[ تم حل المشكلة ] الجهاز يعلق ورسالة خطأ بالنظام !

[! WaLeD !]

آلسلآم عليكم ورحمة آلله وبركـآته :d:

يالبىآ قلوبكم ياعضاء زيزوم

ماقدر استغني عنكم > بالله :bleh:

ولله ياصديقيني جهازي جاهـ بلا

قسم قسمـآت مدري وش جاه

له يومين او ثلاث ايام

مو صاحي

يعني يعلق وتعليق مهو صاحي

يعني الله لايوريك هع

سكت وماقلت شي

قلت عادي سكرات الموت هع

بعدها زودها حملت لعبه بلوت

بعدها صار مايشغل برامج ويطلع خطأ ومدري كيف

وصورت لكم بعض الاخطـآ اللي تطلع

اللي هي اذا شغلت الجهاز

ولا اذا فتحت البرنامج

وهذي اذا بغيت افتح برنامج HijackThis

ابغىآ حل لاهنتم

:er:
​

 

[Corporation]

استعد النظام لفترة كلن الجهاز فيه يعمل بصورة جيدة ,,
​

 

[! WaLeD !]

ونسيـت آقول ..

حتىآ usp انلحس

يعني مايتعرف

من اول عندي بلوتوث شغال تمام التمام

وله اسبوع كذا مايتعرف على الجهاز مدري وش جاه

يعني بالعربي جهازي انلحس هع

اتمنىآ الآفـآده وحل المشاكل العويصه هع


/
​

 

[Corporation]

استعد النظام لفترة كان الجهاز فيها يعمل بصورة جيدة ,,
​

 

[أعتز بك]

وعليكم السلام

أعمل مثل ما قال أخي compaq99

وبالنسبه للهاي جاك شغلها بالوضع الآمن

بالتوفيق

 

[! WaLeD !]

سويت استعاده نظام وهي هي ماصار شي

وش السالفه هع

وغير كذا الكاسبر انلحس

مع العلم انه اول مافيه اي شي

وهذي صورة توضح

​

 

[! WaLeD !]

up





/
\​

 

[KoNaMi]

اعمل الاتي يالغلا

عطل جميع برامج الحمايه

نزل هذه الاداة
​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة​

 

[! WaLeD !]

آصلآ آلكـٍآسبر آنلحس هع

واذا ضغطت علىآ الاحمر

وجـآري تحميل آداتك خيو

​

 

[! WaLeD !]

اعمل الاتي يالغلا ​

عطل جميع برامج الحمايه ​

نزل هذه الاداة​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة​

بعد ماحملت اللآدآة وحطيت تشغيل

جتني هالصورة

​

 

[MMA_LORD_735]

السلام عليـــــــــــكم ...

حمل الاداءة بدون ما تغير أسمها يالغلا ...

و ستخدمها بلوضع الامن ...

و أن شالله كل شي نلحس نرجعه ههههه ...

 

[! WaLeD !]

محدثكم من السيف مود

هع هع

هي هي

سويت زي ماقلتو وحملتها وشغلتها وانا بالسيف مود

وشوفو وش قال

​

 

[MMA_LORD_735]

أرجع و حمل الأادءة بدون ما تلعب بأسمها و ماكن حفظها ...

 

[! WaLeD !]

يآلغآلي انا ماغيرت اسمها ولا شي

بس عيت تشتغل

وفجئه حملتها واشتغلت

واعاد تشغيل الجهاز

وهذا هو مدري وش يسوي احتريه يخلص هع

بس على فكره يوم اعاد تشغيل الجهاز ماخش من السيف مود صار بالوضع العادي

وهذا انا احتري الاداة تخلص

ابشركم خلص وانا اكتب هع

وهذا التقرير

combofix 09-04-17.01 - administrator 04/17/2009 5:11.1 - ntfsx86 network
microsoft windows xp professional 5.1.2600.2.1256.966.1025.18.1015.814 [gmt 3:00]
running from: C:\documents and settings\administrator\سطح المكتب\combofix.exe
av: Kaspersky anti-virus *on-access scanning disabled* (outdated)
fw: Kaspersky anti-virus *disabled*

warning -this machine does not have the recovery console installed !!
.
((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\owner\application data\addon.dat
c:\program files\bifrost
c:\windows\101.exe
c:\windows\system32\tmp.reg
d:\qxbx9blb.com
e:\qxbx9blb.com
.
((((((((((((((((((((((((( files created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.
2009-04-17 01:20 . 2009-04-17 01:20 3800 ----a-w c:\windows\system32\perfstringbackup.tmp
2009-04-17 00:33 . 2009-04-17 00:33 -------- d-----w c:\balot.org
2009-04-16 23:31 . 2009-04-16 23:31 2899 ----a-w c:\irunin.ini
2009-04-16 14:21 . 2009-03-18 00:16 2796509 ----a-w c:\windows\system32\gamemon.des
2009-04-16 14:15 . 2009-04-16 14:15 -------- d-----w c:\documents and settings\all users\application data\ijjigame
2009-04-11 16:45 . 2009-04-17 01:28 -------- d-----w c:\program files\threatexpert memory scanner
2009-03-19 05:52 . 2009-03-19 05:52 -------- d-----w c:\documents and settings\owner\application data\zyzprivacy
2009-03-19 04:42 . 2009-03-19 04:42 -------- d-----w c:\documents and settings\owner\local settings\application data\stardock
2009-03-18 07:44 . 2009-03-18 07:44 -------- d-----w c:\windows\sun
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 01:49 . 2008-07-07 14:32 892960 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-17 01:49 . 2008-07-07 14:32 6228 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-17 01:49 . 2008-07-07 14:32 3505184 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-17 01:49 . 2008-07-07 14:32 30560 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-17 01:29 . 2008-07-07 14:32 -------- d-----w c:\documents and settings\all users\application data\kaspersky lab
2009-04-17 01:20 . 2001-09-19 12:00 72672 ----a-w c:\windows\system32\perfc001.dat
2009-04-17 01:20 . 2001-09-19 12:00 360288 ----a-w c:\windows\system32\perfh001.dat
2009-04-17 00:36 . 2008-04-27 13:10 237704 ----a-w c:\documents and settings\owner\local settings\application data\gdipfontcachev1.dat
2009-04-17 00:15 . 2008-07-07 14:30 -------- d---a-w c:\documents and settings\all users\application data\temp
2009-04-16 14:10 . 2008-11-23 13:36 268 ---ha-w c:\sqmdata05.sqm
2009-04-16 14:10 . 2008-11-23 13:36 244 ---ha-w c:\sqmnoopt05.sqm
2009-04-16 14:05 . 2008-10-10 03:27 268 ---ha-w c:\sqmdata04.sqm
2009-04-16 14:05 . 2008-10-10 03:27 244 ---ha-w c:\sqmnoopt04.sqm
2009-04-16 13:40 . 2008-08-08 11:40 -------- d--h--w c:\documents and settings\owner\application data\ijjigame
2009-04-16 13:33 . 2008-07-29 00:16 268 ---ha-w c:\sqmdata03.sqm
2009-04-16 13:33 . 2008-07-29 00:16 244 ---ha-w c:\sqmnoopt03.sqm
2009-04-16 13:25 . 2008-07-28 16:39 268 ---ha-w c:\sqmdata02.sqm
2009-04-16 13:25 . 2008-07-28 16:39 244 ---ha-w c:\sqmnoopt02.sqm
2009-04-15 17:09 . 2009-03-17 17:48 -------- dc-h--w c:\documents and settings\all users\application data\{b46e1ef5-0b37-4db4-a4e2-9f2b41036185}
2009-03-17 21:45 . 2009-03-17 21:45 -------- d-----w c:\documents and settings\owner\application data\cyberscrub
2009-03-17 21:44 . 2009-03-17 21:44 -------- d-----w c:\documents and settings\owner\application data\cleaner
2009-03-17 17:49 . 2009-03-17 17:49 -------- d-----w c:\documents and settings\owner\application data\uniblue
2009-03-16 15:39 . 2008-07-21 02:15 -------- d-----w c:\documents and settings\owner\application data\teamviewer
2009-03-16 15:38 . 2009-03-16 15:38 -------- d-----w c:\program files\teamviewer
2009-03-14 16:08 . 2009-03-07 00:08 -------- d-----w c:\documents and settings\owner\application data\bsplayer pro
2009-03-11 03:26 . 2009-03-11 03:19 -------- d-----w c:\documents and settings\all users\application data\winzip
2009-03-11 03:25 . 2009-03-11 03:22 -------- d-----w c:\program files\winzip self-extractor
2009-03-09 23:56 . 2009-03-09 23:56 -------- d-----w c:\program files\messenger live
2009-03-09 02:36 . 2009-03-09 02:36 -------- d-----w c:\program files\acunetix
2009-03-09 02:19 . 2009-03-17 21:33 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:32 . 2009-03-08 11:32 -------- d-----w c:\program files\breakpoint software
2009-03-07 07:12 . 2009-03-07 07:12 -------- d-----w c:\program files\jpeg camera
2009-03-06 03:00 . 2009-03-02 20:02 -------- d-----w c:\program files\paltalk messenger
2009-03-02 20:22 . 2009-03-02 20:02 -------- d-----w c:\documents and settings\owner\application data\paltalk
2009-02-28 09:49 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-28 09:49 . 2008-07-07 14:33 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-28 09:49 . 2008-07-07 14:33 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-17 16:27 . 2008-05-28 18:58 268 ---ha-w c:\sqmdata01.sqm
2009-02-17 16:27 . 2008-05-28 18:58 244 ---ha-w c:\sqmnoopt01.sqm
2009-02-17 15:50 . 2008-05-28 18:58 268 ---ha-w c:\sqmdata00.sqm
2009-02-17 15:50 . 2008-05-28 18:58 244 ---ha-w c:\sqmnoopt00.sqm
2009-02-17 03:09 . 2008-12-06 02:19 268 ---ha-w c:\sqmdata19.sqm
2009-02-17 03:09 . 2008-12-06 02:19 244 ---ha-w c:\sqmnoopt19.sqm
2009-02-16 09:49 . 2008-12-03 12:33 268 ---ha-w c:\sqmdata18.sqm
2009-02-16 09:49 . 2008-12-03 12:33 244 ---ha-w c:\sqmnoopt18.sqm
2009-02-16 07:14 . 2008-12-03 02:17 268 ---ha-w c:\sqmdata17.sqm
2009-02-16 07:14 . 2008-12-03 02:17 244 ---ha-w c:\sqmnoopt17.sqm
2009-02-16 07:06 . 2008-12-02 10:00 268 ---ha-w c:\sqmdata16.sqm
2009-02-16 07:06 . 2008-12-02 10:00 244 ---ha-w c:\sqmnoopt16.sqm
2009-02-16 02:47 . 2008-12-01 11:28 268 ---ha-w c:\sqmdata15.sqm
2009-02-16 02:47 . 2008-12-01 11:28 244 ---ha-w c:\sqmnoopt15.sqm
2009-02-15 16:44 . 2008-12-01 11:21 268 ---ha-w c:\sqmdata14.sqm
2009-02-15 16:44 . 2008-12-01 11:21 244 ---ha-w c:\sqmnoopt14.sqm
2009-02-15 01:53 . 2008-11-30 22:58 268 ---ha-w c:\sqmdata13.sqm
2009-02-15 01:53 . 2008-11-30 22:58 244 ---ha-w c:\sqmnoopt13.sqm
2009-02-13 23:20 . 2008-11-28 19:16 268 ---ha-w c:\sqmdata12.sqm
2009-02-13 23:20 . 2008-11-28 19:16 244 ---ha-w c:\sqmnoopt12.sqm
2009-01-30 22:29 . 2008-11-25 10:59 268 ---ha-w c:\sqmdata11.sqm
2009-01-30 22:29 . 2008-11-25 10:59 244 ---ha-w c:\sqmnoopt11.sqm
2009-01-25 22:17 . 2008-11-24 18:56 268 ---ha-w c:\sqmdata10.sqm
2009-01-25 22:17 . 2008-11-24 18:56 244 ---ha-w c:\sqmnoopt10.sqm
2009-01-24 21:16 . 2008-11-24 10:58 268 ---ha-w c:\sqmdata09.sqm
2009-01-24 21:16 . 2008-11-24 10:58 244 ---ha-w c:\sqmnoopt09.sqm
2009-01-23 21:07 . 2008-11-24 01:00 268 ---ha-w c:\sqmdata08.sqm
2009-01-23 21:07 . 2008-11-24 01:00 244 ---ha-w c:\sqmnoopt08.sqm
2009-01-22 22:09 . 2008-11-24 00:35 268 ---ha-w c:\sqmdata07.sqm
2009-01-22 22:09 . 2008-11-24 00:35 244 ---ha-w c:\sqmnoopt07.sqm
2009-01-22 13:09 . 2008-11-23 13:50 268 ---ha-w c:\sqmdata06.sqm
2009-01-22 13:09 . 2008-11-23 13:50 244 ---ha-w c:\sqmnoopt06.sqm
2008-11-04 11:06 . 2008-07-07 12:55 237704 ----a-w c:\documents and settings\administrator\local settings\application data\gdipfontcachev1.dat
2008-07-27 09:23 . 2008-07-27 09:23 128 ----a-w c:\documents and settings\owner\local settings\application data\fusioncache.dat
2008-05-06 02:13 . 2008-05-06 02:04 2 ----a-w c:\documents and settings\owner\1.bat
2008-10-20 09:59 . 2008-10-20 09:59 32768 --sha-w c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102020081021\index.dat
.
------- sigcheck -------
[7] 2008-08-14 13:37 2064512 03707fbdead155480a9f100fb62180a0 c:\windows\$hf_mig$\kb956841\sp2qfe\ntkrnlpa.exe
[7] 2008-08-14 13:20 2067584 c0b601d30c9b2e1b2f37423775e26983 c:\windows\$hf_mig$\kb956841\sp3gdr\ntkrnlpa.exe
[7] 2008-08-14 16:24 2067584 5be9c85582d409f6b0520f671b7c4ea7 c:\windows\$hf_mig$\kb956841\sp3qfe\ntkrnlpa.exe
[7] 2008-08-14 13:42 2017280 3f1311721a96542f63d81913ea116bf1 c:\windows\$ntservicepackuninstall$\ntkrnlpa.exe
[-] 2004-08-03 22:08 2017792 b08e5140b07732b12e0bc1cdbfecae4a c:\windows\$ntuninstallkb956841$\ntkrnlpa.exe
[7] 2008-04-14 15:42 2067456 38add7143295f3c2ceae688f4583de30 c:\windows\servicepackfiles\i386\ntkrnlpa.exe
[-] 2008-04-14 15:42 2026496 2922cd0ddde0f05f521d4eba74917c22 c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-14 15:42 2025472 732887e7fdc05bed5a79a5ec49fd7e8d c:\windows\system32\vitrans\ntkrnlpa.exe
[7] 2008-08-14 13:37 2187520 5d43a393467ae76138e25c3acaf27f75 c:\windows\$hf_mig$\kb956841\sp2qfe\ntoskrnl.exe
[7] 2008-08-14 13:20 2190720 9d9953c83765c024a5289f625714ed33 c:\windows\$hf_mig$\kb956841\sp3gdr\ntoskrnl.exe
[7] 2008-08-14 16:24 2190720 8d99acb2cd1a686e7a98cc22119de324 c:\windows\$hf_mig$\kb956841\sp3qfe\ntoskrnl.exe
[7] 2008-08-14 13:42 2137600 58f4ef0043eece9a35a4deb07a760b18 c:\windows\$ntservicepackuninstall$\ntoskrnl.exe
[-] 2004-08-03 21:48 2150912 e0b16155db89ea3298ae21271ad1812f c:\windows\$ntuninstallkb956841$\ntoskrnl.exe
[7] 2008-04-14 15:42 2190592 d08babe3cb9fa5c6df025e101b51f76b c:\windows\servicepackfiles\i386\ntoskrnl.exe
[-] 2008-04-14 15:42 2147840 47bd489976d48ef8e96189d3b5c432c8 c:\windows\system32\ntoskrnl.exe
[7] 2008-04-14 15:42 2146816 1d8896827aaf26d44f6fea9498f296cf c:\windows\system32\vitrans\ntoskrnl.exe
[-] 2008-04-14 15:59 1246208 b3af4bf74e80c46171581083d48656c0 c:\windows\explorer.exe
[-] 2008-08-15 18:54 1655296 2fd48aaeaec9c891f72277bbe701f5db c:\windows\$ntservicepackuninstall$\explorer.exe
[7] 2008-04-14 15:59 1031168 ca3445dce9eb70a2ca2504e0af5c543f c:\windows\servicepackfiles\i386\explorer.exe
[7] 2008-04-14 15:59 1031168 ca3445dce9eb70a2ca2504e0af5c543f c:\windows\system32\vitrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
[hkey_current_user\software\microsoft\windows\currentversion\run]
"msnmsgr"="c:\program files\msn messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" [2008-05-18 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"languageshortcut"="c:\program files\cyberlink\powerdvd\language\language.exe" [2006-04-13 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2008-03-17 135168]
"hotkeyscmds"="c:\windows\system32\hkcmd.exe" [2008-03-17 159744]
"persistence"="c:\windows\system32\igfxpers.exe" [2008-03-17 131072]
"lclock"="c:\program files\lclock\lclock.exe" [2004-09-19 65536]
"remotecontrol"="c:\program files\cyberlink\powerdvd\pdvdserv.exe" [2005-12-07 30208]
"avp"="c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" [2009-02-28 201992]
"bluetoothauthenticationagent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\owner\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
ela-salaty.lnk - c:\program files\ela-salaty\salaty.exe [2007-3-5 5205504]
c:\documents and settings\all users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe [2009-1-28 10950144]
[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer]
"restrictrun"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon]
"uihost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.acdv"= acdv.dll
hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 15:59 15360 ----a-w c:\windows\system32\ctfmon.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-18 22:35 68856 ----a-w c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\rthdcpl]
2006-07-21 08:56 16261632 ------r c:\windows\rthdcpl.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\smserial]
2004-12-28 22:01 544768 -c--a-r c:\windows\sm56hlpr.exe
[hkey_local_machine\software\microsoft\security center]
"antivirusdisablenotify"=dword:00000001
"updatesdisablenotify"=dword:00000001
"antivirusoverride"=dword:00000001
[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantivirus]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\program files\\msn messenger\\msnmsgr.exe"=
"c:\\program files\\msn messenger\\livecall.exe"=
"c:\\program files\\utorrent\\utorrent.exe"=
"c:\\windows\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\documents and settings\\all users\\application data\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"=
"c:\\documents and settings\\owner\\my documents\\lfs\\lfs - x\\lfs.exe"=
r3 cam1690;usb 2.0 compliance jpeg video camera;c:\windows\system32\drivers\cam1690.sys [2007-09-20 177280]
r3 klim5;kaspersky anti-virus ndis filter; [x]
r3 maconfservice;ma-config service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
r3 setupntglm7x;setupntglm7x; [x]
s0 klbg;kaspersky lab boot guard driver;c:\windows\system32\drivers\klbg.sys [2009-02-28 33808]
s1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-05-01 2944]
s2 acuwvsscheduler;acunetix wvs scheduler;c:\program files\acunetix\web vulnerability scanner 4\wvsscheduler.exe [2006-07-17 571904]
s2 apache2.2;apache2.2;c:\appserv\apache2.2\bin\httpd.exe [2007-01-09 20539]
s2 vcs;vcs support;c:\windows\system32\drivers\vcs.sys [2002-12-10 6852]
s3 klfltdev;kaspersky lab klfltdev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]

[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{800f93ca-1723-11dd-9e2e-0019db2567ac}]
\shell\autorun\command - g:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
\shell\open\command - g:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
[hkey_local_machine\software\microsoft\active setup\installed components\{05i41m56-qw07-u20f-yx8t-vb4u6tp4ux63}]
"c:\docume~1\owner\locals~1\temp\rar$ex12.203\javes3 baulo.exe"
[hkey_local_machine\software\microsoft\active setup\installed components\{aaaa3ca9-51ea-0334-685f-ad599b48977f}]
e:\اجهزه\البرنامج\pi2.3.2\waled.exw.exe
[hkey_local_machine\software\microsoft\active setup\installed components\{ca1af7b6-4ff8-4292-4b5e-8600dd283037}]
c:\docume~1\owner\locals~1\temp\rar$ex04.485\tcp.exe
.
Contents of the 'scheduled tasks' folder
2009-04-01 c:\windows\tasks\user_feed_synchronization-{3407b3c2-d9de-4849-ab34-cddbf64144ea}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 15:36]
.
- - - - orphans removed - - - -
hkcu-run-www.cproxy.com - c:\program files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

hklm-run-tkbellexe - c:\program files\common files\real\update_ob\realsched.exe
hklm-run-waiting1690 - c:\windows\stid1690.exe
hkcu-explorer_run-javasecript3 - c:\docume~1\owner\locals~1\temp\rar$ex12.203\javes3 baulo.exe
msconfigstartup-trustbend - c:\docume~1\owner\applic~1\flagli~1\win third.exe

.
------- supplementary scan -------
.
Ustart page = hxxp://www.google.com.sa/
mstart page = about:blank
uinternet settings,proxyserver = 212.93.193.87:8080
ie: &تصدير إلى microsoft excel - c:\progra~1\micros~2\office11\excel.exe/3000
ie: Show all images in original quality - c:\program files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ie: Show image in original quality - c:\program files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ie: {{c1e3533c-70f6-4f36-b97c-032c8a5ee759} - c:\program files\c-sms\c-sms.exe
dpf: Microsoft xml parser for java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

dpf: {8c159dfd-dc9c-4077-b3b6-114a8d64b6d2} - hxxp://74.53.69.87/cp/files/talk3.cab
dpf: {9e45be3c-de06-4492-ab7d-e51447cf2ed0} - hxxp://75.126.240.26/imscp/talka.cab
dpf: {b7fdb0c3-4724-46d2-b8db-6fa1dc63f7ca} - hxxp://209.11.240.194/readuid.cab
dpf: {c171ff59-8c55-4796-a398-4f5d02b4c763} - hxxp://saudi4voice.ksacam.com/imscp/talks2.cab
ff - profilepath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\upb4nqdm.default\
ff - prefs.js: Browser.startup.homepage - hxxp://www.google.com/
ff - plugin: C:\program files\ma-config.com\nphardwaredetection.dll
ff - plugin: C:\program files\mozilla firefox\plugins\npijjichplugin.dll
ff - plugin: C:\program files\mozilla firefox\plugins\npijjiffplugin1.dll
.
**************************************************************************
catchme 0.3.1375 w2k/xp/vista - rootkit/stealth malware detector by gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2009-04-17 05:16
windows 5.1.2600 service pack 2 ntfs
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[hkey_local_machine\system\controlset001\services\mysql]
"imagepath"="c:\appserv\mysql\bin\mysqld-nt --defaults-file=c:\appserv\mysql\my.ini mysql"
.
--------------------- locked registry keys ---------------------
[hkey_users\s-1-5-21-1004336348-1085031214-725345543-1003\software\microsoft\windows\currentversion\explorer\fileexts\.*c*t*t* \openwithlist]
@class="shell"
"a"="msnmsgr.exe"
"mrulist"="a"
[hkey_local_machine\software\microsoft\windows\currentversion\unimodem\devicespecific\  eh/e *bj'3j *9(1 *'1*('7 *b*l*u*e*t*o*o*t*h*:*:*  'dgh'*a *'d.dhj) *'dbj'3j):*:*m*i*c*r*o*s*o*f*t*\responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>ok<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>ring<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>no carrier<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>error<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>no dialtone<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>busy<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>no answer<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>connect<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"ok"=hex:00,00,00,00,00,00,00,00,00,00
"ring"=hex:08,00,00,00,00,00,00,00,00,00
"no carrier"=hex:04,00,00,00,00,00,00,00,00,00
"error"=hex:03,00,00,00,00,00,00,00,00,00
"no dialtone"=hex:05,00,00,00,00,00,00,00,00,00
"no dial tone"=hex:05,00,00,00,00,00,00,00,00,00
"busy"=hex:06,00,00,00,00,00,00,00,00,00
"no answer"=hex:07,00,00,00,00,00,00,00,00,00
"fax"=hex:03,00,00,00,00,00,00,00,00,00
"data"=hex:03,00,00,00,00,00,00,00,00,00
"voice"=hex:03,00,00,00,00,00,00,00,00,00
"ringing"=hex:01,00,00,00,00,00,00,00,00,00
"dialing"=hex:01,00,00,00,00,00,00,00,00,00
"rring"=hex:01,00,00,00,00,00,00,00,00,00
"delayed"=hex:1d,00,00,00,00,00,00,00,00,00
"blacklisted"=hex:1c,00,00,00,00,00,00,00,00,00
"+fcerror"=hex:03,00,00,00,00,00,00,00,00,00
"connect"=hex:02,00,00,00,00,00,00,00,00,00
"connect/arq"=hex:02,02,00,00,00,00,00,00,00,00
"connect/rel"=hex:02,02,00,00,00,00,00,00,00,00
"connect/mnp"=hex:02,02,00,00,00,00,00,00,00,00
"connect/lap-m"=hex:02,02,00,00,00,00,00,00,00,00
"connect/v42bis"=hex:02,03,00,00,00,00,00,00,00,00
"connect/v42b"=hex:02,03,00,00,00,00,00,00,00,00
"connect 300"=hex:02,00,2c,01,00,00,00,00,00,00
"connect 300/arq"=hex:02,02,2c,01,00,00,00,00,00,00
"connect 300/rel"=hex:02,02,2c,01,00,00,00,00,00,00
"connect 300/mnp"=hex:02,02,2c,01,00,00,00,00,00,00
"connect 300/lap-m"=hex:02,02,2c,01,00,00,00,00,00,00
"connect 300/v42bis"=hex:02,03,2c,01,00,00,00,00,00,00
"connect 300/v42b"=hex:02,03,2c,01,00,00,00,00,00,00
"connect 600"=hex:02,00,58,02,00,00,00,00,00,00
"connect 600/arq"=hex:02,02,58,02,00,00,00,00,00,00
"connect 600/rel"=hex:02,02,58,02,00,00,00,00,00,00
"connect 600/mnp"=hex:02,02,58,02,00,00,00,00,00,00
"connect 600/lap-m"=hex:02,02,58,02,00,00,00,00,00,00
"connect 600/v42bis"=hex:02,03,58,02,00,00,00,00,00,00
"connect 600/v42b"=hex:02,03,58,02,00,00,00,00,00,00
"connect 0600"=hex:02,00,58,02,00,00,00,00,00,00
"connect 0600/arq"=hex:02,02,58,02,00,00,00,00,00,00
"connect 0600/rel"=hex:02,02,58,02,00,00,00,00,00,00
"connect 0600/mnp"=hex:02,02,58,02,00,00,00,00,00,00
"connect 0600/lap-m"=hex:02,02,58,02,00,00,00,00,00,00
"connect 0600/v42bis"=hex:02,03,58,02,00,00,00,00,00,00
"connect 0600/v42b"=hex:02,03,58,02,00,00,00,00,00,00
"connect 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"connect 1200/arq"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200/rel"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200/mnp"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200/lap-m"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200/v42bis"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 1200/v42b"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"connect 1200/75/arq"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200/75/rel"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200/75/mnp"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200/75/lap-m"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200/75/v42bis"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 1200/75/v42b"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 1200tx/75rx"=hex:02,00,b0,04,00,00,00,00,00,00
"connect 1200tx/75rx/arq"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200tx/75rx/rel"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200tx/75rx/mnp"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200tx/75rx/lap-m"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 1200tx/75rx/v42bis"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 1200tx/75rx/v42b"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"connect 75/1200/arq"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 75/1200/rel"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 75/1200/mnp"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 75/1200/lap-m"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 75/1200/v42bis"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 75/1200/v42b"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 75tx/1200rx"=hex:02,00,b0,04,00,00,00,00,00,00
"connect 75tx/1200rx/arq"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 75tx/1200rx/rel"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 75tx/1200rx/mnp"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 75tx/1200rx/lap-m"=hex:02,02,b0,04,00,00,00,00,00,00
"connect 75tx/1200rx/v42bis"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 75tx/1200rx/v42b"=hex:02,03,b0,04,00,00,00,00,00,00
"connect 2400"=hex:02,00,60,09,00,00,00,00,00,00
"connect 2400/arq"=hex:02,02,60,09,00,00,00,00,00,00
"connect 2400/rel"=hex:02,02,60,09,00,00,00,00,00,00
"connect 2400/mnp"=hex:02,02,60,09,00,00,00,00,00,00
"connect 2400/lap-m"=hex:02,02,60,09,00,00,00,00,00,00
"connect 2400/v42bis"=hex:02,03,60,09,00,00,00,00,00,00
"connect 2400/v42b"=hex:02,03,60,09,00,00,00,00,00,00
"connect 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"connect 4800/arq"=hex:02,02,c0,12,00,00,00,00,00,00
"connect 4800/rel"=hex:02,02,c0,12,00,00,00,00,00,00
"connect 4800/mnp"=hex:02,02,c0,12,00,00,00,00,00,00
"connect 4800/lap-m"=hex:02,02,c0,12,00,00,00,00,00,00
"connect 4800/v42bis"=hex:02,03,c0,12,00,00,00,00,00,00
"connect 4800/v42b"=hex:02,03,c0,12,00,00,00,00,00,00
"connect 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"connect 7200/arq"=hex:02,02,20,1c,00,00,00,00,00,00
"connect 7200/rel"=hex:02,02,20,1c,00,00,00,00,00,00
"connect 7200/mnp"=hex:02,02,20,1c,00,00,00,00,00,00
"connect 7200/lap-m"=hex:02,02,20,1c,00,00,00,00,00,00
"connect 7200/v42bis"=hex:02,03,20,1c,00,00,00,00,00,00
"connect 7200/v42b"=hex:02,03,20,1c,00,00,00,00,00,00
"connect 9600"=hex:02,00,80,25,00,00,00,00,00,00
"connect 9600/arq"=hex:02,02,80,25,00,00,00,00,00,00
"connect 9600/rel"=hex:02,02,80,25,00,00,00,00,00,00
"connect 9600/mnp"=hex:02,02,80,25,00,00,00,00,00,00
"connect 9600/lap-m"=hex:02,02,80,25,00,00,00,00,00,00
"connect 9600/v42bis"=hex:02,03,80,25,00,00,00,00,00,00
"connect 9600/v42b"=hex:02,03,80,25,00,00,00,00,00,00
"connect 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"connect 12000/arq"=hex:02,02,e0,2e,00,00,00,00,00,00
"connect 12000/rel"=hex:02,02,e0,2e,00,00,00,00,00,00
"connect 12000/mnp"=hex:02,02,e0,2e,00,00,00,00,00,00
"connect 12000/lap-m"=hex:02,02,e0,2e,00,00,00,00,00,00
"connect 12000/v42bis"=hex:02,03,e0,2e,00,00,00,00,00,00
"connect 12000/v42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"connect 14400"=hex:02,00,40,38,00,00,00,00,00,00
"connect 14400/arq"=hex:02,02,40,38,00,00,00,00,00,00
"connect 14400/rel"=hex:02,02,40,38,00,00,00,00,00,00
"connect 14400/mnp"=hex:02,02,40,38,00,00,00,00,00,00
"connect 14400/lap-m"=hex:02,02,40,38,00,00,00,00,00,00
"connect 14400/v42bis"=hex:02,03,40,38,00,00,00,00,00,00
"connect 14400/v42b"=hex:02,03,40,38,00,00,00,00,00,00
"connect 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"connect 16800/arq"=hex:02,02,a0,41,00,00,00,00,00,00
"connect 16800/rel"=hex:02,02,a0,41,00,00,00,00,00,00
"connect 16800/mnp"=hex:02,02,a0,41,00,00,00,00,00,00
"connect 16800/lap-m"=hex:02,02,a0,41,00,00,00,00,00,00
"connect 16800/v42bis"=hex:02,03,a0,41,00,00,00,00,00,00
"connect 16800/v42b"=hex:02,03,a0,41,00,00,00,00,00,00
"connect 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"connect 19200/arq"=hex:02,02,00,4b,00,00,00,00,00,00
"connect 19200/rel"=hex:02,02,00,4b,00,00,00,00,00,00
"connect 19200/mnp"=hex:02,02,00,4b,00,00,00,00,00,00
"connect 19200/lap-m"=hex:02,02,00,4b,00,00,00,00,00,00
"connect 19200/v42bis"=hex:02,03,00,4b,00,00,00,00,00,00
"connect 19200/v42b"=hex:02,03,00,4b,00,00,00,00,00,00
"connect 21600"=hex:02,00,60,54,00,00,00,00,00,00
"connect 21600/arq"=hex:02,02,60,54,00,00,00,00,00,00
"connect 21600/rel"=hex:02,02,60,54,00,00,00,00,00,00
"connect 21600/mnp"=hex:02,02,60,54,00,00,00,00,00,00
"connect 21600/lap-m"=hex:02,02,60,54,00,00,00,00,00,00
"connect 21600/v42bis"=hex:02,03,60,54,00,00,00,00,00,00
"connect 21600/v42b"=hex:02,03,60,54,00,00,00,00,00,00
"connect 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"connect 24000/arq"=hex:02,02,c0,5d,00,00,00,00,00,00
"connect 24000/rel"=hex:02,02,c0,5d,00,00,00,00,00,00
"connect 24000/mnp"=hex:02,02,c0,5d,00,00,00,00,00,00
"connect 24000/lap-m"=hex:02,02,c0,5d,00,00,00,00,00,00
"connect 24000/v42bis"=hex:02,03,c0,5d,00,00,00,00,00,00
"connect 24000/v42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"connect 26400"=hex:02,00,20,67,00,00,00,00,00,00
"connect 26400/arq"=hex:02,02,20,67,00,00,00,00,00,00
"connect 26400/rel"=hex:02,02,20,67,00,00,00,00,00,00
"connect 26400/mnp"=hex:02,02,20,67,00,00,00,00,00,00
"connect 26400/lap-m"=hex:02,02,20,67,00,00,00,00,00,00
"connect 26400/v42bis"=hex:02,03,20,67,00,00,00,00,00,00
"connect 26400/v42b"=hex:02,03,20,67,00,00,00,00,00,00
"connect 28800"=hex:02,00,80,70,00,00,00,00,00,00
"connect 28800/arq"=hex:02,02,80,70,00,00,00,00,00,00
"connect 28800/rel"=hex:02,02,80,70,00,00,00,00,00,00
"connect 28800/mnp"=hex:02,02,80,70,00,00,00,00,00,00
"connect 28800/lap-m"=hex:02,02,80,70,00,00,00,00,00,00
"connect 28800/v42bis"=hex:02,03,80,70,00,00,00,00,00,00
"connect 28800/v42b"=hex:02,03,80,70,00,00,00,00,00,00
"connect 38400"=hex:02,00,00,00,00,00,00,96,00,00
"connect 38400/arq"=hex:02,02,00,00,00,00,00,96,00,00
"connect 38400/rel"=hex:02,02,00,00,00,00,00,96,00,00
"connect 38400/mnp"=hex:02,02,00,00,00,00,00,96,00,00
"connect 38400/lap-m"=hex:02,02,00,00,00,00,00,96,00,00
"connect 38400/v42bis"=hex:02,03,00,00,00,00,00,96,00,00
"connect 38400/v42b"=hex:02,03,00,00,00,00,00,96,00,00
"connect 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"connect 57600/arq"=hex:02,02,00,00,00,00,00,e1,00,00
"connect 57600/rel"=hex:02,02,00,00,00,00,00,e1,00,00
"connect 57600/mnp"=hex:02,02,00,00,00,00,00,e1,00,00
"connect 57600/lap-m"=hex:02,02,00,00,00,00,00,e1,00,00
"connect 57600/v42bis"=hex:02,03,00,00,00,00,00,e1,00,00
"connect 57600/v42b"=hex:02,03,00,00,00,00,00,e1,00,00
"connect 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"connect 115200/arq"=hex:02,02,00,00,00,00,00,c2,01,00
"connect 115200/rel"=hex:02,02,00,00,00,00,00,c2,01,00
"connect 115200/mnp"=hex:02,02,00,00,00,00,00,c2,01,00
"connect 115200/lap-m"=hex:02,02,00,00,00,00,00,c2,01,00
"connect 115200/v42bis"=hex:02,03,00,00,00,00,00,c2,01,00
"connect 115200/v42b"=hex:02,03,00,00,00,00,00,c2,01,00
"connect 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"connect 115,200/arq"=hex:02,02,00,00,00,00,00,c2,01,00
"connect 115,200/rel"=hex:02,02,00,00,00,00,00,c2,01,00
"connect 115,200/mnp"=hex:02,02,00,00,00,00,00,c2,01,00
"connect 115,200/lap-m"=hex:02,02,00,00,00,00,00,c2,01,00
"connect 115,200/v42bis"=hex:02,03,00,00,00,00,00,c2,01,00
"connect 115,200/v42b"=hex:02,03,00,00,00,00,00,c2,01,00
"connect 230400"=hex:02,00,00,00,00,00,00,84,03,00
"connect 230400/arq"=hex:02,02,00,00,00,00,00,84,03,00
"connect 230400/rel"=hex:02,02,00,00,00,00,00,84,03,00
"connect 230400/mnp"=hex:02,02,00,00,00,00,00,84,03,00
"connect 230400/lap-m"=hex:02,02,00,00,00,00,00,84,03,00
"connect 230400/v42bis"=hex:02,03,00,00,00,00,00,84,03,00
"connect 230400/v42b"=hex:02,03,00,00,00,00,00,84,03,00
"carrier 300"=hex:01,00,2c,01,00,00,00,00,00,00
"carrier 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"carrier 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"carrier 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"carrier 2400"=hex:01,00,60,09,00,00,00,00,00,00
"carrier 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"carrier 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"carrier 9600"=hex:01,00,80,25,00,00,00,00,00,00
"carrier 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"carrier 14400"=hex:01,00,40,38,00,00,00,00,00,00
"carrier 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"carrier 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"carrier 21600"=hex:01,00,60,54,00,00,00,00,00,00
"carrier 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"carrier 26400"=hex:01,00,20,67,00,00,00,00,00,00
"carrier 28800"=hex:01,00,80,70,00,00,00,00,00,00
"compression: Class 5"=hex:01,03,00,00,00,00,00,00,00,00
"compression: Mnp5"=hex:01,03,00,00,00,00,00,00,00,00
"compression: V.42bis"=hex:01,03,00,00,00,00,00,00,00,00
"compression: V.42 bis"=hex:01,03,00,00,00,00,00,00,00,00
"compression: Adc"=hex:01,01,00,00,00,00,00,00,00,00
"compression: None"=hex:01,00,00,00,00,00,00,00,00,00
"protocol: None"=hex:01,00,00,00,00,00,00,00,00,00
"protocol: Error-control/lapb"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Error-control/lapb/hdx"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Error-control/lapb/aft"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: X.25/lapb"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: X.25/lapb/hdx"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: X.25/lapb/aft"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Lapm"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Lap-m"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Lapm/hdx"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Lap-m/hdx"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Lapm/aft"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Lap-m/aft"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Alt"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Alt-cellular"=hex:01,0a,00,00,00,00,00,00,00,00
"protocol: Mnp"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Mnp2"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Mnp3"=hex:01,02,00,00,00,00,00,00,00,00
"protocol: Mnp4"=hex:01,02,00,00,00,00,00,00,00,00
"autostream: Level 1"=hex:01,00,00,00,00,00,00,00,00,00
"autostream: Level 2"=hex:01,00,00,00,00,00,00,00,00,00
"autostream: Level 3"=hex:01,00,00,00,00,00,00,00,00,00
"carrier 31200 v.23"=hex:01,00,e0,79,00,00,00,00,00,00
"carrier 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"carrier 31200/vfc"=hex:01,00,e0,79,00,00,00,00,00,00
"carrier 33600 v.23"=hex:01,00,40,83,00,00,00,00,00,00
"carrier 33600"=hex:01,00,40,83,00,00,00,00,00,00
"carrier 33600/vfc"=hex:01,00,40,83,00,00,00,00,00,00
"connect 31200 ec"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 31200 ec/v42"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 31200 ec/v42bis"=hex:02,03,e0,79,00,00,00,00,00,00
"connect 31200 rel"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 31200 rel/mnp5"=hex:02,03,e0,79,00,00,00,00,00,00
"connect 31200 rel/v42"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 31200 rel/v42bis"=hex:02,03,e0,79,00,00,00,00,00,00
"connect 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"connect 31200/arq"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 31200/lap-m"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 31200/mnp"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 31200/rel"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 31200/rel-lapm v.42 bis"=hex:02,03,e0,79,00,00,00,00,00,00
"connect 31200/rel-lapm"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 31200/v42b"=hex:02,03,e0,79,00,00,00,00,00,00
"connect 31200/v42bis"=hex:02,03,e0,79,00,00,00,00,00,00
"connect 33600 ec"=hex:02,02,40,83,00,00,00,00,00,00
"connect 33600 ec/v42"=hex:02,02,40,83,00,00,00,00,00,00
"connect 33600 ec/v42bis"=hex:02,03,40,83,00,00,00,00,00,00
"connect 33600 rel"=hex:02,02,40,83,00,00,00,00,00,00
"connect 33600 rel/mnp5"=hex:02,03,40,83,00,00,00,00,00,00
"connect 33600 rel/v42"=hex:02,02,40,83,00,00,00,00,00,00
"connect 33600 rel/v42bis"=hex:02,03,40,83,00,00,00,00,00,00
"connect 33600"=hex:02,00,40,83,00,00,00,00,00,00
"connect 33600/arq"=hex:02,02,40,83,00,00,00,00,00,00
"connect 33600/lap-m"=hex:02,02,40,83,00,00,00,00,00,00
"connect 33600/mnp"=hex:02,02,40,83,00,00,00,00,00,00
"connect 33600/rel"=hex:02,02,40,83,00,00,00,00,00,00
"connect 33600/rel-lapm v.42 bis"=hex:02,03,40,83,00,00,00,00,00,00
"connect 33600/rel-lapm"=hex:02,02,40,83,00,00,00,00,00,00
"connect 33600/v42b"=hex:02,03,40,83,00,00,00,00,00,00
"connect 33600/v42bis"=hex:02,03,40,83,00,00,00,00,00,00
"connect 31200/rel-mnp"=hex:02,02,e0,79,00,00,00,00,00,00
"connect 33600/rel-mnp"=hex:02,02,40,83,00,00,00,00,00,00
.
--------------------- dlls loaded under running processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\klogon.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\msi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\netshell.dll
c:\program files\lclock\lc.dll
.
------------------------ other running processes ------------------------
.
C:\appserv\mysql\bin\mysqld-nt.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\common files\microsoft shared\windows live\wlloginproxy.exe
.
**************************************************************************
.
Completion time: 2009-04-17 5:21 - machine was rebooted [owner]
combofix-quarantined-files.txt 2009-04-17 02:21
pre-run: 30,240,342,016 bytes free
post-run: 30,214,750,208 bytes free
579 --- e o f --- 2008-10-24 03:03

 

[! WaLeD !]

ComboFix 09-04-17.01 - Administrator 04/17/2009 5:11.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1015.814 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\owner\Application Data\addon.dat
c:\program files\Bifrost
c:\windows\101.exe
c:\windows\system32\tmp.reg
D:\qxbx9blb.com
E:\qxbx9blb.com
.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.
2009-04-17 01:20 . 2009-04-17 01:20 3800 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-04-17 00:33 . 2009-04-17 00:33 -------- d-----w C:\Balot.org
2009-04-16 23:31 . 2009-04-16 23:31 2899 ----a-w C:\irunin.ini
2009-04-16 14:21 . 2009-03-18 00:16 2796509 ----a-w c:\windows\system32\GameMon.des
2009-04-16 14:15 . 2009-04-16 14:15 -------- d-----w c:\documents and settings\All Users\Application Data\IJJIGame
2009-04-11 16:45 . 2009-04-17 01:28 -------- d-----w c:\program files\ThreatExpert Memory Scanner
2009-03-19 05:52 . 2009-03-19 05:52 -------- d-----w c:\documents and settings\owner\Application Data\zyzprivacy
2009-03-19 04:42 . 2009-03-19 04:42 -------- d-----w c:\documents and settings\owner\Local Settings\Application Data\Stardock
2009-03-18 07:44 . 2009-03-18 07:44 -------- d-----w c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 01:49 . 2008-07-07 14:32 892960 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-17 01:49 . 2008-07-07 14:32 6228 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-17 01:49 . 2008-07-07 14:32 3505184 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-17 01:49 . 2008-07-07 14:32 30560 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-17 01:29 . 2008-07-07 14:32 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-17 01:20 . 2001-09-19 12:00 72672 ----a-w c:\windows\system32\perfc001.dat
2009-04-17 01:20 . 2001-09-19 12:00 360288 ----a-w c:\windows\system32\perfh001.dat
2009-04-17 00:36 . 2008-04-27 13:10 237704 ----a-w c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 00:15 . 2008-07-07 14:30 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 14:10 . 2008-11-23 13:36 268 ---ha-w C:\sqmdata05.sqm
2009-04-16 14:10 . 2008-11-23 13:36 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-16 14:05 . 2008-10-10 03:27 268 ---ha-w C:\sqmdata04.sqm
2009-04-16 14:05 . 2008-10-10 03:27 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-16 13:40 . 2008-08-08 11:40 -------- d--h--w c:\documents and settings\owner\Application Data\ijjigame
2009-04-16 13:33 . 2008-07-29 00:16 268 ---ha-w C:\sqmdata03.sqm
2009-04-16 13:33 . 2008-07-29 00:16 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-16 13:25 . 2008-07-28 16:39 268 ---ha-w C:\sqmdata02.sqm
2009-04-16 13:25 . 2008-07-28 16:39 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-15 17:09 . 2009-03-17 17:48 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-17 21:45 . 2009-03-17 21:45 -------- d-----w c:\documents and settings\owner\Application Data\CyberScrub
2009-03-17 21:44 . 2009-03-17 21:44 -------- d-----w c:\documents and settings\owner\Application Data\cleaner
2009-03-17 17:49 . 2009-03-17 17:49 -------- d-----w c:\documents and settings\owner\Application Data\Uniblue
2009-03-16 15:39 . 2008-07-21 02:15 -------- d-----w c:\documents and settings\owner\Application Data\TeamViewer
2009-03-16 15:38 . 2009-03-16 15:38 -------- d-----w c:\program files\TeamViewer
2009-03-14 16:08 . 2009-03-07 00:08 -------- d-----w c:\documents and settings\owner\Application Data\BSplayer Pro
2009-03-11 03:26 . 2009-03-11 03:19 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-03-11 03:25 . 2009-03-11 03:22 -------- d-----w c:\program files\WinZip Self-Extractor
2009-03-09 23:56 . 2009-03-09 23:56 -------- d-----w c:\program files\messenger live
2009-03-09 02:36 . 2009-03-09 02:36 -------- d-----w c:\program files\Acunetix
2009-03-09 02:19 . 2009-03-17 21:33 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:32 . 2009-03-08 11:32 -------- d-----w c:\program files\BreakPoint Software
2009-03-07 07:12 . 2009-03-07 07:12 -------- d-----w c:\program files\JPEG Camera
2009-03-06 03:00 . 2009-03-02 20:02 -------- d-----w c:\program files\Paltalk Messenger
2009-03-02 20:22 . 2009-03-02 20:02 -------- d-----w c:\documents and settings\owner\Application Data\Paltalk
2009-02-28 09:49 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-28 09:49 . 2008-07-07 14:33 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-28 09:49 . 2008-07-07 14:33 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-17 16:27 . 2008-05-28 18:58 268 ---ha-w C:\sqmdata01.sqm
2009-02-17 16:27 . 2008-05-28 18:58 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-17 15:50 . 2008-05-28 18:58 268 ---ha-w C:\sqmdata00.sqm
2009-02-17 15:50 . 2008-05-28 18:58 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-17 03:09 . 2008-12-06 02:19 268 ---ha-w C:\sqmdata19.sqm
2009-02-17 03:09 . 2008-12-06 02:19 244 ---ha-w C:\sqmnoopt19.sqm
2009-02-16 09:49 . 2008-12-03 12:33 268 ---ha-w C:\sqmdata18.sqm
2009-02-16 09:49 . 2008-12-03 12:33 244 ---ha-w C:\sqmnoopt18.sqm
2009-02-16 07:14 . 2008-12-03 02:17 268 ---ha-w C:\sqmdata17.sqm
2009-02-16 07:14 . 2008-12-03 02:17 244 ---ha-w C:\sqmnoopt17.sqm
2009-02-16 07:06 . 2008-12-02 10:00 268 ---ha-w C:\sqmdata16.sqm
2009-02-16 07:06 . 2008-12-02 10:00 244 ---ha-w C:\sqmnoopt16.sqm
2009-02-16 02:47 . 2008-12-01 11:28 268 ---ha-w C:\sqmdata15.sqm
2009-02-16 02:47 . 2008-12-01 11:28 244 ---ha-w C:\sqmnoopt15.sqm
2009-02-15 16:44 . 2008-12-01 11:21 268 ---ha-w C:\sqmdata14.sqm
2009-02-15 16:44 . 2008-12-01 11:21 244 ---ha-w C:\sqmnoopt14.sqm
2009-02-15 01:53 . 2008-11-30 22:58 268 ---ha-w C:\sqmdata13.sqm
2009-02-15 01:53 . 2008-11-30 22:58 244 ---ha-w C:\sqmnoopt13.sqm
2009-02-13 23:20 . 2008-11-28 19:16 268 ---ha-w C:\sqmdata12.sqm
2009-02-13 23:20 . 2008-11-28 19:16 244 ---ha-w C:\sqmnoopt12.sqm
2009-01-30 22:29 . 2008-11-25 10:59 268 ---ha-w C:\sqmdata11.sqm
2009-01-30 22:29 . 2008-11-25 10:59 244 ---ha-w C:\sqmnoopt11.sqm
2009-01-25 22:17 . 2008-11-24 18:56 268 ---ha-w C:\sqmdata10.sqm
2009-01-25 22:17 . 2008-11-24 18:56 244 ---ha-w C:\sqmnoopt10.sqm
2009-01-24 21:16 . 2008-11-24 10:58 268 ---ha-w C:\sqmdata09.sqm
2009-01-24 21:16 . 2008-11-24 10:58 244 ---ha-w C:\sqmnoopt09.sqm
2009-01-23 21:07 . 2008-11-24 01:00 268 ---ha-w C:\sqmdata08.sqm
2009-01-23 21:07 . 2008-11-24 01:00 244 ---ha-w C:\sqmnoopt08.sqm
2009-01-22 22:09 . 2008-11-24 00:35 268 ---ha-w C:\sqmdata07.sqm
2009-01-22 22:09 . 2008-11-24 00:35 244 ---ha-w C:\sqmnoopt07.sqm
2009-01-22 13:09 . 2008-11-23 13:50 268 ---ha-w C:\sqmdata06.sqm
2009-01-22 13:09 . 2008-11-23 13:50 244 ---ha-w C:\sqmnoopt06.sqm
2008-11-04 11:06 . 2008-07-07 12:55 237704 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-07-27 09:23 . 2008-07-27 09:23 128 ----a-w c:\documents and settings\owner\Local Settings\Application Data\fusioncache.dat
2008-05-06 02:13 . 2008-05-06 02:04 2 ----a-w c:\documents and settings\owner\1.bat
2008-10-20 09:59 . 2008-10-20 09:59 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102020081021\index.dat
.
------- Sigcheck -------
[7] 2008-08-14 13:37 2064512 03707FBDEAD155480A9F100FB62180A0 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 13:20 2067584 C0B601D30C9B2E1B2F37423775E26983 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 16:24 2067584 5BE9C85582D409F6B0520F671B7C4EA7 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 13:42 2017280 3F1311721A96542F63D81913EA116BF1 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-03 22:08 2017792 B08E5140B07732B12E0BC1CDBFECAE4A c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2008-04-14 15:42 2067456 38ADD7143295F3C2CEAE688F4583DE30 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-14 15:42 2026496 2922CD0DDDE0F05F521D4EBA74917C22 c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-14 15:42 2025472 732887E7FDC05BED5A79A5EC49FD7E8D c:\windows\system32\VITrans\ntkrnlpa.exe
[7] 2008-08-14 13:37 2187520 5D43A393467AE76138E25C3ACAF27F75 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 13:20 2190720 9D9953C83765C024A5289F625714ED33 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 16:24 2190720 8D99ACB2CD1A686E7A98CC22119DE324 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 13:42 2137600 58F4EF0043EECE9A35A4DEB07A760B18 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-03 21:48 2150912 E0B16155DB89EA3298AE21271AD1812F c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2008-04-14 15:42 2190592 D08BABE3CB9FA5C6DF025E101B51F76B c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 15:42 2147840 47BD489976D48EF8E96189D3B5C432C8 c:\windows\system32\ntoskrnl.exe
[7] 2008-04-14 15:42 2146816 1D8896827AAF26D44F6FEA9498F296CF c:\windows\system32\VITrans\ntoskrnl.exe
[-] 2008-04-14 15:59 1246208 B3AF4BF74E80C46171581083D48656C0 c:\windows\explorer.exe
[-] 2008-08-15 18:54 1655296 2FD48AAEAEC9C891F72277BBE701F5DB c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2008-04-14 15:59 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 15:59 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-17 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-17 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-17 131072]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-28 201992]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\owner\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-3-5 5205504]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-1-28 10950144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 15:59 15360 ----a-w c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-18 22:35 68856 ----a-w c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-21 08:56 16261632 ------r c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2004-12-28 22:01 544768 -c--a-r c:\windows\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Documents and Settings\\owner\\My Documents\\LFS\\LFS - X\\LFS.exe"=
R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177280]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-28 33808]
S1 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2008-05-01 2944]
S2 AcuWVSScheduler;Acunetix WVS Scheduler;c:\program files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe [2006-07-17 571904]
S2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [2007-01-09 20539]
S2 Vcs;Vcs support;c:\windows\system32\Drivers\Vcs.sys [2002-12-10 6852]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{800f93ca-1723-11dd-9e2e-0019db2567ac}]
\Shell\AutoRun\command - g:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
\Shell\open\command - g:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{05I41M56-QW07-U20F-YX8T-VB4U6TP4UX63}]
"c:\docume~1\owner\LOCALS~1\Temp\Rar$EX12.203\Javes3 Baulo.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AAAA3CA9-51EA-0334-685F-AD599B48977F}]
e:\اجهزه\البرنامج\PI2.3.2\waled.exw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CA1AF7B6-4FF8-4292-4B5E-8600DD283037}]
c:\docume~1\owner\LOCALS~1\Temp\Rar$EX04.485\TCP.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-01 c:\windows\Tasks\User_Feed_Synchronization-{3407B3C2-D9DE-4849-AB34-CDDBF64144EA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 15:36]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-www.cproxy.com - c:\program files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
HKLM-Run-Waiting1690 - c:\windows\stid1690.exe
HKCU-Explorer_Run-javasecript3 - c:\docume~1\owner\LOCALS~1\Temp\Rar$EX12.203\Javes3 Baulo.exe
MSConfigStartUp-TrustBend - c:\docume~1\owner\APPLIC~1\FLAGLI~1\Win Third.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = about:blank
uInternet Settings,ProxyServer = 212.93.193.87:8080
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Show all images in original quality - c:\program files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: Show image in original quality - c:\program files\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: {{C1E3533C-70F6-4f36-B97C-032C8A5EE759} - c:\program files\C-SMS\c-sms.exe
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} - hxxp://74.53.69.87/cp/files/talk3.cab
DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} - hxxp://75.126.240.26/imscp/talka.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://209.11.240.194/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://saudi4voice.ksacam.com/imscp/talks2.cab
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\upb4nqdm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-17 05:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1004336348-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="a"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\  EH/E *BJ'3J *9(1 *'1*('7 *B*l*u*e*t*o*o*t*h*:*:*  'DGH'*A *'D.DHJ) *'DBJ'3J):*:*M*i*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\klogon.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\netshell.dll
c:\program files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2009-04-17 5:21 - machine was rebooted [owner]
ComboFix-quarantined-files.txt 2009-04-17 02:21
Pre-Run: 30,240,342,016 bytes free
Post-Run: 30,214,750,208 bytes free
579 --- E O F --- 2008-10-24 03:03​

 

[MMA_LORD_735]

تمام يالغلا ...

لحين تقدر تسوي تقرير هايجك ولا لاء ؟

 

[! WaLeD !]

لآآ يآلغالي نفس المشكله آلآولىآ

يمكن لآني خاش بالوضع العادي

اذا تبي اخش من السيف مود واسوي تقررير هايجك ؟

بس ابي رابط التحميل اول هع

: )​

 

[MMA_LORD_735]

تفضل يالغلا ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[! WaLeD !]

شف يآلغـآلي ..

 

[MMA_LORD_735]

تعرف أخوي ؟ خليني نكون مركزين ...

أنت عندك أكيد فايروسات ...

طبق ألي في هذه المشاركة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

و لا تنسى تقرير ...