اعاني بطي في الجهاز عند التشغبل

[اسود الظلام]

السلام عليكم


اعاني في بطه الجهاز عند التشغل وبعدها يصير طبيعي


تقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:43 PM, on 10/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lucent\ASL-2000\dslstat.exe
C:\Program Files\Lucent\ASL-2000\dslagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Downloads\Programs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.google.ae/[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [URL]http://search.live.com/sphome.aspx[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: Shell=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\Hotspot Shield\AnchorFree\ie\AFBho.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Lucent\ASL-2000\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Lucent\ASL-2000\dslagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\salem\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: EI??? ??C ?? C??I??E - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &EI??? ??C ?? Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [URL]http://www.srtest.com/srl_bin/sysreqlab3.cab[/URL]
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://209.11.245.10/talk.cab[/URL]
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - [URL]http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab[/URL]
O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) - [URL]http://chat.f5f9.com/imscp/talka.cab[/URL]
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - [URL]http://209.11.245.10/ReadUid.CAB[/URL]
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) - [URL]http://76.76.24.80/imscp/talks3n.cab[/URL]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [URL]http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab[/URL]
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBF8B25-938C-4E97-9812-5FEB439A7720}: NameServer = 195.229.241.222 213.42.20.20
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10483 bytes

 

[BOYKA]

احذف
C:\Program Files\Search Settings\SearchSettings.exe

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

F2 - REG:system.ini: Shell=

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe

O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"

O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm

O9 - Extra button: EI??? ??C ?? C??I??E - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)

O9 - Extra 'Tools' menuitem: &EI??? ??C ?? Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

​

 

[Enter]

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[BOYKA]

وياريت من قائمة Add/ Remove Program
ان تحذف تلك البرامج ان وجدت

SearchSettings
DealioAU
AFController
Nokia PC Suite

وان كانت مهمة لك
اعد تثبيتها من جديد بعد حذفها
​

 

[اسود الظلام]

تم عمل الازم

ComboFix 08-10-18.03 - salem 2008-10-19 21:52:17.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1256.966.1033.18.624 [GMT 4:00]
Running from: C:\Documents and Settings\salem\Desktop\ComboFix.exe
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\28463
C:\WINDOWS\system32\28463\svchost.001
C:\WINDOWS\system32\28463\svchost.exe
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\MabryObj.dll
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF

(((((((((((((((((((((((((   Files Created from 2008-09-19 to 2008-10-19  )))))))))))))))))))))))))))))))
.
2008-10-30 23:38 . 2008-04-13 22:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-19 19:29 . 2008-10-19 19:29 951 --a------ C:\WINDOWS\_ISENV31.INI
2008-10-19 19:29 . 2008-10-19 19:29 545 --a------ C:\WINDOWS\_iserr31.ini
2008-10-19 18:39 . 2008-10-19 18:39 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-10-19 18:36 . 2008-10-19 18:36 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-10-19 18:36 . 2008-10-19 20:26 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-10-19 18:22 . 2008-10-19 18:32 <DIR> d-------- C:\Program Files\Windows Live
2008-10-19 18:19 . 2008-10-19 18:19 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-10-19 18:18 . 2008-10-19 18:18 <DIR> d-------- C:\Program Files\MSECACHE
2008-10-17 02:30 . 2008-10-17 02:30 <DIR> d-------- C:\vcs5core
2008-10-17 02:30 . 2008-10-17 02:30 <DIR> d-------- C:\vcs5BGEffects
2008-10-17 02:30 . 2008-10-17 02:30 <DIR> d-------- C:\AV_LOGS
2008-10-17 00:58 . 2008-10-17 00:58 <DIR> d-------- C:\Documents and Settings\salem\Application Data\Search Settings
2008-10-17 00:17 . 2008-10-17 00:17 <DIR> d-------- C:\Program Files\Search Settings
2008-10-17 00:16 . 2008-10-17 00:17 <DIR> d-------- C:\Program Files\Dealio
2008-10-17 00:16 . 2008-10-17 00:17 <DIR> d-------- C:\Documents and Settings\salem\Application Data\Dealio
2008-10-17 00:12 . 2008-06-02 14:10 1,363,968 --a------ C:\WINDOWS\system32\HDX4H263Decoder.ax
2008-10-17 00:12 . 2008-06-02 14:10 167,936 --a------ C:\WINDOWS\system32\HDX4FlashDemuxer.ax
2008-10-16 18:55 . 2008-10-16 18:55 <DIR> d-------- C:\Program Files\ONH1986
2008-10-14 16:49 . 2008-10-14 16:49 69 --a------ C:\WINDOWS\ProductKeyExplorer.INI
2008-10-14 16:47 . 2008-10-14 16:47 <DIR> d-------- C:\Program Files\Nsasoft
2008-10-12 21:14 . 2008-10-12 21:14 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-12 20:56 . 2008-10-12 20:56 <DIR> d-------- C:\Program Files\ImTOO
2008-10-12 20:09 . 2008-10-12 20:09 0 --a------ C:\WINDOWS\ams70.INI
2008-10-12 20:07 . 2008-10-12 20:07 <DIR> d-------- C:\Documents and Settings\salem\Application Data\Downloaded Installations
2008-10-11 19:57 . 2008-10-18 17:59 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-11 15:52 . 2008-10-11 19:59 <DIR> d-------- C:\Documents and Settings\salem\Application Data\Nero
2008-10-11 15:02 . 2008-10-11 15:02 4,767 --a------ C:\WINDOWS\Irremote.ini
2008-10-11 14:59 . 2008-10-11 14:59 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-11 14:35 . 2008-10-11 15:01 <DIR> d-------- C:\Program Files\Nero
2008-10-11 14:34 . 2008-10-11 15:20 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-10-11 14:34 . 2008-10-11 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-10-11 13:10 . 2008-10-11 13:10 <DIR> d-------- C:\Documents and Settings\salem\Application Data\Ahead
2008-10-11 11:42 . 2008-10-11 11:42 <DIR> d-------- C:\Program Files\TuneUp Utilities
2008-10-10 13:23 . 2008-10-10 13:23 <DIR> d-------- C:\WINDOWS\system32\RMBin
2008-10-10 13:23 . 2008-10-10 13:23 <DIR> d-------- C:\Program Files\Real_SC
2008-10-10 13:23 . 2008-10-10 13:23 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll
2008-10-10 13:23 . 2008-10-10 13:23 1,986,560 --a------ C:\WINDOWS\system32\akll.dll
2008-10-10 13:23 . 2008-10-10 13:23 1,245,184 --a------ C:\WINDOWS\system32\bkll.dll
2008-10-10 13:23 . 2008-10-10 13:23 1,212,416 --a------ C:\WINDOWS\system32\ckll.dll
2008-10-10 13:23 . 2008-10-10 13:23 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll
2008-10-10 13:23 . 2008-10-10 13:23 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll
2008-10-10 13:23 . 2003-08-07 15:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-10-10 13:23 . 2008-10-10 13:23 196,608 --a------ C:\WINDOWS\system32\maag.dll
2008-10-10 13:23 . 2008-10-10 13:23 90,112 --a------ C:\WINDOWS\system32\agsaami.dll
2008-10-10 11:59 . 2008-10-17 00:13 <DIR> d-------- C:\Documents and Settings\salem\Application Data\Ashampoo
2008-10-10 11:59 . 2008-10-10 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-10-10 11:58 . 2008-10-17 00:11 <DIR> d-------- C:\Program Files\Ashampoo
2008-10-09 19:20 . 2008-10-09 19:20 <DIR> d-------- C:\Documents and Settings\salem\Application Data\Pretty-Soft
2008-10-09 11:54 . 2008-10-09 11:54 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-10-09 06:33 . 2008-10-09 06:33 21 --a------ C:\tmtoken.tkn
2008-10-09 06:14 . 2008-10-09 06:14 79,373 --a------ C:\WINDOWS\Run32A50.mch
2008-10-09 05:56 . 2008-10-09 06:14 <DIR> d-------- C:\WINDOWS\A5W_DATA
2008-10-09 05:56 . 2008-10-09 05:56 35 --a------ C:\WINDOWS\A5W.INI
2008-10-09 05:35 . 2008-10-09 05:35 <DIR> d-------- C:\Program Files\NCC Education
2008-10-09 03:14 . 2008-10-09 03:14 <DIR> d-------- C:\Documents and Settings\salem\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-09 02:53 . 2008-10-09 02:53 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-09 02:24 . 2008-10-09 02:24 <DIR> d-------- C:\Program Files\NOS
2008-10-09 02:24 . 2008-10-11 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-09 00:37 . 2008-10-09 00:38 <DIR> d-------- C:\Documents and Settings\salem\Application Data\MessengerLog6
2008-10-08 04:53 . 2008-10-18 16:36 <DIR> d-------- C:\Documents and Settings\salem\Tracing
2008-10-08 04:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-08 04:51 . 2008-10-08 04:51 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-08 04:49 . 2008-10-08 04:49 <DIR> d-------- C:\Program Files\Microsoft
2008-10-08 04:34 . 2008-10-08 04:34 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-10-06 02:33 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-10-06 02:33 . 2008-10-06 02:33 376 --a------ C:\WINDOWS\ODBC.INI
2008-10-06 02:30 . 2008-10-06 02:32 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-10-06 02:30 . 2008-10-06 02:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-06 02:25 . 2008-10-06 02:25 <DIR> dr-h----- C:\MSOCache
2008-10-04 20:04 . 2008-10-04 21:02 <DIR> d-------- C:\Documents and Settings\salem\Application Data\Apple Computer
2008-10-04 20:02 . 2008-10-04 20:02 <DIR> d-------- C:\Program Files\Bonjour
2008-10-04 20:01 . 2008-10-04 20:02 <DIR> d-------- C:\Program Files\QuickTime
2008-10-04 20:01 . 2008-10-04 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-04 19:59 . 2008-10-04 20:01 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-04 19:59 . 2008-10-04 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-04 19:44 . 2008-10-04 20:19 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-10-04 09:09 . 2008-10-04 09:09 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-10-04 07:58 . 2008-10-04 09:12 <DIR> d-------- C:\Program Files\DAP
2008-10-04 07:58 . 2008-10-04 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-10-04 06:26 . 2008-10-04 06:26 <DIR> d-------- C:\Program Files\LtUcx
2008-10-03 11:38 . 2008-10-03 13:15 <DIR> d-------- C:\Program Files\NSS
2008-10-03 11:38 . 2006-08-29 18:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys
2008-10-03 08:42 . 2008-10-03 08:42 <DIR> d-------- C:\Program Files\Adverts
2008-10-03 08:41 . 2008-10-03 08:42 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2008-10-03 07:30 . 2008-10-03 07:30 <DIR> d-------- C:\Program Files\SweetIM
2008-10-03 07:30 . 2008-10-03 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-10-03 04:40 . 2008-10-03 04:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-10-03 04:39 . 2008-02-02 03:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-10-03 04:39 . 2008-02-02 03:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-10-02 10:00 . 2008-10-02 10:00 <DIR> d-------- C:\Program Files\IMMonitor
2008-10-02 07:07 . 2008-10-02 07:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-10-02 07:04 . 2008-10-02 07:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-02 07:04 . 2008-10-18 14:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-02 06:16 . 2008-10-02 06:16 <DIR> d-------- C:\WINDOWS\Performance
2008-10-02 06:15 . 2008-10-02 06:15 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-10-02 06:15 . 2008-10-02 06:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-09-30 07:08 . 2008-09-30 07:08 <DIR> d-------- C:\Program Files\GoldWave
2008-09-30 05:33 . 2008-09-30 05:35 <DIR> d-------- C:\Program Files\SWiSHmax
2008-09-30 05:13 . 2008-09-30 05:13 <DIR> d-------- C:\Program Files\Common Files\SWiSHzone.com
2008-09-30 05:12 . 2008-09-30 05:36 <DIR> d-------- C:\Program Files\SWiSH Max2
2008-09-29 23:13 . 2008-09-29 23:13 <DIR> d-------- C:\Documents and Settings\salem\Application Data\TuneUp Software
2008-09-29 09:10 . 2008-04-14 04:12 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-09-29 09:10 . 2001-08-18 09:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-09-29 09:10 . 2001-08-18 09:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-09-29 09:10 . 2008-04-14 04:12 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-09-29 09:10 . 2001-08-18 09:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-09-29 09:07 . 2001-08-18 09:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-09-29 09:07 . 2004-08-04 09:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-09-29 09:07 . 2001-08-17 23:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-09-29 09:07 . 2004-08-04 09:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-09-29 09:06 . 2008-04-13 22:36 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-09-29 09:05 . 2001-08-18 00:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-09-29 09:05 . 2004-08-04 09:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-09-29 09:05 . 2001-08-17 23:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-09-29 09:04 . 2001-08-18 00:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-09-29 09:04 . 2001-08-18 09:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-09-29 09:04 . 2001-08-18 09:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-09-29 09:04 . 2001-08-17 23:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-09-29 09:04 . 2004-08-04 09:29 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2008-09-29 09:04 . 2008-04-13 22:45 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-09-29 09:04 . 2004-08-04 09:29 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2008-09-29 09:04 . 2004-08-04 09:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-09-29 09:04 . 2004-08-04 09:29 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2008-09-29 09:03 . 2001-08-18 00:28 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 15:13 155,995 ----a-w C:\WINDOWS\java\Packages\QMI04W0R.ZIP
2008-09-22 05:25 40,960 ----a-w C:\WINDOWS\system32\SSubTmr6.dll
2008-09-22 04:42 319,488 ----a-w C:\WINDOWS\HideWin.exe
2008-09-21 04:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-12 10:44 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-09-08 20:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-05 12:04 287,744 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-08-29 06:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 05:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-23 23:51 16,804,864 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-09-08 05:06 1172792 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-08 1172792]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-18 1249280]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-10-04 2607616]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-21 185896]
"DSLSTATEXE"="C:\Program Files\Lucent\ASL-2000\dslstat.exe" [2006-09-07 344064]
"DSLAGENTEXE"="C:\Program Files\Lucent\ASL-2000\dslagent.exe" [2005-08-25 65536]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 135168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-26 201992]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-24 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-24 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-30 32784]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-26 24592]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-02 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-02 8320]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S4 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
.
s of the 'Scheduled Tasks' folder
2008-10-19 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\salem\Application Data\Mozilla\Firefox\Profiles\cz1fav3o.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF -: plugin - C:\Documents and Settings\salem\Application Data\Mozilla\Firefox\Profiles\cz1fav3o.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2008-10-19 21:55:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 

**************************************************************************
.
Completion time: 2008-10-19 21:59:35
ComboFix-quarantined-files.txt  2008-10-19 17:58:30
ComboFix2.txt  2008-09-29 03:46:36
Pre-Run: 3,728,375,808 bytes free
Post-Run: 3,712,573,440 bytes free
262 --- E O F --- 2008-10-18 01:19:11

للهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:14 PM, on 10/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lucent\ASL-2000\dslstat.exe
C:\Program Files\Lucent\ASL-2000\dslagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\Programs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.google.ae/[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\Hotspot Shield\AnchorFree\ie\AFBho.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Lucent\ASL-2000\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Lucent\ASL-2000\dslagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [URL]http://www.srtest.com/srl_bin/sysreqlab3.cab[/URL]
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://209.11.245.10/talk.cab[/URL]
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - [URL]http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab[/URL]
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBF8B25-938C-4E97-9812-5FEB439A7720}: NameServer = 195.229.241.222 213.42.20.20
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7212 bytes