مشكلتين بجهازي والصور توضح ؟؟؟؟

خ

خالد الوصارة

زيزوومى محترف
إنضم
17 أبريل 2008
المشاركات
2,355
مستوى التفاعل
26
النقاط
730
الإقامة
ليبيا
غير متصل
بسم الله الرحمن الرحيم
وبه نستعين
السلام عليكم ورحمة الله وبركاته
عندي مشكلتين الاولى هي ...
اني حملت برنامج وياريتني ماحملته وحذفته ببرنامج Your Uninstaller! 2008 يقولون يحذف البرامج من جذورها :no:
والمشكلة ان البرنامج مازال موجود وكل ماافتح الجهاز تطلع لي الرسالة هذه

55bx8.gif


هذا البرنامج اريد ان امحو اثره من جهازي ولا اريد ان اراه :cr:

والمشكلة الثانية
هي حدثت معي اليوم فقط وهي عندما اعيد تشغيل الكمبيوتر تطلع لي هذه الرسالة بشكل متكرر وليس كما صورتها هكذا ان صورت آآخر صورة ليسهل تحميلها على النت وهي كالتالي ...

45331970fz9.gif


واعتقد اني ماقصرت في شرح المشكلتين :i:

وانتظر منكم الحل :er:

وبس
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
بالنسبه للمشكله الاولى جرب تحذفه بالطريقه الإعتياديه من اضافه وازاله البرامج

والثانيه

للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:11:23 م, on 12/08/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VerbAce\VerbAce.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Services\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Prayer Time\Libya\AlMaathen.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bc\Desktop\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server-ede:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VerbAce] C:\Program Files\VerbAce\VerbAce.exe -AutoRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [] C:\Program Files\Common Files\Services\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [LockPhix Console] "C:\Program Files\UIC Phoenxsoftware\LockPhix\LockPhix.exe" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Web Camera for S60.lnk = C:\Program Files\Mobiola Web Camera for S60\webcam.exe
O4 - Global Startup: AL Maathen.lnk = C:\Program Files\Prayer Time\Libya\AlMaathen.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{F44F483E-F188-417F-93EC-7F55DF70C316}: NameServer = 62.145.72.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10721 bytes
 
تأييد 0
خالد بالنسبه للمشكله الاولى
ابحث عنه في مجلد Program Files بتحصله احذفه
او روح للبحث وحط اسم البرنامج بيطلع معك اكيد​
 
تأييد 0
هاوي النت قال:
خالد بالنسبه للمشكله الاولى
ابحث عنه في مجلد Program Files بتحصله احذفه
او روح للبحث وحط اسم البرنامج بيطلع معك اكيد​
أنقر للتوسيع...

هلا بيك اخي سامي الان اكتب بالعافية يبدو في مشكلة في المتصفح ايضا
المهم عملت بحث وطلع معي هذا ..

40653474ll2.png

واي ملف احذفه ..
للعلم عندي مشكلة بالكتابة في المتصفح
 
تأييد 0
ادخل على كل ملف وبتحصل البرنامج اللي تقول عنه احذفه​
 
تأييد 0
حدد ثم احذف التالي

C:\Program Files\VerbAce\VerbAce.exe


C:\Program Files\Common Files\Services\svchost.exe


C:\Program Files\Prayer Time\Libya\AlMaathen.exe


O4 - HKLM\..\Run: [VerbAce] C:\Program Files\VerbAce\VerbAce.exe -AutoRun


O4 - HKLM\..\Run: [] C:\Program Files\Common Files\Services\svchost.exe


O4 - HKCU\..\Run: [LockPhix Console] "C:\Program Files\UIC Phoenxsoftware\LockPhix\LockPhix.exe" -m


O4 - Global Startup: AL Maathen.lnk = C:\Program Files\Prayer Time\Libya\AlMaathen.exe


