هل جهازي ( انا ) مصااب ..؟

والله لو تسوي افضل

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:52, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\winxbjirp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
F2 - REG:system.ini: Shell=Explorer.exe "C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\winxbjirp.exe"
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video ******* with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E44006D-D813-4BC6-8867-A259379E89E3}: NameServer = 85.255.116.117;85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA2434CF-C50D-4ABD-863A-7F3CA75ED848}: NameServer = 85.255.116.117;85.255.112.190
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.117;85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.117;85.255.112.190
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe (file missing)
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe (file missing)
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe (file missing)
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE (file missing)
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe (file missing)
O23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe (file missing)
O23 - Service: AntiVirus Monitor (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (file missing)
--
End of file - 8210 bytes



---


ابشرر ..

 

ارجووو الرد ..,

 

السلام عليكم

القيم الي في القرير تشير لاصابة جهازك بتروجان dns cahnger حتى لو فحصت الجهاز باي مكافح سيعود التروجان للجهاز
حتى لو اصلحت القيم من الهيجاك ستعود
هل قمت بحميل برنامج تروجان ريموفر من ردي السابق ام لا لانه البرنامج الوحيد القادر على ازالة التروجان
او حمل برنامج سوبر انتي سباي وير من الموضوع من هنا

وعطل استعادة النظام قبل الفحص
ونظف الجهاز بالبرنامج من هنا
اصاب جهازي هاذا التروجان وتم معالجته كما وضحت لك
بالتوفيق

 

اخووي خلينا نبدأ من البدااية وللمعلومة انا ما حملت تروجان ريموف لأن المووقع ما يشتفل عندي ..

 

اخيرا لقيت رابط للبرنامج وهو http://software-files.download.com/...91a57e5b6c613e8c43961&pid=10988811&psid=51579

ممكن تقوول لي وش اسووي بعدها

 

وللعلم السرعة النت عندنا سرعته 2 ميجا والتحميل 3 كيلو !!

وجربت احمل بـ جهاز اخووي السرعة عنده 250 !!​

 

يعني سرعة التحميل بجهاز اخوك اسرع من جهازك الي مصاب ولا لا هاذا ما حصل معي

الان حمل برنامج التروجان ريموفر وحدثه وافحص الجهاز
وانتبه لتركيب الباتش والكي للبرنامج راح تلاحظ اول فحص للجهاز سيقوم باكتشاف قيمه بالرجستري معدله من قبل التروجان يقوم باصلاحها برنامج تروجان ريموفر اعطيه اوكي على الاصلاح للقيمه
بعدها راح يكمل البرنامج فحصه وازالة التروجان
انصحك بعدها بتحميل برنامج سوبر انتي تروجان وفحص الجهاز
لانه للاسف بعض برامج التروجونات لا تقوم بمسح كافه مخلفات البرامج التجسسيه
يعني كانت قصتي قصه مع هاذا التروجان لحين ما تخلصت منه
ولتاكيد حذفك للتروجان حدث الجي داتا وافحص الجهاز بالكامل
والبرامج الي سبق ذكرها عليك بفحص الجهاز بالكامل ايضا
ولا تنسى تعطل خاصية استعادة النظام وتنظف الجهاز ببرنامج ccleaner
طولت عليك بالشرح :hh:
بالتوفيق

 

جاري تحديث البرنامج ويمكن بعد ما احدثه .. اثبت هذي الخلطه .. http://www.zyzoom.org/vb/showthread.php?t=28568 ؟؟ -- تنصحني فيها ..؟

 

ممكن السيريال حق البرنامج ..

 

انت من وين حملت البرنامج ومن اي موضوع خلني اعرف
البرنامج يجي معاه باتش + كي جن
الباتش تضعه بمجلد البرنامج وتشغله وتضغط على كلمة باتش والكي جن تنسخ منه السيريال وتضعه للبرنامج
على العموم هاذا الكي
Black Riders هاذا name

00000G-TM17ZF-QYXVV8-H0QQR3-XUX4XT-EWHVEK-5YFJWR-41E78N-THQDFJ هاذا الكي
طبعا اخذته من الكي جن حق البرنامج الي عندي

 

حملته من مووقع الشركة .. الله يعيين .. ممكن رابط الكيجين و الباتش لأنه ما نفع معي ..

 

طيب انتظر لحين ارفعلك اياه على موقع واعطيك الرابط البرنامج مع الباتش مع الكي جن
هل رابط تحميل البرنامج ما نفع معك الي في الموضوع في الرد السابق
انتظر

 

تفضل اخي الرابط

http://www.2shared.com/file/4515396/bf33f320/TrojanRemoverv675.html

بعد فتح صفحة التحميل انزل لاخر الصفحه ترى Save file to your PC: click here

اضغط على click here سيبدا بالتحميل

 

مشكووووور اخووووي وجاري التحميل ..!! التحميل باقي لهـ 40 دقيقة السرعة من 1 كيلو الى 2 كيلو :s

 

يمديك ترفع الباتش والكيجين لحالهم ..؟ :i::i::i:

--

لأن فجأة .. الصوورة تتكلم .. :f::f::f:

http://img78.imageshack.us/img78/4673/45470274yb4.th.jpg​

 

تفضل

http://www.2shared.com/file/4515463/4d8e0de5/Keygen.html

 

تم الفحص وأعدت التشغيل وطلع لي تقرير من البرنامج وهذا هوو يمكن تحتااجه ..


***** THE SYSTEM HAS BEEN RESTARTED *****
12/24/2008 11:39:26 PM: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - Ownership taken
HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - already removed (or did not exist)
=======================================================
12/24/2008 11:39:26 PM: Trojan Remover closed
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Registered to: Mr.Azoooz]
Scan started at: 11:36:01 PM 24 Dec 2008
Using Database v7239
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Abdulazziz\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Abdulazziz\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
11:36:01 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
11:36:01 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
11:36:01 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: msqpdxserv.sys
C:\WINDOWS\system32\drivers\msqpdxserv.sys
62464 bytes
Created: 12/6/2008
Modified: 12/7/2008
Company: [no info]
C:\WINDOWS\system32\drivers\msqpdxserv.sys appears to contain: BACKDOOR.TDSS
Entry has been scheduled for deletion when the PC is restarted
C:\WINDOWS\system32\drivers\msqpdxserv.sys - no action requested on this file
----------
----------
************************************************************
11:36:26 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 8/4/2004
Modified: 4/14/2008
Company: Microsoft Corporation
----------
File: C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\winxbjirp.exe
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\winxbjirp.exe
7168 bytes
Created: 12/24/2008
Modified: 12/24/2008
Company: [no info]
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\winxbjirp.exe" - this entry will be removed (no action requested on file)
----------
This key's "Userinit" value calls the following program(s):
File: userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 8/4/2004
Modified: 4/14/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 8/4/2004
Modified: 4/14/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13574144 bytes
Created: 4/19/2007
Modified: 10/7/2008
Company: NVIDIA Corporation
--------------------
Value Name: COMODO Internet Security
Value Data: "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
1797880 bytes
Created: 12/6/2008
Modified: 12/11/2008
Company: COMODO
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1712128 bytes
Created: 4/19/2007
Modified: 10/7/2008
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 4/19/2007
Modified: 10/7/2008
Company: NVIDIA Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1230728 bytes
Created: 12/24/2008
Modified: 12/10/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 8/4/2004
Modified: 4/14/2008
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5802008 bytes
Created: 10/18/2007
Modified: 10/18/2007
Company: Microsoft Corporation
--------------------
Value Name: uTorrent
Value Data: "C:\Program Files\uTorrent\uTorrent.exe"
C:\Program Files\uTorrent\uTorrent.exe
270128 bytes
Created: 12/4/2008
Modified: 12/4/2008
Company: BitTorrent, Inc.
--------------------
Value Name: IDMan
Value Data: D:\Program Files\Internet Download Manager\IDMan.exe /onboot
D:\Program Files\Internet Download Manager\IDMan.exe
990208 bytes
Created: 7/4/2007
Modified: 12/7/2008
Company: Tonec Inc.
--------------------
Value Name: RAMSaverPro
Value Data: C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
300032 bytes
Created: 12/4/2008
Modified: 11/11/2008
Company: [no info]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
11:36:34 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
11:36:34 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
11:36:35 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
11:36:35 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 8/25/2006
Modified: 8/25/2006
Company: [no info]
----------
************************************************************
11:36:35 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
************************************************************
11:36:36 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: abp470n5
ImagePath: \??\C:\WINDOWS\system32\drivers\esmjok.sys
C:\WINDOWS\system32\drivers\esmjok.sys [file not found to scan]
----------
Key: AntiVirMailService
ImagePath: "C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe"
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [file not found to scan]
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\Avira Premium Security Suite\sched.exe"
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe [file not found to scan]
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe"
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe [file not found to scan]
----------
Key: antivirwebservice
ImagePath: "C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE"
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [file not found to scan]
----------
Key: AVEService
ImagePath: "C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe"
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [file not found to scan]
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys
C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys [file not found to scan]
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys
C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys [file not found to scan]
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 12/6/2008
Modified: 6/27/2008
Company: Avira GmbH
----------
Key: AVKService
ImagePath: C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe [file not found to scan]
----------
Key: AVKWCtl
ImagePath: C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe [file not found to scan]
----------
Key: BCM42RLY
ImagePath: \??\C:\WINDOWS\System32\BCM42RLY.SYS
C:\WINDOWS\System32\BCM42RLY.SYS
17992 bytes
Created: 12/3/2008
Modified: 2/1/2005
Company: Broadcom Corporation
----------
Key: cmdAgent
ImagePath: "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
618232 bytes
Created: 12/6/2008
Modified: 12/6/2008
Company: COMODO
----------
Key: cmdGuard
ImagePath: System32\DRIVERS\cmdguard.sys
C:\WINDOWS\System32\DRIVERS\cmdguard.sys
101776 bytes
Created: 12/6/2008
Modified: 12/6/2008
Company: COMODO
----------
Key: cmdHlp
ImagePath: System32\DRIVERS\cmdhlp.sys
C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
31504 bytes
Created: 12/6/2008
Modified: 12/6/2008
Company: COMODO
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
14336 bytes
Created: 12/16/2008
Modified: 12/16/2008
Company: CybelSoft
----------
Key: gdrv
ImagePath: \??\C:\WINDOWS\gdrv.sys
C:\WINDOWS\gdrv.sys
4716 bytes
Created: 12/3/2008
Modified: 12/3/2008
Company: Windows (R) 2000 DDK provider
----------
Key: GTNDIS5
ImagePath: \??\C:\WINDOWS\system32\GTNDIS5.SYS
C:\WINDOWS\system32\GTNDIS5.SYS
15872 bytes
Created: 12/3/2008
Modified: 9/25/2003
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: HookCentre
ImagePath: \??\C:\WINDOWS\system32\drivers\HookCentre.sys
C:\WINDOWS\system32\drivers\HookCentre.sys
32200 bytes
Created: 12/11/2008
Modified: 12/11/2008
Company: G DATA Software AG
----------
Key: ialm
ImagePath: system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
-R- 1353820 bytes
Created: 12/3/2008
Modified: 11/28/2005
Company: Intel Corporation
----------
Key: Inspect
ImagePath: System32\DRIVERS\inspect.sys
C:\WINDOWS\System32\DRIVERS\inspect.sys
79504 bytes
Created: 12/6/2008
Modified: 12/6/2008
Company: COMODO
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 12/9/2008
Modified: 12/9/2008
Company: Sun Microsystems, Inc.
----------
Key: kl1
ImagePath: system32\drivers\kl1.sys
C:\WINDOWS\system32\drivers\kl1.sys
121872 bytes
Created: 7/21/2008
Modified: 7/21/2008
Company: Kaspersky Lab
----------
Key: klbg
ImagePath: system32\drivers\klbg.sys
C:\WINDOWS\system32\drivers\klbg.sys
32784 bytes
Created: 1/29/2008
Modified: 1/29/2008
Company: Kaspersky Lab
----------
Key: KLFLTDEV
ImagePath: system32\DRIVERS\klfltdev.sys
C:\WINDOWS\system32\DRIVERS\klfltdev.sys
26640 bytes
Created: 3/13/2008
Modified: 3/13/2008
Company: Kaspersky Lab
----------
Key: klim5
ImagePath: system32\DRIVERS\klim5.sys
C:\WINDOWS\system32\DRIVERS\klim5.sys
24592 bytes
Created: 4/30/2008
Modified: 4/30/2008
Company: Kaspersky Lab
----------
Key: maconfservice
ImagePath: "C:\Program Files\ma-config.com\maconfservice.exe"
C:\Program Files\ma-config.com\maconfservice.exe
221184 bytes
Created: 12/16/2008
Modified: 12/16/2008
Company: CybelSoft
----------
Key: ManyCam
ImagePath: system32\DRIVERS\ManyCam.sys
C:\WINDOWS\system32\DRIVERS\ManyCam.sys
21632 bytes
Created: 1/14/2008
Modified: 1/14/2008
Company: ManyCam LLC.
----------
Key: NdisFileServices32
ImagePath: \??\C:\WINDOWS\system32\drivers\rmorrn.sys
C:\WINDOWS\system32\drivers\rmorrn.sys
5477 bytes
Created: 12/7/2008
Modified: 12/24/2008
Company: [no info]
----------
Key: Ndisprot.sys
ImagePath: \systemroot\system32\drivers\Ndisprot.sys
C:\WINDOWS\system32\drivers\Ndisprot.sys
27904 bytes
Created: 12/6/2008
Modified: 12/7/2008
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 12/6/2008
Modified: 12/6/2008
Company: [no info]
----------
Key: RichVideo
ImagePath: "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
167936 bytes
Created: 12/3/2008
Modified: 8/7/2005
Company:
----------
Key: RT73
ImagePath: system32\DRIVERS\rt73.sys
C:\WINDOWS\system32\DRIVERS\rt73.sys
-R- 252928 bytes
Created: 12/3/2008
Modified: 1/12/2006
Company: Ralink Technology, Corp.
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 12/6/2008
Modified: 3/1/2007
Company: Avira GmbH
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{87BC6B9E-688B-4869-8EB2-2972B11E306F}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 8/4/2004
Modified: 4/14/2008
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
176152 bytes
Created: 10/18/2007
Modified: 10/18/2007
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
368640 bytes
Created: 10/25/2007
Modified: 10/25/2007
Company: Microsoft Corporation
----------
Key: WUSB54GCSVC
ImagePath: "C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe"
C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [file not found to scan]
----------
************************************************************
11:36:41 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
************************************************************
11:36:41 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
-R- 135168 bytes
Created: 12/3/2008
Modified: 11/28/2005
Company: Intel Corporation
----------
Key : klogon
DLLName: C:\WINDOWS\system32\klogon.dll
C:\WINDOWS\system32\klogon.dll
218376 bytes
Created: 7/29/2008
Modified: 7/29/2008
Company: Kaspersky Lab
----------
************************************************************
11:36:41 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVK9CM
CLSID: {CAF4C320-32F5-11D3-A222-004095200FF2}
Path: C:\Program Files\G DATA\TotalCare\AVK\ShellExt.dll
C:\Program Files\G DATA\TotalCare\AVK\ShellExt.dll [file not found to scan]
----------
Key: Kaspersky Anti-Virus
CLSID: {dd230880-495a-11d1-b064-008048ec2fc5}
Path: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\shellex.dll
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\shellex.dll
39688 bytes
Created: 7/29/2008
Modified: 7/29/2008
Company: Kaspersky Lab
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
Path: C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL
147456 bytes
Created: 11/2/2008
Modified: 11/2/2008
Company: PowerISO Computing, Inc.
----------
Key: QuickSFV Shell Extension
CLSID: {906b0e6e-61ce-11d3-8ee2-0060080a7242}
Path: C:\Program Files\QuickSFV\QSFVShll.dll
C:\Program Files\QuickSFV\QSFVShll.dll
105984 bytes
Created: 12/4/2008
Modified: 12/4/2008
Company: Mercedes
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll
C:\Program Files\Avira\Avira Premium Security Suite\shlext.dll
65793 bytes
Created: 12/6/2008
Modified: 6/12/2008
Company: Avira GmbH
----------
Key: SnagItMainShellExt
CLSID: {CF74B903-3389-469c-B3B6-0204D204FCBD}
Path: C:\Program Files\TechSmith\SnagIt 9\SnagItShellExt.dll
C:\Program Files\TechSmith\SnagIt 9\SnagItShellExt.dll
87368 bytes
Created: 5/15/2008
Modified: 5/15/2008
Company: TechSmith Corporation
----------
************************************************************
11:36:41 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
11:36:41 PM: Scanning ----- BROWSER HELPER ******S -----
Key: {0055C089-8582-441B-A0BF-17B458C2A3A8}
BHO: D:\Program Files\Internet Download Manager\IDMIECC.dll
D:\Program Files\Internet Download Manager\IDMIECC.dll
91568 bytes
Created: 7/4/2007
Modified: 7/4/2007
Company: Tonec Inc.
----------
Key: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
BHO: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
62728 bytes
Created: 7/29/2008
Modified: 7/29/2008
Company: Kaspersky Lab
----------
************************************************************
11:36:42 PM: Scanning ----- SHELLSERVICE******S -----
************************************************************
11:36:42 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
11:36:42 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
11:36:42 PM: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll]
File: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
79112 bytes
Created: 7/29/2008
Modified: 7/29/2008
Company: Kaspersky Lab
----------
File: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
79112 bytes
Created: 7/29/2008
Modified: 7/29/2008
Company: Kaspersky Lab
----------
File: C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll
C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll
83208 bytes
Created: 7/29/2008
Modified: 7/29/2008
Company: Kaspersky Lab
----------
File: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
11016 bytes
Created: 7/29/2008
Modified: 7/29/2008
Company: Kaspersky Lab
----------
************************************************************
11:36:42 PM: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
11:36:42 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 12/3/2008
Modified: 12/3/2008
Company: [no info]
--------------------
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
6822728 bytes
Created: 5/15/2008
Modified: 5/15/2008
Company: TechSmith Corporation
SnagIt 9.lnk - links to C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
--------------------
************************************************************
11:36:42 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Abdulazziz
[C:\Documents and Settings\Abdulazziz\START MENU\PROGRAMS\STARTUP]
The Startup Group for Abdulazziz attempts to load the following file(s):
C:\Documents and Settings\Abdulazziz\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 12/3/2008
Modified: 12/3/2008
Company: [no info]
----------
--------------------
Checking Startup Group for: Waleed
[C:\Documents and Settings\Waleed\START MENU\PROGRAMS\STARTUP]
The Startup Group for Waleed attempts to load the following file(s):
C:\Documents and Settings\Waleed\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 12/3/2008
Modified: 12/3/2008
Company: [no info]
----------
************************************************************
11:36:42 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
************************************************************
11:36:42 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
11:36:42 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: DisableRegistryTools
Value: DisableTaskMgr
All Policy Values listed have been removed or reset
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Abdulazziz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Abdulazziz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 12/3/2008
Modified: 12/24/2008
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Abdulazziz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 12/3/2008
Modified: 12/24/2008
Company: [no info]
----------
Rogue DNS NameServers:
Interface: Compact Wireless-G USB Adapter
NameServers: 85.255.116.117;85.255.112.190
[85.255.116.117;85.255.112.190] - Rogue DNS Nameserver entry removed
Rogue DNS NameServers:
Interface: Realtek RTL8139/810x Family Fast Ethernet NIC
NameServers: 85.255.116.117;85.255.112.190
[85.255.116.117;85.255.112.190] - Rogue DNS Nameserver entry removed
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
11:37:05 PM: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[15 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[79 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[34 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[65 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[64 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[49 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[167 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[46 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[54 loaded modules in total]
--------------------
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe - file already scanned
[56 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\nvsvc32.exe
[42 loaded modules in total]
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
[30 loaded modules in total]
--------------------
C:\Program Files\CyberLink\Shared Files\RichVideo.exe - file already scanned
[28 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.exe - file already scanned
[153 loaded modules in total]
--------------------
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe - file already scanned
[64 loaded modules in total]
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[34 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe - file already scanned
[153 loaded modules in total]
--------------------
C:\Program Files\uTorrent\uTorrent.exe - file already scanned
[79 loaded modules in total]
--------------------
D:\Program Files\Internet Download Manager\IDMan.exe - file already scanned
[66 loaded modules in total]
--------------------
C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe - file already scanned
[60 loaded modules in total]
--------------------
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
[90 loaded modules in total]
--------------------
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
[59 loaded modules in total]
--------------------
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
[29 loaded modules in total]
--------------------
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
[92 loaded modules in total]
--------------------
D:\Program Files\Internet Download Manager\IEMonitor.exe
[41 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe - file already scanned
[25 loaded modules in total]
--------------------
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\winxbjirp.exe - file already scanned
[43 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[50 loaded modules in total]
--------------------
C:\WINDOWS\system32\igfxsrvc.exe
[32 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[120 loaded modules in total]
--------------------
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\winjcgqfx.exe
[21 loaded modules in total]
--------------------
C:\Documents and Settings\Abdulazziz\Application Data\Simply Super Software\Trojan Remover\txa36.exe
FileSize: 2884472
[This is a Trojan Remover component]
[77 loaded modules in total]
--------------------
************************************************************
11:37:32 PM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
11:37:32 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
11:37:32 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
11:37:32 PM: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\BCG35.tmp appears to be in-use/locked
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\~DF1450.tmp appears to be in-use/locked
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\~DF1462.tmp appears to be in-use/locked
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\~DF16E1.tmp appears to be in-use/locked
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\~DF16E9.tmp appears to be in-use/locked
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\~DF645E.tmp appears to be in-use/locked
C:\DOCUME~1\ABDULA~1\LOCALS~1\Temp\~DF646E.tmp appears to be in-use/locked
************************************************************
11:37:33 PM: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
11:37:33 PM: Scanning ------ ROOT DIRECTORY ------
************************************************************
11:37:34 PM: ------ Scan for other files to remove ------
No malware-related files found to remove
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 11:37:34 PM 24 Dec 2008
Total Scan time: 00:01:32
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
12/24/2008 11:37:42 PM: restart commenced
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 10:55:01 PM 24 Dec 2008
Using Database v7239
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Abdulazziz\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Abdulazziz\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
10:55:01 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
10:55:01 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
10:55:01 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: msqpdxserv.sys
C:\WINDOWS\system32\drivers\msqpdxserv.sys
62464 bytes
Created: 12/6/2008
Modified: 12/7/2008
Company: [no info]
C:\WINDOWS\system32\drivers\msqpdxserv.sys appears to contain: BACKDOOR.TDSS
C:\WINDOWS\system32\drivers\msqpdxserv.sys - no action requested on this file
----------
----------
Rootkit Services scan stopped at user request.
The Windows Registry was not scanned.
The ShellExecuteHooks were not scanned.
Hidden Registry Entries were not scanned for.
The ScreenSaver was not checked.
The Windows Registry Active Setup keys were not scanned.
The ServiceDLLs registry keys were not scanned.
The Services registry keys were not scanned.
The VxD Entries were not scanned.
The Winlogon\Notify DLLs were not scanned.
The ContextMenuHandlers were not scanned.
The Browser Helper ******s were not scanned.
The Global Startup Group was not scanned.
The User Startup Groups were not scanned.
The Scheduled Tasks were not scanned.
The ShellIconOverylayIdentifiers were not scanned.
Running Processes were not scanned.
The Windows Services file was not checked.
The AUTOEXEC files were not checked.
The HOSTS file was not checked.
The check on Explorer.exe was not carried out.
Internet Explorer settings were not checked.
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 10:55:15 PM 24 Dec 2008
Total Scan time: 00:00:14
************************************************************

 

طيب من جديد
هل عطلت استعادة النظام
ارفع تقرير هيجاك جديد حتى نشوف الجهاز
بالنسبة للمكافح الي تستعمله مش معروف هل هو الكاسبر ولا الافيرا ولا الجي داتا ولا كلهم مع بعض :hh:مش عارف :no:
المهم اذا كنت تستعمل الافيرا وحذفته من الجهاز عملية حذفك لم تكن صحيحه لازم تستعمل اداة تنظيف بقايا الافيرا من الريجستري تجد الاداة في موضوع الاخ الجنتل في شرحه المميز للافيرا
خلنا نشوف تقرير الهيجاك اولا
عليك بفحص الجهاز من السيف مود (الوضع الامن )
وتنظيف الجهاز بواسطة اداة ال ccleaner
بانتظارك

 

وللعلم البرنامج كشف التروجان واسمه

backdoor.tdss