-
تصميم Ramy Badraan
Foxit PDF Editor 2025 .1.0.27937 تصميم Ramy Badraan
CoolUtils Total Doc Converter 5.1.0.364 Repack & Portable لتحويل الملفات الكتابية إلى عدة صيغ تصميم Ramy Badraan
WinRAR - أداة متكاملة لتحميل وتثبيت وتفعيل WinRAR7.11 اخر اصدار تلقائيًا وبثلاث لغات) تصميم Ramy Badraan
متصفح القوة والسرعة Google Chrome 116.0.5845.97 Stable تصميم Ramy Badraan
الأسطوانة العربية** Ar Windows 10-11 (2019-2021-2024) IoT Enterprise LTSC (x64) Update April 2025 تصميم Ramy Badraan
Windows Video Converter 2025 v9.9.9.17 برنامج تحويل وتحرير الفيديو الكل في واحد تصميم Ramy Badraan
Windows Video Converter 2025 v9.9.9.17 برنامج تحويل وتحرير الفيديو الكل في واحد تصميم Ramy Badraan
27.00.0300 XYplorer Pro لإدارة الملفات والمجلدات والبحث عنها بسرعة تصميم Ramy Badraan
ويندوز 11 اندكس برو -عربي إنكليزي فرنسي من غير متطلبات ومفعلWindows11PRO_24H2(Ar-En-Fr)26100.3909-Activ_NO TPM تصميم Ramy Badraan
برنامج الحماية الرهيب Webroot Secure Anywhere CE 25.2 والتفعيل بسيريال لمدة 700 يوم تصميم Ramy Badraan
Zyzoom Driver Booster Tool - عملاق جلب التعريفات Iobit Driver Booster فى اصداره النهائى مفعل - تنصيب صامت) تصميم Ramy Badraan
Zyzoom Process Lasso Tool - Wise Care 365 Pro 7.2.4.697 RePack & Portable البرنامج الشامل للصيانة وإصلاح النظام) تصميم Ramy Badraan
TechsmithSnagit 25.1.0.6239 x64 Silent Install عملاق تصوير الشاشة وعمل الشروحات تصميم Ramy Badraan
Glary Utilities Pro 6.24.0.28 RePack & Portable لصيانة النظام وتنظيفه من الملفات التالفة تصميم Ramy Badraan
Zyzoom Process Lasso Tool - عملاق تسريع المعالج وتنظيم العمليات فى اصداره الاخير - تنصيب صامت) 
- بادئ الموضوع hanoda66
- تاريخ البدء
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصلهلا اخوي
ممكن تضع صورة للمشكلة ؟
توقيع : Technology G!rl
تأييد 0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصلتضع الصورة فيجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
واول مايظهر الرابط
تعمل نسخ ثم لصق
انتبه الرابط انسخة كامل وضعه في المنتدى بدون ماتروح لعلامة الجبل اللي تحط فيها كود الصور
مجرد نسخ ولصق لا اكثرتوقيع : Technology G!rl
تأييد 0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصلحمل هذا البرنامج
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
بعدها اغلق جميع البرامج وخصوصا الانترنت اكسبلورر والماسنجر
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادمالتعديل الأخير بواسطة المشرف:توقيع : Technology G!rl
تأييد 0
hanoda66
زيزوومى مميز
غير متصلLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:35:23 م, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\برنامج المؤذن\المؤذن.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\hanoda\My Documents\Downloads\Compressed\Zyzoom.org_Tool_V_1.0.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\JetAudio\JetAudio.exe
F:\every thing\برامج\after format\برامج حديثة جدا\برامج الحماية\ادواة لاصلاح الجهاز\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Netlog Toolbar] "C:\Program Files\Internet Explorer\iexplore.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: المؤذن.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: M5zn Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: M5zn Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: &لوحة مفاتيح ظاهرية - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -(file missing)يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: فحص عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetlogUpdaterService - Unknown owner - C:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 10790 bytesتأييد 0
hanoda66
زيزوومى مميز
غير متصلاختي انا اسف ولكنني لم اغلق الماسينجر في التقرير السابق
وهذا تقرير جديد بعد اغلاقه
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:43:12 م, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lock My PC 4\lockpc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWorx\networx.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Documents and Settings\hanoda\My Documents\Downloads\Compressed\Zyzoom.org_Tool_V_1.0.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\DOCUME~1\hanoda\LOCALS~1\Temp\zyaoom Tool\Hijack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Netlog Toolbar] "C:\Program Files\Internet Explorer\iexplore.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: المؤذن.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: M5zn Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: M5zn Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: &لوحة مفاتيح ظاهرية - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -(file missing)يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: فحص عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetlogUpdaterService - Unknown owner - C:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 10218 bytesتأييد 0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصلاوووكي عرفت مشكلتك اخويا
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
توقيع : Technology G!rl
تأييد 0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصلشرح تعطيل الكاسبر
طريقة تعطيل الكاسبر :: Pause Protection :: والتفعيل
الشرح مقدم منيجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
توقيع : Technology G!rl
تأييد 0
hanoda66
زيزوومى مميز
غير متصلComboFix 10-01-04.01 - hanoda 01/10/2010 1:13.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.3326.2870 [GMT 3:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: ComboFix
AV: برنامج Kaspersky لأمان الإنترنت *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: برنامج Kaspersky لأمان الإنترنت *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
f:\everyt~1\برامج\AFTERF~1\منوعات\ثقافةع~1.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-09 to 2010-01-09 )))))))))))))))))))))))))))))))
.
2010-01-08 17:42 . 2008-04-13 21:16 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-01-08 17:42 . 2008-04-13 21:16 37888 ----a-w- c:\windows\system32\dllcache\bthmodem.sys
2010-01-06 19:23 . 2010-01-09 21:45 1769 ----a-w- C:\Kasper-Sky.exe
2010-01-05 15:07 . 2010-01-05 15:07 -------- d-----w- c:\windows\قبل الندم والحسرات 2
2010-01-05 15:07 . 2010-01-05 15:07 -------- d-----w- c:\program files\قبل الندم والحسرات 2
2010-01-05 15:06 . 2010-01-05 15:06 -------- d-----w- c:\program files\AskSBar
2010-01-05 15:06 . 2010-01-05 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2010-01-05 13:17 . 2010-01-05 13:17 101376 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\RadioWMPCore.dll
2010-01-05 13:17 . 2009-12-23 16:40 52224 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\FFExternalAlert.dll
2010-01-05 13:09 . 2010-01-05 13:09 -------- d-----w- c:\windows\يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
2010-01-05 13:09 . 2010-01-05 13:09 -------- d-----w- c:\program files\يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\documents and settings\hanoda\Application Data\TeamViewer
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\program files\TeamViewer
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\documents and settings\hanoda\temp
2010-01-05 11:01 . 2010-01-05 11:01 -------- d-----w- C:\FOUND.004
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\documents and settings\hanoda\Application Data\Malwarebytes
2010-01-03 19:24 . 2008-10-22 13:10 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 19:24 . 2008-10-22 13:10 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-03 01:51 . 2010-01-03 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MessengerDiscovery 2
2010-01-03 01:50 . 2010-01-03 01:50 -------- d-----w- c:\program files\Windows Live
2010-01-01 11:56 . 2010-01-01 11:56 -------- d-----w- c:\documents and settings\hanoda\Application Data\Creative
2009-12-30 13:02 . 2009-12-30 13:02 -------- d-----w- c:\program files\WinPcap
2009-12-27 11:04 . 2009-12-27 11:04 -------- d-----w- c:\program files\MSN Reaper
2009-12-25 00:41 . 2009-12-25 00:41 -------- d-----w- c:\documents and settings\hanoda\Application Data\MSNRecorderMax
2009-12-25 00:41 . 2009-12-25 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MSNRecorderMax
2009-12-25 00:40 . 2009-12-25 00:40 -------- d-----w- c:\program files\MSNRecorderMax
2009-12-24 20:11 . 2009-12-24 20:12 103424 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-12-24 20:11 . 2009-12-24 20:11 4716544 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-12-24 20:11 . 2009-12-24 20:11 344064 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-12-24 20:11 . 2009-10-20 10:33 545280 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-12-24 20:11 . 2009-10-20 10:33 153600 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-12-24 15:02 . 2009-12-24 15:02 47 ----a-w- c:\windows\system32\SynWGA.bat
2009-12-22 16:23 . 2009-12-22 16:23 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Identities
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\documents and settings\hanoda\vw
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\documents and settings\hanoda\VisualRoute
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\program files\VisualRoute Lite Edition
2009-12-22 14:01 . 2009-12-22 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-12-22 13:59 . 2009-12-22 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-22 13:59 . 2009-12-22 13:59 -------- d-----w- c:\program files\OpenAL
2009-12-22 13:59 . 2009-12-22 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-21 21:12 . 2009-12-21 21:12 -------- d-sh--w- c:\documents and settings\hanoda\IECompatCache
2009-12-21 21:11 . 2009-12-21 21:11 -------- d-sh--w- c:\documents and settings\hanoda\PrivacIE
2009-12-21 20:04 . 2009-12-21 20:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-21 20:04 . 2009-12-21 20:04 -------- d-sh--w- c:\documents and settings\hanoda\IETldCache
2009-12-21 15:58 . 2009-10-29 07:40 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 15:58 . 2009-10-29 07:40 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 15:58 . 2009-10-29 07:40 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-21 15:58 . 2009-10-29 07:40 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 15:58 . 2009-10-29 07:40 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-21 15:58 . 2009-10-29 07:40 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 15:58 . 2009-12-21 15:58 -------- d-----w- c:\windows\ie8updates
2009-12-21 15:58 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-21 15:56 . 2009-09-25 05:35 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 15:56 . 2009-09-25 05:35 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-12-21 12:47 . 2009-12-21 12:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Cooliris
2009-12-21 12:28 . 2007-10-12 12:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-12-21 12:27 . 2007-04-04 15:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-12-21 12:27 . 2007-03-12 13:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\windows\system32\xlive
2009-12-21 12:24 . 2009-12-21 12:24 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Mozilla
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\program files\NetWorx
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftPerfect
2009-12-21 11:41 . 2009-12-21 11:42 -------- d-----w- c:\documents and settings\hanoda\Application Data\Media Player Classic
2009-12-21 11:38 . 2009-12-21 11:38 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-12-21 11:36 . 2009-12-21 11:36 -------- d-----w- c:\documents and settings\hanoda\Application Data\WeatherWatcher
2009-12-21 11:35 . 2009-12-21 11:35 -------- d-----w- c:\program files\AskSearch
2009-12-21 11:35 . 2009-12-21 11:35 -------- d-----w- c:\program files\AskBarDis
2009-12-21 11:35 . 2004-05-26 23:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-12-21 11:29 . 2009-12-21 11:29 -------- d-----w- c:\program files\WinSnap
2009-12-21 10:06 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-21 09:58 . 2009-12-21 09:58 -------- d-----w- c:\windows\Sun
2009-12-21 09:40 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-21 09:27 . 2009-08-04 17:26 2146816 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-21 09:27 . 2009-08-04 17:26 2067584 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-21 09:27 . 2009-08-04 17:25 2025472 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-21 09:10 . 2009-12-21 09:10 -------- d--h--w- c:\windows\$hf_mig$
2009-12-18 13:33 . 2009-12-18 13:33 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\WMTools Downloaded Files
2009-12-18 10:46 . 2009-12-18 10:46 -------- d--h--w- c:\windows\PIF
2009-12-18 10:23 . 2009-12-18 10:23 -------- d-----w- c:\program files\Microsoft.NET
2009-12-18 10:21 . 2009-12-18 10:21 -------- d-----w- c:\windows\SHELLNEW
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Microsoft Help
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----r- C:\MSOCache
2009-12-18 10:04 . 2009-12-18 10:04 402952 ----a-w- c:\documents and settings\hanoda\Application Data\Real\RealPlayer\setup\AU_setup11.exe
2009-12-17 23:54 . 2009-12-17 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\webcamXP5
2009-12-17 23:53 . 2009-12-17 23:53 -------- d-----w- c:\program files\wLite
2009-12-17 23:16 . 2009-12-17 23:16 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Adobe
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\PowerDVDCox
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\PowerDVDCinema
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Application Data\CyberLink
2009-12-17 20:25 . 2009-12-17 20:25 -------- d-----w- c:\documents and settings\hanoda\Application Data\Avant Profiles
2009-12-17 20:03 . 2009-12-17 20:03 -------- d-----w- c:\windows\Sev7nInspirat
2009-12-17 20:03 . 2009-12-17 20:03 155418 ----a-w- c:\windows\Uninstall.exe
2009-12-17 19:35 . 2009-12-17 19:35 -------- d-s---w- c:\documents and settings\hanoda\UserData
2009-12-17 19:28 . 2009-12-17 19:28 -------- d-----w- c:\windows\system32\windows media
2009-12-17 19:28 . 2009-12-17 19:28 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-17 19:28 . 2009-12-17 19:28 -------- d-----w- c:\program files\Windows Media Components
2009-12-17 19:20 . 2009-12-17 19:20 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-17 19:20 . 2009-12-17 19:20 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-17 19:20 . 2009-12-17 19:20 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-17 19:20 . 2009-12-17 19:20 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-17 19:20 . 2009-12-17 19:20 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-17 19:20 . 2009-12-17 19:20 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-17 19:20 . 2009-12-17 19:20 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-17 19:20 . 2009-12-17 19:20 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-17 19:20 . 2009-12-17 19:20 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-17 19:20 . 2009-12-17 19:20 59920 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-17 19:20 . 2009-12-17 19:20 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-17 19:11 . 2009-12-17 19:11 -------- d-----w- c:\documents and settings\hanoda\Application Data\Folder Guard
2009-12-17 18:57 . 2009-12-17 18:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-17 18:57 . 2009-12-17 18:57 -------- d-----w- c:\documents and settings\hanoda\Application Data\skypePM
2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-12-17 18:50 . 2009-12-17 21:14 888832 ----a-w- c:\documents and settings\All Users\Application Data\Send acid copy bin\mp3 glue.exe
2009-12-17 18:50 . 2009-12-17 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Send acid copy bin
2009-12-17 18:50 . 2009-12-17 18:50 888832 ----a-w- c:\documents and settings\hanoda\Application Data\gplfilemath\pmyqtugn.exe
2009-12-17 18:49 . 2009-12-17 18:49 -------- d-----w- c:\program files\gplfilemath
2009-12-17 18:49 . 2009-12-17 18:49 -------- d-----w- c:\documents and settings\hanoda\Application Data\gplfilemath
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\documents and settings\hanoda\Application Data\MessengerDiscovery 2
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\program files\Circl Developement
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\program files\Conduit
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Conduit
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\************
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 21:40 . 2010-01-01 20:37 4526 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-01-03 20:28 . 2010-01-03 20:28 -------- d-----w- c:\documents and settings\hanoda\Application Data\CyberScrub
2010-01-03 20:28 . 2010-01-03 20:28 -------- d-----w- c:\documents and settings\hanoda\Application Data\zyzcleaner
2009-12-17 21:42 . 2009-12-17 16:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-17 17:09 . 2008-04-15 08:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-17 17:04 . 2009-12-17 17:04 -------- d-----w- c:\documents and settings\hanoda\Application Data\COWON
2009-12-17 16:58 . 2004-04-05 07:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-17 16:51 . 2009-12-17 16:51 -------- d-----w- c:\program files\برنامج المؤذن
2009-12-17 16:51 . 2009-12-17 16:51 65536 ----a-w- c:\windows\system32\VDPersns.dat
2009-12-17 16:13 . 2009-12-17 16:13 -------- d-----w- c:\documents and settings\hanoda\Application Data\InstallShield
2009-12-17 16:12 . 2009-12-17 16:12 -------- d-----w- c:\program files\Realtek
2009-12-17 16:12 . 2009-12-17 16:12 319488 ----a-w- c:\windows\HideWin.exe
2009-12-17 16:01 . 2009-12-17 16:01 -------- d-----w- c:\program files\microsoft frontpage
2009-12-17 15:59 . 2009-12-17 15:58 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 05:24 . 2008-04-15 08:00 665600 ------w- c:\windows\system32\wininet.dll
2009-10-13 10:33 . 2008-04-15 08:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-15 08:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-15 08:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-03-09 03:25 . 2009-12-17 17:04 236 ---ha-w- c:\program files\Common Files\dx.reg
.
------- Sigcheck -------
[-] 2008-04-15 . 5320EA6507CFA8ABC92CAF91CD2FC8A5 . 974848 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-15 . 5320EA6507CFA8ABC92CAF91CD2FC8A5 . 974848 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2010-01-05 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2010-01-05 15:06 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Netlog Toolbar"="c:\program files\Internet Explorer\iexplore.exe" [2008-04-15 832512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBTUpd"="c:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RAMDrive"="c:\program files\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-22 36864]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2004-09-30 139264]
"FG_Monitor"="c:\program files\Folder Guard Pro\FGKey.exe" [2007-01-24 132680]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-17 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 148888]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-03-06 1188352]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\hanoda\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
ںéꛨë.lnk - c:\program files\ ©ëںê¤ ںéꛨë\ںéꛨë.EXE [2009-12-17 843776]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-17 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2008-06-13 18:39 45184 ----a-w- c:\windows\system32\fsp_lmwl.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Update]
2009-07-13 12:42 1337344 ----a-w- c:\program files\4shared Desktop\checkUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 08:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-02-28 07:40 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\copy bin slow 16]
2009-12-17 21:14 888832 ----a-w- c:\documents and settings\All Users\Application Data\Send acid copy bin\mp3 glue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-13 17:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 06:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-17 16:58 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 14:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"g:\\blood\\Instinct\\instinct.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/17 19:54];c:\program files\CyberLink\PowerDVD9\000.fcl [28/02/2009 07:40 م 87536]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [17/12/2009 08:05 م 48768]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [17/12/2009 07:10 م 68136]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [17/12/2009 07:50 م 72478]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [17/12/2009 07:38 م 10096]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [17/12/2009 07:28 م 173632]
S2 NetlogUpdaterService;NetlogUpdaterService;"c:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe" --> c:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 11:22 م 34064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googel.com/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: الدليل السريع - c:\windows\ww80.html
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{46012075-ED62-464b-9554-AD0BEC35D1EC} -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
IE: {{46012076-ED62-464b-9554-AD0BEC35D1EC}
FF - ProfilePath - c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1915410&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - startime Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
WebBrowser-{FD621E34-BFCE-41D3-BF58-43FF97746AD7} - (no file)
AddRemove-HijackThis - f:\every thing\برامج\after format\برامج حديثة جدا\برامج الحماية\ادواة لاصلاح الجهاز\HijackThis.exe
AddRemove-Netlog Toolbar - c:\program files\Netlog Toolbar\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
Rootkit scan 2010-01-10 01:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,61,bd,4a,80,d8,a8,3d,f9,14,8c,18,6d,5b,b5,6a,ba,05,ac,98,45,
0f,20,98,1d,7a,01,42,39,85,83,5f,48,40,0c,18,db,df,03,51,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{deb04de6-08c7-4915-a257-078b5d396dc3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000004
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\fsp_lmwl.dll
- - - - - - - > 'explorer.exe'(2700)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-10 01:22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-09 22:22
Pre-Run: 7,784,923,136 bytes free
Post-Run: 9,787,752,448 bytes free
- - End Of File - - 324C247F1B2113AB8C359034201DF69Dتأييد 0
hanoda66
زيزوومى مميز
غير متصلComboFix 10-01-04.01 - hanoda 01/10/2010 1:13.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.3326.2870 [GMT 3:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: ComboFix
AV: برنامج Kaspersky لأمان الإنترنت *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: برنامج Kaspersky لأمان الإنترنت *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
f:\everyt~1\برامج\AFTERF~1\منوعات\ثقافةع~1.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-09 to 2010-01-09 )))))))))))))))))))))))))))))))
.
2010-01-08 17:42 . 2008-04-13 21:16 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-01-08 17:42 . 2008-04-13 21:16 37888 ----a-w- c:\windows\system32\dllcache\bthmodem.sys
2010-01-06 19:23 . 2010-01-09 21:45 1769 ----a-w- C:\Kasper-Sky.exe
2010-01-05 15:07 . 2010-01-05 15:07 -------- d-----w- c:\windows\قبل الندم والحسرات 2
2010-01-05 15:07 . 2010-01-05 15:07 -------- d-----w- c:\program files\قبل الندم والحسرات 2
2010-01-05 15:06 . 2010-01-05 15:06 -------- d-----w- c:\program files\AskSBar
2010-01-05 15:06 . 2010-01-05 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2010-01-05 13:17 . 2010-01-05 13:17 101376 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\RadioWMPCore.dll
2010-01-05 13:17 . 2009-12-23 16:40 52224 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\FFExternalAlert.dll
2010-01-05 13:09 . 2010-01-05 13:09 -------- d-----w- c:\windows\يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
2010-01-05 13:09 . 2010-01-05 13:09 -------- d-----w- c:\program files\يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\documents and settings\hanoda\Application Data\TeamViewer
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\program files\TeamViewer
2010-01-05 12:31 . 2010-01-05 12:31 -------- d-----w- c:\documents and settings\hanoda\temp
2010-01-05 11:01 . 2010-01-05 11:01 -------- d-----w- C:\FOUND.004
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\documents and settings\hanoda\Application Data\Malwarebytes
2010-01-03 19:24 . 2008-10-22 13:10 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 19:24 . 2008-10-22 13:10 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 19:24 . 2010-01-03 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-03 01:51 . 2010-01-03 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MessengerDiscovery 2
2010-01-03 01:50 . 2010-01-03 01:50 -------- d-----w- c:\program files\Windows Live
2010-01-01 11:56 . 2010-01-01 11:56 -------- d-----w- c:\documents and settings\hanoda\Application Data\Creative
2009-12-30 13:02 . 2009-12-30 13:02 -------- d-----w- c:\program files\WinPcap
2009-12-27 11:04 . 2009-12-27 11:04 -------- d-----w- c:\program files\MSN Reaper
2009-12-25 00:41 . 2009-12-25 00:41 -------- d-----w- c:\documents and settings\hanoda\Application Data\MSNRecorderMax
2009-12-25 00:41 . 2009-12-25 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\MSNRecorderMax
2009-12-25 00:40 . 2009-12-25 00:40 -------- d-----w- c:\program files\MSNRecorderMax
2009-12-24 20:11 . 2009-12-24 20:12 103424 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-12-24 20:11 . 2009-12-24 20:11 4716544 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-12-24 20:11 . 2009-12-24 20:11 344064 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-12-24 20:11 . 2009-10-20 10:33 545280 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-12-24 20:11 . 2009-10-20 10:33 153600 ----a-w- c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-12-24 15:02 . 2009-12-24 15:02 47 ----a-w- c:\windows\system32\SynWGA.bat
2009-12-22 16:23 . 2009-12-22 16:23 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Identities
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\documents and settings\hanoda\vw
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\documents and settings\hanoda\VisualRoute
2009-12-22 14:56 . 2009-12-22 14:56 -------- d-----w- c:\program files\VisualRoute Lite Edition
2009-12-22 14:01 . 2009-12-22 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-12-22 13:59 . 2009-12-22 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-22 13:59 . 2009-12-22 13:59 -------- d-----w- c:\program files\OpenAL
2009-12-22 13:59 . 2009-12-22 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-21 21:12 . 2009-12-21 21:12 -------- d-sh--w- c:\documents and settings\hanoda\IECompatCache
2009-12-21 21:11 . 2009-12-21 21:11 -------- d-sh--w- c:\documents and settings\hanoda\PrivacIE
2009-12-21 20:04 . 2009-12-21 20:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-21 20:04 . 2009-12-21 20:04 -------- d-sh--w- c:\documents and settings\hanoda\IETldCache
2009-12-21 15:58 . 2009-10-29 07:40 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 15:58 . 2009-10-29 07:40 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 15:58 . 2009-10-29 07:40 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-21 15:58 . 2009-10-29 07:40 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 15:58 . 2009-10-29 07:40 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-21 15:58 . 2009-10-29 07:40 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 15:58 . 2009-12-21 15:58 -------- d-----w- c:\windows\ie8updates
2009-12-21 15:58 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-21 15:56 . 2009-09-25 05:35 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 15:56 . 2009-09-25 05:35 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-12-21 12:47 . 2009-12-21 12:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Cooliris
2009-12-21 12:28 . 2007-10-12 12:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-12-21 12:27 . 2007-04-04 15:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-12-21 12:27 . 2007-03-12 13:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-12-21 12:27 . 2009-12-21 12:27 -------- d-----w- c:\windows\system32\xlive
2009-12-21 12:24 . 2009-12-21 12:24 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Mozilla
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\program files\NetWorx
2009-12-21 12:22 . 2009-12-21 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftPerfect
2009-12-21 11:41 . 2009-12-21 11:42 -------- d-----w- c:\documents and settings\hanoda\Application Data\Media Player Classic
2009-12-21 11:38 . 2009-12-21 11:38 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-12-21 11:36 . 2009-12-21 11:36 -------- d-----w- c:\documents and settings\hanoda\Application Data\WeatherWatcher
2009-12-21 11:35 . 2009-12-21 11:35 -------- d-----w- c:\program files\AskSearch
2009-12-21 11:35 . 2009-12-21 11:35 -------- d-----w- c:\program files\AskBarDis
2009-12-21 11:35 . 2004-05-26 23:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-12-21 11:29 . 2009-12-21 11:29 -------- d-----w- c:\program files\WinSnap
2009-12-21 10:06 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-21 09:58 . 2009-12-21 09:58 -------- d-----w- c:\windows\Sun
2009-12-21 09:40 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-21 09:27 . 2009-08-04 17:26 2146816 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-21 09:27 . 2009-08-04 17:26 2067584 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-21 09:27 . 2009-08-04 17:25 2025472 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-21 09:10 . 2009-12-21 09:10 -------- d--h--w- c:\windows\$hf_mig$
2009-12-18 13:33 . 2009-12-18 13:33 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\WMTools Downloaded Files
2009-12-18 10:46 . 2009-12-18 10:46 -------- d--h--w- c:\windows\PIF
2009-12-18 10:23 . 2009-12-18 10:23 -------- d-----w- c:\program files\Microsoft.NET
2009-12-18 10:21 . 2009-12-18 10:21 -------- d-----w- c:\windows\SHELLNEW
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Microsoft Help
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-18 10:20 . 2009-12-18 10:20 -------- d-----r- C:\MSOCache
2009-12-18 10:04 . 2009-12-18 10:04 402952 ----a-w- c:\documents and settings\hanoda\Application Data\Real\RealPlayer\setup\AU_setup11.exe
2009-12-17 23:54 . 2009-12-17 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\webcamXP5
2009-12-17 23:53 . 2009-12-17 23:53 -------- d-----w- c:\program files\wLite
2009-12-17 23:16 . 2009-12-17 23:16 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Adobe
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\PowerDVDCox
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\PowerDVDCinema
2009-12-17 21:59 . 2009-12-17 21:59 -------- d-----w- c:\documents and settings\hanoda\Application Data\CyberLink
2009-12-17 20:25 . 2009-12-17 20:25 -------- d-----w- c:\documents and settings\hanoda\Application Data\Avant Profiles
2009-12-17 20:03 . 2009-12-17 20:03 -------- d-----w- c:\windows\Sev7nInspirat
2009-12-17 20:03 . 2009-12-17 20:03 155418 ----a-w- c:\windows\Uninstall.exe
2009-12-17 19:35 . 2009-12-17 19:35 -------- d-s---w- c:\documents and settings\hanoda\UserData
2009-12-17 19:28 . 2009-12-17 19:28 -------- d-----w- c:\windows\system32\windows media
2009-12-17 19:28 . 2009-12-17 19:28 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-17 19:28 . 2009-12-17 19:28 -------- d-----w- c:\program files\Windows Media Components
2009-12-17 19:20 . 2009-12-17 19:20 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-17 19:20 . 2009-12-17 19:20 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-17 19:20 . 2009-12-17 19:20 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-17 19:20 . 2009-12-17 19:20 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-17 19:20 . 2009-12-17 19:20 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-17 19:20 . 2009-12-17 19:20 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-17 19:20 . 2009-12-17 19:20 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-17 19:20 . 2009-12-17 19:20 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-17 19:20 . 2009-12-17 19:20 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-12-17 19:20 . 2009-12-17 19:20 59920 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-12-17 19:20 . 2009-12-17 19:20 264720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-12-17 19:11 . 2009-12-17 19:11 -------- d-----w- c:\documents and settings\hanoda\Application Data\Folder Guard
2009-12-17 18:57 . 2009-12-17 18:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-17 18:57 . 2009-12-17 18:57 -------- d-----w- c:\documents and settings\hanoda\Application Data\skypePM
2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-12-17 18:50 . 2009-12-17 21:14 888832 ----a-w- c:\documents and settings\All Users\Application Data\Send acid copy bin\mp3 glue.exe
2009-12-17 18:50 . 2009-12-17 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Send acid copy bin
2009-12-17 18:50 . 2009-12-17 18:50 888832 ----a-w- c:\documents and settings\hanoda\Application Data\gplfilemath\pmyqtugn.exe
2009-12-17 18:49 . 2009-12-17 18:49 -------- d-----w- c:\program files\gplfilemath
2009-12-17 18:49 . 2009-12-17 18:49 -------- d-----w- c:\documents and settings\hanoda\Application Data\gplfilemath
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\documents and settings\hanoda\Application Data\MessengerDiscovery 2
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\program files\Circl Developement
2009-12-17 18:48 . 2009-12-17 18:48 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\program files\Conduit
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\Conduit
2009-12-17 18:47 . 2009-12-17 18:47 -------- d-----w- c:\documents and settings\hanoda\Local Settings\Application Data\************
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 21:40 . 2010-01-01 20:37 4526 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-01-03 20:28 . 2010-01-03 20:28 -------- d-----w- c:\documents and settings\hanoda\Application Data\CyberScrub
2010-01-03 20:28 . 2010-01-03 20:28 -------- d-----w- c:\documents and settings\hanoda\Application Data\zyzcleaner
2009-12-17 21:42 . 2009-12-17 16:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-17 17:09 . 2008-04-15 08:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-17 17:04 . 2009-12-17 17:04 -------- d-----w- c:\documents and settings\hanoda\Application Data\COWON
2009-12-17 16:58 . 2004-04-05 07:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-17 16:51 . 2009-12-17 16:51 -------- d-----w- c:\program files\برنامج المؤذن
2009-12-17 16:51 . 2009-12-17 16:51 65536 ----a-w- c:\windows\system32\VDPersns.dat
2009-12-17 16:13 . 2009-12-17 16:13 -------- d-----w- c:\documents and settings\hanoda\Application Data\InstallShield
2009-12-17 16:12 . 2009-12-17 16:12 -------- d-----w- c:\program files\Realtek
2009-12-17 16:12 . 2009-12-17 16:12 319488 ----a-w- c:\windows\HideWin.exe
2009-12-17 16:01 . 2009-12-17 16:01 -------- d-----w- c:\program files\microsoft frontpage
2009-12-17 15:59 . 2009-12-17 15:58 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 05:24 . 2008-04-15 08:00 665600 ------w- c:\windows\system32\wininet.dll
2009-10-13 10:33 . 2008-04-15 08:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-15 08:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-15 08:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-03-09 03:25 . 2009-12-17 17:04 236 ---ha-w- c:\program files\Common Files\dx.reg
.
------- Sigcheck -------
[-] 2008-04-15 . 5320EA6507CFA8ABC92CAF91CD2FC8A5 . 974848 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-15 . 5320EA6507CFA8ABC92CAF91CD2FC8A5 . 974848 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2010-01-05 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2010-01-05 15:06 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Netlog Toolbar"="c:\program files\Internet Explorer\iexplore.exe" [2008-04-15 832512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBTUpd"="c:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RAMDrive"="c:\program files\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-22 36864]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2004-09-30 139264]
"FG_Monitor"="c:\program files\Folder Guard Pro\FGKey.exe" [2007-01-24 132680]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-17 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 148888]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-03-06 1188352]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\hanoda\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
ںéꛨë.lnk - c:\program files\ ©ëںê¤ ںéꛨë\ںéꛨë.EXE [2009-12-17 843776]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-17 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
2008-06-13 18:39 45184 ----a-w- c:\windows\system32\fsp_lmwl.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Update]
2009-07-13 12:42 1337344 ----a-w- c:\program files\4shared Desktop\checkUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 08:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-02-28 07:40 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\copy bin slow 16]
2009-12-17 21:14 888832 ----a-w- c:\documents and settings\All Users\Application Data\Send acid copy bin\mp3 glue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-13 17:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 06:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-17 16:58 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 14:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"g:\\blood\\Instinct\\instinct.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/17 19:54];c:\program files\CyberLink\PowerDVD9\000.fcl [28/02/2009 07:40 م 87536]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [17/12/2009 08:05 م 48768]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [17/12/2009 07:10 م 68136]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [17/12/2009 07:50 م 72478]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 LMPC4;LMPC4;c:\windows\system32\drivers\lmpc4.sys [17/12/2009 07:38 م 10096]
R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [17/12/2009 07:28 م 173632]
S2 NetlogUpdaterService;NetlogUpdaterService;"c:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe" --> c:\\Program Files\\Netlog Toolbar\\NetlogToolbarUpdaterService.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 11:22 م 34064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googel.com/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: الدليل السريع - c:\windows\ww80.html
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{46012075-ED62-464b-9554-AD0BEC35D1EC} -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
IE: {{46012076-ED62-464b-9554-AD0BEC35D1EC}
FF - ProfilePath - c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1915410&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - startime Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\{a1fd8659-2d9d-4126-b5e1-d45911bedb31}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\hanoda\Application Data\Mozilla\Firefox\Profiles\qhzjhoup.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
WebBrowser-{FD621E34-BFCE-41D3-BF58-43FF97746AD7} - (no file)
AddRemove-HijackThis - f:\every thing\برامج\after format\برامج حديثة جدا\برامج الحماية\ادواة لاصلاح الجهاز\HijackThis.exe
AddRemove-Netlog Toolbar - c:\program files\Netlog Toolbar\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
Rootkit scan 2010-01-10 01:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,61,bd,4a,80,d8,a8,3d,f9,14,8c,18,6d,5b,b5,6a,ba,05,ac,98,45,
0f,20,98,1d,7a,01,42,39,85,83,5f,48,40,0c,18,db,df,03,51,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{deb04de6-08c7-4915-a257-078b5d396dc3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000004
"Therad"=dword:00000014
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\fsp_lmwl.dll
- - - - - - - > 'explorer.exe'(2700)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-10 01:22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-09 22:22
Pre-Run: 7,784,923,136 bytes free
Post-Run: 9,787,752,448 bytes free
- - End Of File - - 324C247F1B2113AB8C359034201DF69Dتأييد 0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصلسويت كامل الخطوات ؟توقيع : Technology G!rl
تأييد 0
Technology G!rl
زيزوومى محترف
- إنضم
- 10 أغسطس 2009
- المشاركات
- 5,568
- مستوى التفاعل
- 43
- النقاط
- 830
غير متصلههههههه بس التقرير ناقص !توقيع : Technology G!rl
تأييد 0