طريقة الحذف

zyzoom-47abf39087.gif



zyzoom-dc3770ae68.gif



نزل هالاداة لتنظيف الجهاز


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



zyzoom-3c0e283670.gif


وتقرير جديد
 
توقيع : السّاجد لله
تأييد 0
حدثت معي مشكلة جديدة وهي اني كلما اسجل دخولي الى الموقع يرحب بي تمام ويرجعني الى الصفحة من جديد ويطلب مني ادخال اسم المستخدم من جديد .. حتى اني حاولت الدخول البارح كم مرة دون فائدة .
ومتصفح الفاير فوكس مايشتغل يعطيني كأنه مافي نت .
اطلب منكم المساعدة في طريقة دخولي الى الموقع وضعت الباسبورد والاسم تمام وينقلني الى صفحة وفيها السلام عليكم الترحيب العادي وبعدها يرجعني الى البداية ويطلب مني اسم المستخدم ..
حتى استطيع التواصل معكم وانتظر من الحل :er:

والان اتكلم من العمل والدوام بالعمل انتهى ولن استطيع الاكمال الا من البيت انتظر منكم الحل :er:

وسوف تجدوا دخولي كزائر وليس عضو
 
تأييد 0
أخوي:
فيه أداة حجمها 70كيلوبايت... جرّبها وشوف:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
تأييد 0
تأييد 0
وهذا اخر تقرير

PHP: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:14 ص, on 13/08/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RaUI.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\TechSmith\Camtasia Studio 5\TSCHelp.exe
C:\Program Files\TechSmith\Camtasia Studio 5\CamRecorder.exe
C:\Documents and Settings\bc\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = server-ede:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\bc\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\bc\Application Data\CyberScrub\Privacy Suite" 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Web Camera for S60.lnk = C:\Program Files\Mobiola Web Camera for S60\webcam.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar...ackToolbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F44F483E-F188-417F-93EC-7F55DF70C316}: NameServer = 62.145.72.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10687 bytes
 
تأييد 0
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد 0
السلام عليكم ورحمة الله وبركاته
سبب تأخري على الرد هو اني لم استطع الدخول الى المنتدى وكنت ادخل كزائر واتفرج من بعيد مكتوف الايدي &&
وذلك لسبب اعدادات التصفح والتي حليتها بعد عناء .

الان معك اخي فارس الملاك واعذرني على التأخير ..

تفضل هذا اول تقرير ..

PHP: 
ComboFix 08-08-12.01 - bc 08/13/2008 20:16:46.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1256.1.1033.18.380 [GMT 2:00]
Running from: C:\Documents and Settings\bc\Desktop\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
    /wow section - STAGE 45
pv: No matching processes found
‏‏يتعذر على العملية الوصول إلى الملف لأنه قيد الاستخدام من قبل عملية أخرى.
‏‏يتعذر على العملية الوصول إلى الملف لأنه قيد الاستخدام من قبل عملية أخرى.
The process cannot access the file because it is being used by another process.

    /wow section - STAGE 46
‏‏يتعذر على العملية الوصول إلى الملف لأنه قيد الاستخدام من قبل عملية أخرى.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\twain_16.dll

.
(((((((((((((((((((((((((   Files Created from 2008-07-13 to 2008-08-13  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 17:59    499,712    ----a-w    C:\WINDOWS\system32\msvcp71.dll
2008-08-12 17:59    ---------    d-----w    C:\Program Files\Common Files\xing shared
2008-08-12 17:59    ---------    d-----w    C:\Program Files\Common Files\Real
2008-08-12 12:55    ---------    d-----w    C:\Program Files\ALLCapture 2.0 Trial
2008-08-12 12:44    ---------    d-----w    C:\Program Files\Albani_new
2008-08-09 22:44    ---------    d-----w    C:\Documents and Settings\bc\Application Data\Nuotex
2008-08-08 10:00    ---------    d-----w    C:\Program Files\Passware
2008-08-07 13:54    ---------    d-----w    C:\Program Files\Elcomsoft
2008-08-06 18:07    96,976    ----a-w    C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 11:34    87,855    ----a-w    C:\WINDOWS\system32\drivers\klick.dat
2008-07-09 22:14    ---------    d-----w    C:\Documents and Settings\bc\Application Data\AdobeUM
2008-07-08 13:48    ---------    d-----w    C:\Program Files\All-in-1 Mobile Video Convert
2008-07-03 20:04    ---------    d-----w    C:\Program Files\الموسوعة الطبية
2008-07-02 13:06    ---------    d-----w    C:\Program Files\Your Uninstaller 2008
2008-07-02 13:06    ---------    d-----w    C:\Program Files\MDM Flash Studio PRO v2 Trial
2008-07-02 13:06    ---------    d-----w    C:\Program Files\INTEX Video Power
2008-07-02 13:06    ---------    d-----w    C:\Program Files\ImageShackToolbar
2008-07-02 13:06    ---------    d-----w    C:\Program Files\Absolute Memory
2008-07-02 13:06    ---------    d-----w    C:\Program Files\3D Blocks
2008-07-02 13:06    ---------    d-----w    C:\Program Files\الموسوعة القرآنية الشاملة
2008-07-02 12:19    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-07-01 14:51    ---------    d-----w    C:\Program Files\PhotoBrush
2008-06-27 12:32    2,433,400    ----a-w    C:\WINDOWS\system32\SpoonUninstall.exe
2008-06-27 12:31    ---------    d-----w    C:\Program Files\Illustrate
2008-06-27 10:15    63,488    ----a-w    C:\WINDOWS\xobglu16.dll
2008-06-27 10:15    23,552    ----a-w    C:\WINDOWS\xobglu32.dll
2008-06-26 14:05    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-26 14:00    ---------    d-----w    C:\Program Files\Bonjour
2008-06-26 13:51    ---------    d-----w    C:\Program Files\Common Files\Macrovision Shared
2008-06-26 11:35    ---------    d-----w    C:\Documents and Settings\bc\Application Data\Desktopicon
2008-06-26 11:34    ---------    d-----w    C:\Program Files\Unlocker
2008-06-24 13:17    ---------    d-----w    C:\Program Files\IVT Corporation
2008-06-24 13:10    ---------    d-----w    C:\Program Files\Extended Systems
2008-06-24 13:05    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-06-23 17:39    ---------    d-----w    C:\Program Files\Common Files\LogoManager
2008-06-21 12:33    ---------    d-----w    C:\Program Files\PowerDataRecovery
2008-06-20 13:15    ---------    d-----w    C:\Documents and Settings\bc\Application Data\URSoft
2008-06-19 22:24    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-13 14:06    ---------    d-----w    C:\Program Files\DEVELOPER EXPRESS INC
2008-06-13 13:10    272,128    ----a-w    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 12:41    3,534    ----a-w    C:\WINDOWS\system32\tmp.reg
2008-05-30 10:20    737,280    ----a-w    C:\WINDOWS\iun6002.exe
2008-05-29 06:35    86,528    ----a-w    C:\WINDOWS\system32\VACFix.exe
2008-05-21 09:27    0    ----a-w    C:\Odesa.exe
2008-05-18 18:40    82,944    ----a-w    C:\WINDOWS\system32\IEDFix.exe
2001-08-13 12:05    3,275,808    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2001-08-13 12:05    704,544    --sha-w    C:\WINDOWS\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((   snapshot_Wed 07-02-2008_20.34.42.43   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-18 16:14:43    2,854,400    ----a-w    C:\WINDOWS\$hf_mig$\KB927891\SP2QFE\msi31.dll
+ 2006-01-19 19:29:19    14,048    ----a-w    C:\WINDOWS\$hf_mig$\KB927891\spmsg.dll
+ 2006-01-19 19:29:19    213,216    ----a-w    C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe
+ 2006-01-19 19:29:19    22,752    ----a-w    C:\WINDOWS\$hf_mig$\KB927891\update\spcustom.dll
+ 2006-01-19 19:29:19    716,000    ----a-w    C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
+ 2006-01-19 19:29:19    371,424    ----a-w    C:\WINDOWS\$hf_mig$\KB927891\update\updspapi.dll
+ 2008-04-21 06:56:54    1,024,000    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54    151,040    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55    1,054,208    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55    357,888    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55    205,312    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55    55,808    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59    18,432    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56    251,904    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56    96,256    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56    16,384    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57    3,066,880    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57    449,024    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57    146,432    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58    532,480    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58    39,424    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58    1,499,136    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58    474,112    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58    618,496    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59    666,624    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04    351,744    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29    3,066,880    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29    666,112    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01    3,067,392    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02    666,624    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22    17,272    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22    231,288    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22    26,488    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22    755,576    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22    382,840    ----a-w    C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2007-11-30 12:39:22    17,272    ----a-w    C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22    231,288    ----a-w    C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22    26,488    ----a-w    C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22    755,576    ----a-w    C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22    382,840    ----a-w    C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51    203,008    ----a-w    C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52    203,136    ----a-w    C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17    203,136    ----a-w    C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22    17,272    ----a-w    C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22    231,288    ----a-w    C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22    26,488    ----a-w    C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22    755,576    ----a-w    C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22    382,840    ----a-w    C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-06-13 09:52:16    272,128    ----a-w    C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51    272,128    ----a-w    C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43    272,128    ----a-w    C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51    17,272    ----a-w    C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51    231,288    ----a-w    C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51    26,488    ----a-w    C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51    755,576    ----a-w    C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51    382,840    ----a-w    C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-05-07 04:55:40    1,288,192    ----a-w    C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40    1,288,192    ----a-w    C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15    1,288,192    ----a-w    C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51    17,272    ----a-w    C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51    231,288    ----a-w    C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51    26,488    ----a-w    C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22    755,576    ----a-w    C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22    382,840    ----a-w    C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2005-05-04 11:45:32    2,890,240    -c----w    C:\WINDOWS\$NtUninstallKB927891$\msi.dll
+ 2006-01-19 19:29:19    213,216    -c----w    C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe
+ 2006-01-19 19:29:19    371,424    -c----w    C:\WINDOWS\$NtUninstallKB927891$\spuninst\updspapi.dll
+ 2008-02-16 08:59:34    1,023,488    -c----w    C:\WINDOWS\$NtUninstallKB950759$\browseui.dll
+ 2008-02-16 08:59:35    151,040    -c----w    C:\WINDOWS\$NtUninstallKB950759$\cdfview.dll
+ 2008-02-16 08:59:35    1,054,208    -c----w    C:\WINDOWS\$NtUninstallKB950759$\danim.dll
+ 2008-02-16 08:59:35    357,888    -c----w    C:\WINDOWS\$NtUninstallKB950759$\dxtmsft.dll
+ 2008-02-16 08:59:35    205,312    -c----w    C:\WINDOWS\$NtUninstallKB950759$\dxtrans.dll
+ 2008-02-16 08:59:35    55,808    -c----w    C:\WINDOWS\$NtUninstallKB950759$\extmgr.dll
+ 2008-02-15 09:23:37    18,432    -c----w    C:\WINDOWS\$NtUninstallKB950759$\iedw.exe
+ 2008-02-16 08:59:35    251,392    -c----w    C:\WINDOWS\$NtUninstallKB950759$\iepeers.dll
+ 2008-02-16 08:59:35    96,256    -c----w    C:\WINDOWS\$NtUninstallKB950759$\inseng.dll
+ 2008-02-16 08:59:35    16,384    -c----w    C:\WINDOWS\$NtUninstallKB950759$\jsproxy.dll
+ 2008-02-17 01:59:38    3,059,712    -c----w    C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll
+ 2008-02-16 08:59:37    449,024    -c----w    C:\WINDOWS\$NtUninstallKB950759$\mshtmled.dll
+ 2008-02-16 08:59:37    146,432    -c----w    C:\WINDOWS\$NtUninstallKB950759$\msrating.dll
+ 2008-02-16 08:59:37    532,480    -c----w    C:\WINDOWS\$NtUninstallKB950759$\mstime.dll
+ 2008-02-16 08:59:37    39,424    -c----w    C:\WINDOWS\$NtUninstallKB950759$\pngfilt.dll
+ 2008-02-16 08:59:38    1,494,528    -c----w    C:\WINDOWS\$NtUninstallKB950759$\shdocvw.dll
+ 2008-02-16 08:59:38    474,112    -c----w    C:\WINDOWS\$NtUninstallKB950759$\shlwapi.dll
+ 2007-11-30 12:39:22    231,288    -c----w    C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22    382,840    -c----w    C:\WINDOWS\$NtUninstallKB950759$\spuninst\updspapi.dll
+ 2008-02-16 08:59:38    615,936    -c----w    C:\WINDOWS\$NtUninstallKB950759$\urlmon.dll
+ 2008-02-16 08:59:39    659,456    -c----w    C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
+ 2008-02-15 09:06:21    351,744    -c----w    C:\WINDOWS\$NtUninstallKB950759$\xpsp3res.dll
+ 2007-11-30 12:39:22    231,288    -c----w    C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22    382,840    -c----w    C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2006-07-13 08:48:58    202,240    -c----w    C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:22    231,288    -c----w    C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22    382,840    -c----w    C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2004-08-03 21:10:38    274,304    -c----w    C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:18:51    231,288    -c----w    C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51    382,840    -c----w    C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2007-10-29 22:43:03    1,287,680    -c----w    C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:18:51    231,288    -c----w    C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22    382,840    -c----w    C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll
+ 2002-03-11 17:45:04    1,708,856    ----a-w    C:\WINDOWS\Cache\Adobe Reader 6.0.1\ENUBIG\instmsia.exe
+ 2002-03-11 18:06:30    1,822,520    ----a-w    C:\WINDOWS\Cache\Adobe Reader 6.0.1\ENUBIG\instmsiw.exe
+ 2003-11-03 23:06:25    217,088    ----a-w    C:\WINDOWS\Cache\Adobe Reader 6.0.1\ENUBIG\setup.exe
+ 2008-06-13 13:10:50    272,128    ------w    C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-07-01 20:20:56    23,558    ----a-r    C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\ARPPRODUCTICON.exe
+ 2001-08-13 12:24:23    23,558    ----a-r    C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\ARPPRODUCTICON.exe
+ 2006-08-24 03:44:14    477,696    ----a-w    C:\WINDOWS\LastGood\system32\DRIVERS\ZD1211BU.sys
+ 2008-08-09 21:16:33    73,728    ----a-w    C:\WINDOWS\SISWare\bin\SignBot.exe
+ 2008-08-09 21:17:24    1,200,128    ----a-w    C:\WINDOWS\SISWare\bin\signsis.exe
- 2008-02-16 08:59:34    1,023,488    ----a-w    C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:56    1,023,488    ----a-w    C:\WINDOWS\system32\browseui.dll
+ 2007-09-20 11:04:10    114,688    ----a-w    C:\WINDOWS\system32\BTCamVideoSource.dll
- 2008-02-16 08:59:35    151,040    ----a-w    C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:56    151,040    ----a-w    C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 08:59:35    1,054,208    ----a-w    C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:03:57    1,054,208    ----a-w    C:\WINDOWS\system32\danim.dll
+ 1997-06-10 14:10:14    27,136    ----a-w    C:\WINDOWS\system32\DBGWPROC.DLL
+ 2008-04-21 07:04:00    615,936    ----a-w    C:\WINDOWS\system32\DirectX10.dll
- 2008-02-16 08:59:34    1,023,488    -c--a-w    C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:56    1,023,488    -c--a-w    C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-03 21:10:38    274,304    -c--a-w    C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-13 13:10:50    272,128    -c--a-w    C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-02-16 08:59:35    151,040    -c--a-w    C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:03:56    151,040    -c--a-w    C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 08:59:35    1,054,208    -c--a-w    C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:03:57    1,054,208    -c--a-w    C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 08:59:35    357,888    -c--a-w    C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:57    357,888    -c--a-w    C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 08:59:35    205,312    -c--a-w    C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:57    205,312    -c--a-w    C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 08:59:35    55,808    -c--a-w    C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03:57    55,808    -c--a-w    C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37    18,432    -c--a-w    C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54    18,432    -c--a-w    C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 08:59:35    251,392    -c--a-w    C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:58    251,392    -c--a-w    C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 08:59:35    96,256    -c--a-w    C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:58    96,256    -c--a-w    C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 08:59:35    16,384    -c--a-w    C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03:58    16,384    -c--a-w    C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-17 01:59:38    3,059,712    -c--a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:59    3,059,712    -c--a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 08:59:37    449,024    -c--a-w    C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:03:59    449,024    -c--a-w    C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2005-05-04 11:45:32    2,890,240    -c--a-w    C:\WINDOWS\system32\dllcache\msi.dll
+ 2007-04-18 16:12:23    2,854,400    -c--a-w    C:\WINDOWS\system32\dllcache\msi.dll
- 2008-02-16 08:59:37    146,432    -c--a-w    C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:03:59    146,432    -c--a-w    C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 08:59:37    532,480    -c--a-w    C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:03:59    532,480    -c--a-w    C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 08:59:37    39,424    -c--a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:03:59    39,424    -c--a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03    1,287,680    -c--a-w    C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48    1,287,680    -c--a-w    C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58    202,240    -c--a-w    C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49    202,752    -c--a-w    C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 08:59:38    1,494,528    -c--a-w    C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:04:00    1,494,528    -c--a-w    C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 08:59:38    474,112    -c--a-w    C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:04:00    474,112    -c--a-w    C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 08:59:38    615,936    -c--a-w    C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:04:00    615,936    -c--a-w    C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2004-08-03 20:58:46    15,104    -c--a-w    C:\WINDOWS\system32\dllcache\usbscan.sys
- 2008-02-16 08:59:39    659,456    -c--a-w    C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:04:00    659,456    -c--a-w    C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-18 11:53:28    187,408    ----a-w    C:\WINDOWS\system32\drivers\klif.sys
+ 2008-07-18 18:59:16    187,920    ----a-w    C:\WINDOWS\system32\drivers\klif.sys
- 2006-07-13 08:48:58    202,240    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49    202,752    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
+ 2004-08-03 20:58:46    15,104    ----a-w    C:\WINDOWS\system32\drivers\usbscan.sys
- 2008-02-16 08:59:35    357,888    ----a-w    C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:57    357,888    ----a-w    C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 08:59:35    205,312    ----a-w    C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:57    205,312    ----a-w    C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 08:59:35    55,808    ----a-w    C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:57    55,808    ----a-w    C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 08:59:35    251,392    ----a-w    C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:58    251,392    ----a-w    C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 08:59:35    96,256    ----a-w    C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:58    96,256    ----a-w    C:\WINDOWS\system32\inseng.dll
- 2008-02-16 08:59:35    16,384    ----a-w    C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:58    16,384    ----a-w    C:\WINDOWS\system32\jsproxy.dll
- 2008-02-17 01:59:38    3,059,712    ----a-w    C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:59    3,059,712    ----a-w    C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 08:59:37    449,024    ----a-w    C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:59    449,024    ----a-w    C:\WINDOWS\system32\mshtmled.dll
- 2005-05-04 11:45:32    2,890,240    ----a-w    C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23    2,854,400    ----a-w    C:\WINDOWS\system32\msi.dll
- 1999-09-28 19:42:48    1,050,896    ----a-w    C:\WINDOWS\system32\msjet35.dll
+ 1999-08-16 19:22:00    1,056,768    ----a-w    C:\WINDOWS\system32\msjet35.dll
- 1999-06-10 07:34:04    123,664    ----a-w    C:\WINDOWS\system32\msjint35.dll
+ 1998-04-23 21:00:00    123,664    ----a-w    C:\WINDOWS\system32\msjint35.dll
- 1999-06-10 07:34:04    24,848    ----a-w    C:\WINDOWS\system32\msjter35.dll
+ 1998-04-23 21:00:00    24,848    ----a-w    C:\WINDOWS\system32\msjter35.dll
- 2008-02-16 08:59:37    146,432    ----a-w    C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:59    146,432    ----a-w    C:\WINDOWS\system32\msrating.dll
- 1998-06-01 12:37:00    262,144    ----a-w    C:\WINDOWS\system32\msrd2x35.dll
+ 1998-04-23 21:00:00    252,176    ----a-w    C:\WINDOWS\system32\msrd2x35.dll
- 1999-08-25 12:57:26    415,504    ----a-w    C:\WINDOWS\system32\msrepl35.dll
+ 1999-08-16 19:22:00    430,080    ----a-w    C:\WINDOWS\system32\msrepl35.dll
- 2000-07-14 22:00:00    118,784    ----a-w    C:\WINDOWS\system32\MSSTDFMT.DLL
+ 1998-06-17 21:00:00    118,784    ----a-w    C:\WINDOWS\system32\MSSTDFMT.DLL
- 2008-02-16 08:59:37    532,480    ----a-w    C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:59    532,480    ----a-w    C:\WINDOWS\system32\mstime.dll
+ 2005-09-07 18:03:50    1,330,888    ----a-w    C:\WINDOWS\system32\msxml6.dll
- 2008-05-10 11:27:52    278,528    ----a-w    C:\WINDOWS\system32\pncrt.dll
+ 2008-08-12 17:59:10    278,528    ----a-w    C:\WINDOWS\system32\pncrt.dll
- 2008-05-10 11:27:53    6,656    ----a-w    C:\WINDOWS\system32\pndx5016.dll
+ 2008-08-12 17:59:16    6,656    ----a-w    C:\WINDOWS\system32\pndx5016.dll
- 2008-05-10 11:27:53    5,632    ----a-w    C:\WINDOWS\system32\pndx5032.dll
+ 2008-08-12 17:59:16    5,632    ----a-w    C:\WINDOWS\system32\pndx5032.dll
- 2008-02-16 08:59:37    39,424    ----a-w    C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:59    39,424    ----a-w    C:\WINDOWS\system32\pngfilt.dll
+ 2001-08-17 20:36:30    5,632    ----a-w    C:\WINDOWS\system32\ptpusb.dll
+ 2004-08-03 22:56:46    159,232    ----a-w    C:\WINDOWS\system32\ptpusd.dll
- 2007-10-29 22:43:03    1,287,680    ----a-w    C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48    1,287,680    ----a-w    C:\WINDOWS\system32\quartz.dll
+ 2005-10-28 09:38:18    402,432    ----a-w    C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]007\DriverFiles\ZD11BUXP.sys
- 2006-01-28 00:55:26    176,167    ----a-w    C:\WINDOWS\system32\rmoc3260.dll
+ 2008-08-12 17:59:36    185,944    ----a-w    C:\WINDOWS\system32\rmoc3260.dll
- 2008-02-16 08:59:38    1,494,528    ----a-w    C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:04:00    1,494,528    ----a-w    C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 08:59:38    474,112    ----a-w    C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:04:00    474,112    ----a-w    C:\WINDOWS\system32\shlwapi.dll
- 2008-02-16 08:59:38    615,936    ----a-w    C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:04:00    615,936    ----a-w    C:\WINDOWS\system32\urlmon.dll
- 1998-06-17 22:00:00    89,360    ----a-w    C:\WINDOWS\system32\VB5DB.DLL
+ 1998-06-17 21:00:00    89,360    ----a-w    C:\WINDOWS\system32\VB5DB.DLL
- 2008-02-16 08:59:39    659,456    ----a-w    C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:04:00    659,456    ----a-w    C:\WINDOWS\system32\wininet.dll
- 2008-02-15 09:06:21    351,744    ----a-w    C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04    351,744    ----a-w    C:\WINDOWS\system32\xpsp3res.dll
- 1999-03-23 06:12:34    299,520    ----a-w    C:\WINDOWS\uninst.exe
+ 1999-03-23 07:12:34    299,520    ----a-w    C:\WINDOWS\uninst.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/23/2004 02:00 PM 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [06/30/2008 10:24 PM 3096576]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [04/16/2008 12:53 PM 1079808]
"AvaFind"="C:\Program Files\AvaFind\AvaFind.exe" [10/02/2003 12:36 AM 665600]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [06/04/2008 07:16 PM 2594224]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [03/26/2008 06:41 PM 1232896]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 06:24 PM 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 04:51 PM 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM 155648]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [06/23/2005 11:13 AM 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [03/01/2008 07:10 AM 15872]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/12/2008 07:59 PM 185896]
"RTHDCPL"="RTHDCPL.EXE" [08/10/2007 09:21 AM 16384000 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [08/03/2007 07:22 AM 1826816 C:\WINDOWS\SkyTel.exe]
"SiSPower"="SiSPower.dll" [06/25/2007 10:46 AM 53248 C:\WINDOWS\system32\SiSPower.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [05/23/2004 02:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [05/23/2004 02:00 PM 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/26/2008 06:41 PM 1232896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
PLANET WL-U356A Utility.lnk - C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe [2001-08-13 14:25:54 483328]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 11:11:48 6395464]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-04-24 14:07:13 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
R3 ZD1211BU(PLANET Technology Corp.);PLANET  WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [10/28/2005 11:38 AM]
S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys []
S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys []
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys []
S3 FXDrv32;FXDrv32;G:\FXDrv32.sys []
S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys []
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [10/28/2005 11:38 AM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\bc\Application Data\Mozilla\Firefox\Profiles\s0xq8vyv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://ar.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ar:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 20:19:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?9???????????? 

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 08/13/2008 20:20:41
ComboFix-quarantined-files.txt  2008-08-13 18:20:22
ComboFix2.txt  2008-07-02 18:35:06
ComboFix3.txt  2008-06-02 12:17:20

Pre-Run: 23,876,997,120 bytes free
Post-Run: 23,878,115,328 bytes free

427    --- E O F ---    2008-07-04 02:15:17
وهذا تقرير الهايجاك

PHP: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:24:28 م, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Prayer Time\Libya\AlMaathen.exe
C:\WINDOWS\system32\CF27350.exe
C:\WINDOWS\system32\cscript.exe
C:\ComboFix\Catchme.tmp
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\bc\Desktop\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server-ede:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Web Camera for S60.lnk = C:\Program Files\Mobiola Web Camera for S60\webcam.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE6386F-E82C-4CE5-9219-ACCA9631A101}: NameServer = 62.145.72.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10154 bytes
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:24:28 م, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesHewlett-PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe
C:WINDOWSVM303_STI.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesNokiaNokia PC Suite 6PCSuite.exe
C:Program FilesAvaFindAvaFind.exe
C:Program FilesInternet Download ManagerIDMan.exe
C:Program FilesHewlett-PackardToolbox2.0JavasoftJRE1.3.1binjavaw.exe
C:Program FilesNokiaNokia PC Suite 6PCSync2.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesTechSmithSnagIt 8SnagIt32.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclMSBTSrv.exe
C:Program FilesCommon FilesNokiaMPAPIMPAPI3s.exe
C:WINDOWSsystem32sistray.exe
C:Program FilesTechSmithSnagIt 8TSCHelp.exe
C:Program FilesTechSmithSnagIt 8SnagPriv.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32WISPTIS.EXE
C:Program FilesYahoo!Messengerypager.exe
C:Program FilesPrayer TimeLibyaAlMaathen.exe
C:WINDOWSsystem32CF27350.exe
C:WINDOWSsystem32cscript.exe
C:ComboFixCatchme.tmp
C:WINDOWSsystem32notepad.exe
C:WINDOWSexplorer.exe
C:Documents and SettingsbcDesktopZyzoom_HijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = server-ede:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program FilesInternet Download ManagerIDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:Program FilesTechSmithSnagIt 8SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:Program FilesPanicwarePop-Up Stopper BasicCCHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:Program FilesPanicwarePop-Up Stopper Basicpopuppro.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:Program FilesImageShackToolbarImageShackToolbar.dll
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM..Run: [StatusClient] C:Program FilesHewlett-PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe /auto
O4 - HKLM..Run: [TomcatStartup] C:Program FilesHewlett-PackardToolbox2.0hpbpsttp.exe
O4 - HKLM..Run: [BigDog303] C:WINDOWSVM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM..Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM..Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM..Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU..Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU..Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU..Run: [IDMan] C:Program FilesInternet Download ManagerIDMan.exe /onboot
O4 - HKCU..Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU..Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Web Camera for S60.lnk = C:Program FilesMobiola Web Camera for S60webcam.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:Program FilesPLANET WL-U356APLANETWlanUtil.exe
O4 - Global Startup: SnagIt 8.lnk = C:Program FilesTechSmithSnagIt 8SnagIt32.exe
O4 - Global Startup: Utility Tray.lnk = C:WINDOWSsystem32sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:Program FilesInternet Download ManagerIEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:Program FilesInternet Download ManagerIEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:Program FilesInternet Download ManagerIEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O17 - HKLMSystemCCSServicesTcpip..{0BE6386F-E82C-4CE5-9219-ACCA9631A101}: NameServer = 62.145.72.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe

--
End of file - 10154 bytes
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
احذف

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll


 O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:Program FilesPanicwarePop-Up Stopper BasicCCHelper.dll


 O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:Program FilesPanicwarePop-Up Stopper Basicpopuppro.dll


 O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html


O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html


O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html



طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png

ورح ابدا اضافه وازاله البرامج واحذف Pop-Up Stopper وجوقل تولبار


رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png

quot-bot-left.gif

quot-bot-right.gif



نزل هالاداة لتنظيف الجهاز​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


zyzoom-3c0e283670.gif

وتقرير جديد​

وشوف
 
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
PHP: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:03 م, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\bc\Desktop\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server-ede:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Web Camera for S60.lnk = C:\Program Files\Mobiola Web Camera for S60\webcam.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE6386F-E82C-4CE5-9219-ACCA9631A101}: NameServer = 62.145.72.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10452 bytes
 
تأييد 0
وبالنسبة للاداة الثانية لتنظيف الجهاز هذا مصار معي

656qo3.png
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى