شباب عندي مشكله و اتوقع انه فايروس

SM 1 · 9 أبريل 2009

السلام عليكم و رحمه الله و بركاته

كيف الحال ان شاء الله بخير

شباب عندي مشكله و جت بعدها مشاكل واجد و اتوقع انه فايروس

لمن افتح المتصفح و اتصفح اي موقع تطلع لي صفاحات اعلانات و بعد فتره تطلع صفحات اكثر و اكثر

بعد فتره صار النت عندي يفصل يجلس خمس دقايق و احيانا ثلاث دقايق و احيانا ما يمديني احدث الصفحه الا انقطع النت هذا فديو صورته للصفحات اللي تفتح لي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

و هذي نتيجة الهاي جاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:24, on 08/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\1.2.0.160\NPIEAddOn.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live Messenger Khalid Edition v5.5 Arabic\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Extra PC\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O20 - AppInit_DLLs: ??????P,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 10929 bytes

بإنتظاركم حبايبي

Demo-dash · 9 أبريل 2009

المعذره بنقل الموضوع الى القسم الانسب اخي الكريم .. بالتوفيق

Demo-dash · 9 أبريل 2009

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

SM 1 · 9 أبريل 2009

اولا مشكور اخوي على النقل

و اصلا انا استغربت كيف دخلت انا ذاك القسم

بس ما قصرت الله يجزاك خير

بالنسبه للبرنامج عملت اللي قلت لي عليه و الى الان تطلع لي الاعلانات و هذا تقرير البرنامج

ComboFix 09-04-04.01 - Extra PC 01/08/2009 21:24:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.2046.1213 [GMT 3:00]
Running from: c:\documents and settings\Extra PC\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Extra PC\Application Data\.#
c:\documents and settings\Extra PC\Application Data\.#\MBX@79C@3E39D0.###
c:\documents and settings\Extra PC\Application Data\.#\MBX@79C@3E39E0.###
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\_inimac
c:\program files\Internet Explorer\MainCode.api
c:\program files\Microsoft Office\SYSTEM\sysbar.exe
c:\windows\admintxt.txt
c:\windows\Fonts\6e6EUdxVeWUYJynN.ttf
c:\windows\Fonts\bEtc8bhrp6SQmPrn.ttf
c:\windows\Fonts\bKkCsU7Z6YntjH4G.ttf
c:\windows\Fonts\cD9KArZZUHxCqnyM.ttf
c:\windows\Fonts\d2MP6z9zUaFDsyqu.ttf
c:\windows\Fonts\dsdwAXRRUntk7EwY.ttf
c:\windows\Fonts\du3Q2JXbHYGxcSAe.ttf
c:\windows\Fonts\eCgMhGRkPUcdutd0.ttf
c:\windows\Fonts\G49AhKxDmsj6uxnu.ttf
c:\windows\Fonts\KXBqRpa2mrNPeXKb.ttf
c:\windows\Fonts\MhaUKGazkr3fZZKp.ttf
c:\windows\Fonts\PACNkAWTwg4Cyb3e.ttf
c:\windows\Fonts\pDuuqr4BgFn65AeW.ttf
c:\windows\Fonts\PrZWDcWgjaE3SQyr.ttf
c:\windows\Fonts\S8a8cnEuaydPJGg8.ttf
c:\windows\Fonts\ubZJmeB3bJjsGEbf.ttf
c:\windows\Fonts\xmAs4SNxpTUjdpJ5.ttf
c:\windows\Fonts\yKY54UdeQT3pEaq2.ttf
c:\windows\Fonts\YywxhF7TSnkktrJw.ttf
c:\windows\system32\28463
c:\windows\system32\28463\Thumbs.db
c:\windows\system32\28463\WYPD.001
c:\windows\system32\28463\WYPD.002
c:\windows\system32\A1A6BC2E.cfg
c:\windows\system32\appwinproc.dll
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\drivers\pcidump.sys
c:\windows\system32\mprmsgse.axz
C:\xxxxxxx.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32

((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 02:41 --------- d-----w c:\documents and settings\Extra PC\Application Data\Microsoft Games
2009-03-26 02:02 --------- d-----w c:\program files\7-Zip
2009-03-25 16:28 --------- d-----w c:\program files\DAP
2009-03-25 16:15 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-25 16:15 --------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-03-25 13:30 --------- d-----w c:\program files\Fake Webcam XP
2009-03-25 13:30 --------- d-----w c:\program files\Common Files\fwc
2009-03-25 12:32 --------- d-----w c:\program files\EatCam
2009-03-21 04:28 --------- d-----w c:\program files\PremiumSoft
2009-03-21 01:36 --------- d-----w c:\program files\MySQL
2009-03-21 01:36 --------- d-----w c:\documents and settings\All Users\Application Data\MySQL
2009-03-15 07:42 --------- d-----w c:\program files\Folder Lock
2009-03-14 14:57 --------- d-----w c:\program files\TechSmith
2009-03-14 14:57 --------- d-----w c:\program files\Common Files\TechSmith Shared
2009-03-09 23:37 --------- d-----w c:\program files\PFConfig
2009-02-28 10:18 --------- d-----w c:\program files\Paltalk Messenger
2009-02-26 13:50 --------- d-----w c:\program files\City Interactive
2009-02-26 13:48 --------- d-----w c:\program files\GrandBilliards
2009-02-25 04:01 --------- d-----w c:\documents and settings\Extra PC\Application Data\IGN_DLM
2009-02-24 20:25 --------- d-----w c:\program files\Counter-Strike
2009-02-24 05:34 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-24 05:34 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-24 05:34 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-17 16:49 --------- d-----w c:\program files\PowerISO
2009-02-15 17:58 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-15 17:57 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-15 17:57 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-02-13 08:31 55,640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-02-01 20:58 --------- d-----w c:\program files\Internet Download Manager
2009-02-01 20:58 --------- d-----w c:\program files\BT Engine
2009-02-01 20:57 --------- d-----w c:\documents and settings\Extra PC\Application Data\USBSafelyRemove
2009-02-01 20:57 --------- d-----w c:\documents and settings\Extra PC\Application Data\Pointstone
2009-02-01 20:57 --------- d-----w c:\documents and settings\Extra PC\Application Data\DNA
2009-02-01 20:43 --------- d-----w c:\documents and settings\Extra PC\Application Data\OtakuSoftware
2009-02-01 20:42 --------- d-----w c:\documents and settings\Extra PC\Application Data\Temporary Preview Files
2009-02-01 20:42 --------- d-----w c:\documents and settings\Extra PC\Application Data\Axialis
2009-01-28 22:56 --------- d-----w c:\documents and settings\Extra PC\Application Data\PC Suite
2009-01-28 13:00 --------- d-----w c:\program files\TeamViewer
2009-01-28 13:00 --------- d-----w c:\documents and settings\Extra PC\Application Data\TeamViewer
2009-01-28 12:43 --------- d-----w c:\program files\sXe Injected
2009-01-28 12:15 --------- d-----w c:\program files\silkroad1
2009-01-28 12:15 --------- d-----w c:\program files\LtUcx
2009-01-28 12:15 --------- d-----w c:\program files\Hotspot Shield
2009-01-28 12:15 --------- d-----w c:\program files\ECSRO
2009-01-28 11:00 --------- d-----w c:\program files\Gears of War
2009-01-28 09:19 --------- d-----w c:\documents and settings\Extra PC\Application Data\Avira
2009-01-28 08:59 --------- d-----w c:\program files\Jap
2009-01-28 08:38 --------- d-----w c:\program files\Avira
2009-01-28 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-01-27 23:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-01-27 23:07 0 ----a-w C:\osy3.sys
2009-01-27 22:41 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Search Settings
2009-01-27 22:41 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Dealio
2009-01-26 05:21 --------- d-----w c:\documents and settings\Extra PC\Application Data\Hide IP NG
2009-01-26 05:20 --------- d-----w c:\program files\GreenBrowser
2009-01-08 18:31 983,072 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-08 18:31 8,632 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-08 18:31 16,608 ----a-w c:\windows\gdrv.sys
2009-01-08 18:31 --------- d-----w c:\program files\Steam
2009-01-08 18:31 --------- d-----w c:\documents and settings\Extra PC\Application Data\DMCache
2009-01-08 18:29 51,832 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-08 18:29 5,691,424 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-08 17:50 --------- d-----w c:\program files\Trend Micro
2009-01-08 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-08 16:14 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-08 14:01 --------- d-----w c:\program files\SplitCam
2009-01-08 14:01 --------- d-----w c:\program files\Microsoft Games
2009-01-08 14:00 --------- d-----w c:\program files\Cheat Engine
2009-01-07 22:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 22:10 --------- d-----w c:\program files\Outspark
2009-01-05 17:44 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-01-02 09:15 --------- d-----w c:\program files\EA GAMES
2008-12-13 01:12 --------- d-----w c:\program files\Internet Saving Optimizer
2008-12-09 19:15 --------- d-----w c:\program files\HyCam2
2008-12-09 17:29 --------- d-----w c:\program files\Ontrack
2008-12-05 21:26 --------- d-----w c:\program files\VirtualCamera
2008-12-05 21:16 --------- d-----w c:\documents and settings\Extra PC\Application Data\IDM
2008-12-05 04:59 --------- dc-h--w c:\documents and settings\All Users\Application Data\{3BC09CD6-FAC6-4518-9623-54480BBCD96B}
2008-12-04 23:53 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-04 05:27 --------- d-----w c:\program files\GetData
2008-12-02 22:17 --------- d-----w c:\program files\AV VCS 3.0
2008-12-01 22:43 --------- d-----w c:\documents and settings\Extra PC\Application Data\Paltalk
2008-12-01 22:40 --------- d-----w c:\program files\Luminositi
2008-12-01 18:46 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 06:13 --------- dc-h--w c:\documents and settings\All Users\Application Data\{5F2CE881-C7A5-4F1A-A1C0-A5BFC9A36913}
2008-12-01 06:13 --------- d-----w c:\program files\System Search Dispatcher
2008-12-01 06:13 --------- d-----w c:\program files\Network Optimizer
2008-12-01 06:13 --------- d-----w c:\program files\DoubleD
2008-12-01 04:59 --------- d-----w c:\documents and settings\Extra PC\Application Data\Sports Interactive
2008-12-01 04:59 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-12-01 00:09 --------- d-----w c:\documents and settings\Extra PC\Application Data\Leadertech
2008-12-01 00:04 --------- d-----w c:\program files\EA Sports
2008-11-30 14:50 --------- d-----w c:\program files\Rockstar Games
2008-11-30 01:01 --------- d-----w c:\program files\MTA San Andreas
2008-11-22 10:40 --------- d-----w c:\documents and settings\Extra PC\Application Data\Skype
2008-11-22 09:23 --------- d-----w c:\documents and settings\Extra PC\Application Data\skypePM
2008-11-20 02:44 --------- d-----w c:\program files\Common Files\xing shared
2008-11-20 02:44 --------- d-----w c:\program files\Common Files\Real
2008-11-19 19:04 --------- d-----w c:\program files\DivX
2008-11-19 08:29 --------- d-----w c:\program files\Free FLV Converter
.

------- Sigcheck -------

04/14/2008 09:29 PM 1403904 79457cbe3739785824f13e11e8ba1e95 c:\windows\explorer.exe
08/04/2004 12:56 AM 1029632 932f97b77f2625f7ff7dfc97552548f8 c:\windows\$NtServicePackUninstall$\explorer.exe
04/14/2008 09:29 PM 1403904 79457cbe3739785824f13e11e8ba1e95 c:\windows\ServicePackFiles\i386\explorer.exe
04/14/2008 09:29 PM 1031168 ca3445dce9eb70a2ca2504e0af5c543f c:\windows\VIPv3\backup\explorer.exe
04/14/2008 09:29 PM 1403904 79457cbe3739785824f13e11e8ba1e95 c:\windows\VIPv3\resources\explorer.exe

08/04/2004 12:56 AM 110592 db229dfb518b42754a510c5e101fa70f c:\windows\$NtServicePackUninstall$\wuauclt.exe
07/18/2008 10:10 PM 80584 fdebe76dcbb058296c27f72daa6dc9ef c:\windows\ServicePackFiles\i386\wuauclt.exe
07/18/2008 10:10 PM 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\SoftwareDistribution\WebSetup\wuauclt.exe
07/18/2008 10:10 PM 80584 fdebe76dcbb058296c27f72daa6dc9ef c:\windows\system32\wuauclt.exe
07/18/2008 10:10 PM 80584 fdebe76dcbb058296c27f72daa6dc9ef c:\windows\system32\dllcache\wuauclt.exe
07/18/2008 10:10 PM 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\VIPv3\backup\wuauclt.exe
07/18/2008 10:10 PM 80584 fdebe76dcbb058296c27f72daa6dc9ef c:\windows\VIPv3\resources\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live Messenger Khalid Edition v5.5 Arabic\MsnMsgr.Exe" [03/02/2008 09:14 PM 5725208]
"Steam"="c:\program files\steam\steam.exe" [12/06/2008 12:40 PM 1410296]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/08/2008 02:25 AM 2573744]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [08/11/2008 08:31 AM 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [05/16/2008 09:31 PM 13529088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/20/2008 05:44 AM 185896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [02/24/2009 08:34 AM 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.sccd"= c:\progra~1\LUMINO~1\SoftCam1.5\Driver\SCCodec.dll
"MSVideo7"= c:\progra~1\LUMINO~1\SoftCam1.5\Driver\SCVid32.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Extra PC^قائمة ابدأ^البرامج^بدء التشغيل^Registration Assassin's Creed.LNK]
backup=c:\windows\pss\Registration Assassin's Creed.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Extra PC^قائمة ابدأ^البرامج^بدء التشغيل^Yahoo! Widgets.lnk]
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
= [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Safely Remove

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 10/15/2008 01:04 AM 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 03/20/2008 07:39 PM 216520 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
--a------ 05/26/2008 07:50 PM 595296 c:\program files\Dealio\DealioAU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 08/04/2008 06:04 PM 226816 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 04/14/2008 09:29 PM 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskSpace]
--a------ 09/18/2007 08:15 AM 1066496 d:\الهاردسك\[ M ]\Sniper Art of Victory\Portable\DeskSpace v1.5.1\deskspace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWPersistentQueuedReporting]
--a------ 04/25/2005 01:45 PM 36040 c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 12/10/2006 09:52 PM 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 10/08/2008 02:25 AM 2573744 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 09/19/2008 05:34 PM 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/14/2008 09:30 PM 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 06/17/2008 04:00 PM 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 05/16/2008 09:31 PM 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 05/16/2008 09:31 PM 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 08/11/2008 08:31 AM 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 06/16/2008 11:52 AM 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
--a------ 06/12/2008 04:57 PM 991584 c:\program files\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 08/12/2008 06:19 PM 21741864 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 12/06/2008 12:40 PM 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]
--a------ 09/16/2008 09:01 AM 1208320 c:\program files\sXe Injected\sXe Injected.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 11/20/2008 05:44 AM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update]
--a------ 09/08/2006 03:54 PM 23723 c:\windows\VIPv3\CheckForUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 01/17/2006 07:15 PM 319488 c:\windows\VIPv3\VIPtooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 06/19/2008 11:20 AM 57344 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-r------- 06/19/2008 11:42 AM 2808832 c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 05/16/2008 09:31 PM 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 06/27/2008 06:23 AM 16875008 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 06/18/2008 01:01 PM 77824 c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"d:\\العاب\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2009 demo\\fm.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-09-09 80392]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-09-22 6852]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
S3 ChangeMe;ChangeMe;\??\c:\docume~1\EXTRAP~1\LOCALS~1\Temp\ChangeMe.sys --> c:\docume~1\EXTRAP~1\LOCALS~1\Temp\ChangeMe.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-18 33752]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.EXE --> c:\program files\Hotspot Shield\bin\HssTrayService.EXE [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 NTProcDrv;Process creation detector for NT.;c:\documents and settings\Extra PC\My Documents\SRO\NTProcDrv.sys [2009-03-08 3584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\Hotspot Shield\hssie\HssIE.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-PRD - c:\docume~1\EXTRAP~1\LOCALS~1\Temp\RarSFX0\SystemCleaner.exe
MSConfigStartUp-SmileyApp - c:\program files\DoubleD\Desktop Smiley Toolbar\3.5.0.6810\stbapp.exe
MSConfigStartUp-WinTrySys - c:\windows\system32\userjnit.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = localhost:4001
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Compare Prices with &Dealio - c:\documents and settings\Extra PC\Application Data\Dealio\kb127\res\DealioSearch.html
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
IE: سأ±بجط¾«ءéدآشط(&B)
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.164:1999/ReadUid.CAB
FF - ProfilePath - c:\documents and settings\Extra PC\Application Data\Mozilla\Firefox\Profiles\hmwwmd7k.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\documents and settings\Extra PC\Application Data\Mozilla\Firefox\Profiles\hmwwmd7k.default\extensions\{6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}\components\snagitmozextension.dll
FF - component: c:\documents and settings\Extra PC\Application Data\Mozilla\Firefox\Profiles\hmwwmd7k.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\program files\Internet Saving Optimizer\1.2.0.160\FF\components\NPFFAddOn.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-01-08 21:31:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{49F8A743-D3A6-EF5C-3331-C9962783E271}*]
"bbgbgahajifbnfelgedacnokcklihmikamkc"=hex:61,62,61,62,6c,64,64,6a,63,67,6a,66,
64,65,6b,69,67,6a,66,6c,6c,6b,61,6c,6c,66,61,67,65,64,64,65,6e,6f,00,00
"abgbgahajifbnfelgeoajofpjdmmbkmdnh"=hex:61,62,64,63,68,6a,62,6d,63,63,6e,6b,
68,6b,67,62,6f,62,69,61,70,6f,6a,6c,6f,6f,70,61,63,6d,61,66,67,6a,00,00

[HKEY_USERS\S-1-5-21-1202660629-484763869-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3e,7e,3a,40,b0,00,39,ec,f2,de,b0,fd,4f,44,52,7b,cf,d1,34,cf,a5,06,33,
94,83,74,59,95,2d,84,4c,1f,21,e7,37,8a,54,5b,c7,bb,27,5c,6f,8a,b7,ff,31,26,\
"??"=hex:f7,77,cd,7d,c6,8f,36,71,a2,16,92,c7,a1,59,4b,52

[HKEY_USERS\S-1-5-21-1202660629-484763869-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:72,8a,97,f3,61,0d,e0,8a,8e,74,e7,e8,9d,15,0d,ab,eb,ff,0c,2c,5e,
f7,2f,2a,9d,45,19,c8,ba,d4,ad,fd,2e,5d,ab,2e,3c,43,b3,4d,cd,e2,fe,f1,90,01,\
"rkeysecu"=hex:e7,6a,61,6a,37,07,1c,bd,ec,17,9e,66,a7,08,a9,eb

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6fba6b5b-697b-4a95-894d-c57d97f4bc85}]
@Denied: (Full) (Everyone)
"Model"=dword:00000033
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,5b,a2,8e,f9,b2,84,3f,ae,20,75,35,e9,8c,75,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):62,1e,43,c9,a1,77,30,d5,8e,8b,da,ab,6d,1d,1a,41,71,02,1d,76,c5,
55,4e,86,d8,b8,40,e5,f7,81,06,b8,2e,fb,66,38,2b,69,e1,05,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'lsass.exe'(1220)
c:\windows\system32\setupapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 01/08/2009 21:34:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 18:34:16

Pre-Run: 1,444,847,616 bytes free
Post-Run: 2,053,320,704 bytes free

400

Demo-dash · 9 أبريل 2009

ولايهمك اخي

عندك اصابات واضحه بالجهاز

عطل نقطة استعادة النظام حسب الشرح التالي

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها فتظهر لك واجهة الاداة
احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة

SM 1 · 9 أبريل 2009

واخيييييييييييييييييييييييييييييييرن خلصنا هههههههههههه

Engine Version : 5300.2777
Engine Load Time : 13015 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan

Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\Extra PC\ntuser.dat : Scan Failed
c:\Documents and Settings\Extra PC\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\Extra PC\Application Data\Mozilla\Firefox\Profiles\hmwwmd7k.default\parent.lock : Scan Failed
c:\Documents and Settings\Extra PC\Application Data\Mozilla\Firefox\Profiles\hmwwmd7k.default\places.sqlite-journal : Scan Failed
File : c:\Documents and Settings\Extra PC\DoctorWeb\Quarantine\autorun.inf\autorun.inf : contains "Virus" called "W32/Conficker.worm!inf" (Deleted )
c:\Documents and Settings\Extra PC\DoctorWeb\Quarantine\autorun.inf : Deleted
c:\Documents and Settings\Extra PC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Extra PC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Extra PC\Local Settings\temp\etilqs_DaaVWddRFV56ifKdeocB : Scan Failed
c:\Documents and Settings\Extra PC\Local Settings\temp\Perflib_Perfdata_610.dat : Scan Failed
File : c:\Documents and Settings\Extra PC\سطح المكتب\Torrent's\MP-Hacks ESP.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Documents and Settings\Extra PC\سطح المكتب\Torrent's\MP-Hacks ESP.exe : Deleted
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
File : c:\Downloads\Adobe Photoshop CS3 Extended ME AR\Adobe Photoshop CS3 Extended ME AR\earth-wolf@hotmail.com\Crack\Keygen.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Downloads\Adobe Photoshop CS3 Extended ME AR\Adobe Photoshop CS3 Extended ME AR\earth-wolf@hotmail.com\Crack\Keygen.exe : Deleted
File : c:\Program Files\EA Sports\FIFA 09\rld-fi9k.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Program Files\EA Sports\FIFA 09\rld-fi9k.exe : Deleted
File : c:\Program Files\Sony\Vegas Pro 8.0\Crack.exe : contains "Trojan" called "Generic.dx" (Deleted )
c:\Program Files\Sony\Vegas Pro 8.0\Crack.exe : Deleted
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.idx : Scan Failed
c:\WINDOWS\system32\drivers\fidbox2.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox2.idx : Scan Failed
c:\WINDOWS\system32\drivers\sptd.sys : Scan Failed
c:\WINDOWS\Temp\ib1.tmp : Scan Failed
c:\WINDOWS\Temp\ib2.tmp : Scan Failed
c:\WINDOWS\Temp\ib3.tmp : Scan Failed
c:\WINDOWS\Temp\ib4.tmp : Scan Failed
c:\WINDOWS\Temp\ib6.tmp : Scan Failed
c:\WINDOWS\Temp\Perflib_Perfdata_700.dat : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 170457
FilesScanned : 79768
FilesNotScanned : 90689

ObjectsFound : 289110
ObjectsInfected : 5
ObjectsCleaned : 0
ObjectsDeleted : 5

FilesInfected : 5
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 5

Started at : 22:01:47 12 محرم, 1430
Ended at : 22:49:23 12 محرم, 1430
Duration : 47 minutes 35 seconds
14385 MB scanned in 2855 seconds = 5 MB/s
Engine Version : 5300.2777
Engine Load Time : 8828 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

File : d:\العاب\Call of Duty 4 - Modern Warfare\patch.exe : contains "Trojan" called "Generic.dx" (Deleted )
d:\العاب\Call of Duty 4 - Modern Warfare\patch.exe : Deleted
File : d:\الهاردسك\Portable\PowerISO ver[1].3.6 - - - -- - serial\PowerISO37.exe : contains "Trojan" called "Generic StartPage" (Deleted )
d:\الهاردسك\Portable\PowerISO ver[1].3.6 - - - -- - serial\PowerISO37.exe : Deleted

Summary :-
FilesFound : 95774
FilesScanned : 34591
FilesNotScanned : 61183

ObjectsFound : 102628
ObjectsInfected : 2
ObjectsCleaned : 0
ObjectsDeleted : 2

FilesInfected : 2
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 2

Started at : 22:49:33 12 محرم, 1430
Ended at : 23:01:42 12 محرم, 1430
Duration : 12 minutes 8 seconds
7589 MB scanned in 728 seconds = 10 MB/s

بإنتظارك حبيبي

SM 1 · 9 أبريل 2009

للرفع

شباب عندي مشكله و اتوقع انه فايروس

SM 1

زيزوومي جديد

Demo-dash

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dash

Demo-dash

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dash

SM 1

زيزوومي جديد

Demo-dash

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dash

SM 1

زيزوومي جديد

SM 1

زيزوومي جديد

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومي جديد

زيزوومي جديد

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash