المجلدات ما تنفتح و الهايجاك ما يكمل التحليل

  • بادئ الموضوع بادئ الموضوع ALA39000
  • تاريخ البدء تاريخ البدء
  • المشاهدات 758
A

ALA39000

زيزوومى مميز
إنضم
28 يناير 2008
المشاركات
590
مستوى التفاعل
10
النقاط
530
الإقامة
الجزائر
الموقع الالكتروني
www.salemi-ala.tk
غير متصل
لما افتح مجلد يهنج الجهاز وما يكمل
ولما اجي اعمل تقرير الهايجاك يتوقف في
04-registry & START MENU AUTORUNS....
في الأعلي
ولما اضغط في اي مكان في البرنامج
تطلع رسالة اضغط علي switch to ...
--رفعتها كملف نصي لأن الرسام ما عرفت افتحه
اعتقد انها ملفات dll ناقصة
 

توقيع : ALA39000
ترتيب حسب التاريخ ترتيب حسب الأصوات
اعمل التقارير اللازمه لأقرب متابع من خلال السيف مود (الوضع الامن )

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:28 PM, on 11/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\XPPRESP3\Desktop\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - d:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Info cache - {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Kler\pbhealth.dll (file missing)
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: offersfortoday browser enhancer - {B579CA9A-E77A-F49A-9517-DB643CAC9BDF} - C:\WINDOWS\system32\iaskqilujqqlw.dll
O2 - BHO: offersfortoday - {d1032be2-054e-881d-57ad-4499356f1773} - C:\WINDOWS\system32\nsi95.dll
O3 - Toolbar: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - d:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O3 - Toolbar: ???¾???û¹¤¾??? - {0A1230F1-EB52-4CA3-9D34-DE2ABC2EED35} - C:\Program Files\zzToolBar\ToolBand.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\vd9\VHD\RDTask.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

--
End of file - 9057 bytes
 
توقيع : ALA39000
تأييد 0
اعمل التالي الان
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


وتقرير هاي جاك جديد
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
ComboFix 08-07-14.2 - S.ALA 2008-11-13 19:44:23.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1256.213.1033.18.643 [GMT 1:00]
Running from: C:\Documents and Settings\XPPRESP3\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-13 18:42 . 2008-11-13 18:42 122,880 --a------ C:\WINDOWS\system32\winlib3.dll
2008-11-13 15:53 . 2008-11-13 15:53 37,204 --a------ C:\winnt.sif
2008-11-13 14:06 . 2008-11-13 14:06 122,880 --a------ C:\WINDOWS\system32\winlib2.dll
2008-11-13 14:06 . 2008-11-13 14:06 57,270 --a------ C:\WINDOWS\RGI1.tmp
2008-11-13 12:33 . 2008-11-13 12:33 122,880 --a------ C:\WINDOWS\system32\winlib1.dll
2008-11-13 12:33 . 2008-11-13 12:33 57,270 --a------ C:\WINDOWS\RGIE.tmp
2008-11-13 00:18 . 2008-11-13 00:18 122,880 --a------ C:\WINDOWS\system32\winlib0.dll
2008-11-12 17:05 . 2008-11-12 17:05 102,172 --a------ C:\WINDOWS\system32\cont_offersfortoday-remove.exe
2008-11-12 17:05 . 2008-11-12 19:07 2,560 --a------ C:\WINDOWS\system32\gscpx32r.det
2008-11-12 17:04 . 2008-11-24 10:57 136,452 --a------ C:\WINDOWS\system32\drivers\acpidisk.sys
2008-11-12 17:04 . 2008-11-12 17:04 122,880 --a------ C:\WINDOWS\system32\winlib .dll
2008-11-12 17:04 . 2008-11-12 17:05 77,947 --a------ C:\WINDOWS\system32\xppghunyvvsmbelyj.exe
2008-11-12 17:04 . 2008-11-12 17:05 68 --a------ C:\WINDOWS\system32\d3d1caps.SRG
2008-11-12 17:04 . 2008-11-12 17:04 32 --a------ C:\WINDOWS\system32\mprmsgse.axz
2008-11-12 17:04 . 2008-11-12 17:04 32 --a------ C:\WINDOWS\system32\gprmsgse.axz
2008-11-12 17:02 . 2008-11-12 17:17 <DIR> d-------- C:\WINDOWS\Kler
2008-11-12 17:02 . 2008-11-12 17:18 <DIR> d-------- C:\Program Files\zzToolBar
2008-11-12 12:53 . 2008-11-12 12:53 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Pointstone
2008-11-12 12:50 . 2008-11-13 04:10 <DIR> d-------- C:\Program Files\Common Files\Pointstone
2008-11-12 03:26 . 2006-10-21 16:42 1,138,688 --a------ C:\WINDOWS\system32\SRESTART.EXE
2008-11-12 03:26 . 2006-11-24 02:32 175,932 --a------ C:\WINDOWS\system32\SRESTART.bmp
2008-11-12 03:26 . 2006-11-24 03:03 101,307 --a------ C:\WINDOWS\system32\z010.com
2008-11-12 03:26 . 2004-08-03 07:42 10,646 --a------ C:\WINDOWS\system32\CLICK.WAV
2008-11-12 03:26 . 2004-08-03 07:42 5,192 --a------ C:\WINDOWS\system32\HOVER.WAV
2008-11-12 03:26 . 2006-11-24 02:43 2,584 --a------ C:\WINDOWS\system32\SRE.EXTENSION.VIRUSSCAN.XMl
2008-11-12 03:26 . 2006-11-24 02:33 1,955 --a------ C:\WINDOWS\system32\SRE.EXTENSION.EXIT.XMl
2008-11-12 03:26 . 2004-08-03 07:42 575 --a------ C:\WINDOWS\system32\SRESTART.XML
2008-11-12 03:26 . 2006-11-24 03:03 480 --a------ C:\WINDOWS\system32\z010.cmd
2008-11-12 03:26 . 2006-11-24 02:47 446 --a------ C:\WINDOWS\system32\z010.reg
2008-11-12 02:47 . 2004-08-04 17:00 66,082 --a------ C:\WINDOWS\system32\c_20420.nls
2008-11-11 12:55 . 2008-11-11 12:55 352,256 --a------ C:\WINDOWS\system32\IJL15.dll
2008-11-11 12:54 . 2008-11-11 14:24 65 --a------ C:\WINDOWS\poolemup.ini
2008-11-11 12:26 . 2008-11-11 12:27 <DIR> d-------- C:\Program Files\Opera
2008-11-10 16:42 . 2008-11-12 19:18 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-11-10 15:24 . 2008-11-10 15:27 <DIR> d-------- C:\Documents and Settings\XPPRESP3\vw
2008-11-10 15:24 . 2008-11-10 15:24 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Visual IP Trace
2008-11-10 15:18 . 2008-11-10 15:18 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-11-10 14:13 . 2008-11-10 14:13 <DIR> d-------- C:\Program Files\Hair Pro 2006 Light
2008-11-10 02:58 . 2008-11-10 02:58 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Simple Star
2008-11-10 02:58 . 2004-11-17 22:24 421,888 --a------ C:\WINDOWS\Nero PhotoShow.scr
2008-11-10 02:54 . 2008-11-10 02:54 <DIR> d-------- C:\WINDOWS\InCD
2008-11-10 02:54 . 2008-11-10 02:54 <DIR> d-------- C:\Program Files\Ahead
2008-11-10 02:54 . 2006-01-12 13:51 3,051,520 --------- C:\WINDOWS\UNMRW.exe
2008-11-10 02:54 . 2006-01-17 10:09 102,016 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2008-11-10 02:54 . 2006-01-19 14:09 55,757 --------- C:\WINDOWS\UNMRW.cfg
2008-11-10 02:54 . 2006-01-17 10:09 32,640 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2008-11-10 02:54 . 2006-01-17 10:09 29,440 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2008-11-10 02:54 . 2006-01-16 17:41 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2008-11-10 02:53 . 2005-07-12 18:06 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2008-11-10 02:53 . 2006-01-19 14:09 154,568 --------- C:\WINDOWS\UNNeroVision.cfg
2008-11-10 02:52 . 2008-11-10 02:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-11-10 02:52 . 2004-11-17 22:29 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-11-10 02:51 . 2008-11-10 02:51 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-11-10 02:49 . 2008-11-10 02:55 <DIR> d-------- C:\Program Files\nero
2008-11-10 02:49 . 2008-11-10 02:49 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-11-10 02:49 . 2004-11-17 22:29 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2008-11-10 02:49 . 2004-11-17 22:29 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2008-11-10 02:49 . 2004-11-17 22:29 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2008-11-10 02:49 . 2004-11-17 22:29 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-11-10 02:49 . 2004-11-17 22:29 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2008-11-10 02:49 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-11-10 02:49 . 2004-11-17 22:29 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-11-10 02:45 . 2008-11-10 02:45 <DIR> d-------- C:\HXCD-ROM
2008-11-10 02:45 . 2008-11-10 02:45 157 --a------ C:\CONFIG.BAK
2008-11-10 02:45 . 2008-11-10 02:45 120 --a------ C:\AUTOEXEC.BAK
2008-11-09 19:42 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-11-09 19:41 . 2008-11-09 19:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-11-07 02:54 . 2008-11-07 02:54 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-11-04 21:29 . 2008-10-03 18:41 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-11-04 21:29 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-11-04 21:29 . 2007-03-08 06:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-11-04 21:29 . 2008-08-26 08:24 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-11-04 21:29 . 2008-08-26 08:24 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-11-04 21:29 . 2008-08-26 08:24 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-11-04 21:29 . 2008-08-26 08:24 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-11-04 21:29 . 2008-08-26 08:24 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-11-04 21:29 . 2008-08-25 09:38 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-11-04 20:50 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-11-03 12:13 . 2008-11-03 12:13 <DIR> d-------- C:\Program Files\MainConcept
2008-11-03 12:13 . 2008-11-03 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Technisat
2008-11-03 12:13 . 2008-11-03 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CMUV
2008-11-03 03:06 . 2008-11-03 12:13 <DIR> d-------- C:\Program Files\TechniSat DVB
2008-11-03 00:49 . 2008-07-16 22:35 9,728 --a------ C:\WINDOWS\system32\RtNicProp32.dll
2008-11-02 21:49 . 2008-11-02 21:49 <DIR> dr-h----- C:\Documents and Settings\XPPRESP3\Application Data\SecuROM
2008-11-02 21:49 . 2008-11-02 21:49 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-11-02 21:15 . 2008-11-02 21:15 <DIR> d-------- C:\Documents and Settings\XPPRESP3\INFUpdate
2008-11-02 18:15 . 2008-11-02 18:15 <DIR> d-------- C:\WINDOWS\system32\Codec
2008-11-02 18:15 . 2008-11-02 18:15 <DIR> d-------- C:\Video Center
2008-11-02 18:15 . 2008-11-02 18:15 <DIR> d-------- C:\Program Files\vPlug Files Center
2008-11-02 18:15 . 2008-11-02 18:15 <DIR> d-------- C:\Offline Download
2008-11-02 18:09 . 2008-11-02 18:30 <DIR> d-------- C:\Program Files\DVB-S PowerInstall
2008-11-02 18:09 . 2008-11-02 18:30 <DIR> d-------- C:\Program Files\Common Files\Elecard
2008-11-01 15:57 . 2008-11-01 15:57 <DIR> d-------- C:\Program Files\Common Files\stardock
2008-11-01 15:57 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-11-01 15:56 . 2008-11-01 15:56 <DIR> d-------- C:\Program Files\Stardock
2008-11-01 15:33 . 2008-11-01 15:34 <DIR> d-------- C:\Program Files\RocketDock
2008-11-01 13:18 . 2008-11-13 16:15 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-11-01 09:41 . 2008-11-01 09:41 178,176 --a------ C:\WINDOWS\system32\iaskqilujqqlw.dll
2008-10-31 19:05 . 2008-10-31 19:05 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\KALiNKOsoft
2008-10-31 19:02 . 1998-06-24 02:00 164,144 --a------ C:\WINDOWS\system32\comct232.ocx
2008-10-31 19:02 . 2008-11-01 02:07 119,296 --a------ C:\WINDOWS\system32\zlib.dll
2008-10-31 19:02 . 2000-12-06 03:00 109,248 --a------ C:\WINDOWS\system32\mswinsck.ocx
2008-10-31 19:02 . 2008-01-13 17:36 91,632 --a------ C:\WINDOWS\system32\dsofile.dll
2008-10-31 19:02 . 2007-04-04 19:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-31 19:02 . 1999-05-17 14:55 57,344 --------- C:\WINDOWS\system32\ADsSecurity.dll
2008-10-31 19:02 . 2002-08-09 12:18 45,056 --------- C:\WINDOWS\system32\NTSVC.ocx
2008-10-31 19:02 . 2003-01-26 14:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-10-31 19:02 . 2008-01-13 20:59 36,864 --a------ C:\WINDOWS\system32\dxinputdll.dll
2008-10-30 15:39 . 2008-10-30 15:39 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-10-30 11:46 . 2008-10-30 11:46 230 --a------ C:\WINDOWS\Mgr.INI
2008-10-30 02:57 . 2008-10-30 02:57 <DIR> d-------- C:\Program Files\ElcomSoft
2008-10-28 21:42 . 2008-10-28 21:42 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\vlc
2008-10-28 19:11 . 2008-10-28 19:11 220 --ahs---- C:\WINDOWS\system32\9CA963CA.cfg
2008-10-28 18:52 . 2008-10-28 18:53 <DIR> d-------- C:\Program Files\Common Files\fwc
2008-10-28 18:52 . 2008-07-10 20:01 10,240 --a------ C:\WINDOWS\system32\drivers\VCAM50.sys
2008-10-27 21:10 . 2008-10-27 21:10 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\FarStone
2008-10-27 20:47 . 2008-11-10 15:16 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-27 20:45 . 2008-10-27 20:45 <DIR> d-------- C:\Program Files\Real
2008-10-27 19:41 . 2008-10-27 19:41 <DIR> d-------- C:\Program Files\7-Zip
2008-10-27 13:38 . 2008-11-03 00:39 <DIR> d-------- C:\WINDOWS\system32\HWC HD
2008-10-27 13:38 . 2007-07-17 18:07 10,371,072 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys
2008-10-27 13:38 . 2006-08-01 12:31 3,600,384 --a------ C:\WINDOWS\ffmpeg.exe
2008-10-27 13:38 . 2007-08-06 15:29 94,720 --a------ C:\WINDOWS\system32\drivers\camfilt2.sys
2008-10-27 13:38 . 2007-04-20 16:26 57,344 --a------ C:\WINDOWS\system32\vsnpstd3.dll
2008-10-27 13:38 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnpstd3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 18:43 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\TeraCopy
2008-11-13 18:18 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Orbit
2008-11-13 16:05 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Skype
2008-11-13 15:00 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\skypePM
2008-11-13 11:18 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\DMCache
2008-11-12 21:34 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Vista Start Menu
2008-11-12 20:36 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\BitTorrent
2008-11-12 11:53 --------- d-----w C:\Program Files\win32pad_1_5_10
2008-11-12 11:53 --------- d-----w C:\Program Files\MSN Messenger
2008-11-12 11:53 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\uTorrent
2008-11-12 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-10 01:59 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Ahead
2008-11-06 17:00 --------- d-----w C:\Documents and Settings\Guest\Application Data\Orbit
2008-11-03 11:13 --------- d-----w C:\Program Files\DVBViewerTE
2008-11-03 02:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-02 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-10-26 11:13 --------- d-----w C:\Program Files\Google
2008-10-25 13:41 --------- d-----w C:\Program Files\Vista Start Menu
2008-10-25 09:07 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\nView_Wallpaper
2008-10-24 10:07 --------- d-----w C:\Program Files\Mobiola Web Camera for S60
2008-10-08 19:05 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-10-08 14:50 364,544 ----a-w C:\WINDOWS\system32\nsi95.dll
2008-10-08 09:36 --------- d-----w C:\Program Files\Debugging Tools for Windows
2008-10-07 21:29 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\DAEMON Tools Pro
2008-10-07 21:15 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-10-07 20:39 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\FarStone
2008-10-07 19:55 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-07 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-10-07 11:50 --------- d-----w C:\Program Files\Realtek
2008-09-25 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-22 01:18 --------- d-----w C:\Program Files\Ayman_Agour
2008-09-21 19:19 --------- d-----w C:\Program Files\Upgrade
2008-09-21 19:18 286,720 ----a-w C:\WINDOWS\Setup1.exe
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-09-13 18:50 114,688 ----a-w C:\WINDOWS\system32\wmatimer.dll
2008-09-13 01:16 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Xfire
2008-09-13 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-08-30 11:45 3,764 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-28 13:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-27 12:54 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:37 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-23 00:48 341 ----a-w C:\RestoreBackup.bat
2008-08-21 14:07 16,299,862 ------w C:\Persi0.sys
2008-08-20 14:45 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

------- Sigcheck -------

2004-08-04 15:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

2004-08-04 15:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2004-08-04 15:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

2004-08-04 15:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 15:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2004-08-04 15:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe

2004-08-04 15:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

2004-08-04 15:00 30208 de8fa9cf18f95341079c7e6a215c226a C:\WINDOWS\system32\ctfmon.exe
2004-08-04 15:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
2008-06-24 22:17 1569304 --a------ C:\Program Files\zyzoom\tbzyzo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{B579CA9A-E77A-F49A-9517-DB643CAC9BDF}]
2008-11-01 09:41 178176 --a------ C:\WINDOWS\system32\iaskqilujqqlw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper s\{d1032be2-054e-881d-57ad-4499356f1773}]
2008-10-08 15:50 364544 --a------ C:\WINDOWS\system32\nsi95.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3aaa6ede-0f45-43da-8b81-608a1d8108a2}"= "C:\Program Files\zyzoom\tbzyzo.dll" [2008-06-24 22:17 1569304]

[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3AAA6EDE-0F45-43DA-8B81-608A1D8108A2}"= "C:\Program Files\zyzoom\tbzyzo.dll" [2008-06-24 22:17 1569304]

[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="D:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008]
"RAMDrive"="C:\Program Files\vd9\VHD\RDTask.exe" [2004-09-14 15:24 36864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 30208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - D:\Program Files\Orbitdownloader\orbitdm.exe [2008-10-05 03:02:38 1690824]
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-11-03 12:13:20 338448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,userinit.exe"
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2008-06-17 12:09 65536 C:\WINDOWS\system32\LogonDll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Server4PC.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Server4PC.lnk
backup=C:\WINDOWS\pss\Server4PC.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]
--a------ 2007-08-10 14:38 81920 C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 d:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2008-08-01 18:41 5480448 D:\Program Files\emule0.49\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-09 01:22 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a------ 2008-09-07 15:31 133104 C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-08-23 11:32 2606512 D:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-17 06:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-02-17 06:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-05-27 20:58 4269296 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-19 12:26 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oklocxpecuhshxvhb]
--a------ 2008-11-01 09:41 178176 C:\WINDOWS\system32\iaskqilujqqlw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2005-02-26 01:28 212992 C:\PROGRA~1\nero\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMDrive]
--a------ 2004-09-14 15:24 36864 C:\Program Files\vd9\Vhd\RDTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 D:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
--a------ 2006-02-04 19:16 62464 C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus]
--a------ 2008-09-23 16:21 798720 d:\Program Files\USB Disk Security\USBGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
--a------ 2004-09-30 16:41 139264 C:\Program Files\vd9\VDP\vdtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-04-08 11:08 2046464 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDOWS]
--a------ 2008-04-14 14:54 147456 C:\WINDOWS\system32\WIND0WS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 16:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-19 12:26 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-19 12:26 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2005-11-10 09:14 15473664 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Program Files\\uTorrent\\utorrent.exe"=
"D:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"D:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"D:\\Program Files\\- Emule 0.48A Pro -Ultra2 - 2007 Ok\\emule 0.48a pro -ultra2\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\GRAW\\GRAW.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Program Files\\Wyzo\\wyzo.exe"=
"C:\\Program Files\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"H:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"D:\\Program Files\\emule0.49\\emule.exe"=
"C:\\Program Files\\DVBViewerTE\\ts_winlirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4495:TCP"= 4495:TCP:AKRAM

R0 DeepFrz;DeepFrz;C:\WINDOWS\system32\drivers\DeepFrz.sys [2008-06-17 12:10]
R3 fvdscsi;fvdscsi;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 04:37]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-06-09 15:57]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 20:58]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
S1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 07:10]
S1 tvtool;tvtool;D:\Program Files\TVTool\tvtool.sys [1996-04-03 19:33]
S2 acpidisk;acpidisk;C:\WINDOWS\system32\drivers\acpidisk.sys [2008-11-24 10:57]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 17:45]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 15:29]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-09 01:22]
S3 maconfservice;Ma-Config Service;D:\Program Files\ma-config.com\maconfservice.exe [2008-10-28 10:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82544576-7073-11dd-9555-00147f2ba1b7}]
\Shell\Auto\command - GH0ST.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GH0ST.exe

.
s of the 'Scheduled Tasks' folder
"2008-11-12 21:27:54 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job"
- C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
"2008-11-13 18:09:27 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-11-11 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{285AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Kler\pbhealth.dll
ShellExecuteHooks-{9CA963CA-107C-4089-B0AB-31380F90D7E3} - 9CA963CA.dll
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\BitTorrent.exe
MSConfigStartUp-protect_autorun - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\ir_ext_temp_0\AutoPlay\Docs\CPE17AntiAutoruna.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-11-13 19:44:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\SYSTEM32\winlogon.exe
-> C:\WINDOWS\SYSTEM32\LogonDll.dll
.
Completion time: 2008-11-13 19:46:04
ComboFix-quarantined-files.txt 2008-11-13 18:46:02
ComboFix2.txt 2008-08-31 21:16:30

Pre-Run: 4,334,371,840 bytes free
Post-Run: 4,441,413,120 bytes free

391 --- E O F --- 2008-09-03 11:07:03
 
توقيع : ALA39000
تأييد 0
الله يسترك كله تمام
التقررير الأول كان في السايف مود ممكن تشوف هالتقرير الوضع تمام بس حبيت اتاكد


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:18 PM, on 11/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\vd9\VHD\RDTask.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
D:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\The KMPlayer\KMPlayer.exe
C:\Documents and Settings\XPPRESP3\Desktop\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - d:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: offersfortoday browser enhancer - {B579CA9A-E77A-F49A-9517-DB643CAC9BDF} - C:\WINDOWS\system32\iaskqilujqqlw.dll
O2 - BHO: offersfortoday - {d1032be2-054e-881d-57ad-4499356f1773} - C:\WINDOWS\system32\nsi95.dll
O3 - Toolbar: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyzo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - d:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\vd9\VHD\RDTask.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9463 bytes
 
توقيع : ALA39000
تأييد 0
عليك بهذي القيم

O2 - BHO: offersfortoday browser enhancer - {B579CA9A-E77A-F49A-9517-DB643CAC9BDF} - C:\WINDOWS\system32\iaskqilujqqlw.dll


O2 - BHO: offersfortoday - {d1032be2-054e-881d-57ad-4499356f1773} - C:\WINDOWS\system32\nsi95.dll


حددها واعمل لها Fix

واذا عندك مكافح فايروسات معتمد ,, انصحك انك تعمل سكان للجهاز كامل

والله الموفق
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
شكرا الله يبارك لنا فيك ويسلمك

مشكككككككككككككككككككككككككككككككووووووووووووووووووووووووووووووووووووووررررررررررررررررررررررر
 
توقيع : ALA39000
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى