عندي فايروس خبيث من يساعدني باقتلاعه

ا

الزعيـــــــــم

زيزوومي جديد
إنضم
16 نوفمبر 2008
المشاركات
15
مستوى التفاعل
0
النقاط
20
الإقامة
اليمن شبوة
غير متصل
عندي فايروس لعين ياشباب
وبصراحه اتعبني كل شوي اجرب له برنامج حمايه ولافي فائده

وهذه صورته يوم اظهر الملفات المخفيه يطلع لي كذا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
سلام عليكم

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : ابـــو عــبــد الــلــه
تأييد 0
توقيع : ابـــو عــبــد الــلــه
تأييد 0
يعطيكم العافية

هذا ليس بفايروس

احذف الحاسب الي انت فيه وارجع اعمل حساب جديد

ورح تزول المشكله

ولاهنت يابوريما
 
توقيع : AbOdy
تأييد 0
تسلم وهذا التقرير يابو ريما
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:29 م, on 25/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network LookOut\Administrator\bin\NLAgentSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Protector Plus\PPAVMon.exe
C:\Protector Plus\PPServ.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\Anti Mosquito.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROTEC~1\PPTbc.EXE
C:\PROTEC~1\PPInupdt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Protector Plus\POPSCAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Network LookOut\Administrator\bin\NLAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Adobe Acrobat Control for ActiveX - {CA8A9780-280D-11CF-A24D-444553540000} - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Anti Mosquito] C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\Anti Mosquito.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [twister] "C:\Program Files\Filseclab\Twister\Twister.exe" -a
O4 - HKLM\..\Run: [Protector Plus Taskbar Control] C:\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [Protector Plus InstaUpdate] C:\PROTEC~1\PPInupdt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Filseclab Messenger.lnk = C:\Program Files\Common Files\Filseclab\FilMsg.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{F943272E-640C-4FC2-8B14-6776E7E9C888}: NameServer = 192.168.2.1
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - C:\Program Files\Network LookOut\Administrator\bin\NLAgentSvc.exe
O23 - Service: Protector Plus Anti-virus Monitor Service (ProtectorPlusAVMonitor) - Proland Software - C:\Protector Plus\PPAVMon.exe
O23 - Service: Protector Plus Service (ProtectorPlusService) - Proland Software - C:\Protector Plus\PPServ.exe
--
End of file - 9288 bytes
 
تأييد 0
AbOdy قال:
يعطيكم العافية

هذا ليس بفايروس

احذف الحاسب الي انت فيه وارجع اعمل حساب جديد

ورح تزول المشكله

ولاهنت يابوريما
أنقر للتوسيع...


الله يوفقك
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
مثل ما قال الاستاذ AbOdy

ولكن خلينا نعمل تشيك على جهازك يالزعيم ..

اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
هذا تقرير combofix
ComboFix 09-04-25.A3 - Administrator 04/25/2009 23:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1015.591 [GMT 3:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
AV: Protector Plus Anti-virus Software *On-access scanning disabled* (Updated)
AV: Twister AntiTrojanVirus *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bn.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.
2009-04-25 19:54 . 2003-06-18 14:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-04-25 19:51 . 2009-04-25 19:51 -------- d-----w c:\program files\Microsoft Works
2009-04-25 19:51 . 2009-04-25 19:52 -------- d-----w c:\windows\SHELLNEW
2009-04-25 18:07 . 2009-04-25 18:11 63 ----a-w c:\windows\AlfaStart.CMD
2009-04-25 16:26 . 2009-04-25 16:26 -------- d-----w c:\program files\Alfa Autorun Killer 2
2009-04-25 13:40 . 2009-04-25 16:41 -------- d-----w c:\windows\BDOSCAN8
2009-04-25 13:07 . 2009-04-25 13:07 45056 ----a-w c:\windows\system32\_PPCXM_.DLL
2009-04-25 13:07 . 2009-04-25 13:07 29360 ----a-w c:\windows\_SETUPD_.EXE
2009-04-25 13:07 . 2009-04-25 15:03 -------- d-----w C:\Protector Plus
2009-04-25 11:55 . 2009-04-25 11:55 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-25 11:55 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-25 11:55 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 11:55 . 2009-04-25 11:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 11:55 . 2009-04-25 11:55 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 06:58 . 2009-03-06 14:20 283136 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:58 . 2009-02-09 11:21 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 06:58 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:58 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:58 . 2009-02-09 10:51 723456 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:58 . 2009-02-09 10:51 681472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:58 . 2009-02-09 10:51 693760 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 06:58 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:58 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 06:58 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 06:44 . 2009-03-27 06:48 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 06:44 . 2008-04-21 21:14 215040 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 21:40 . 2009-04-15 21:40 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-15 21:40 . 2009-04-15 21:40 -------- d-----w c:\program files\UltraISO
2009-04-15 21:32 . 2009-04-15 21:32 -------- d-----w c:\program files\mpegable
2009-04-15 18:07 . 2004-09-28 08:13 526184 ----a-w c:\windows\system32\XceedCry.dll
2009-04-15 18:07 . 2004-08-11 12:55 110602 ----a-w c:\windows\system32\xcdsfx32.bin
2009-04-15 18:07 . 2004-03-08 21:00 224016 ----a-w c:\windows\system32\Tabctl32.ocx
2009-04-15 18:07 . 2004-03-08 21:00 152848 ----a-w c:\windows\system32\Comdlg32.ocx
2009-04-15 18:07 . 2004-03-08 21:00 132880 ----a-w c:\windows\system32\Msinet.ocx
2009-04-15 18:07 . 2009-04-15 18:08 -------- d-----w c:\program files\Driver Magician
2009-04-15 16:34 . 2009-04-15 16:34 -------- d-----w c:\program files\MagicISO
2009-04-15 16:19 . 2009-04-15 16:19 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Thinstall
2009-04-15 16:19 . 2009-04-15 16:19 -------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-04-15 15:25 . 2009-04-15 15:25 1688 ----a-w c:\windows\system32\autoexec.nt
2009-04-14 20:37 . 2009-04-15 15:21 -------- d-----w c:\program files\Common Files\Filseclab
2009-04-14 20:37 . 2009-04-14 20:37 -------- d-----w c:\program files\Filseclab
2009-04-14 20:37 . 2009-04-14 20:37 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2009-04-14 18:28 . 2009-04-15 15:27 -------- d-----w c:\program files\Blackstar_tech
2009-04-14 18:06 . 2009-04-14 18:06 -------- d--h--w c:\windows\PIF
2009-04-14 18:06 . 2009-04-14 18:06 -------- d-----w c:\program files\RAR Password Recovery Magic
2009-04-14 17:18 . 2007-09-02 17:56 1686016 ----a-w c:\windows\system32\clinetsuitex6.ocx
2009-04-14 17:18 . 2005-01-12 08:19 456536 ----a-w c:\windows\system32\XCEEDZIP.DLL
2009-04-14 17:18 . 2004-03-09 13:45 662288 ----a-w c:\windows\system32\MSCOMCT2.OCX
2009-04-14 17:18 . 2009-04-14 17:18 -------- d-----w c:\program files\Driver-Soft
2009-04-13 18:53 . 2009-04-13 18:53 -------- d-----w c:\program files\Caffe
2009-04-13 16:00 . 2009-04-14 18:35 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-13 15:50 . 2009-04-15 15:26 -------- d-----w c:\program files\Trojan Remover
2009-04-13 15:47 . 2006-06-19 09:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-04-13 15:47 . 2006-05-25 11:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-04-13 15:47 . 2005-08-25 21:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-04-13 15:47 . 2003-02-02 16:06 153088 ----a-w c:\windows\system32\unrar3.dll
2009-04-13 15:47 . 2002-03-05 21:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-04-13 15:47 . 2009-04-15 15:26 -------- d-----w c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-04-13 13:57 . 2009-04-13 17:54 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-13 13:57 . 2009-04-13 17:54 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-13 13:56 . 2009-04-25 16:14 417824 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-13 13:56 . 2009-04-25 16:14 4604 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-13 13:56 . 2009-04-25 16:05 2809888 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-13 13:56 . 2009-04-25 16:04 26176 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-13 13:56 . 2009-04-13 13:56 -------- d-----w c:\program files\Kaspersky Lab
2009-04-12 17:37 . 2009-04-12 17:37 172 ----a-w C:\curr_ver.tmp
2009-04-11 16:59 . 2009-04-11 16:59 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\WinAVI
2009-04-11 16:59 . 2009-04-11 16:59 -------- d-----w c:\program files\WinAVI Video Converter
2009-04-11 15:08 . 2009-04-11 15:09 -------- d-----w c:\program files\NimoCodec Pack
2009-04-11 15:08 . 2009-04-11 15:08 -------- d-----w c:\windows\system32\quicktime
2009-04-11 15:08 . 2009-04-11 15:08 -------- d-----w c:\program files\DivX
2009-04-11 14:15 . 2009-04-11 14:15 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-11 14:15 . 2009-04-11 14:15 1409 ----a-w c:\windows\QTFont.for
2009-04-11 12:03 . 2009-04-25 13:24 -------- d-----w c:\program files\DAEMON Tools
2009-04-11 12:01 . 2009-04-11 12:01 639224 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-08 12:04 . 2009-04-08 12:04 -------- d-----w c:\program files\Ringz Studio
2009-04-08 11:59 . 2009-04-11 14:15 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2009-04-08 11:16 . 2009-04-08 11:16 0 ----a-w c:\windows\nsreg.dat
2009-04-08 11:16 . 2009-04-08 11:16 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-07 20:47 . 2009-04-07 20:47 -------- d-----w c:\program files\Network LookOut
2009-04-07 16:05 . 2009-04-07 16:06 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-07 15:36 . 2009-04-25 18:55 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-07 15:23 . 2009-04-07 15:23 -------- d-----w c:\documents and settings\Administrator\Application Data\IGN_DLM
2009-04-07 15:18 . 2009-04-07 15:18 69 ----a-w C:\ioAsk.ini
2009-04-07 14:40 . 2009-04-07 14:40 -------- d-----w c:\windows\system32\LogFiles
2009-04-07 13:49 . 2009-04-07 13:49 -------- d-----w c:\documents and settings\Administrator\Application Data\HP
2009-04-07 13:48 . 2009-04-07 13:48 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-07 13:44 . 2009-04-07 13:44 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-07 13:44 . 2007-11-08 14:52 271704 ----a-r c:\windows\system32\hpzids01.dll
2009-04-07 13:44 . 2007-10-20 15:25 117760 ----a-w c:\windows\system32\hpzll5mu.dll
2009-04-07 12:34 . 2009-04-07 12:34 -------- d-----w c:\program files\Hewlett-Packard
2009-04-07 12:34 . 2009-04-07 12:34 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-07 12:32 . 2009-04-07 13:49 173606 ----a-w c:\windows\hpoins27.dat
2009-04-07 12:32 . 2008-01-18 15:56 932 ------w c:\windows\hpomdl27.dat
2009-04-07 12:31 . 2007-10-30 09:25 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-07 12:31 . 2007-10-30 09:25 49920 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-07 12:31 . 2007-10-30 09:25 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-07 12:30 . 2007-10-30 09:25 372736 ----a-r c:\windows\system32\hppldcoi.dll
2009-04-07 12:30 . 2007-10-30 09:11 729088 ----a-r c:\windows\system32\hpowiax7.dll
2009-04-07 12:30 . 2007-10-30 09:11 303104 ----a-r c:\windows\system32\hpovst15.dll
2009-04-07 12:30 . 2007-10-30 09:11 581632 ----a-r c:\windows\system32\hpotscl6.dll
2009-04-07 12:30 . 2008-04-13 21:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-07 12:19 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-07 12:19 . 2008-10-16 11:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-07 12:19 . 2008-10-16 11:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-07 12:05 . 2009-04-25 12:36 -------- d-----w c:\documents and settings\Administrator\Tracing
2009-04-07 12:04 . 2009-04-07 12:04 -------- d-----w c:\program files\Common Files\xing shared
2009-04-07 12:03 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-07 12:01 . 2009-04-07 12:01 -------- d-----w c:\program files\Microsoft
2009-04-07 11:59 . 2009-04-07 11:59 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-06 21:25 . 2009-04-06 21:55 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-06 21:25 . 2009-04-06 21:55 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-06 21:24 . 2009-04-11 15:26 -------- d-----w c:\program files\QuickTime
2009-04-06 21:22 . 2009-04-06 21:24 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-06 21:21 . 2009-04-06 21:21 -------- d-----w c:\windows\Downloaded Installations
2009-04-06 17:47 . 2009-04-08 13:33 -------- d-----w c:\program files\Passware
2009-04-06 10:17 . 2008-04-13 21:15 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-05 20:38 . 2009-04-08 00:47 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-05 20:25 . 2009-04-05 20:25 -------- d-----w c:\program files\MSXML 6.0
2009-04-05 20:18 . 2009-04-08 00:43 -------- d-----w c:\program files\Microsoft SQL Server
2009-04-05 20:05 . 2009-04-05 20:05 -------- d-----w c:\program files\Microsoft Synchronization Services
2009-04-05 20:05 . 2009-04-07 12:03 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-05 19:59 . 2009-04-05 20:07 -------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-04-05 19:58 . 2009-04-05 19:58 -------- d-----w c:\program files\Microsoft SDKs
2009-04-05 19:57 . 2009-04-05 19:57 724904 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 20:33 . 2009-03-29 13:04 -------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-04-25 18:59 . 2001-09-19 12:00 485800 ----a-w c:\windows\system32\perfh001.dat
2009-04-25 18:59 . 2001-09-19 12:00 121208 ----a-w c:\windows\system32\perfc001.dat
2009-04-25 17:58 . 2009-03-29 12:37 498984 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 13:19 . 2009-03-29 13:04 -------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2009-04-14 20:37 . 2009-03-29 12:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 15:32 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-11 14:17 . 2009-03-29 13:00 -------- d-----w c:\program files\Google
2009-04-08 11:59 . 2009-03-29 13:32 -------- d-----w c:\program files\Ashampoo
2009-04-07 12:04 . 2009-03-29 13:00 -------- d-----w c:\program files\Common Files\Real
2009-04-07 12:02 . 2009-03-29 13:14 -------- d-----w c:\program files\MSN Messenger
2009-04-06 21:22 . 2009-03-29 12:43 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-04 18:49 . 2009-03-29 12:24 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-03 21:11 . 2009-03-29 13:33 -------- d-----w c:\documents and settings\Administrator\Application Data\Ashampoo
2009-04-01 12:24 . 2009-03-29 13:30 -------- d-----w c:\program files\Common Files\Adobe
2009-03-31 20:08 . 2009-03-29 13:07 -------- d-----w c:\documents and settings\Administrator\Application Data\HPAppData
2009-03-31 13:10 . 2009-03-29 13:03 -------- d-----w c:\program files\Internet Download Manager
2009-03-30 15:28 . 2009-03-30 15:28 594 ----a-w C:\updatedatfix.log
2009-03-29 13:33 . 2009-03-29 13:33 -------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-03-29 13:30 . 2009-03-29 13:30 -------- d-----w c:\documents and settings\Administrator\Application Data\InterTrust
2009-03-29 13:12 . 2009-03-29 13:12 2232 ----a-w c:\windows\java\Packages\Data\5FT73X31.DAT
2009-03-29 13:12 . 2009-03-29 13:12 155995 ----a-w c:\windows\java\Packages\C89FZ3LV.ZIP
2009-03-29 13:12 . 2009-03-29 13:12 2678 ----a-w c:\windows\java\Packages\Data\3HVBBJ3D.DAT
2009-03-29 13:12 . 2009-03-29 13:12 2678 ----a-w c:\windows\java\Packages\Data\028YV5ZJ.DAT
2009-03-29 13:12 . 2009-03-29 13:12 2678 ----a-w c:\windows\java\Packages\Data\V71B9NN5.DAT
2009-03-29 13:12 . 2009-03-29 13:12 2678 ----a-w c:\windows\java\Packages\Data\CDZ97JZF.DAT
2009-03-29 13:12 . 2009-03-29 13:12 2678 ----a-w c:\windows\java\Packages\Data\9N1FL3DB.DAT
2009-03-29 13:07 . 2009-03-29 12:57 173247 ----a-w c:\windows\hphins26.dat
2009-03-29 13:07 . 2009-03-29 13:05 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-03-29 13:05 . 2009-03-29 13:05 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-03-29 13:05 . 2009-03-29 13:03 -------- d-----w c:\program files\HP
2009-03-29 13:04 . 2009-03-29 13:04 -------- d-----w c:\program files\Common Files\HP
2009-03-29 13:00 . 2009-03-29 13:00 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-29 13:00 . 2009-03-29 13:00 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-29 13:00 . 2009-03-29 13:00 -------- d-----w c:\program files\Real
2009-03-29 12:49 . 2009-03-29 12:49 -------- d-----w c:\program files\SlySoft
2009-03-29 12:47 . 2009-03-29 12:47 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-29 12:43 . 2009-03-29 12:43 -------- d-----w c:\program files\Realtek
2009-03-29 12:43 . 2009-03-29 12:43 315392 ----a-w c:\windows\HideWin.exe
2009-03-29 12:22 . 2009-03-29 12:22 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-29 12:21 . 2009-03-29 12:21 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-22 19:57 . 2009-03-29 15:11 7100044 ----a-w c:\windows\system32\rapidlo.exe
2009-03-21 14:08 . 2009-03-21 14:08 1357824 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-08 11:09 . 2009-03-08 11:09 638816 ------w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 11:09 . 2009-03-08 11:09 391536 ------w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 01:41 . 2009-03-08 01:41 5937152 ------w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 01:34 . 2009-03-08 01:34 914944 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-08 01:34 . 2008-05-09 12:12 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2009-03-08 01:34 1206784 ------w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 01:34 . 2009-03-08 01:34 236544 ------w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 01:34 . 2009-03-08 01:34 43008 ------w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 01:34 . 2008-05-09 12:12 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:34 . 2009-03-08 01:34 105984 ------w c:\windows\system32\dllcache\url.dll
2009-03-08 01:34 . 2009-03-08 01:34 193536 ------w c:\windows\system32\dllcache\msrating.dll
2009-03-08 01:34 . 2009-03-08 01:34 109568 ------w c:\windows\system32\dllcache\occache.dll
2009-03-08 01:33 . 2009-03-08 01:33 759296 ------w c:\windows\system32\dllcache\VGX.dll
2009-03-08 01:33 . 2009-03-08 01:33 18944 ------w c:\windows\system32\dllcache\corpol.dll
2009-03-08 01:33 . 2008-05-09 12:11 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2009-03-08 01:33 25600 ------w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 01:33 . 2009-03-08 01:33 726528 ------w c:\windows\system32\dllcache\jscript.dll
2009-03-08 01:33 . 2009-03-08 01:33 229376 ------w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 01:33 . 2009-03-08 01:33 420352 ------w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 01:33 . 2008-04-14 18:29 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:33 . 2009-03-08 01:33 125952 ------w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 01:32 . 2009-03-08 01:32 72704 ------w c:\windows\system32\dllcache\admparse.dll
2009-03-08 01:32 . 2008-05-09 12:11 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2009-03-08 01:32 173056 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 01:32 . 2009-03-08 01:32 163840 ------w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 01:32 . 2009-03-08 01:32 71680 ------w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 01:32 . 2009-03-08 01:32 55808 ------w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 01:32 . 2008-05-09 12:12 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:32 . 2009-03-08 01:32 128512 ------w c:\windows\system32\dllcache\advpack.dll
2009-03-08 01:32 . 2009-03-08 01:32 94720 ------w c:\windows\system32\dllcache\inseng.dll
2009-03-08 01:32 . 2009-03-08 01:32 611840 ------w c:\windows\system32\dllcache\mstime.dll
2009-03-08 01:31 . 2009-03-08 01:31 183808 ------w c:\windows\system32\dllcache\iepeers.dll
2009-03-08 01:31 . 2009-03-08 01:31 348160 ------w c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 01:31 . 2009-03-08 01:31 34816 ------w c:\windows\system32\dllcache\imgutil.dll
2009-03-08 01:31 . 2009-03-08 01:31 216064 ------w c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 01:31 . 2008-05-09 12:12 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2009-03-08 01:31 46592 ------w c:\windows\system32\dllcache\pngfilt.dll
2009-03-08 01:31 . 2009-03-08 01:31 66560 ------w c:\windows\system32\dllcache\mshtmled.dll
2009-03-08 01:31 . 2009-03-08 01:31 48128 ------w c:\windows\system32\dllcache\mshtmler.dll
2009-03-08 01:31 . 2008-05-09 12:12 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2009-03-08 01:31 45568 ------w c:\windows\system32\dllcache\mshta.exe
2009-03-08 01:31 . 2008-05-09 12:12 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:24 . 2009-03-08 01:24 68608 ------w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 01:22 . 2009-03-08 01:22 156160 ------w c:\windows\system32\dllcache\msls31.dll
2009-03-08 01:22 . 2008-05-09 12:12 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2008-04-14 18:29 283136 ----a-w c:\windows\system32\pdh.dll
2009-02-09 14:04 . 2009-02-09 14:04 1846656 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2008-04-14 18:07 1846656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:22 . 2008-04-14 21:12 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2008-04-14 18:12 2146816 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2008-04-14 18:30 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-14 18:29 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-14 18:29 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-14 18:29 681472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-14 18:29 693760 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2007-03-12 09:2009-04-08 11:15 01:33 . c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 09:2009-04-08 11:15 01:34 . c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 09:2009-04-08 11:15 01:36 . c:\program files\mozilla firefox\components\myspell.dll
2007-03-12 09:2009-04-08 11:15 01:38 . c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 09:2009-04-08 11:15 01:40 . c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[-] 2008-04-14 18:30 14336 6B1139CA38DB1678487678C44874B80F c:\windows\system32\svchost.exe
[-] 2008-04-14 18:29 578048 F95655E872967AE2CD4C19D8914BABB7 c:\windows\system32\user32.dll
[-] 2008-04-14 18:29 82432 8A2B77E2A2F2AD328EE3A2ED91F08EBB c:\windows\system32\ws2_32.dll
[-] 2008-05-09 12:12 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie8\wininet.dll
[-] 2008-12-20 22:31 826368 5B35855D3E98567AA2C85B2183EA84A7 c:\windows\SoftwareDistribution\Download\3bbefe9d504246557a1cb81dda32536d\SP2GDR\wininet.dll
[-] 2008-12-20 23:46 827904 B7515B5012855F6A3BDE9BE849054067 c:\windows\SoftwareDistribution\Download\3bbefe9d504246557a1cb81dda32536d\SP2QFE\wininet.dll
[-] 2009-03-08 01:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\wininet.dll
[-] 2009-03-08 01:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll
[-] 2008-04-14 18:30 506880 BCEDF9DCCBC807108CE34C9834074C34 c:\windows\system32\winlogon.exe
[-] 2008-04-13 21:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 21:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-14 18:29 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\explorer.exe
[-] 2008-04-14 18:29 13312 99AE1390A271B02D752178DF9E8442A3 c:\windows\system32\lsass.exe
[-] 2008-04-14 18:29 15360 252F972131EB23596C20B82CA190DC5C c:\windows\system32\ctfmon.exe
[-] 2008-04-14 18:30 57856 42ECA7EA7D2E8B874BB9E4D147A5F783 c:\windows\system32\spoolsv.exe
[-] 2008-04-14 18:30 26112 B2B4E4722CAAFE109BEC13773BCB75B0 c:\windows\system32\userinit.exe
[-] 2008-04-14 18:29 295424 58E202572D3251BF2687BF841EA00CE0 c:\windows\system32\termsrv.dll
[-] 2008-04-14 18:29 17408 DC4CD0AAD9A26C4FB63D75FB54FDFDA7 c:\windows\system32\powrprof.dll
[-] 2008-04-14 18:29 110080 437820B0DB7A11FB58660CE6C40A05F6 c:\windows\system32\imm32.dll
[-] 2008-05-09 12:13 1571328 CA1867A515E40A015BA6D9ADD83FB823 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Anti Mosquito"="c:\documents and settings\Administrator\My Documents\Downloads\Compressed\Anti Mosquito.exe" [2001-12-19 258048]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-13 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-07 198160]
"twister"="c:\program files\Filseclab\Twister\Twister.exe" [2009-01-22 565248]
"Protector Plus Taskbar Control"="c:\protec~1\PPTbc.EXE" [2009-04-25 1278640]
"Protector Plus InstaUpdate"="c:\protec~1\PPInupdt.exe" [2009-04-25 1159856]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-11-22 16858112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Filseclab Messenger.lnk - c:\program files\Common Files\Filseclab\FilMsg.exe [2009-4-14 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4445:TCP"= 4445:TCP:Network LookOut Administrator Configuration
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-13 33808]
S1 filar;Filseclab Dynamic Defense System Driver;c:\progra~1\COMMON~1\FILSEC~1\filar.sys [2007-12-18 10896]
S2 NetworkLookOutAgent;Network LookOut Agent;c:\program files\Network LookOut\Administrator\bin\NLAgentSvc.exe [2009-03-11 1219584]
S2 ProtectorPlusAVMonitor;Protector Plus Anti-virus Monitor Service;c:\protector plus\PPAVMon.exe [2009-04-25 62128]
S2 ProtectorPlusService;Protector Plus Service;c:\protector plus\PPServ.exe [2009-04-25 78512]
S3 filpp;Filseclab Process Protection Driver;c:\progra~1\COMMON~1\FILSEC~1\filpp.sys [2008-12-21 9776]
S3 IMMDRV;Filseclab Twister Kernel Module;c:\progra~1\FILSEC~1\Twister\immdrv.sys [2009-01-25 151984]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 PPDrv;Protector Plus Driver;c:\protector plus\PPDrv.sys [2009-04-25 703792]
S3 PPEMSCAN;Protector Plus Email Scan Driver;c:\protector plus\PPEMSCAN.sys [2009-04-25 19272]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2007-10-01 419344]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - MDM
*NewlyCreated* - OSE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c4161c6-2070-11de-be9e-0008c9a204bc}]
\Shell\AuToplAY\comMand - J:\fycfp.exe
\Shell\AutoRun\command - J:\fycfp.exe
\Shell\EXPloRe\CommAnD - J:\fycfp.exe
\Shell\oPEN\COMMAnD - J:\fycfp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bd9af9e-2352-11de-beb0-0008c9a204bc}]
\sHeLl\aUtopLay\cOmManD - K:\txxgl.pif
\sHeLl\AutoRun\command - K:\txxgl.pif
\sHeLl\EXplorE\COMmand - K:\txxgl.pif
\sHeLl\Open\cOmmANd - K:\txxgl.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaf41d16-22c6-11de-beab-0008c9a204bc}]
\shelL\AUtoplaY\CommaNd - tuxql.exe
\shelL\AutoRun\command - tuxql.exe
\shelL\eXpLORe\CoMMand - tuxql.exe
\shelL\opEN\command - tuxql.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaf41d37-22c6-11de-beab-0008c9a204bc}]
\Shell\AutoRun\command - K:\em8tqm.cmd
\Shell\open\Command - K:\em8tqm.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {F943272E-640C-4FC2-8B14-6776E7E9C888} = 192.168.2.1
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y3xh886i.default\
FF - prefs.js: browser.startup.homepage - hxxp://03compu.ru/start
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-25 23:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Anti Mosquito = c:\documents and settings\Administrator\My Documents\Downloads\Compressed\Anti Mosquito.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-436374069-1202660629-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,72,41,2a,d5,56,ce,f9,41,9b,91,b3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,72,41,2a,d5,56,ce,f9,41,9b,91,b3,\
.
Completion time: 2009-04-25 23:35
ComboFix-quarantined-files.txt 2009-04-25 20:35
Pre-Run: 4,878,811,136 bytes free
Post-Run: 9,185,411,072 bytes free
407 --- E O F --- 2009-04-24 12:41
 
تأييد 0
أخوي الزعيم .. الله يرزقك بر والديك



1- قلل من البرامج اللى تشتغل مع بدء التشغيل .

2- قم بتحديث الكاسبر وبعد ذلك افحص جهازك فحص كامل .

...

في امان ربي
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
اللهم امين
تسلم يابو ريما بس ماقلت لي هي اصابه ولا ايش
الله يرزقك الجنه
 
تأييد 0
توقيع : ابـــو عــبــد الــلــه
تأييد 0
السلام عليكم و رحمة الله تعالى و بركاته
عذرا على المداخلة فيما يخص المجلد autorun.inf هو أحد مخلفات برنامج
USB Disk Security

و لا ضرر منه​
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى