sss-911
زيزوومي جديد
غير متصل
بسم الله الرحمن الرحيم
السلام عليكم ورحمة الله وبركاته
ااااااااااااااااااااااه جهااااااااااااازي بدا ينازع ويخبط ومادري ايش وحالته صعبة :cr::cr::cr::cr:
اولا البداية مع مقاطع الفيديو صار يطلعلي الملف غير قابل للقراءة او معطوب ومادري ايش 
المشكلة انه قبل فترة بسيطة المقاطع كانت شغالة زي الحلاوة:er::no::er::no::er::no:
المشكلة انه قبل فترة بسيطة المقاطع كانت شغالة زي الحلاوة:er::no::er::no::er::no:
قلت افرمت لعل وعسى ولكن المشكلة اني لما ابدا ارسل الملفات الى الفلاش كل مايجي عند بعض مقاطع الفيديو يقولي الملف معطوب لا يمكن الارسال ويوقف الارسال يعني ماقدر انسخ ملفاتي وافرمت الجهاز :er::er::er::er::er:
ثانيا كاسبر ما شاء الله عليه قام يبزوط وصار مايحدث ويقولي التحديث فاشل :?::?::?::?:
{تم حل مشكلة كاسبرk:k::d::d::hh::hh: }
{تم حل مشكلة كاسبر
k:k::d::d::hh::hh: }ثالثا كل فترة وفترة يطلعلي رسالة تنبيه تحت تقولي الحاجة الفلانية معطوبة رجاءا شغل chkdsk utility :no::no::no::no:
وقلت اختصارا للوقت حملت الكومبو فوكس والهايجاك وسوتها وراح انسخ لكم الملخص لكن المشلكة اثناء بداية تشغيل الكومبو طلعتلي رسايل خطا بالهبل المشكلة انها لما اعطيه موافق تطلعلي نفس الرسالة تقريبا من 5 الى 6 مرات لنفس المشكلة راح انزل لكم الصور وبعدها التقارير :no::f::no::f:
تمام واللحين هذي التقارير الاول للكومبو
ComboFix 08-07-05.1 - abc 07/06/2008 13:59:07.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1256.1.1033.18.225 [GMT 2:00]
Running from: C:\Documents and Settings\abc\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\abc\Favorites\Online Security Test.url
C:\Documents and Settings\abc\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINTEMP\regedit.com
C:\WINTEMP\svchost.ini
C:\WINTEMP\system32\com\lsass.exe
C:\WINTEMP\system32\com\netcfg.000
C:\WINTEMP\system32\com\netcfg.dll
C:\WINTEMP\system32\com\smss.exe
C:\WINTEMP\system32\dnsq.dll
C:\WINTEMP\system32\drivers\ETNADiag.exe
C:\WINTEMP\system32\LCWizard.dll
C:\WINTEMP\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
Microsoft Windows XP Home Edition 5.1.2600.2.1256.1.1033.18.225 [GMT 2:00]
Running from: C:\Documents and Settings\abc\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\abc\Favorites\Online Security Test.url
C:\Documents and Settings\abc\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINTEMP\regedit.com
C:\WINTEMP\svchost.ini
C:\WINTEMP\system32\com\lsass.exe
C:\WINTEMP\system32\com\netcfg.000
C:\WINTEMP\system32\com\netcfg.dll
C:\WINTEMP\system32\com\smss.exe
C:\WINTEMP\system32\dnsq.dll
C:\WINTEMP\system32\drivers\ETNADiag.exe
C:\WINTEMP\system32\LCWizard.dll
C:\WINTEMP\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 12:04 540,672 --sha-w C:\WINTEMP\system32\drivers\fidbox.dat
2008-07-06 12:04 32 --sha-w C:\WINTEMP\system32\drivers\fidbox2.idx
2008-07-06 12:04 32 --sha-w C:\WINTEMP\system32\drivers\fidbox2.dat
2008-07-06 12:04 32 --sha-w C:\WINTEMP\system32\drivers\fidbox.idx
2008-07-06 11:46 --------- d-----w C:\Documents and Settings\All Users.WINTEMP\Application Data\AnyCapture
2008-07-06 11:45 --------- d-----w C:\Program Files\Any Capture Screen
2008-07-06 10:23 --------- d-----w C:\Program Files\Enigma Software Group
2008-07-05 22:12 --------- d-----w C:\Program Files\All Media Fixer
2008-07-05 22:02 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-04 20:22 348,160 ----a-w C:\WINTEMP\system32\msvcr71.dll
2008-07-03 17:52 --------- d-----w C:\Documents and Settings\All Users.WINTEMP\Application Data\McAfee
2008-06-30 21:11 --------- d-----w C:\Program Files\Dell
2008-06-28 23:34 --------- d-----w C:\Documents and Settings\abc\Application Data\TigerPlayer
2008-06-28 14:50 --------- d-----w C:\Program Files\Java
2008-06-28 14:49 --------- d-----w C:\Program Files\Common Files\Java
2008-06-19 14:55 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-14 20:42 --------- d-----w C:\Documents and Settings\abc\Application Data\zzMicroWorld_Anti_Virus
2008-06-14 19:45 --------- d--h--w C:\Documents and Settings\All Users.WINTEMP\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-06-14 19:44 --------- d-----w C:\Program Files\Stardock
2008-06-13 13:10 272,128 ----a-w C:\WINTEMP\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINTEMP\system32\dllcache\bthport.sys
2008-05-30 15:26 112,144 ----a-w C:\WINTEMP\system32\drivers\kl1.sys
2008-05-30 15:25 96,966 ----a-w C:\WINTEMP\system32\drivers\klin.dat
2008-05-30 15:25 88,774 ----a-w C:\WINTEMP\system32\drivers\klick.dat
2008-05-24 17:52 --------- d-----w C:\Program Files\Funk Software
2008-05-23 17:24 --------- d-----w C:\Documents and Settings\abc\Application Data\Sierra Wireless
2008-05-17 19:45 --------- d-----w C:\Program Files\WinAVI Video Converter
2008-05-08 20:28 354,560 ----a-w C:\WINTEMP\system32\TuneUpDefragService.exe
2008-05-08 12:28 202,752 ----a-w C:\WINTEMP\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ------w C:\WINTEMP\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINTEMP\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINTEMP\system32\dllcache\quartz.dll
2008-05-06 19:48 --------- d-----w C:\Program Files\Common Files\HP
2008-05-06 19:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-06 19:44 --------- d-----w C:\Program Files\HP
2008-05-06 11:01 --------- d-----w C:\Program Files\Google
2008-05-04 19:44 360,064 ----a-w C:\WINTEMP\system32\dllcache\TCPIP.SYS
2008-05-04 10:10 50,688 ----a-w C:\WINTEMP\system32\wbhelp2.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINTEMP\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINTEMP\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINTEMP\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINTEMP\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINTEMP\system32\dllcache\ieakui.dll
2008-04-18 17:11 39,424 --sh--r C:\WINTEMP\livemessenger.com
2008-04-17 15:27 32 ----a-w C:\Documents and Settings\All Users.WINTEMP\Application Data\ezsid.dat
2008-04-12 17:22 737,280 ----a-w C:\WINTEMP\iun6002.exe
2008-01-08 19:53 1,599,488 --sh--w C:\Documents and Settings\abc\DesktopAlt50l_cfdg.exe
.
------- Sigcheck -------
05/04/2008 09:44 PM 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINTEMP\system32\drivers\TCPIP.SYS
05/04/2008 09:44 PM 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINTEMP\system32\dllcache\TCPIP.SYS
04/20/2006 03:18 PM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINTEMP\$hf_mig$\KB917953\SP2QFE\tcpip.sys
10/30/2007 07:53 PM 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINTEMP\$hf_mig$\KB941644\SP2QFE\tcpip.sys
06/13/2007 01:23 PM 1881600 3602561a003bca1da12af0ddcc572269 C:\WINTEMP\explorer.exe
06/13/2007 01:23 PM 1881600 3602561a003bca1da12af0ddcc572269 C:\WINTEMP\system32\dllcache\explorer.exe
06/13/2007 02:26 PM 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINTEMP\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINTEMP\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 03:00 PM 158208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINTEMP\system32\CTFMON.EXE" [08/04/2004 12:00 PM 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [10/26/2006 07:48 PM 434528]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
07/22/2005 10:46 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^abc^Start Menu^Programs^Startup^Stardock Dock.lnk]
backup=C:\WINTEMP\pss\Stardock Dock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINTEMP^Start Menu^Programs^Startup^AccSys AutoStart.lnk]
backup=C:\WINTEMP\pss\AccSys AutoStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINTEMP^Start Menu^Programs^Startup^PalTalk.lnk]
backup=C:\WINTEMP\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINTEMP^Start Menu^Programs^Startup^WLAN Quick Starter.lnk]
backup=C:\WINTEMP\pss\WLAN Quick Starter.lnkCommon Startup
=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyCaptureScreen]
[X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeFi
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wlconfig
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
--a------ 09/06/2007 09:25 PM 1003520 C:\Program Files\Athan\Athan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 06/28/2007 12:51 PM 218376 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 11/01/2006 12:48 PM 1392640 C:\WINTEMP\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:00 PM 15360 C:\WINTEMP\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 05/14/2008 02:10 PM 4376328 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 02/14/2008 04:46 AM 2577840 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 09/15/2006 04:50 PM 77824 C:\WINTEMP\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 09/15/2006 04:54 PM 118784 C:\WINTEMP\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 09/15/2006 04:53 PM 94208 C:\WINTEMP\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 03/09/2007 06:53 PM 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a------ 05/25/2008 05:56 PM 13268784 C:\Program Files\ooVoo\ooVoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 05/10/2007 10:22 AM 405504 C:\Program Files\SigmaTel\C-Major Audio\wdm\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 01/23/2008 02:47 PM 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/25/2008 04:28 AM 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 07/04/2008 10:21 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
--a------ 02/12/2008 04:34 PM 456024 C:\Program Files\WebcamMax\wcmmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20029:TCP"= 20029:TCP:BitComet 20029 TCP
"20029:UDP"= 20029:UDP:BitComet 20029 UDP
"49155:TCP"= 49155:TCP:BitComet 49155 TCP
"49155:UDP"= 49155:UDP:BitComet 49155 UDP
"49371:TCP"= 49371:TCP:BitComet 49371 TCP
"49371:UDP"= 49371:UDP:BitComet 49371 UDP
"443:TCP"= 443:TCP:*isabledoVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*isabledoVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*isabledoVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*isabledoVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*isabledoVoo UDP المنفذ 37675
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINTEMP\system32\DRIVERS\CamthWDM.sys [02/09/2008 06:58 AM]
R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [11/19/2004 05:07 PM]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINTEMP\System32\svchost.exe [08/04/2004 12:00 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINTEMP\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINTEMP\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM]
S3 avmeject;AVM Eject;C:\WINTEMP\system32\drivers\avmeject.sys [12/28/2006 01:02 AM]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINTEMP\system32\CBTNDIS5.SYS [07/16/2003 10:28 PM]
S3 EraserUtilDrv10621;EraserUtilDrv10621;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys []
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINTEMP\system32\DRIVERS\fwlanusb.sys [12/28/2006 01:02 AM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINTEMP\System32\TuneUpDefragService.exe [05/08/2008 10:28 PM]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINTEMP\system32\DRIVERS\usbprint.sys [08/03/2004 11:01 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - ORPHANS REMOVED - - - -
Notify-WBSrv - (no file)
MSConfigStartUp-DLD - C:\Program Files\Download Direct\DLD.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
MSConfigStartUp-Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 12:04 540,672 --sha-w C:\WINTEMP\system32\drivers\fidbox.dat
2008-07-06 12:04 32 --sha-w C:\WINTEMP\system32\drivers\fidbox2.idx
2008-07-06 12:04 32 --sha-w C:\WINTEMP\system32\drivers\fidbox2.dat
2008-07-06 12:04 32 --sha-w C:\WINTEMP\system32\drivers\fidbox.idx
2008-07-06 11:46 --------- d-----w C:\Documents and Settings\All Users.WINTEMP\Application Data\AnyCapture
2008-07-06 11:45 --------- d-----w C:\Program Files\Any Capture Screen
2008-07-06 10:23 --------- d-----w C:\Program Files\Enigma Software Group
2008-07-05 22:12 --------- d-----w C:\Program Files\All Media Fixer
2008-07-05 22:02 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-04 20:22 348,160 ----a-w C:\WINTEMP\system32\msvcr71.dll
2008-07-03 17:52 --------- d-----w C:\Documents and Settings\All Users.WINTEMP\Application Data\McAfee
2008-06-30 21:11 --------- d-----w C:\Program Files\Dell
2008-06-28 23:34 --------- d-----w C:\Documents and Settings\abc\Application Data\TigerPlayer
2008-06-28 14:50 --------- d-----w C:\Program Files\Java
2008-06-28 14:49 --------- d-----w C:\Program Files\Common Files\Java
2008-06-19 14:55 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-14 20:42 --------- d-----w C:\Documents and Settings\abc\Application Data\zzMicroWorld_Anti_Virus
2008-06-14 19:45 --------- d--h--w C:\Documents and Settings\All Users.WINTEMP\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-06-14 19:44 --------- d-----w C:\Program Files\Stardock
2008-06-13 13:10 272,128 ----a-w C:\WINTEMP\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINTEMP\system32\dllcache\bthport.sys
2008-05-30 15:26 112,144 ----a-w C:\WINTEMP\system32\drivers\kl1.sys
2008-05-30 15:25 96,966 ----a-w C:\WINTEMP\system32\drivers\klin.dat
2008-05-30 15:25 88,774 ----a-w C:\WINTEMP\system32\drivers\klick.dat
2008-05-24 17:52 --------- d-----w C:\Program Files\Funk Software
2008-05-23 17:24 --------- d-----w C:\Documents and Settings\abc\Application Data\Sierra Wireless
2008-05-17 19:45 --------- d-----w C:\Program Files\WinAVI Video Converter
2008-05-08 20:28 354,560 ----a-w C:\WINTEMP\system32\TuneUpDefragService.exe
2008-05-08 12:28 202,752 ----a-w C:\WINTEMP\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ------w C:\WINTEMP\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINTEMP\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINTEMP\system32\dllcache\quartz.dll
2008-05-06 19:48 --------- d-----w C:\Program Files\Common Files\HP
2008-05-06 19:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-06 19:44 --------- d-----w C:\Program Files\HP
2008-05-06 11:01 --------- d-----w C:\Program Files\Google
2008-05-04 19:44 360,064 ----a-w C:\WINTEMP\system32\dllcache\TCPIP.SYS
2008-05-04 10:10 50,688 ----a-w C:\WINTEMP\system32\wbhelp2.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINTEMP\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINTEMP\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINTEMP\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINTEMP\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINTEMP\system32\dllcache\ieakui.dll
2008-04-18 17:11 39,424 --sh--r C:\WINTEMP\livemessenger.com
2008-04-17 15:27 32 ----a-w C:\Documents and Settings\All Users.WINTEMP\Application Data\ezsid.dat
2008-04-12 17:22 737,280 ----a-w C:\WINTEMP\iun6002.exe
2008-01-08 19:53 1,599,488 --sh--w C:\Documents and Settings\abc\DesktopAlt50l_cfdg.exe
.
------- Sigcheck -------
05/04/2008 09:44 PM 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINTEMP\system32\drivers\TCPIP.SYS
05/04/2008 09:44 PM 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINTEMP\system32\dllcache\TCPIP.SYS
04/20/2006 03:18 PM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINTEMP\$hf_mig$\KB917953\SP2QFE\tcpip.sys
10/30/2007 07:53 PM 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINTEMP\$hf_mig$\KB941644\SP2QFE\tcpip.sys
06/13/2007 01:23 PM 1881600 3602561a003bca1da12af0ddcc572269 C:\WINTEMP\explorer.exe
06/13/2007 01:23 PM 1881600 3602561a003bca1da12af0ddcc572269 C:\WINTEMP\system32\dllcache\explorer.exe
06/13/2007 02:26 PM 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINTEMP\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINTEMP\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 03:00 PM 158208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINTEMP\system32\CTFMON.EXE" [08/04/2004 12:00 PM 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [10/26/2006 07:48 PM 434528]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
07/22/2005 10:46 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^abc^Start Menu^Programs^Startup^Stardock Dock.lnk]
backup=C:\WINTEMP\pss\Stardock Dock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINTEMP^Start Menu^Programs^Startup^AccSys AutoStart.lnk]
backup=C:\WINTEMP\pss\AccSys AutoStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINTEMP^Start Menu^Programs^Startup^PalTalk.lnk]
backup=C:\WINTEMP\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINTEMP^Start Menu^Programs^Startup^WLAN Quick Starter.lnk]
backup=C:\WINTEMP\pss\WLAN Quick Starter.lnkCommon Startup
=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyCaptureScreen]
[X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeFi
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wlconfig
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
--a------ 09/06/2007 09:25 PM 1003520 C:\Program Files\Athan\Athan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 06/28/2007 12:51 PM 218376 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 11/01/2006 12:48 PM 1392640 C:\WINTEMP\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:00 PM 15360 C:\WINTEMP\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 05/14/2008 02:10 PM 4376328 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 02/14/2008 04:46 AM 2577840 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 09/15/2006 04:50 PM 77824 C:\WINTEMP\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 09/15/2006 04:54 PM 118784 C:\WINTEMP\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 09/15/2006 04:53 PM 94208 C:\WINTEMP\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 03/09/2007 06:53 PM 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a------ 05/25/2008 05:56 PM 13268784 C:\Program Files\ooVoo\ooVoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 05/10/2007 10:22 AM 405504 C:\Program Files\SigmaTel\C-Major Audio\wdm\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 01/23/2008 02:47 PM 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/25/2008 04:28 AM 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 07/04/2008 10:21 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
--a------ 02/12/2008 04:34 PM 456024 C:\Program Files\WebcamMax\wcmmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20029:TCP"= 20029:TCP:BitComet 20029 TCP
"20029:UDP"= 20029:UDP:BitComet 20029 UDP
"49155:TCP"= 49155:TCP:BitComet 49155 TCP
"49155:UDP"= 49155:UDP:BitComet 49155 UDP
"49371:TCP"= 49371:TCP:BitComet 49371 TCP
"49371:UDP"= 49371:UDP:BitComet 49371 UDP
"443:TCP"= 443:TCP:*
isabledoVoo TCP المنفذ 443"443:UDP"= 443:UDP:*
isabledoVoo UDP المنفذ 443"37674:TCP"= 37674:TCP:*
isabledoVoo TCP المنفذ 37674"37674:UDP"= 37674:UDP:*
isabledoVoo UDP المنفذ 37674"37675:UDP"= 37675:UDP:*
isabledoVoo UDP المنفذ 37675R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINTEMP\system32\DRIVERS\CamthWDM.sys [02/09/2008 06:58 AM]
R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [11/19/2004 05:07 PM]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINTEMP\System32\svchost.exe [08/04/2004 12:00 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINTEMP\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINTEMP\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM]
S3 avmeject;AVM Eject;C:\WINTEMP\system32\drivers\avmeject.sys [12/28/2006 01:02 AM]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINTEMP\system32\CBTNDIS5.SYS [07/16/2003 10:28 PM]
S3 EraserUtilDrv10621;EraserUtilDrv10621;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys []
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINTEMP\system32\DRIVERS\fwlanusb.sys [12/28/2006 01:02 AM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINTEMP\System32\TuneUpDefragService.exe [05/08/2008 10:28 PM]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINTEMP\system32\DRIVERS\usbprint.sys [08/03/2004 11:01 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - ORPHANS REMOVED - - - -
Notify-WBSrv - (no file)
MSConfigStartUp-DLD - C:\Program Files\Download Direct\DLD.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
MSConfigStartUp-Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-07-06 14:08:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\WLKEEPER.EXE
C:\WINTEMP\SYSTEM32\WLTRYSVC.EXE
C:\WINTEMP\SYSTEM32\BCMWLTRY.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\ZCFGSVC.EXE
.
**************************************************************************
.
Completion time: 07/06/2008 14:14:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 12:13:56
Pre-Run: 859,521,024 bytes free
Post-Run: 781,549,568 bytes free
253 --- E O F --- 2008-06-23 13:53:32
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-07-06 14:08:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\WLKEEPER.EXE
C:\WINTEMP\SYSTEM32\WLTRYSVC.EXE
C:\WINTEMP\SYSTEM32\BCMWLTRY.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\ZCFGSVC.EXE
.
**************************************************************************
.
Completion time: 07/06/2008 14:14:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 12:13:56
Pre-Run: 859,521,024 bytes free
Post-Run: 781,549,568 bytes free
253 --- E O F --- 2008-06-23 13:53:32
الثاني تقرير الهايجاك
Logfile of HijackThis v1.99.1
Scan saved at 02:24:55 م, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINTEMP\System32\smss.exe
C:\WINTEMP\system32\winlogon.exe
C:\WINTEMP\system32\services.exe
C:\WINTEMP\system32\lsass.exe
C:\WINTEMP\system32\svchost.exe
C:\WINTEMP\System32\svchost.exe
C:\WINTEMP\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINTEMP\System32\WLTRYSVC.EXE
C:\WINTEMP\System32\bcmwltry.exe
C:\WINTEMP\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINTEMP\System32\svchost.exe
C:\WINTEMP\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINTEMP\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINTEMP\explorer.exe
C:\WINTEMP\system32\notepad.exe
C:\WINTEMP\system32\wuauclt.exe
C:\Documents and Settings\abc\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.0.100.99:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINTEMP\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} -
O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINTEMP\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINTEMP\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINTEMP\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINTEMP\System32\TuneUpDefragService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINTEMP\System32\WLTRYSVC.EXE
:er::er::er::er::er::er::er::er::er::er:
فزعتكم تكفوووون
:q::q::q:اخوكم سلطان العتيبي:q::q::q:
Scan saved at 02:24:55 م, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINTEMP\System32\smss.exe
C:\WINTEMP\system32\winlogon.exe
C:\WINTEMP\system32\services.exe
C:\WINTEMP\system32\lsass.exe
C:\WINTEMP\system32\svchost.exe
C:\WINTEMP\System32\svchost.exe
C:\WINTEMP\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINTEMP\System32\WLTRYSVC.EXE
C:\WINTEMP\System32\bcmwltry.exe
C:\WINTEMP\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINTEMP\System32\svchost.exe
C:\WINTEMP\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINTEMP\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINTEMP\explorer.exe
C:\WINTEMP\system32\notepad.exe
C:\WINTEMP\system32\wuauclt.exe
C:\Documents and Settings\abc\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.0.100.99:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINTEMP\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINTEMP\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINTEMP\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINTEMP\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINTEMP\System32\TuneUpDefragService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINTEMP\System32\WLTRYSVC.EXE
:er::er::er::er::er::er::er::er::er::er:
فزعتكم تكفوووون
:q::q::q:اخوكم سلطان العتيبي:q::q::q:
