- بادئ الموضوع hanoda66
- تاريخ البدء
- 2,212
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
ههههههه نو بربلم ياخوياااا
الآن كيف الماسنجر ؟
الآن كيف الماسنجر ؟
توقيع : Technology G!rl
تأييد
0
hanoda66
زيزوومى مميز
غير متصل
ComboFix 10-01-04.01 - hanoda 01/10/2010 1:13.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.3326.2870 [GMT 3:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: ComboFix
AV: برنامج Kaspersky لأمان الإنترنت *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: برنامج Kaspersky لأمان الإنترنت *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
f:\everyt~1\برامج\AFTERF~1\منوعات\ثقافةع~1.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-09 to 2010-01-09 )))))))))))))))))))))))))))))))
.
2010-01-08 17:42 . 2008-04-13 21:16 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-01-08 17:42 . 2008-04-13 21:16 37888 ----a-w- c:\windows\system32\dllcache\bthmodem.sys
2010-01-06 19:23 . 2010-01-09 21:45 1769 ----a-w- C:\Kasper-Sky.exe
2010-01-05 15:07 . 2010-01-05 15:07 -------- d-----w- c:\windows\قبل الندم والحسرات 2
2010-01-05 15:07 . 2010-01-05 15:07 -------- d-----w- c:\program files\قبل الندم والحسرات 2
2010-01-05 15:06 . 2010-01-05 15:06 -------- d-----w- c:\program files\AskSBar
2010-01-05 15:06 . 2010-01-05 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2010-01-05 13:17 . 2010-01-05 13:17 101376 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\RadioWMPCore.dll
2010-01-05 13:17 . 2009-12-23 16:40 52224 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\FFExternalAlert.dll
2010-01-05 13:09 . 2010-01-05 13:09 -------- d-----w- c:\windows\
2010-01-05 13:09 . 2010-01-05 13:09 -------- d-----w- c:\program files\
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\documents and settings\hanoda\Application Data\TeamViewer
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\program files\TeamViewer
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\documents and settings\hanoda\temp
2010-01-05 11:01 . 2010-01-05 11:01 -------- d-----w- C:\FOUND.004
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\documents and settings\hanoda\Application Data\Malwarebytes
2010-01-03 19:24 . 2008-10-22 13:10 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 19:24 . 2008-10-22 13:10 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-03 01:51 . 2010-01-03 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MessengerDiscovery 2
2010-01-03 01:50 . 2010-01-03 01:50 -------- d-----w- c:\program files\Windows Live
2010-01-01 11:56 . 2010-01-01 11:56 -------- d-----w- c:\documents and settings\hanoda\Application Data\Creative
2009-12-30 13:02 . 2009-12-30 13:02 -------- d-----w- c:\program files\WinPcap
2009-12-27 11:04 . 2009-12-27 11:04 -------- d-----w- c:\program files\MSN Reaper
2009-12-25 00:41 . 2009-12-25 00:41 -------- d-----w- c:\documents and settings\hanoda\Application Data\MSNRecorderMax
2009-12-25 00:41 . 2009-12-25 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MSNRecorderMax
2009-12-25 00:40 . 2009-12-25 00:40 -------- d-----w- c:\program files\MSNRecorderMax
2009-12-24 20:11 . 2009-12-24 20:12 103424 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-12-24 20:11 . 2009-12-24 20:11 4716544 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-12-24 20:11 . 2009-12-24 20:11 344064 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-12-24 20:11 . 2009-10-20 10:33 545280 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-12-24 20:11 . 2009-10-20 10:33 153600 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-12-24 15:02 . 2009-12-24 15:02 47 ----a-w- c:\windows\system32\SynWGA.bat
2009-12-22 16:23 . 2009-12-22 16:23 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Identities
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\documents and settings\hanoda\vw
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\documents and settings\hanoda\VisualRoute
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\program files\VisualRoute Lite Edition
2009-12-22 14:01 . 2009-12-22 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-12-22 13:59 . 2009-12-22 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-22 13:59 . 2009-12-22 13:59 -------- d-----w- c:\program files\OpenAL
2009-12-22 13:59 . 2009-12-22 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-21 21:12 . 2009-12-21 21:12 -------- d-sh--w- c:\documents and settings\hanoda\IECompatCache
2009-12-21 21:11 . 2009-12-21 21:11 -------- d-sh--w- c:\documents and settings\hanoda\PrivacIE
2009-12-21 20:04 . 2009-12-21 20:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-21 20:04 . 2009-12-21 20:04 -------- d-sh--w- c:\documents and settings\hanoda\IETldCache
2009-12-21 15:58 . 2009-10-29 07:40 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 15:58 . 2009-10-29 07:40 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 15:58 . 2009-10-29 07:40 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-21 15:58 . 2009-10-29 07:40 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 15:58 . 2009-10-29 07:40 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-21 15:58 . 2009-10-29 07:40 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 15:58 . 2009-12-21 15:58 -------- d-----w- c:\windows\ie8updates
2009-12-21 15:58 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-21 15:56 . 2009-09-25 05:35 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 15:56 . 2009-09-25 05:35 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-12-21 12:47 . 2009-12-21 12:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Cooliris
2009-12-21 12:28 . 2007-10-12 12:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-12-21 12:27 . 2007-04-04 15:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-12-21 12:27 . 2007-03-12 13:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\windows\system32\xlive
2009-12-21 12:24 . 2009-12-21 12:24 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Mozilla
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\program files\NetWorx
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftPerfect
2009-12-21 11:41 . 2009-12-21 11:42 -------- d-----w- c:\documents and settings\hanoda\Application Data\Media Player Classic
2009-12-21 11:38 . 2009-12-21 11:38 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-12-21 11:36 . 2009-12-21 11:36 -------- d-----w- c:\documents and settings\hanoda\Application Data\WeatherWatcher
2009-12-21 11:35 . 2009-12-21 11:35 -------- d-----w- c:\program files\AskSearch
2009-12-21 11:35 . 2009-12-21 11:35 -------- d-----w- c:\program files\AskBarDis
2009-12-21 11:35 . 2004-05-26 23:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-12-21 11:29 . 2009-12-21 11:29 -------- d-----w- c:\program files\WinSnap
2009-12-21 10:06 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-21 09:58 . 2009-12-21 09:58 -------- d-----w- c:\windows\Sun
2009-12-21 09:40 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-21 09:27 . 2009-08-04 17:26 2146816 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-21 09:27 . 2009-08-04 17:26 2067584 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-21 09:27 . 2009-08-04 17:25 2025472 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-21 09:10 . 2009-12-21 09:10 -------- d--h--w- c:\windows\$hf_mig$
2009-12-18 13:33 . 2009-12-18 13:33 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\WMTools Downloaded Files
2009-12-18 10:46 . 2009-12-18 10:46 -------- d--h--w- c:\windows\PIF
2009-12-18 10:23 . 2009-12-18 10:23 -------- d-----w- c:\program files\Microsoft.NET
2009-12-18 10:21 . 2009-12-18 10:21 -------- d-----w- c:\windows\SHELLNEW
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Microsoft Help
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----r- C:\MSOCache
2009-12-18 10:04 . 2009-12-18 10:04 402952 ----a-w- c:\documents and settings\hanoda\Application Data\Real\RealPlayer\setup\AU_setup11.exe
2009-12-17 23:54 . 2009-12-17 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\webcamXP5
2009-12-17 23:53 . 2009-12-17 23:53 -------- d-----w- c:\program files\wLite
2009-12-17 23:16 . 2009-12-17 23:16 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Adobe
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\PowerDVDCox
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\PowerDVDCinema
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Application Data\CyberLink
2009-12-17 20:25 . 2009-12-17 20:25 -------- d-----w- c:\documents and settings\hanoda\Application Data\Avant Profiles
2009-12-17 20:03 . 2009-12-17 20:03 -------- d-----w- c:\windows\Sev7nInspirat
2009-12-17 20:03 . 2009-12-17 20:03 155418 ----a-w- c:\windows\Uninstall.exe
2009-12-17 19:35 . 2009-12-17 19:35 -------- d-s---w- c:\documents and settings\hanoda\UserData
2009-12-17 19:28 . 2009-12-17 19:28 -------- d-----w- c:\windows\system32\windows media
2009-12-17 19:28 . 2009-12-17 19:28 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-17 19:28 . 2009-12-17 19:28 -------- d-----w- c:\program files\Windows Media Components
2009-12-17 19:20 . 2009-12-17 19:20 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-17 19:20 . 2009-12-17 19:20 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-17 19:20 . 2009-12-17 19:20 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-17 19:20 . 2009-12-17 19:20 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-17 19:20 . 2009-12-17 19:20 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-17 19:20 . 2009-12-17 19:20 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-17 19:20 . 2009-12-17 19:20 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-17 19:20 . 2009-12-17 19:20 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-17 19:20 . 2009-12-17 19:20 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-17 19:20 . 2009-12-17 19:20 59920 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-17 19:20 . 2009-12-17 19:20 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-17 19:11 . 2009-12-17 19:11 -------- d-----w- c:\documents and settings\hanoda\Application Data\Folder Guard
2009-12-17 18:57 . 2009-12-17 18:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-17 18:57 . 2009-12-17 18:57 -------- d-----w- c:\documents and settings\hanoda\Application Data\skypePM
2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-12-17 18:50 . 2009-12-17 21:14 888832 ----a-w- c:\documents and settings\All Users\Application Data\Send acid copy bin\mp3 glue.exe
2009-12-17 18:50 . 2009-12-17 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Send acid copy bin
2009-12-17 18:50 . 2009-12-17 18:50 888832 ----a-w- c:\documents and settings\hanoda\Application Data\gplfilemath\pmyqtugn.exe
2009-12-17 18:49 . 2009-12-17 18:49 -------- d-----w- c:\program files\gplfilemath
2009-12-17 18:49 . 2009-12-17 18:49 -------- d-----w- c:\documents and settings\hanoda\Application Data\gplfilemath
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\documents and settings\hanoda\Application Data\MessengerDiscovery 2
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\program files\Circl Developement
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\program files\Conduit
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Conduit
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\************
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 21:40 . 2010-01-01 20:37 4526 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-01-03 20:28 . 2010-01-03 20:28 -------- d-----w- c:\documents and settings\hanoda\Application Data\CyberScrub
2010-01-03 20:28 . 2010-01-03 20:28 -------- d-----w- c:\documents and settings\hanoda\Application Data\zyzcleaner
2009-12-17 21:42 . 2009-12-17 16:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-17 17:09 . 2008-04-15 08:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-17 17:04 . 2009-12-17 17:04 -------- d-----w- c:\documents and settings\hanoda\Application Data\COWON
2009-12-17 16:58 . 2004-04-05 07:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-17 16:51 . 2009-12-17 16:51 -------- d-----w- c:\program files\برنامج المؤذن
2009-12-17 16:51 . 2009-12-17 16:51 65536 ----a-w- c:\windows\system32\VDPersns.dat
2009-12-17 16:13 . 2009-12-17 16:13 -------- d-----w- c:\documents and settings\hanoda\Application Data\InstallShield
2009-12-17 16:12 . 2009-12-17 16:12 -------- d-----w- c:\program files\Realtek
2009-12-17 16:12 . 2009-12-17 16:12 319488 ----a-w- c:\windows\HideWin.exe
2009-12-17 16:01 . 2009-12-17 16:01 -------- d-----w- c:\program files\microsoft frontpage
2009-12-17 15:59 . 2009-12-17 15:58 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 05:24 . 2008-04-15 08:00 665600 ------w- c:\windows\system32\wininet.dll
2009-10-13 10:33 . 2008-04-15 08:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-15 08:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-15 08:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-03-09 03:25 . 2009-12-17 17:04 236 ---ha-w- c:\program files\Common Files\dx.reg
.
------- Sigcheck -------
[-] 2008-04-15 . 5320EA6507CFA8ABC92CAF91CD2FC8A5 . 974848 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-15 . 5320EA6507CFA8ABC92CAF91CD2FC8A5 . 974848 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2010-01-05 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2010-01-05 15:06 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Netlog Toolbar"="c:\program files\Internet Explorer\iexplore.exe" [2008-04-15 832512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBTUpd"="c:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RAMDrive"="c:\program files\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-22 36864]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2004-09-30 139264]
"FG_Monitor"="c:\program files\Folder Guard Pro\FGKey.exe" [2007-01-24 132680]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-17 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 148888]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-03-06 1188352]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\hanoda\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
ںéꛨë.lnk - c:\program files\ ©ëںê¤ ںéꛨë\ںéꛨë.EXE [2009-12-17 843776]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-17 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2008-06-13 18:39 45184 ----a-w- c:\windows\system32\fsp_lmwl.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Update]
2009-07-13 12:42 1337344 ----a-w- c:\program files\4shared Desktop\checkUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 08:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-02-28 07:40 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\copy bin slow 16]
2009-12-17 21:14 888832 ----a-w- c:\documents and settings\All Users\Application Data\Send acid copy bin\mp3 glue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-13 17:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 06:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-17 16:58 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 14:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"g:\\blood\\Instinct\\instinct.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/17 19:54];c:\program files\CyberLink\PowerDVD9\000.fcl [28/02/2009 07:40 م 87536]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [17/12/2009 08:05 م 48768]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [17/12/2009 07:10 م 68136]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [17/12/2009 07:50 م 72478]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [17/12/2009 07:38 م 10096]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [17/12/2009 07:28 م 173632]
S2 NetlogUpdaterService;NetlogUpdaterService;"c:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe" --> c:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 11:22 م 34064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googel.com/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: الدليل السريع - c:\windows\ww80.html
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{46012075-ED62-464b-9554-AD0BEC35D1EC} -
IE: {{46012076-ED62-464b-9554-AD0BEC35D1EC}
FF - ProfilePath - c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1915410&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - startime Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
WebBrowser-{FD621E34-BFCE-41D3-BF58-43FF97746AD7} - (no file)
AddRemove-HijackThis - f:\every thing\برامج\after format\برامج حديثة جدا\برامج الحماية\ادواة لاصلاح الجهاز\HijackThis.exe
AddRemove-Netlog Toolbar - c:\program files\Netlog Toolbar\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2010-01-10 01:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,61,bd,4a,80,d8,a8,3d,f9,14,8c,18,6d,5b,b5,6a,ba,05,ac,98,45,
0f,20,98,1d,7a,01,42,39,85,83,5f,48,40,0c,18,db,df,03,51,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{deb04de6-08c7-4915-a257-078b5d396dc3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000004
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\fsp_lmwl.dll
- - - - - - - > 'explorer.exe'(2700)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-10 01:22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-09 22:22
Pre-Run: 7,784,923,136 bytes free
Post-Run: 9,787,752,448 bytes free
- - End Of File - - 324C247F1B2113AB8C359034201DF69D
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.3326.2870 [GMT 3:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: ComboFix
AV: برنامج Kaspersky لأمان الإنترنت *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: برنامج Kaspersky لأمان الإنترنت *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
f:\everyt~1\برامج\AFTERF~1\منوعات\ثقافةع~1.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-09 to 2010-01-09 )))))))))))))))))))))))))))))))
.
2010-01-08 17:42 . 2008-04-13 21:16 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-01-08 17:42 . 2008-04-13 21:16 37888 ----a-w- c:\windows\system32\dllcache\bthmodem.sys
2010-01-06 19:23 . 2010-01-09 21:45 1769 ----a-w- C:\Kasper-Sky.exe
2010-01-05 15:07 . 2010-01-05 15:07 -------- d-----w- c:\windows\قبل الندم والحسرات 2
2010-01-05 15:07 . 2010-01-05 15:07 -------- d-----w- c:\program files\قبل الندم والحسرات 2
2010-01-05 15:06 . 2010-01-05 15:06 -------- d-----w- c:\program files\AskSBar
2010-01-05 15:06 . 2010-01-05 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2010-01-05 13:17 . 2010-01-05 13:17 101376 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\RadioWMPCore.dll
2010-01-05 13:17 . 2009-12-23 16:40 52224 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\FFExternalAlert.dll
2010-01-05 13:09 . 2010-01-05 13:09 -------- d-----w- c:\windows\
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
2010-01-05 13:09 . 2010-01-05 13:09 -------- d-----w- c:\program files\
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\documents and settings\hanoda\Application Data\TeamViewer
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\program files\TeamViewer
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\documents and settings\hanoda\temp
2010-01-05 11:01 . 2010-01-05 11:01 -------- d-----w- C:\FOUND.004
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\documents and settings\hanoda\Application Data\Malwarebytes
2010-01-03 19:24 . 2008-10-22 13:10 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 19:24 . 2008-10-22 13:10 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-03 01:51 . 2010-01-03 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MessengerDiscovery 2
2010-01-03 01:50 . 2010-01-03 01:50 -------- d-----w- c:\program files\Windows Live
2010-01-01 11:56 . 2010-01-01 11:56 -------- d-----w- c:\documents and settings\hanoda\Application Data\Creative
2009-12-30 13:02 . 2009-12-30 13:02 -------- d-----w- c:\program files\WinPcap
2009-12-27 11:04 . 2009-12-27 11:04 -------- d-----w- c:\program files\MSN Reaper
2009-12-25 00:41 . 2009-12-25 00:41 -------- d-----w- c:\documents and settings\hanoda\Application Data\MSNRecorderMax
2009-12-25 00:41 . 2009-12-25 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MSNRecorderMax
2009-12-25 00:40 . 2009-12-25 00:40 -------- d-----w- c:\program files\MSNRecorderMax
2009-12-24 20:11 . 2009-12-24 20:12 103424 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-12-24 20:11 . 2009-12-24 20:11 4716544 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-12-24 20:11 . 2009-12-24 20:11 344064 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-12-24 20:11 . 2009-10-20 10:33 545280 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-12-24 20:11 . 2009-10-20 10:33 153600 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-12-24 15:02 . 2009-12-24 15:02 47 ----a-w- c:\windows\system32\SynWGA.bat
2009-12-22 16:23 . 2009-12-22 16:23 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Identities
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\documents and settings\hanoda\vw
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\documents and settings\hanoda\VisualRoute
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\program files\VisualRoute Lite Edition
2009-12-22 14:01 . 2009-12-22 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-12-22 13:59 . 2009-12-22 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-22 13:59 . 2009-12-22 13:59 -------- d-----w- c:\program files\OpenAL
2009-12-22 13:59 . 2009-12-22 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-21 21:12 . 2009-12-21 21:12 -------- d-sh--w- c:\documents and settings\hanoda\IECompatCache
2009-12-21 21:11 . 2009-12-21 21:11 -------- d-sh--w- c:\documents and settings\hanoda\PrivacIE
2009-12-21 20:04 . 2009-12-21 20:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-21 20:04 . 2009-12-21 20:04 -------- d-sh--w- c:\documents and settings\hanoda\IETldCache
2009-12-21 15:58 . 2009-10-29 07:40 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 15:58 . 2009-10-29 07:40 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 15:58 . 2009-10-29 07:40 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-21 15:58 . 2009-10-29 07:40 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 15:58 . 2009-10-29 07:40 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-21 15:58 . 2009-10-29 07:40 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 15:58 . 2009-12-21 15:58 -------- d-----w- c:\windows\ie8updates
2009-12-21 15:58 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-21 15:56 . 2009-09-25 05:35 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 15:56 . 2009-09-25 05:35 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-12-21 12:47 . 2009-12-21 12:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Cooliris
2009-12-21 12:28 . 2007-10-12 12:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-12-21 12:27 . 2007-04-04 15:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-12-21 12:27 . 2007-03-12 13:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\windows\system32\xlive
2009-12-21 12:24 . 2009-12-21 12:24 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Mozilla
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\program files\NetWorx
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftPerfect
2009-12-21 11:41 . 2009-12-21 11:42 -------- d-----w- c:\documents and settings\hanoda\Application Data\Media Player Classic
2009-12-21 11:38 . 2009-12-21 11:38 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-12-21 11:36 . 2009-12-21 11:36 -------- d-----w- c:\documents and settings\hanoda\Application Data\WeatherWatcher
2009-12-21 11:35 . 2009-12-21 11:35 -------- d-----w- c:\program files\AskSearch
2009-12-21 11:35 . 2009-12-21 11:35 -------- d-----w- c:\program files\AskBarDis
2009-12-21 11:35 . 2004-05-26 23:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-12-21 11:29 . 2009-12-21 11:29 -------- d-----w- c:\program files\WinSnap
2009-12-21 10:06 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-21 09:58 . 2009-12-21 09:58 -------- d-----w- c:\windows\Sun
2009-12-21 09:40 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-21 09:27 . 2009-08-04 17:26 2146816 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-21 09:27 . 2009-08-04 17:26 2067584 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-21 09:27 . 2009-08-04 17:25 2025472 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-21 09:10 . 2009-12-21 09:10 -------- d--h--w- c:\windows\$hf_mig$
2009-12-18 13:33 . 2009-12-18 13:33 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\WMTools Downloaded Files
2009-12-18 10:46 . 2009-12-18 10:46 -------- d--h--w- c:\windows\PIF
2009-12-18 10:23 . 2009-12-18 10:23 -------- d-----w- c:\program files\Microsoft.NET
2009-12-18 10:21 . 2009-12-18 10:21 -------- d-----w- c:\windows\SHELLNEW
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Microsoft Help
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----r- C:\MSOCache
2009-12-18 10:04 . 2009-12-18 10:04 402952 ----a-w- c:\documents and settings\hanoda\Application Data\Real\RealPlayer\setup\AU_setup11.exe
2009-12-17 23:54 . 2009-12-17 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\webcamXP5
2009-12-17 23:53 . 2009-12-17 23:53 -------- d-----w- c:\program files\wLite
2009-12-17 23:16 . 2009-12-17 23:16 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Adobe
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\PowerDVDCox
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\PowerDVDCinema
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Application Data\CyberLink
2009-12-17 20:25 . 2009-12-17 20:25 -------- d-----w- c:\documents and settings\hanoda\Application Data\Avant Profiles
2009-12-17 20:03 . 2009-12-17 20:03 -------- d-----w- c:\windows\Sev7nInspirat
2009-12-17 20:03 . 2009-12-17 20:03 155418 ----a-w- c:\windows\Uninstall.exe
2009-12-17 19:35 . 2009-12-17 19:35 -------- d-s---w- c:\documents and settings\hanoda\UserData
2009-12-17 19:28 . 2009-12-17 19:28 -------- d-----w- c:\windows\system32\windows media
2009-12-17 19:28 . 2009-12-17 19:28 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-17 19:28 . 2009-12-17 19:28 -------- d-----w- c:\program files\Windows Media Components
2009-12-17 19:20 . 2009-12-17 19:20 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-17 19:20 . 2009-12-17 19:20 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-17 19:20 . 2009-12-17 19:20 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-17 19:20 . 2009-12-17 19:20 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-17 19:20 . 2009-12-17 19:20 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-17 19:20 . 2009-12-17 19:20 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-17 19:20 . 2009-12-17 19:20 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-17 19:20 . 2009-12-17 19:20 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-17 19:20 . 2009-12-17 19:20 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-17 19:20 . 2009-12-17 19:20 59920 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-17 19:20 . 2009-12-17 19:20 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-17 19:11 . 2009-12-17 19:11 -------- d-----w- c:\documents and settings\hanoda\Application Data\Folder Guard
2009-12-17 18:57 . 2009-12-17 18:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-17 18:57 . 2009-12-17 18:57 -------- d-----w- c:\documents and settings\hanoda\Application Data\skypePM
2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-12-17 18:50 . 2009-12-17 21:14 888832 ----a-w- c:\documents and settings\All Users\Application Data\Send acid copy bin\mp3 glue.exe
2009-12-17 18:50 . 2009-12-17 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Send acid copy bin
2009-12-17 18:50 . 2009-12-17 18:50 888832 ----a-w- c:\documents and settings\hanoda\Application Data\gplfilemath\pmyqtugn.exe
2009-12-17 18:49 . 2009-12-17 18:49 -------- d-----w- c:\program files\gplfilemath
2009-12-17 18:49 . 2009-12-17 18:49 -------- d-----w- c:\documents and settings\hanoda\Application Data\gplfilemath
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\documents and settings\hanoda\Application Data\MessengerDiscovery 2
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\program files\Circl Developement
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\program files\Conduit
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Conduit
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\************
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 21:40 . 2010-01-01 20:37 4526 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-01-03 20:28 . 2010-01-03 20:28 -------- d-----w- c:\documents and settings\hanoda\Application Data\CyberScrub
2010-01-03 20:28 . 2010-01-03 20:28 -------- d-----w- c:\documents and settings\hanoda\Application Data\zyzcleaner
2009-12-17 21:42 . 2009-12-17 16:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-17 17:09 . 2008-04-15 08:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-17 17:04 . 2009-12-17 17:04 -------- d-----w- c:\documents and settings\hanoda\Application Data\COWON
2009-12-17 16:58 . 2004-04-05 07:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-17 16:51 . 2009-12-17 16:51 -------- d-----w- c:\program files\برنامج المؤذن
2009-12-17 16:51 . 2009-12-17 16:51 65536 ----a-w- c:\windows\system32\VDPersns.dat
2009-12-17 16:13 . 2009-12-17 16:13 -------- d-----w- c:\documents and settings\hanoda\Application Data\InstallShield
2009-12-17 16:12 . 2009-12-17 16:12 -------- d-----w- c:\program files\Realtek
2009-12-17 16:12 . 2009-12-17 16:12 319488 ----a-w- c:\windows\HideWin.exe
2009-12-17 16:01 . 2009-12-17 16:01 -------- d-----w- c:\program files\microsoft frontpage
2009-12-17 15:59 . 2009-12-17 15:58 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 05:24 . 2008-04-15 08:00 665600 ------w- c:\windows\system32\wininet.dll
2009-10-13 10:33 . 2008-04-15 08:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-15 08:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-15 08:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-03-09 03:25 . 2009-12-17 17:04 236 ---ha-w- c:\program files\Common Files\dx.reg
.
------- Sigcheck -------
[-] 2008-04-15 . 5320EA6507CFA8ABC92CAF91CD2FC8A5 . 974848 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-15 . 5320EA6507CFA8ABC92CAF91CD2FC8A5 . 974848 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2010-01-05 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2010-01-05 15:06 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Netlog Toolbar"="c:\program files\Internet Explorer\iexplore.exe" [2008-04-15 832512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBTUpd"="c:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RAMDrive"="c:\program files\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-22 36864]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2004-09-30 139264]
"FG_Monitor"="c:\program files\Folder Guard Pro\FGKey.exe" [2007-01-24 132680]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-17 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 148888]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-03-06 1188352]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\hanoda\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
ںéꛨë.lnk - c:\program files\ ©ëںê¤ ںéꛨë\ںéꛨë.EXE [2009-12-17 843776]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-17 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2008-06-13 18:39 45184 ----a-w- c:\windows\system32\fsp_lmwl.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Update]
2009-07-13 12:42 1337344 ----a-w- c:\program files\4shared Desktop\checkUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 08:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-02-28 07:40 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\copy bin slow 16]
2009-12-17 21:14 888832 ----a-w- c:\documents and settings\All Users\Application Data\Send acid copy bin\mp3 glue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-13 17:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 06:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-17 16:58 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 14:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"g:\\blood\\Instinct\\instinct.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/17 19:54];c:\program files\CyberLink\PowerDVD9\000.fcl [28/02/2009 07:40 م 87536]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [17/12/2009 08:05 م 48768]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [17/12/2009 07:10 م 68136]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [17/12/2009 07:50 م 72478]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [17/12/2009 07:38 م 10096]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [17/12/2009 07:28 م 173632]
S2 NetlogUpdaterService;NetlogUpdaterService;"c:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe" --> c:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 11:22 م 34064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googel.com/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: الدليل السريع - c:\windows\ww80.html
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
IE: {{46012076-ED62-464b-9554-AD0BEC35D1EC}
FF - ProfilePath - c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1915410&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - startime Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
WebBrowser-{FD621E34-BFCE-41D3-BF58-43FF97746AD7} - (no file)
AddRemove-HijackThis - f:\every thing\برامج\after format\برامج حديثة جدا\برامج الحماية\ادواة لاصلاح الجهاز\HijackThis.exe
AddRemove-Netlog Toolbar - c:\program files\Netlog Toolbar\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2010-01-10 01:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,61,bd,4a,80,d8,a8,3d,f9,14,8c,18,6d,5b,b5,6a,ba,05,ac,98,45,
0f,20,98,1d,7a,01,42,39,85,83,5f,48,40,0c,18,db,df,03,51,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{deb04de6-08c7-4915-a257-078b5d396dc3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000004
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\fsp_lmwl.dll
- - - - - - - > 'explorer.exe'(2700)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-10 01:22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-09 22:22
Pre-Run: 7,784,923,136 bytes free
Post-Run: 9,787,752,448 bytes free
- - End Of File - - 324C247F1B2113AB8C359034201DF69D
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
:d:
كيف الماسنجر ؟
كيف الماسنجر ؟
توقيع : Technology G!rl
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
توقيع : Technology G!rl
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
اهاا
اجل المشكلة من الاتصال عندك
اجل المشكلة من الاتصال عندك
توقيع : Technology G!rl
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
طيب والرسالة اللي كانت بتضهر في بداية موضوعك
هل بتظهر مرا تــانية ؟
هل بتظهر مرا تــانية ؟
توقيع : Technology G!rl
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
استخدم هذا اولاً
وبعدها
هات التقرير ورح اكون معك في خطوات تانيا ان شالله
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبعدها
هات التقرير ورح اكون معك في خطوات تانيا ان شالله
توقيع : Technology G!rl
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
بالتوفيق :king:
توقيع : Technology G!rl
تأييد
0
hanoda66
زيزوومى مميز
غير متصل
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3
10/01/2010 03:00:17 ص
mbam-log-2010-01-10 (03-00-17).txt
Scan type: Full Scan (C:\|)
Objects scanned: 104104
Time elapsed: 13 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Database version: 1306
Windows 5.1.2600 Service Pack 3
10/01/2010 03:00:17 ص
mbam-log-2010-01-10 (03-00-17).txt
Scan type: Full Scan (C:\|)
Objects scanned: 104104
Time elapsed: 13 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
اوكي استخدم
ثــم
استخدم هذي الآداه
ثم
حمل الملف التالي
شغلها بدبل كلك لمستخدمين الاكسبي
ومستخدمين الفيستا و 7 حسب الصورة
سيتم اعادة تشغيل الجهاز اجباريا ،، احفظ اي اعمال تقوم بها
اضغط start وانتظر حتى انتهاء التنظيف
واضغط موافق للموافقة على اعادة تشغيل الجهاز
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثــم
استخدم هذي الآداه
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم
حمل الملف التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغلها بدبل كلك لمستخدمين الاكسبي
ومستخدمين الفيستا و 7 حسب الصورة
سيتم اعادة تشغيل الجهاز اجباريا ،، احفظ اي اعمال تقوم بها
اضغط start وانتظر حتى انتهاء التنظيف
واضغط موافق للموافقة على اعادة تشغيل الجهاز
التعديل الأخير بواسطة المشرف:
توقيع : Technology G!rl
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
^
^
^
جهازك خالي من الاصابات اخويا
تطمن
سوي الخطوات فوق
^
^
جهازك خالي من الاصابات اخويا
تطمن
سوي الخطوات فوق
توقيع : Technology G!rl
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
توقيع : Technology G!rl
تأييد
0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصل
تقرير هايجك يااستاذي الفاضل
توقيع : Technology G!rl
تأييد
0