.scr
2009-09-28 09:33 . 2009-09-28 09:33 12128 ----a-w- c:\documents and settings\All Users\Application Data\nysizefyty.scr
2009-09-28 09:33 . 2009-09-28 09:33 10574 ----a-w- c:\program files\Common Files\kacesyv.exe
2009-09-28 09:33 . 2009-09-28 09:33 10388 ----a-w- c:\documents and settings\All Users\Application Data\yzeh.exe
2009-09-28 09:33 . 2009-09-28 09:33 10388 ----a-w- c:\documents and settings\All Users\Application Data\yzeh.exe
2009-09-27 21:09 . 2009-09-27 21:09 18167 ----a-w- c:\windows\system32\jymuwit.sys
2009-09-27 21:09 . 2009-09-27 21:09 15973 ----a-w- c:\program files\Common Files\opuxofy._sy
2009-09-27 21:09 . 2009-09-27 21:09 15756 ----a-w- c:\documents and settings\All Users\Application Data\notuxoze.com
2009-09-27 21:09 . 2009-09-27 21:09 15756 ----a-w- c:\documents and settings\All Users\Application Data\notuxoze.com
2009-09-27 21:09 . 2009-09-27 21:09 12048 ----a-w- c:\program files\Common Files\ecihugaq.dll
2009-09-27 21:04 . 2009-09-27 21:04 26837 ----a-w- c:\documents and settings\ostaz\restorer32_a.exe
2009-09-23 19:35 . 2009-04-21 11:22 -------- d-----w- c:\documents and settings\ostaz\Application Data\GetRightToGo
2009-09-23 01:58 . 2009-09-23 01:58 10379080 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-23 01:51 . 2009-09-23 01:51 81920 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-23 01:51 . 2009-09-23 01:51 64000 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-09-23 01:51 . 2009-09-23 01:51 52288 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-09-23 01:51 . 2009-09-23 01:51 50688 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-09-23 01:51 . 2009-09-23 01:51 562696 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\setup.exe
2009-09-22 09:52 . 2009-04-09 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-17 16:45 . 2009-03-26 18:42 95520 ----a-w- c:\documents and settings\ostaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-08-03 21:55 . 2004-08-03 21:55 162793 --sha-r- c:\windows\system32\touurju.dll
2009-06-15 15:01 . 2009-03-31 18:25 1161248 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-15 15:01 . 2009-03-31 18:25 327712 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
------- Sigcheck -------
[-] 2008-01-19 . D74083DCEC51D5291EF24D8D055D133A . 1547776 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5810032]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1880576]
"Mobile Partner"="c:\program files\Mobily Connect Card\Mobily Connect Card.exe" [2009-06-12 184320]
"restorer32_a"="c:\documents and settings\ostaz\restorer32_a.exe" [2009-09-27 26837]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 641560]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 260632]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 379416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 102400]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2004-01-20 1507328]
"Nokia Tray Application"="c:\program files\Common Files\Nokia\Tools\NclTray.exe" [2003-12-19 651264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 428912]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2009-06-16 344064]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Filters\\ac3config.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\ACD Systems\\ACDSee\\9.0\\ACDSeeQV.exe"=
"c:\\Program Files\\BandRich\\BandLuxe HSDPA Utility R11\\CManager.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Tools\\NclTray.exe"=
"c:\\Program Files\\Common Files\\ACD Systems\\EN\\DevDetect.exe"=
"c:\\Documents and Settings\\ostaz\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Hotspot Shield\\bin\\openvpntray.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"=
"c:\\WINDOWS\\system32\\mspaint.exe"=
"c:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"=
"c:\\Program Files\\Nero\\Nero Core\\nero.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\PROGRA~1\\Nokia\\NOKIAP~1\\COMPON~1\\PHONEB~1\\NOKIAV~1.EXE"=
"c:\\Program Files\\Movie Maker\\moviemk.exe"=
"c:\\Program Files\\Phoneserve\\Internet Telephone\\CS_Phone.exe"=
"c:\\Documents and Settings\\ostaz\\Application Data\\Real\\Update\\setup\\setup.exe"=
"c:\\WINDOWS\\System32\\svchost.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
[HKLM\~\Services\\ServiceLayer.exe"=]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqbam08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_clipbook.exe"=
"c:\\Documents and Settings\\ostaz\\سطح المكتب\\The_KMPlayer_1435.exe"=
"c:\\WINDOWS\\system32\\MsiExec.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3979:TCP"= 3979:TCP:mucrhkck
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [11/12/2008 10:20 ص 87264]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [15/06/2009 04:12 م 10752]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/04/2008 05:55 م 84240]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S?2 edfdiyyb;Boot Helper;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:56 ص 14336]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\gmlkri.sys --> c:\windows\system32\drivers\gmlkri.sys [?]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [26/03/2009 11:58 م 104192]
S3 brjaeq;brjaeq;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 gpwsg;gpwsg;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 gudrglh;gudrglh;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 hlgwrwa;hlgwrwa;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 iehjiers;iehjiers;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 kpiona;kpiona;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 mlswa;mlswa;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 mzitafo;mzitafo;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 olxsktzf;olxsktzf;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [05/05/2009 07:08 م 194304]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 wmlxji;wmlxji;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 zwvfe;zwvfe;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
edfdiyyb
.
Contents of the 'Scheduled Tasks' folder
2009-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1958367476-725345543-1003Core.job
- c:\documents and settings\ostaz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 16:17]
2009-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1958367476-725345543-1003UA.job
- c:\documents and settings\ostaz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 16:17]
2009-10-16 c:\windows\Tasks\WebReg HP Deskjet D1500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 17:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
TCP: {61AF3B17-5B11-493D-BEEA-304409A24CFF} = 192.168.0.1
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-restorer32_a - c:\windows\system32\restorer32_a.exe

**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\brjaeq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gpwsg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gudrglh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hlgwrwa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iehjiers]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kpiona]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlswa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mzitafo]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\olxsktzf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wmlxji]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zwvfe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edfdiyyb]
"ServiceDll"="c:\windows\system32\touurju.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\  EH/E *BJ'3J *9(1 *'1*('7 *B*l*u*e*t*o*o*t*h*:*:*  'DGH'*A *'D.DHJ) *'DBJ'3J):*:*M*i*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(360)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-11-15 00:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-14 21:54
Pre-Run: 57,139,531,776 bytes free
Post-Run: 56,952,070,144 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
- - End Of File - - 5C091EE07B4F2AA330B17F5E1129D793
 
تأييد 0
مفلح قال:
هذا تقرير الأداه

ComboFix 09-11-15.01 - ostaz 11/15/2009 0:44..1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.985.577 [GMT 3:00]
Running from: c:\documents and settings\ostaz\My Documents\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\All Users\Application Data\75305626
c:\documents and settings\All Users\Application Data\75305626\75305626.exe
c:\documents and settings\All Users\Documents\odarucikyr.vbs
c:\documents and settings\All Users\Documents\ykives.vbs
c:\documents and settings\ostaz\سطح المكتب\Security Tool.lnk
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\بدء التشغيل\wbhwin32.exe
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\AntivirusPro_2010
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\ostaz\قائمة ابدأ\البرامج\Security Tool.lnk
c:\documents and settings\ostaz\Application Data\.#
c:\documents and settings\ostaz\Application Data\bolapat.bat
c:\documents and settings\ostaz\Application Data\edeqyreb.vbs
c:\documents and settings\ostaz\Application Data\lizkavd.exe
c:\documents and settings\ostaz\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\ostaz\Application Data\seres.exe
c:\documents and settings\ostaz\Application Data\svcst.exe
c:\documents and settings\ostaz\Application Data\tazebama
c:\documents and settings\ostaz\Application Data\wiaserva.log
c:\documents and settings\ostaz\Cookies\anili.scr
c:\documents and settings\ostaz\Cookies\ewox.sys
c:\documents and settings\ostaz\Cookies\fucofit.lib
c:\documents and settings\ostaz\Cookies\gewohu.pif
c:\documents and settings\ostaz\Cookies\hibebasu.ban
c:\documents and settings\ostaz\Cookies\hoqe.pif
c:\documents and settings\ostaz\Cookies\inucyf._sy
c:\documents and settings\ostaz\Cookies\ipepehyqyf.dll
c:\documents and settings\ostaz\Cookies\ycoleze.exe
c:\documents and settings\ostaz\Local Settings\Application Data\mezak.inf
c:\documents and settings\ostaz\Local Settings\Application Data\nagoq.reg
c:\documents and settings\ostaz\Local Settings\Application Data\nuvag.reg
c:\documents and settings\ostaz\Local Settings\Application Data\zahitini.vbs
c:\documents and settings\ostaz\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Funny UST Scandal.avi.exe
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\Common Files\eceky.bat
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
C:\smss.exe
c:\windows\ALCMTR.EXE
c:\windows\autorun.inf
c:\windows\aweqefasi.vbs
c:\windows\ebekevoze.dll
c:\windows\fipycac.bat
c:\windows\Funny UST Scandal.exe
c:\windows\idorozoc.scr
c:\windows\killer.exe
c:\windows\osolax.vbs
c:\windows\smss.exe
c:\windows\system32\elapotete.reg
c:\windows\system32\ieuinit.inf
c:\windows\system32\juzuveg.vbs
c:\windows\system32\restorer32_a.exe
c:\windows\system32\wafam.inf
c:\windows\system32\ypatygi.reg
c:\windows\tekisuri.inf
c:\windows\ucatyfelo.dll
c:\windows\ujuf.dll
c:\windows\voni.dll
C:\zPharaoh.exe
D:\Autorun.inf
D:\Funny UST Scandal.avi.exe
D:\smss.exe
D:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.
2009-11-14 21:39 . 2009-11-14 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-14 21:35 . 2009-11-14 21:35 -------- d-----w- c:\program files\Yahoo!
2009-11-14 21:35 . 2009-11-14 21:41 -------- d-----w- c:\program files\CCleaner
2009-11-14 21:26 . 2009-11-14 21:26 -------- d-----w- c:\program files\Trend Micro
2009-11-14 21:16 . 2009-11-14 21:16 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-11-14 21:11 . 2009-11-14 21:11 -------- d-----w- C:\log
2009-11-14 20:46 . 2009-11-14 20:49 -------- d-----w- c:\program files\The KMPlayer
2009-10-30 00:07 . 2009-10-30 00:07 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-30 00:06 . 2009-10-30 00:06 -------- d-----w- c:\documents and settings\ostaz\Local Settings\Application Data\PCHealth
2009-10-30 00:04 . 2009-10-30 00:05 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-10-30 00:04 . 2009-10-30 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-10-29 23:52 . 2009-10-30 00:04 -------- d-----w- c:\program files\Windows Live
2009-10-29 23:30 . 2008-10-16 11:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-29 23:17 . 2009-10-29 23:17 -------- d-----w- c:\program files\4shared Desktop
2009-10-29 23:17 . 2009-10-29 23:17 -------- d-----w- c:\documents and settings\ostaz\Application Data\4shared Desktop
2009-10-16 19:22 . 2009-11-14 21:14 -------- d-----w- c:\documents and settings\ostaz\Application Data\HPAppData
2009-10-16 12:28 . 2009-10-16 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-10-15 22:38 . 2009-10-15 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-10-15 22:33 . 2009-10-16 12:28 173314 ----a-w- c:\windows\hphins26.dat
2009-10-15 22:33 . 2008-01-18 16:49 787 ------w- c:\windows\hphmdl26.dat
2009-10-15 22:33 . 2009-10-15 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-10-15 22:33 . 2007-10-20 15:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 21:51 . 2009-11-14 21:51 4096 ----a-w- c:\windows\system32\05.tmp
2009-11-14 21:13 . 2001-09-19 12:00 41138 ----a-w- c:\windows\system32\perfc001.dat
2009-11-14 21:13 . 2001-09-19 12:00 254402 ----a-w- c:\windows\system32\perfh001.dat
2009-11-01 16:04 . 2009-03-26 19:23 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-10-31 18:39 . 2009-10-31 18:39 4096 ----a-w- c:\windows\system32\04.tmp
2009-10-31 16:56 . 2009-10-31 16:56 4096 ----a-w- c:\windows\system32\03.tmp
2009-10-31 16:11 . 2009-10-31 16:11 4096 ----a-w- c:\windows\system32\02.tmp
2009-10-22 15:08 . 2009-10-22 15:08 4096 ----a-w- c:\windows\system32\01.tmp
2009-10-15 22:41 . 2009-04-09 21:48 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-15 22:38 . 2009-04-09 21:45 -------- d-----w- c:\program files\HP
2009-09-28 09:33 . 2009-09-28 09:33 18823 ----a-w- c:\program files\Common Files\norifir.exe
2009-09-28 09:33 . 2009-09-28 09:33 18680 ----a-w- c:\program files\Common Files\fuwohyj.scr
2009-09-28 09:33 . 2009-09-28 09:33 18474 ----a-w- c:\windows\ubezeraqak.com
2009-09-28 09:33 . 2009-09-28 09:33 15799 ----a-w- c:\windows\system32\usis.pif
2009-09-28 09:33 . 2009-09-28 09:33 14427 ----a-w- c:\program files\Common Files\qitetezano.dll
2009-09-28 09:33 . 2009-09-28 09:33 12128 ----a-w- c:\documents and settings\All Users\Application Data\nysizefyty.scr
2009-09-28 09:33 . 2009-09-28 09:33 12128 ----a-w- c:\documents and settings\All Users\Application Data\nysizefyty.scr
2009-09-28 09:33 . 2009-09-28 09:33 10574 ----a-w- c:\program files\Common Files\kacesyv.exe
2009-09-28 09:33 . 2009-09-28 09:33 10388 ----a-w- c:\documents and settings\All Users\Application Data\yzeh.exe
2009-09-28 09:33 . 2009-09-28 09:33 10388 ----a-w- c:\documents and settings\All Users\Application Data\yzeh.exe
2009-09-27 21:09 . 2009-09-27 21:09 18167 ----a-w- c:\windows\system32\jymuwit.sys
2009-09-27 21:09 . 2009-09-27 21:09 15973 ----a-w- c:\program files\Common Files\opuxofy._sy
2009-09-27 21:09 . 2009-09-27 21:09 15756 ----a-w- c:\documents and settings\All Users\Application Data\notuxoze.com
2009-09-27 21:09 . 2009-09-27 21:09 15756 ----a-w- c:\documents and settings\All Users\Application Data\notuxoze.com
2009-09-27 21:09 . 2009-09-27 21:09 12048 ----a-w- c:\program files\Common Files\ecihugaq.dll
2009-09-27 21:04 . 2009-09-27 21:04 26837 ----a-w- c:\documents and settings\ostaz\restorer32_a.exe
2009-09-23 19:35 . 2009-04-21 11:22 -------- d-----w- c:\documents and settings\ostaz\Application Data\GetRightToGo
2009-09-23 01:58 . 2009-09-23 01:58 10379080 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-09-23 01:51 . 2009-09-23 01:51 81920 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-09-23 01:51 . 2009-09-23 01:51 64000 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-09-23 01:51 . 2009-09-23 01:51 52288 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-09-23 01:51 . 2009-09-23 01:51 50688 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-09-23 01:51 . 2009-09-23 01:51 562696 ----a-w- c:\documents and settings\ostaz\Application Data\Real\Update\setup\setup.exe
2009-09-22 09:52 . 2009-04-09 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-17 16:45 . 2009-03-26 18:42 95520 ----a-w- c:\documents and settings\ostaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-08-03 21:55 . 2004-08-03 21:55 162793 --sha-r- c:\windows\system32\touurju.dll
2009-06-15 15:01 . 2009-03-31 18:25 1161248 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-15 15:01 . 2009-03-31 18:25 327712 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
------- Sigcheck -------
[-] 2008-01-19 . D74083DCEC51D5291EF24D8D055D133A . 1547776 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5810032]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1880576]
"Mobile Partner"="c:\program files\Mobily Connect Card\Mobily Connect Card.exe" [2009-06-12 184320]
"restorer32_a"="c:\documents and settings\ostaz\restorer32_a.exe" [2009-09-27 26837]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 641560]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 260632]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 379416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 102400]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2004-01-20 1507328]
"Nokia Tray Application"="c:\program files\Common Files\Nokia\Tools\NclTray.exe" [2003-12-19 651264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 428912]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2009-06-16 344064]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Filters\\ac3config.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\ACD Systems\\ACDSee\\9.0\\ACDSeeQV.exe"=
"c:\\Program Files\\BandRich\\BandLuxe HSDPA Utility R11\\CManager.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Tools\\NclTray.exe"=
"c:\\Program Files\\Common Files\\ACD Systems\\EN\\DevDetect.exe"=
"c:\\Documents and Settings\\ostaz\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Hotspot Shield\\bin\\openvpntray.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"=
"c:\\WINDOWS\\system32\\mspaint.exe"=
"c:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"=
"c:\\Program Files\\Nero\\Nero Core\\nero.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\PROGRA~1\\Nokia\\NOKIAP~1\\COMPON~1\\PHONEB~1\\NOKIAV~1.EXE"=
"c:\\Program Files\\Movie Maker\\moviemk.exe"=
"c:\\Program Files\\Phoneserve\\Internet Telephone\\CS_Phone.exe"=
"c:\\Documents and Settings\\ostaz\\Application Data\\Real\\Update\\setup\\setup.exe"=
"c:\\WINDOWS\\System32\\svchost.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
[HKLM\~\Services\\ServiceLayer.exe"=]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqbam08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_clipbook.exe"=
"c:\\Documents and Settings\\ostaz\\سطح المكتب\\The_KMPlayer_1435.exe"=
"c:\\WINDOWS\\system32\\MsiExec.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3979:TCP"= 3979:TCP:mucrhkck
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [11/12/2008 10:20 ص 87264]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [15/06/2009 04:12 م 10752]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/04/2008 05:55 م 84240]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S?2 edfdiyyb;Boot Helper;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:56 ص 14336]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\gmlkri.sys --> c:\windows\system32\drivers\gmlkri.sys [?]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [26/03/2009 11:58 م 104192]
S3 brjaeq;brjaeq;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 gpwsg;gpwsg;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 gudrglh;gudrglh;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 hlgwrwa;hlgwrwa;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 iehjiers;iehjiers;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 kpiona;kpiona;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 mlswa;mlswa;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 mzitafo;mzitafo;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 olxsktzf;olxsktzf;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [05/05/2009 07:08 م 194304]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 wmlxji;wmlxji;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
S3 zwvfe;zwvfe;c:\windows\system32\01.tmp [22/10/2009 06:08 م 4096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
edfdiyyb
.
Contents of the 'Scheduled Tasks' folder
2009-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1958367476-725345543-1003Core.job
- c:\documents and settings\ostaz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 16:17]
2009-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1958367476-725345543-1003UA.job
- c:\documents and settings\ostaz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 16:17]
2009-10-16 c:\windows\Tasks\WebReg HP Deskjet D1500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 17:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
TCP: {61AF3B17-5B11-493D-BEEA-304409A24CFF} = 192.168.0.1
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-restorer32_a - c:\windows\system32\restorer32_a.exe

**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\brjaeq]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gpwsg]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gudrglh]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hlgwrwa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iehjiers]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kpiona]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlswa]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mzitafo]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\olxsktzf]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wmlxji]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zwvfe]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edfdiyyb]
"ServiceDll"="c:\windows\system32\touurju.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\  EH/E *BJ'3J *9(1 *'1*('7 *B*l*u*e*t*o*o*t*h*:*:*  'DGH'*A *'D.DHJ) *'DBJ'3J):*:*M*i*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(360)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-11-15 00:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-14 21:54
Pre-Run: 57,139,531,776 bytes free
Post-Run: 56,952,070,144 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
- - End Of File - - 5C091EE07B4F2AA330B17F5E1129D793
أنقر للتوسيع...
وينكم:u:
 
تأييد 0
ياشباب انا جهازي صار تمام الحمد لله بس اعطيتكم تقرير علشان اتأكد جهازي سليم ولا لا
 
تأييد 0
مفلح قال:
ياشباب انا جهازي صار تمام الحمد لله بس اعطيتكم تقرير علشان اتأكد جهازي سليم ولا لا
أنقر للتوسيع...

اخوي جهازك مصاب وبقوه:cr:

ولا يوجد لديك برنامج حمايه من الفيروسات
الاداه نظفت جهازك منها

ولكن حمل احد برامج الحمايه وثبته على جهازك

اتمنى لك التوفيق
 
توقيع : SUL6AN
تأييد 0
لا تنس :- نظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بالتوفيق اخي
 
توقيع : SUL6AN
تأييد 0
برنامج حمايه لقيت وقاعد اركبه
افاست عربي
كان نفسي بالكاسبر لاكن الكاسبر ابو مفاتيح مايجمل يومين ومغلق المفتاح
يعطيك العافيه اخوي على المساعده
لاكن انت تقول جهازك مصاب وبقوه
يعني احتاج لبرنامج حمايه ولا مصاب ولا كيف \انا في انتظارك
 
تأييد 0
SUL6AN قال:
اخوي جهازك مصاب وبقوه:cr:

ولا يوجد لديك برنامج حمايه من الفيروسات
الاداه نظفت جهازك منها

ولكن حمل احد برامج الحمايه وثبته على جهازك

اتمنى لك التوفيق
أنقر للتوسيع...
عندي البرنامج :ok:
 
تأييد 0
يعني انتهت مشكلتك ؟!

وبالنسبه لقصدي اي انك تركب برنامج حمايه او تحدث اللي عندك فقط


بالتوفيق
 
توقيع : SUL6AN
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى