تروجان Backdoor.win32.Agent.ndd.

[ahmednaj]

اخواني والله اعجزت من هالفيروس
انا عندي كاسبر 7 انتي فايروس
وفي تورجان
Backdoor.win32.Agent.ndd.
والمشكلة انه نازل مش على السي
بل على الدرايفرات الاخرى
D.E.F.G
وكل درايف الفايروس ماخذ اسم مختلف
بس الكاسبر اتعرف عليه مثل ما حكيتلكم
الرجاء المساعدة العاجلة
والف شكر لكم يا النشامى:f::er:

 

[ahmednaj]

وينكم اخواني

 

[MAAX]

الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم


وعذرا بنقله للقسم المناسب مع تعديل العنوان ​

 

[ahmednaj]

الله يبارك فيك اخي العزيز
هذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:14, on 9/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wudib.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MessengerLog\mlserv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\LowRateVoip\LowRateVoip.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\InterVoip.com\InterVoip\InterVoip.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HistoryKill 2008\histkill.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\Integrator.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Documents and Settings\AHMED AL NAJJAR\Desktop\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [wougup] C:\WINDOWS\system32\koovedi.exe
O4 - HKLM\..\Run: [jumycoot] C:\WINDOWS\system32\wudib.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [wougup] C:\WINDOWS\system32\koovedi.exe
O4 - HKLM\..\RunServices: [jumycoot] C:\WINDOWS\system32\wudib.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [InterVoip] "C:\Program Files\InterVoip.com\InterVoip\InterVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [HistoryKill] "C:\Program Files\HistoryKill 2008\histkill.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Cleaner.lnk = C:\Program Files\%startUP%\Prefetch.bat
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: PowerUtility TV Recording Reservation (auiog8yx6xkhw) - Unknown owner - C:\WINDOWS\system32\cuvago.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Crypkey License (iupcac5ywi2e6a7a) - Unknown owner - C:\WINDOWS\system32\cime.exe (file missing)
O23 - Service: MLServ - formessengers.com - C:\Program Files\MessengerLog\mlserv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Creative ALchemy AL1 Licensing Service (ydowoo5fe64i53) - Unknown owner - C:\WINDOWS\system32\torosisem.exe

--
End of file - 11557 bytes

 

[MAAX]

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[ahmednaj]

اخي العزيز هذا التقرير
الله يكرمك
ComboFix 08-09-10.04 - AHMED AL NAJJAR 2008-09-13 0:17:10.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.974.1033.18.184 [GMT 3:00]
Running from: C:\Documents and Settings\AHMED AL NAJJAR\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.

2008-09-12 23:31 . 2008-09-12 23:31 <DIR> d-------- C:\WINDOWS\system32\.exe
2008-09-12 13:17 . 2008-09-12 13:17 <DIR> d-------- C:\Documents and Settings\AHMED AL NAJJAR\Application Data\zweitgeist
2008-09-12 13:08 . 2008-09-13 00:23 64,512 --ah----- C:\Documents and Settings\AHMED AL NAJJAR\Application Data\dach100.dll
2008-09-12 00:19 . 2008-09-12 00:19 268 --ah----- C:\sqmdata11.sqm
2008-09-12 00:19 . 2008-09-12 00:19 244 --ah----- C:\sqmnoopt11.sqm
2008-09-12 00:19 . 2008-09-12 00:19 172 --ah----- C:\sqmnoopt12.sqm
2008-09-12 00:19 . 2008-09-12 00:19 172 --ah----- C:\sqmdata12.sqm
2008-09-11 23:35 . 2008-07-08 14:54 148,496 --a------ C:\WINDOWS\system32\drivers\76889975.sys
2008-09-11 23:34 . 2008-09-11 23:34 <DIR> d-------- C:\Program Files\Common Files\delet
2008-09-11 23:27 . 2008-09-11 23:27 <DIR> d-------- C:\Documents and Settings\AHMED AL NAJJAR\Application Data\Grisoft
2008-09-11 23:26 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-11 21:25 . 2008-09-12 00:11 <DIR> d-------- C:\!KillBox
2008-09-11 20:44 . 2008-09-11 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-09-11 20:43 . 2008-09-11 20:43 <DIR> d-------- C:\Program Files\Luxor 3
2008-09-11 19:34 . 2008-09-11 19:34 <DIR> drahs---- C:\WINDOWS\system32\wmdrtc32.dll
2008-09-11 19:34 . 2008-09-11 19:34 <DIR> drahs---- C:\WINDOWS\system32\wmdrtc32.dl_
2008-09-11 19:34 . 2008-09-11 19:34 <DIR> drahs---- C:\WINDOWS\system32\ntfsus.exe
2008-09-11 19:34 . 2008-09-11 19:34 <DIR> drahs---- C:\WINDOWS\system32\dnsq.dll
2008-09-11 19:31 . 2008-09-11 19:31 268 --ah----- C:\sqmdata10.sqm
2008-09-11 19:31 . 2008-09-11 19:31 244 --ah----- C:\sqmnoopt10.sqm
2008-09-11 19:18 . 2008-09-11 23:05 <DIR> d-------- C:\Program Files\GVR
2008-09-11 19:18 . 2007-06-12 04:04 2,267,368 --a------ C:\WINDOWS\system32\Flash9d.ocx
2008-09-11 19:14 . 2008-09-11 19:14 32 --a------ C:\WINDOWS\system32\thxcfg.ini
2008-09-11 19:12 . 2008-09-11 19:14 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-09-08 16:45 . 2008-07-18 13:25 138,240 --a------ C:\WINDOWS\system32\torosisem.exe
2008-09-07 21:35 . 2008-09-07 21:35 429,440 -ra------ C:\WINDOWS\system32\drivers\Dr71WU.sys
2008-09-01 21:25 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-09-01 21:25 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-09-01 21:25 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-09-01 21:25 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-09-01 21:25 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-09-01 21:25 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-09-01 21:25 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-09-01 21:25 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-09-01 21:25 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-09-01 21:25 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-09-01 21:23 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-09-01 21:22 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-09-01 21:21 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-01 21:20 . 2004-08-03 22:59 2,056,832 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-09-01 21:19 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-09-01 21:18 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-09-01 21:17 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-01 21:16 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-01 21:15 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-01 21:14 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-01 21:13 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-09-01 21:12 . 2004-08-03 23:20 2,180,992 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-09-01 21:12 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-08-30 10:27 . 2008-08-30 10:27 <DIR> d-------- C:\Program Files\MessengerLog
2008-08-30 10:27 . 2008-08-30 20:22 <DIR> d-------- C:\Documents and Settings\AHMED AL NAJJAR\Application Data\MessengerLog6
2008-08-30 08:43 . 2008-08-30 08:57 <DIR> d-------- C:\Program Files\AV Vcs 6.0 GOLD
2008-08-29 08:17 . 2008-02-29 16:27 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-08-29 07:33 . 2008-08-29 07:33 <DIR> d-------- C:\Program Files\ColorSoft
2008-08-25 19:04 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-25 19:04 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-25 19:03 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-25 19:03 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-23 08:01 . 2008-08-23 08:01 <DIR> d-------- C:\WINDOWS\HistoryKill
2008-08-23 08:01 . 2008-09-07 13:00 <DIR> d-------- C:\Program Files\HistoryKill 2008
2008-08-23 07:57 . 2008-08-23 12:40 <DIR> d-------- C:\Program Files\Sun
2008-08-22 10:10 . 2008-08-22 10:11 <DIR> d-------- C:\MT
2008-08-21 17:52 . 2008-08-21 17:52 <DIR> d-------- C:\Program Files\Novel Games
2008-08-21 17:30 . 2008-08-21 17:30 <DIR> d-------- C:\Program Files\Gwerdy Software
2008-08-16 10:53 . 2008-08-16 10:53 <DIR> d-------- C:\Program Files\SearchInOneStep
2008-08-16 10:53 . 2008-08-16 10:53 <DIR> d-------- C:\Program Files\Free SuDoKu
2008-08-16 09:38 . 2008-08-16 09:40 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-16 09:21 . 2008-08-16 09:21 <DIR> d-------- C:\Program Files\Passware
2008-08-16 09:00 . 2008-08-21 17:05 <DIR> d-------- C:\Documents and Settings\AHMED AL NAJJAR\Application Data\IDM
2008-08-16 08:42 . 2008-08-16 08:42 32,768 --a------ C:\WINDOWS\~DF53FD.tmp
2008-08-15 17:30 . 2008-08-15 17:30 <DIR> d-------- C:\Program Files\Nsasoft
2008-08-15 11:47 . 2008-08-15 11:47 <DIR> d-------- C:\Documents and Settings\AHMED AL NAJJAR\Application Data\XMen
2008-08-14 15:37 . 2008-08-14 15:38 4,353,075 --a------ C:\‌àنل ىëں é颥êïé.htm
2008-08-14 13:10 . 2008-08-14 13:18 <DIR> d-------- C:\Program Files\AutorunRemover
2008-08-13 22:30 . 2008-05-19 06:33 4,445,184 --a------ C:\WINDOWS\system32\msi.dll
2008-08-13 22:30 . 2008-05-19 06:33 4,445,184 --a--c--- C:\WINDOWS\system32\dllcache\msi.dll
2008-08-13 22:30 . 2008-05-19 06:33 332,800 --a------ C:\WINDOWS\system32\msihnd.dll
2008-08-13 22:30 . 2008-05-19 06:33 332,800 --a--c--- C:\WINDOWS\system32\dllcache\msihnd.dll
2008-08-13 22:30 . 2008-05-19 01:57 95,744 --a------ C:\WINDOWS\system32\msiexec.exe
2008-08-13 22:30 . 2008-05-19 01:57 95,744 --a--c--- C:\WINDOWS\system32\dllcache\msiexec.exe
2008-08-13 22:30 . 2008-05-19 06:33 18,944 --a------ C:\WINDOWS\system32\msisip.dll
2008-08-13 22:30 . 2008-05-19 06:33 18,944 --a--c--- C:\WINDOWS\system32\dllcache\msisip.dll
2008-08-13 22:30 . 2008-04-17 01:43 2,560 --a------ C:\WINDOWS\system32\msimsg.dll
2008-08-13 22:30 . 2008-04-17 01:43 2,560 --a--c--- C:\WINDOWS\system32\dllcache\msimsg.dll
2008-08-13 19:46 . 2008-08-13 19:46 268 --ah----- C:\sqmdata09.sqm
2008-08-13 19:46 . 2008-08-13 19:46 244 --ah----- C:\sqmnoopt09.sqm
2008-08-13 11:43 . 2008-07-18 13:25 138,240 --a------ C:\WINDOWS\system32\koovedi.exe
2008-08-13 10:11 . 2001-08-23 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-13 10:10 . 2001-08-23 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-13 10:09 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-13 10:08 . 2008-08-13 10:08 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-13 10:08 . 2008-08-13 10:08 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-13 10:08 . 2008-08-13 10:08 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-13 10:08 . 2008-08-13 10:08 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-13 10:08 . 2008-08-13 10:08 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-13 10:08 . 2008-08-13 10:08 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-13 10:04 . 2001-08-17 12:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-08-13 10:04 . 2001-08-17 12:13 27,165 --a--c--- C:\WINDOWS\system32\dllcache\fetnd5.sys
2008-08-13 09:59 . 2004-08-03 20:57 1,086,058 -ra------ C:\WINDOWS\SET66.tmp
2008-08-13 09:59 . 2004-08-03 21:03 1,042,903 -ra------ C:\WINDOWS\SET63.tmp
2008-08-13 09:59 . 2004-08-03 20:58 13,753 -ra------ C:\WINDOWS\SET72.tmp
2008-08-13 08:45 . 2008-08-13 08:45 <DIR> d-------- C:\Documents and Settings\All Users.WIN2
2008-08-13 08:42 . 2008-08-13 08:42 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-13 08:42 . 2008-08-13 08:42 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-08-13 08:42 . 2008-08-13 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-12 13:42 . 2008-08-12 13:42 918,045 --ah----- C:\DH Temp.tmp
2008-08-12 12:27 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-08-12 08:47 . 2008-08-13 08:45 <DIR> d-------- C:\Zyzoom_RFA_Platinum

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 21:24 22,000,416 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-12 21:23 890,400 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-12 21:22 --------- d-----w C:\Documents and Settings\AHMED AL NAJJAR\Application Data\DMCache
2008-09-12 21:21 93,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-12 21:21 309,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-12 17:34 --------- d-----w C:\Program Files\LowRateVoip
2008-09-12 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-05 18:07 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-08-26 17:21 --------- d-----w C:\Program Files\%startUP%
2008-08-23 04:56 --------- d-----w C:\Program Files\Java
2008-08-21 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-18 15:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-16 07:38 --------- d-----w C:\Program Files\Oak Systems
2008-08-13 20:39 --------- d-----w C:\Program Files\Google
2008-08-13 15:54 --------- d-----w C:\Program Files\Yahoo!
2008-08-13 05:42 --------- d-----w C:\Program Files\HP
2008-08-13 05:42 --------- d-----w C:\Program Files\Common Files\HP
2008-08-13 05:42 --------- d-----w C:\Program Files\Bug Doctor
2008-08-13 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-13 05:42 --------- d-----w C:\Documents and Settings\AHMED AL NAJJAR\Application Data\Nuotex
2008-08-10 11:02 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-08-08 22:28 --------- d-----w C:\Documents and Settings\AHMED AL NAJJAR\Application Data\HP
2008-08-08 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-08-08 18:53 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-08 18:53 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-08 18:53 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-08 18:12 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-08 18:09 81,465 ----a-w C:\WINDOWS\system32\drivers\klif.cab
2008-08-07 17:44 --------- d-----w C:\Program Files\WinImage
2008-08-02 13:36 --------- d-----w C:\Documents and Settings\AHMED AL NAJJAR\Application Data\LowRateVoip
2008-08-01 17:27 --------- d-----w C:\Program Files\UltraISO
2008-08-01 17:27 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-08-01 10:38 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-07-31 13:29 --------- d-----w C:\Program Files\Bluetooth Remote Control
2008-07-29 17:26 --------- d-----w C:\Program Files\NSS
2008-07-28 10:37 --------- d-----w C:\Program Files\PremierOpinion
2008-07-28 10:36 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-07-28 10:27 --------- d-----w C:\Program Files\aMSN
2008-07-26 17:04 --------- d-----w C:\Program Files\Nokia
2008-07-26 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-07-26 17:03 --------- d-----w C:\Program Files\Common Files\Nokia
2008-07-26 10:28 --------- d-----w C:\Program Files\DIFX
2008-07-26 10:27 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-07-26 10:15 --------- d-----w C:\Program Files\RadarSync
2008-07-26 10:06 --------- d-----w C:\Program Files\Conduit
2008-07-23 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-22 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-22 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\zyz Kaspersky Lab setup files
2008-07-19 16:40 --------- d-----w C:\Program Files\IObit
2008-07-19 13:38 --------- d-----w C:\Documents and Settings\AHMED AL NAJJAR\Application Data\cleaner
2008-07-19 12:21 --------- d-----w C:\Documents and Settings\AHMED AL NAJJAR\Application Data\CyberScrub
2008-07-19 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-19 11:29 2,508 ----a-w C:\WINDOWS\system32\tmp.reg
2008-07-18 12:59 --------- d-----w C:\Documents and Settings\AHMED AL NAJJAR\Application Data\TrojanHunter
2008-07-18 10:25 138,240 ----a-w C:\WINDOWS\system32\wudib.exe
2008-07-18 10:25 138,240 ----a-w C:\WINDOWS\system32\loquez.exe
2008-07-18 06:33 --------- d-----w C:\Program Files\Real_SC
2008-07-16 14:51 --------- d-----w C:\Documents and Settings\AHMED AL NAJJAR\Application Data\InterVoip
2008-07-14 10:49 --------- d-----w C:\Documents and Settings\AHMED AL NAJJAR\Application Data\Thinstall
2008-07-14 10:30 --------- d-----w C:\Program Files\Download Direct
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-04-18 18:00 12,840 ------w C:\Documents and Settings\AHMED AL NAJJAR\bpkch.dat
2007-05-06 00:30 36,488 ------w C:\Documents and Settings\AHMED AL NAJJAR\bpk.dat
2007-05-06 00:25 36,363 ------w C:\Documents and Settings\AHMED AL NAJJAR\web.dat
2004-09-30 22:52 71,168 ------w C:\Documents and Settings\AHMED AL NAJJAR\cr_acds70.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-22 68856]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-17 961536]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-05-08 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"LowRateVoip"="C:\Program Files\LowRateVoip\LowRateVoip.exe" [2008-01-26 8897848]
"InterVoip"="C:\Program Files\InterVoip.com\InterVoip\InterVoip.exe" [2008-09-05 9019184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-08-16 2610608]
"HistoryKill"="C:\Program Files\HistoryKill 2008\histkill.exe" [2008-04-01 333824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-01 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"wougup"="C:\WINDOWS\system32\koovedi.exe" [2008-07-18 138240]
"jumycoot"="C:\WINDOWS\system32\wudib.exe" [2008-07-18 138240]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 227856]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"wougup"="C:\WINDOWS\system32\koovedi.exe" [2008-07-18 138240]
"jumycoot"="C:\WINDOWS\system32\wudib.exe" [2008-07-18 138240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

C:\Documents and Settings\AHMED AL NAJJAR\Start Menu\Programs\Startup\
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
Cleaner.lnk - C:\Program Files\%startUP%\Prefetch.bat [2008-07-27 181]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-22 23:49 5376 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2004-04-13 17:02 49152 C:\WINDOWS\system32\LogonDll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\(Default)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="C:\Program Files\Ares\Ares.exe" -h
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\InterVoip.com\\InterVoip\\InterVoip.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 DeepFrz;DeepFrz;C:\WINDOWS\system32\drivers\DeepFrz.sys [2004-04-13 93056]
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 138780]
R1 is-V88ANdrv;is-V88ANdrv;C:\WINDOWS\system32\DRIVERS\76889975.sys [2008-07-08 148496]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 46779]
R2 MLServ;MLServ;C:\Program Files\MessengerLog\mlserv.exe [2008-08-27 139264]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
S2 auiog8yx6xkhw;PowerUtility TV Recording Reservation;C:\WINDOWS\system32\cuvago.exe [ ]
S2 iupcac5ywi2e6a7a;Crypkey License;C:\WINDOWS\system32\cime.exe [ ]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S2 ydowoo5fe64i53;Creative ALchemy AL1 Licensing Service;C:\WINDOWS\system32\torosisem.exe [2008-07-18 138240]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112]
S3 xAntiArp;xAntiArpSpoof Service;C:\WINDOWS\system32\DRIVERS\xAntiArp.sys [ ]
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\AHMED AL NAJJAR\Application Data\Mozilla\Firefox\Profiles\79td1jut.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\DivX\DivX Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
.
------- File Associations (Beta) -------
.
txtfile=C:\WINDOWS\notepad.exe %1
vbefile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
vbsfile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-13 00:23:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\LogonDll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-09-13 0:29:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 21:28:49
ComboFix2.txt 2008-09-11 16:05:55
ComboFix3.txt 2008-08-13 16:59:14
ComboFix4.txt 2008-08-13 12:39:25
ComboFix5.txt 2008-09-12 21:16:19

Pre-Run: 26,024,394,752 bytes free
Post-Run: 26,088,755,200 bytes free

376 --- E O F --- 2008-01-23 11:04:25

 

[ahmednaj]

اخواني انا منتظر الرد للمساعدة

 

[MAAX]

اخي ثبت ملف الاعدادات التالي واعمل فحص كامل لجهازك

اعدادات الكاسبر انتي فايروس ( 7 )

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح التركيب

 

[ahmednaj]

اخي العزيز اين اثبته
وما فتح هذا البرنامج
ارجو المساعدة وانا عندي كاسبر انتي فايروس 7

 

[ahmednaj]

اخواني
انا الان نزلت كاسبر 6 لانه صار عندي مشكلة في التحديث
اما بخصوص الفايروس فهو ما زال الرجاء المساعدة لضرورة

 

[MAAX]

اخي العزيز اين اثبته
وما فتح هذا البرنامج
ارجو المساعدة وانا عندي كاسبر انتي فايروس 7

اخي الشرح المفصل موجود :q:
تركبه على الكاسبر نفسه حسب الشرح