خطأ معجزني أرجو المساعدة

الجامعي12 · 31 مايو 2009

شو سبب الخطا

ابـــو عــبــد الــلــه · 31 مايو 2009

حمل هذا الآداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
أتمنى منك الصبر حتى يتم تحليل التقرير

الجامعي12 · 31 مايو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38, on 2009-05-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
G:\ghost\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.net.sy:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FBCF5AA-DB89-469D-A15A-8CB0FEBB8A72}: NameServer = 192.168.2.14 192.168.2.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Onlineeye Firewall Service (gmxfwsvc) - Unknown owner - C:\Program Files\Onlineeye\gmxffcsrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ine24kmv - Unknown owner - (no file)
O23 - Service: MySQL - Unknown owner - C:\Amazing\MySQL\bin\mysqld-max-nt.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe (file missing)

--
End of file - 8445 bytes

ابـــو عــبــد الــلــه · 31 مايو 2009

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

اثناء الفحص ممكن يعاد تشغيل الجهاز

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى

PrinceOfPersia · 31 مايو 2009

غفر الله لك ولوالديك أبوريما

شعلة من نشاط في كل مكان

ابـــو عــبــد الــلــه · 31 مايو 2009

princeofpersia قال:
غفر الله لك ولوالديك أبوريما

شعلة من نشاط في كل مكان

اللهم امين

اسأل الله أن يرزقك من خيري الدنيا والآخره ويسعد قلبك في الدارين

الجامعي12 · 31 مايو 2009

وبعدين
بيكون مشي الحال هيك

ابـــو عــبــد الــلــه · 31 مايو 2009

ابو ريما قال:
عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

اثناء الفحص ممكن يعاد تشغيل الجهاز

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه

انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى

وين تقرير الاداة

الجامعي12 · 31 مايو 2009

ComboFix 09-05-30.06 - المعري 05/31/2009 21:27.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1023.685 [GMT 2:00] Running from: G:\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\program files\flash.exe c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\Readme.txt c:\windows\system\oeminfo.ini c:\windows\system32\au3305adc.dll c:\windows\system32\avpo.exe c:\windows\system32\Cache c:\windows\system32\config.dat c:\windows\system32\Ijl11.dll c:\windows\system32\install.exe c:\windows\system32\libmysql41.dll c:\windows\system32\tmp25.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 ))))))))))))))))))))))))))))))) . 2009-05-31 19:10 . 2009-05-31 19:10 -------- d-sh--w- C:\FOUND.002 2009-05-31 18:14 . 2009-05-31 18:14 -------- d-sh--w- C:\FOUND.001 2009-05-28 09:39 . 2009-05-28 09:39 -------- d-----w- C:\SyrianAccountants 2009-05-25 12:55 . 2009-05-25 12:55 -------- d-----w- c:\documents and settings\المعري\Application Data\MxBoost 2009-05-25 12:54 . 2009-05-25 12:54 -------- d-----w- c:\program files\Maxthon2 2009-05-25 12:52 . 2009-05-25 12:52 -------- d-sh--w- C:\FOUND.000 2009-05-23 20:27 . 2009-05-23 20:27 73728 ----a-w- c:\windows\Alasma Uninstaller.exe 2009-05-23 20:27 . 2009-05-23 20:27 208896 ----a-w- c:\documents and settings\المعري\Application Data\Alasma\alasma.dll 2009-05-23 20:27 . 2009-05-23 20:27 -------- d-----w- c:\documents and settings\المعري\Application Data\Alasma 2009-05-23 14:47 . 2009-05-23 14:47 -------- d-----w- c:\program files\Baset 2009-05-21 21:30 . 2009-05-21 21:30 -------- d-----w- c:\program files\EA Games 2009-05-21 17:04 . 2009-05-21 17:04 -------- d-----w- c:\program files\GFi 2009-05-17 23:45 . 2009-05-17 23:45 -------- d-----w- c:\program files\Gogago 2009-05-17 23:45 . 2008-06-11 08:41 6294528 ----a-w- c:\windows\system32\MioEncoder1.dll 2009-05-17 23:44 . 2009-05-17 23:44 59 ----a-w- c:\documents and settings\المعري\Application Data\Modem Spy\delete_backup.bat 2009-05-17 23:44 . 2009-05-17 23:44 -------- d-----w- c:\documents and settings\المعري\Application Data\Modem Spy 2009-05-17 21:27 . 2009-05-17 21:27 -------- d-----w- c:\documents and settings\المعري\Application Data\Skype 2009-05-17 21:26 . 2009-05-17 21:26 -------- d-----w- c:\program files\Skype 2009-05-17 21:26 . 2009-05-17 21:26 -------- d-----w- c:\program files\Common Files\Skype 2009-05-17 21:23 . 2009-05-17 21:23 -------- d-----w- c:\program files\EjoyStudio 2009-05-17 20:24 . 2009-05-17 20:24 -------- d-----w- c:\documents and settings\All Users\سطح المكتب 2009-05-16 14:38 . 2009-05-16 14:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-05-16 14:38 . 2009-05-16 14:38 -------- d-----w- c:\documents and settings\المعري\Application Data\skypePM 2009-05-16 11:34 . 2009-05-16 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-05-11 19:37 . 2009-05-11 19:37 -------- d-----w- C:\aviraup 2009-05-11 19:31 . 2009-02-13 09:31 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-05-09 19:11 . 2009-05-09 19:11 -------- d-----w- c:\documents and settings\المعري\Application Data\Desktopicon 2009-05-09 19:11 . 2009-05-09 19:11 -------- d-----w- c:\program files\Unlocker . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-31 19:20 . 2009-04-03 19:33 32 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-05-31 19:20 . 2009-04-03 19:33 32 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-05-31 19:20 . 2009-04-02 15:27 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-05-31 19:20 . 2009-04-02 15:27 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-05-31 18:52 . 2009-05-31 18:52 172 ----a-w- C:\curr_ver.tmp 2009-05-24 15:41 . 2009-04-02 15:28 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-24 15:41 . 2009-04-02 15:28 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-21 21:57 . 2009-02-09 22:37 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-05-21 21:57 . 2009-02-09 22:37 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-05-16 18:12 . 2001-09-19 09:00 438220 ----a-w- c:\windows\system32\perfh001.dat 2009-05-16 18:12 . 2001-09-19 09:00 116618 ----a-w- c:\windows\system32\perfc001.dat 2009-04-12 08:55 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-04-12 08:55 . 2009-04-02 15:34 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys 2009-04-12 08:55 . 2009-04-02 15:34 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys 2009-04-12 08:50 . 2009-04-12 08:50 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\x64\scrchpg.dll 2009-04-12 08:50 . 2009-04-12 08:50 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\x64\scrchpg.dll 2009-04-12 08:50 . 2009-04-12 08:50 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.357\x64\scrchpg.dll 2009-04-12 08:50 . 2009-04-11 14:55 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\scrchpg.dll 2009-04-12 08:50 . 2009-04-11 14:54 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\scrchpg.dll 2009-04-12 08:50 . 2009-04-11 14:47 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\scrchpg.dll 2009-04-09 17:05 . 2009-04-09 17:05 -------- d-----w- c:\program files\Codec Pack - All In 1 2009-04-09 17:04 . 2005-04-25 18:39 737280 ----a-w- c:\windows\iun6002.exe 2009-04-04 21:53 . 2009-04-04 21:53 4082688 ----a-w- c:\windows\system32\qtintf70.dll 2009-04-04 21:53 . 2009-04-04 21:53 280576 ----a-w- c:\windows\system32\libmysql320.dll 2009-04-04 21:53 . 2009-04-04 21:53 245760 ----a-w- c:\windows\system32\libmysql40.dll 2009-04-04 21:53 . 2009-04-04 21:53 217088 ----a-w- c:\windows\system32\libmysql323.dll 2009-04-04 21:52 . 2009-04-04 21:52 1167360 ----a-w- c:\windows\system32\mysqldump.exe 2009-04-04 21:52 . 2009-04-04 21:52 1220608 ----a-w- c:\windows\system32\mysql.exe 2009-04-04 21:52 . 2009-04-04 21:52 1146880 ----a-w- c:\windows\system32\mysqladmin.exe 2009-04-04 16:06 . 2009-04-04 16:06 -------- d-----w- c:\program files\Kaspersky Lab 2009-04-04 10:50 . 2005-02-13 12:11 774152 ----a-w- c:\documents and settings\المعري\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-03 23:39 . 2009-04-03 23:39 2272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-03 23:38 . 2009-04-03 23:38 -------- d-----w- c:\program files\Reference Assemblies 2009-04-03 23:27 . 2009-04-03 23:27 -------- d-----w- c:\program files\MSXML 6.0 2009-04-03 23:27 . 2009-04-03 23:27 -------- d-----w- c:\program files\MSXML 4.0 2009-04-03 21:58 . 2009-04-03 21:58 -------- d-----w- c:\program files\Picture Resize Genius 2009-04-02 23:23 . 2009-04-02 23:23 -------- d-----w- c:\program files\Windows Live 2009-04-02 15:34 . 2009-04-02 15:34 38416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\klbg.sys 2009-03-25 20:41 . 2009-03-25 20:41 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A2F41E00-8616-4750-BBE1-72F3C7970C6A}\Installer\CommonCustomActions\UninstCCD.exe 2009-03-25 20:41 . 2009-03-25 20:41 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A2F41E00-8616-4750-BBE1-72F3C7970C6A}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-03-25 20:41 . 2009-03-25 20:41 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A2F41E00-8616-4750-BBE1-72F3C7970C6A}\Installer\CommonCustomActions\UninstPCS.exe 2009-03-24 18:16 . 2009-03-24 18:16 7168 ----a-w- c:\documents and settings\المعري\Application Data\Thinstall\Air Guard Full\40000016d00002i\pa.exe 2009-03-13 16:43 . 2006-03-27 16:56 720896 ----a-w- c:\windows\iun6002ev.exe 2009-03-07 10:30 . 2009-03-07 10:30 298496 ----a-w- c:\program files\Common Files\mdn2.exe 2005-04-23 23:47 . 2005-04-23 23:47 284160 ----a-w- c:\program files\Common Files\mdn.exe 2002-03-05 13:35 . 2007-03-09 00:08 860160 ---ha-w- c:\program files\FLASH Player 8 Arabic.exe 2009-01-30 14:41 . 2009-01-30 14:41 55070 --sha-r- c:\windows\)CGFNOPPKOFNORLFBQII.dll 2009-02-21 10:41 . 2009-02-21 10:41 0 --sh--w- c:\windows\S747CF335.tmp . ------- Sigcheck ------- [-] 2004-08-03 19:56 14336 0ECD0853CADB84AE5DF7DA9BD1731CC7 c:\windows\system32\svchost.exe [-] 2004-08-03 19:55 576512 EDE1D5F29B2752953F3D5D11004154C1 c:\windows\system32\user32.dll [-] 2004-08-03 19:56 82944 C3B9FD7B0D0824FC224684B73302A0FD c:\windows\system32\ws2_32.dll [-] 2006-11-07 19:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\system32\WININET.DLL [-] 2006-03-04 03:33 656896 E99D9C59ED7226E6FA776963823C9C3C c:\windows\ie7\wininet.dll [-] 2008-09-28 16:11 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\drivers\tcpip.sys [-] 2004-08-03 19:56 501248 BA4E08425B62BE257AE4557DA058F1AA c:\windows\system32\WINLOGON.EXE [-] 2004-08-03 18:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys [-] 2004-08-03 18:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-03 22:48 2058368 144FA719CD380DCAED316FD12B998CA0 c:\windows\system32\NTKRNLPA.EXE [-] 2004-08-03 22:48 2149888 10AC039A4734D143A84763AEBACBCD89 c:\windows\system32\NTOSKRNL.EXE [-] 2004-08-03 22:48 2149888 10AC039A4734D143A84763AEBACBCD89 c:\windows\system32\dllcache\ntoskrnl.exe [-] 2003-10-19 00:53 2322688 D040EECF95A7629B91FD5F6E7B5B4FE7 c:\windows\Resources\Boot\NTOSKRNL.EXE [-] 2004-08-03 19:56 1029632 932F97B77F2625F7FF7DFC97552548F8 c:\windows\EXPLORER.EXE [-] 2004-08-03 19:56 108032 706B1ED77D90DFAFC71AC86AFCC1CC03 c:\windows\system32\services.exe [-] 2004-08-03 19:56 13312 E0C58B25FA2A8AC9EA18A0A5ABB8A932 c:\windows\system32\lsass.exe [-] 2004-08-03 19:56 15360 B87D2319441038F62BDDAEEB6BCE156D c:\windows\system32\CTFMON.EXE [-] 2004-08-03 19:56 57856 5917EF4B63693507C1BE9D1986D2E1DB c:\windows\system32\spoolsv.exe [-] 2004-08-03 22:56 110592 DB229DFB518B42754A510C5E101FA70F c:\windows\system32\wuauclt.exe [-] 2004-08-03 19:56 24576 E5B1BAFAC265460493B1A12B65C1CF52 c:\windows\system32\userinit.exe [-] 2004-08-03 22:55 295424 4D42FE6F795DEA7917F329A40A175294 c:\windows\system32\termsrv.dll [-] 2004-08-03 19:55 1351680 458F1764A02B43A053D0E2CEF2A6AE5B c:\windows\system32\kernel32.dll [-] 2004-08-03 19:55 1351680 458F1764A02B43A053D0E2CEF2A6AE5B c:\windows\system32\dllcache\kernel32.dll [-] 2004-08-03 19:55 17408 A8C31D5B403B48E98F352DCBCFCEEB9E c:\windows\system32\powrprof.dll [-] 2004-08-03 19:55 110080 E3FE07E893352F48748790DA6FD04A42 c:\windows\system32\imm32.dll [-] 2004-08-03 19:55 1547776 A253EDE6E4DA90E8254B8C2E4838A3CB c:\windows\system32\sfcfiles.dll [-] 2004-08-03 19:55 1547776 A253EDE6E4DA90E8254B8C2E4838A3CB c:\windows\system32\dllcache\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideShutdownScripts"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLogonScripts"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoVisualStyleChoice"= 0 (0x0) "NoColorChoice"= 0 (0x0) "NoSizeChoice"= 0 (0x0) "HideLogonScripts"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoChangeAnimation"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "NoViewOnDrive"= 0 (0x0) "NoRecycleFiles"= 0 (0x0) "ForceRecycleBinSize"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoFileAssociate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoExpandedNewMenu"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoThemesTab"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "NoViewOnDrive"= 0 (0x0) "RestrictRun"= 0 (0x0) "DisallowRun"= 0 (0x0) "NoRecycleFiles"= 0 (0x0) "ForceRecycleBinSize"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoFileAssociate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideClock"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "NoExpandedNewMenu"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll "wave2"= serwvdrv.dll "wave3"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^AutoCAD Startup Accelerator.lnk] backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^BlueSoleil.lnk] backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^FlashPath for SD Memory Card Status.lnk] backup=c:\windows\pss\FlashPath for SD Memory Card Status.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Orbit.lnk] backup=c:\windows\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Scheduler for OEM.lnk] backup=c:\windows\pss\Scheduler for OEM.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^scktsrvr.exe] backup=c:\windows\pss\scktsrvr.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Service Manager.lnk] backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^المعري^قائمة ابدأ^البرامج^بدء التشغيل^OneNote 2007 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^المعري^قائمة ابدأ^البرامج^بدء التشغيل^SetSoft.lnk] backup=c:\windows\pss\SetSoft.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^المعري^قائمة ابدأ^البرامج^بدء التشغيل^Stardock Keyboard Launchpad.lnk] backup=c:\windows\pss\Stardock Keyboard Launchpad.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eagleeye HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWd HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VersionCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVC"=2 (0x2) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "Wmi"=3 (0x3) "WmdmPmSN"=3 (0x3) "WebClient"=2 (0x2) "W32Time"=2 (0x2) "UPS"=3 (0x3) "upnphost"=3 (0x3) "TrkWks"=2 (0x2) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "stisvc"=2 (0x2) "SSDPSRV"=3 (0x3) "ShellHWDetection"=2 (0x2) "SENS"=2 (0x2) "seclogon"=2 (0x2) "SCardSvr"=3 (0x3) "SamSs"=2 (0x2) "RSVP"=3 (0x3) "RemoteRegistry"=2 (0x2) "ProtectedStorage"=2 (0x2) "PolicyAgent"=2 (0x2) "ose"=3 (0x3) "NtmsSvc"=3 (0x3) "NtLmSsp"=3 (0x3) "Nla"=3 (0x3) "Netlogon"=3 (0x3) "MSDTC"=3 (0x3) "mnmsrvc"=3 (0x3) "MDM"=2 (0x2) "HTTPFilter"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "ERSvc"=2 (0x2) "Dnscache"=2 (0x2) "dnetc"=2 (0x2) "CryptSvc"=3 (0x3) "CiSvc"=2 (0x2) "Browser"=2 (0x2) "BITS"=3 (0x3) "aspnet_state"=3 (0x3) "ALG"=3 (0x3) "UleadBurningHelper"=2 (0x2) "Fax"=2 (0x2) "xmlprov"=3 (0x3) "iPodService"=3 (0x3) "IDriverT"=3 (0x3) "RichVideo"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WudfSvc"=2 (0x2) "odserv"=3 (0x3) "NVSvc"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "UTSCSI"=2 (0x2) "btwdins"=2 (0x2) "BlueSoleil Hid Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\WINDOWS\\System32\\fxsclnt.exe"= "e:\\BIGAMES\\Counter-Strike\\HL.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\outlook.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\onenote.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "g:\\Future Games\\WarcrafIII\\Warcraft III.exe"= "c:\\WINDOWS\\System32\\PnkBstrA.exe"= "c:\\WINDOWS\\System32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R0 sfdrv02;FrontLine Environment Driver (v2);c:\windows\system32\drivers\sfdrv02.sys [2006-09-11 67960] R0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows\system32\drivers\sfsync05.sys [2006-08-11 59776] R1 is-G3O4Ddrv;is-G3O4Ddrv;c:\windows\system32\drivers\37020511.sys [2008-10-21 148496] R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2007-02-04 289280] R2 FPMCNT;FPMCNT;c:\windows\system32\drivers\fpmcnt.sys [2008-11-13 72912] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336] R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2008-11-13 73296] R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2007-02-04 26880] R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [2005-04-22 72478] S1 NtFsLdf20;NtFsLdf20; [x] S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768] S2 gmxfwsvc;Onlineeye Firewall Service;"c:\program files\Onlineeye\gmxffcsrv.exe" -service --> c:\program files\Onlineeye\gmxffcsrv.exe [?] S2 Parclass;Parclass;c:\windows\system32\drivers\parclass.sys [2008-08-15 19824] S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?] S3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [2005-04-20 72192] S3 Ine24kmv;Ine24kmv; [x] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2008-11-14 32000] S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2008-11-14 28057] S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2008-11-14 21081] S4 Btapnpwh;Btapnpwh;c:\windows\system32\drivers\MSKSSRV.sys [2005-04-20 7552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-05-31 c:\windows\Tasks\User_Feed_Synchronization-{FA309DCC-7DD7-48FB-B9B6-A7F80624C5E5}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:58] . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = proxy.net.sy:3128 uInternet Settings,ProxyOverride = local LSP: c:\progra~1\ALOOLA~1\sliplsp.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\المعري\Application Data\Mozilla\Firefox\Profiles\t6n9cz33.default\ FF - prefs.js: keyword.URL - hxxp://alasma.com/Alasma/trans.php?site=FireFox&name= FF - prefs.js: network.proxy.ftp - proxy.net.sy FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.gopher - proxy.net.sy FF - prefs.js: network.proxy.gopher_port - 3128 FF - prefs.js: network.proxy.http - proxy.net.sy FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - proxy.net.sy FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - proxy.net.sy FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-31 21:31 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*2*\Attributes] "Vendor"="Microsoft" "Technology"="MMSys" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*2*\UI\AudioProperties] "CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*2*\UI\AudioVolume] "CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*3*\Attributes] "Vendor"="Microsoft" "Technology"="MMSys" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*3*\UI\AudioProperties] "CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*3*\UI\AudioVolume] "CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*2*\Attributes] "Vendor"="Microsoft" "Technology"="MMSys" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*2*\UI\AudioVolume] "CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*3*\Attributes] "Vendor"="Microsoft" "Technology"="MMSys" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*3*\UI\AudioVolume] "CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}" [HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:0c,ed,f2,58,bd,96,3a,62,b2,82,d2,fd,1c,e5,a4,22,1f,97,0d,81,10, 63,72,b4,94,5c,c9,35,9c,04,18,56,8b,bd,88,8a,5d,0c,93,bc,2a,a3,19,f3,f3,e0,\ "rkeysecu"=hex:5b,4b,c3,f3,4b,78,82,21,bd,70,ed,27,1b,46,dd,45 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4f4193cb-8774-4def-808a-6da965edf984}] @Denied: (Full) (Everyone) "Model"=dword:000000ce "Therad"=dword:00000031 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,a8,a5,91,e0,f3,36,42,6b,b5,66,4a,d0,23,02,d0,61,fc,5a,e1,75,44,d7,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):5f,f7,0d,aa,f6,d5,26,67,aa,8a,ab,f8,01,06,33,34,0d,c9,2a,df,11, 25,5d,c9,c8,4b,36,d9,ec,84,28,08,a7,7d,9b,7a,89,10,1e,eb,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{616597cf-47e0-46ab-bbed-1fbdd15d89cb}] @Denied: (Full) (Everyone) "Model"=dword:00000130 "Therad"=dword:00000015 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,09,2f,52,82,03,ac,78,2f,54,b9,4e,67,bc,c7,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):51,54,82,a9,10,7a,f0,7a,a9,74,c3,33,2b,52,9f,03,76,82,cb,78,29, b9,f9,8e,dc,d4,7e,36,87,b7,c4,69,f7,0b,dd,f2,e0,85,9e,14,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3724) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\progra~1\ALOOLA~1\sliplsp.dll c:\windows\sliprt.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\PC Connectivity Solution\ConnAPI.DLL c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\program files\Nokia\PC Suite for N-Gage QD\eccopyhook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-05-31 21:34 ComboFix-quarantined-files.txt 2009-05-31 19:34 Pre-Run: 6,354,583,552 bytes free Post-Run: 6,335,856,640 bytes free 501

ابـــو عــبــد الــلــه · 1 يونيو 2009

ارفع التقرير مرة اخرى دون التعديل عليه

السّاجد لله · 1 يونيو 2009

بارك الله فيك الان اعمل تقرير هاي جاك

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

الجامعي12 · 1 يونيو 2009

ComboFix 09-05-30.06 - المعري 05/31/2009 21:27.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1023.685 [GMT 2:00]
Running from: G:\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\flash.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Readme.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\au3305adc.dll
c:\windows\system32\avpo.exe
c:\windows\system32\Cache
c:\windows\system32\config.dat
c:\windows\system32\Ijl11.dll
c:\windows\system32\install.exe
c:\windows\system32\libmysql41.dll
c:\windows\system32\tmp25.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 19:10 . 2009-05-31 19:10 -------- d-sh--w- C:\FOUND.002
2009-05-31 18:14 . 2009-05-31 18:14 -------- d-sh--w- C:\FOUND.001
2009-05-28 09:39 . 2009-05-28 09:39 -------- d-----w- C:\SyrianAccountants
2009-05-25 12:55 . 2009-05-25 12:55 -------- d-----w- c:\documents and settings\المعري\Application Data\MxBoost
2009-05-25 12:54 . 2009-05-25 12:54 -------- d-----w- c:\program files\Maxthon2
2009-05-25 12:52 . 2009-05-25 12:52 -------- d-sh--w- C:\FOUND.000
2009-05-23 20:27 . 2009-05-23 20:27 73728 ----a-w- c:\windows\Alasma Uninstaller.exe
2009-05-23 20:27 . 2009-05-23 20:27 208896 ----a-w- c:\documents and settings\المعري\Application Data\Alasma\alasma.dll
2009-05-23 20:27 . 2009-05-23 20:27 -------- d-----w- c:\documents and settings\المعري\Application Data\Alasma
2009-05-23 14:47 . 2009-05-23 14:47 -------- d-----w- c:\program files\Baset
2009-05-21 21:30 . 2009-05-21 21:30 -------- d-----w- c:\program files\EA Games
2009-05-21 17:04 . 2009-05-21 17:04 -------- d-----w- c:\program files\GFi
2009-05-17 23:45 . 2009-05-17 23:45 -------- d-----w- c:\program files\Gogago
2009-05-17 23:45 . 2008-06-11 08:41 6294528 ----a-w- c:\windows\system32\MioEncoder1.dll
2009-05-17 23:44 . 2009-05-17 23:44 59 ----a-w- c:\documents and settings\المعري\Application Data\Modem Spy\delete_backup.bat
2009-05-17 23:44 . 2009-05-17 23:44 -------- d-----w- c:\documents and settings\المعري\Application Data\Modem Spy
2009-05-17 21:27 . 2009-05-17 21:27 -------- d-----w- c:\documents and settings\المعري\Application Data\Skype
2009-05-17 21:26 . 2009-05-17 21:26 -------- d-----w- c:\program files\Skype
2009-05-17 21:26 . 2009-05-17 21:26 -------- d-----w- c:\program files\Common Files\Skype
2009-05-17 21:23 . 2009-05-17 21:23 -------- d-----w- c:\program files\EjoyStudio
2009-05-17 20:24 . 2009-05-17 20:24 -------- d-----w- c:\documents and settings\All Users\سطح المكتب
2009-05-16 14:38 . 2009-05-16 14:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-16 14:38 . 2009-05-16 14:38 -------- d-----w- c:\documents and settings\المعري\Application Data\skypePM
2009-05-16 11:34 . 2009-05-16 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-11 19:37 . 2009-05-11 19:37 -------- d-----w- C:\aviraup
2009-05-11 19:31 . 2009-02-13 09:31 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-09 19:11 . 2009-05-09 19:11 -------- d-----w- c:\documents and settings\المعري\Application Data\Desktopicon
2009-05-09 19:11 . 2009-05-09 19:11 -------- d-----w- c:\program files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 19:20 . 2009-04-03 19:33 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-31 19:20 . 2009-04-03 19:33 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-31 19:20 . 2009-04-02 15:27 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-05-31 19:20 . 2009-04-02 15:27 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-31 18:52 . 2009-05-31 18:52 172 ----a-w- C:\curr_ver.tmp
2009-05-24 15:41 . 2009-04-02 15:28 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-24 15:41 . 2009-04-02 15:28 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-21 21:57 . 2009-02-09 22:37 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-21 21:57 . 2009-02-09 22:37 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-16 18:12 . 2001-09-19 09:00 438220 ----a-w- c:\windows\system32\perfh001.dat
2009-05-16 18:12 . 2001-09-19 09:00 116618 ----a-w- c:\windows\system32\perfc001.dat
2009-04-12 08:55 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-04-12 08:55 . 2009-04-02 15:34 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-04-12 08:55 . 2009-04-02 15:34 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys
2009-04-12 08:50 . 2009-04-12 08:50 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\x64\scrchpg.dll
2009-04-12 08:50 . 2009-04-12 08:50 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.454\x64\scrchpg.dll
2009-04-12 08:50 . 2009-04-12 08:50 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.357\x64\scrchpg.dll
2009-04-12 08:50 . 2009-04-11 14:55 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\scrchpg.dll
2009-04-12 08:50 . 2009-04-11 14:54 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\scrchpg.dll
2009-04-12 08:50 . 2009-04-11 14:47 176656 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\scrchpg.dll
2009-04-09 17:05 . 2009-04-09 17:05 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-04-09 17:04 . 2005-04-25 18:39 737280 ----a-w- c:\windows\iun6002.exe
2009-04-04 21:53 . 2009-04-04 21:53 4082688 ----a-w- c:\windows\system32\qtintf70.dll
2009-04-04 21:53 . 2009-04-04 21:53 280576 ----a-w- c:\windows\system32\libmysql320.dll
2009-04-04 21:53 . 2009-04-04 21:53 245760 ----a-w- c:\windows\system32\libmysql40.dll
2009-04-04 21:53 . 2009-04-04 21:53 217088 ----a-w- c:\windows\system32\libmysql323.dll
2009-04-04 21:52 . 2009-04-04 21:52 1167360 ----a-w- c:\windows\system32\mysqldump.exe
2009-04-04 21:52 . 2009-04-04 21:52 1220608 ----a-w- c:\windows\system32\mysql.exe
2009-04-04 21:52 . 2009-04-04 21:52 1146880 ----a-w- c:\windows\system32\mysqladmin.exe
2009-04-04 16:06 . 2009-04-04 16:06 -------- d-----w- c:\program files\Kaspersky Lab
2009-04-04 10:50 . 2005-02-13 12:11 774152 ----a-w- c:\documents and settings\المعري\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-03 23:39 . 2009-04-03 23:39 2272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-03 23:38 . 2009-04-03 23:38 -------- d-----w- c:\program files\Reference Assemblies
2009-04-03 23:27 . 2009-04-03 23:27 -------- d-----w- c:\program files\MSXML 6.0
2009-04-03 23:27 . 2009-04-03 23:27 -------- d-----w- c:\program files\MSXML 4.0
2009-04-03 21:58 . 2009-04-03 21:58 -------- d-----w- c:\program files\Picture Resize Genius
2009-04-02 23:23 . 2009-04-02 23:23 -------- d-----w- c:\program files\Windows Live
2009-04-02 15:34 . 2009-04-02 15:34 38416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\klbg.sys
2009-03-25 20:41 . 2009-03-25 20:41 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A2F41E00-8616-4750-BBE1-72F3C7970C6A}\Installer\CommonCustomActions\UninstCCD.exe
2009-03-25 20:41 . 2009-03-25 20:41 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A2F41E00-8616-4750-BBE1-72F3C7970C6A}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-03-25 20:41 . 2009-03-25 20:41 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A2F41E00-8616-4750-BBE1-72F3C7970C6A}\Installer\CommonCustomActions\UninstPCS.exe
2009-03-24 18:16 . 2009-03-24 18:16 7168 ----a-w- c:\documents and settings\المعري\Application Data\Thinstall\Air Guard Full\40000016d00002i\pa.exe
2009-03-13 16:43 . 2006-03-27 16:56 720896 ----a-w- c:\windows\iun6002ev.exe
2009-03-07 10:30 . 2009-03-07 10:30 298496 ----a-w- c:\program files\Common Files\mdn2.exe
2005-04-23 23:47 . 2005-04-23 23:47 284160 ----a-w- c:\program files\Common Files\mdn.exe
2002-03-05 13:35 . 2007-03-09 00:08 860160 ---ha-w- c:\program files\FLASH Player 8 Arabic.exe
2009-01-30 14:41 . 2009-01-30 14:41 55070 --sha-r- c:\windows\)CGFNOPPKOFNORLFBQII.dll
2009-02-21 10:41 . 2009-02-21 10:41 0 --sh--w- c:\windows\S747CF335.tmp
.

------- Sigcheck -------

[-] 2004-08-03 19:56 14336 0ECD0853CADB84AE5DF7DA9BD1731CC7 c:\windows\system32\svchost.exe

[-] 2004-08-03 19:55 576512 EDE1D5F29B2752953F3D5D11004154C1 c:\windows\system32\user32.dll

[-] 2004-08-03 19:56 82944 C3B9FD7B0D0824FC224684B73302A0FD c:\windows\system32\ws2_32.dll

[-] 2006-11-07 19:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\system32\WININET.DLL
[-] 2006-03-04 03:33 656896 E99D9C59ED7226E6FA776963823C9C3C c:\windows\ie7\wininet.dll

[-] 2008-09-28 16:11 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-03 19:56 501248 BA4E08425B62BE257AE4557DA058F1AA c:\windows\system32\WINLOGON.EXE

[-] 2004-08-03 18:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-03 18:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2004-08-03 22:48 2058368 144FA719CD380DCAED316FD12B998CA0 c:\windows\system32\NTKRNLPA.EXE

[-] 2004-08-03 22:48 2149888 10AC039A4734D143A84763AEBACBCD89 c:\windows\system32\NTOSKRNL.EXE
[-] 2004-08-03 22:48 2149888 10AC039A4734D143A84763AEBACBCD89 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2003-10-19 00:53 2322688 D040EECF95A7629B91FD5F6E7B5B4FE7 c:\windows\Resources\Boot\NTOSKRNL.EXE

[-] 2004-08-03 19:56 1029632 932F97B77F2625F7FF7DFC97552548F8 c:\windows\EXPLORER.EXE

[-] 2004-08-03 19:56 108032 706B1ED77D90DFAFC71AC86AFCC1CC03 c:\windows\system32\services.exe

[-] 2004-08-03 19:56 13312 E0C58B25FA2A8AC9EA18A0A5ABB8A932 c:\windows\system32\lsass.exe

[-] 2004-08-03 19:56 15360 B87D2319441038F62BDDAEEB6BCE156D c:\windows\system32\CTFMON.EXE

[-] 2004-08-03 19:56 57856 5917EF4B63693507C1BE9D1986D2E1DB c:\windows\system32\spoolsv.exe

[-] 2004-08-03 22:56 110592 DB229DFB518B42754A510C5E101FA70F c:\windows\system32\wuauclt.exe

[-] 2004-08-03 19:56 24576 E5B1BAFAC265460493B1A12B65C1CF52 c:\windows\system32\userinit.exe

[-] 2004-08-03 22:55 295424 4D42FE6F795DEA7917F329A40A175294 c:\windows\system32\termsrv.dll

[-] 2004-08-03 19:55 1351680 458F1764A02B43A053D0E2CEF2A6AE5B c:\windows\system32\kernel32.dll
[-] 2004-08-03 19:55 1351680 458F1764A02B43A053D0E2CEF2A6AE5B c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-03 19:55 17408 A8C31D5B403B48E98F352DCBCFCEEB9E c:\windows\system32\powrprof.dll

[-] 2004-08-03 19:55 110080 E3FE07E893352F48748790DA6FD04A42 c:\windows\system32\imm32.dll

[-] 2004-08-03 19:55 1547776 A253EDE6E4DA90E8254B8C2E4838A3CB c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 19:55 1547776 A253EDE6E4DA90E8254B8C2E4838A3CB c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^FlashPath for SD Memory Card Status.lnk]
backup=c:\windows\pss\FlashPath for SD Memory Card Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Scheduler for OEM.lnk]
backup=c:\windows\pss\Scheduler for OEM.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^scktsrvr.exe]
backup=c:\windows\pss\scktsrvr.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^المعري^قائمة ابدأ^البرامج^بدء التشغيل^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^المعري^قائمة ابدأ^البرامج^بدء التشغيل^SetSoft.lnk]
backup=c:\windows\pss\SetSoft.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^المعري^قائمة ابدأ^البرامج^بدء التشغيل^Stardock Keyboard Launchpad.lnk]
backup=c:\windows\pss\Stardock Keyboard Launchpad.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eagleeye
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VersionCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"HTTPFilter"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dnetc"=2 (0x2)
"CryptSvc"=3 (0x3)
"CiSvc"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"aspnet_state"=3 (0x3)
"ALG"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Fax"=2 (0x2)
"xmlprov"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"RichVideo"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WudfSvc"=2 (0x2)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"UTSCSI"=2 (0x2)
"btwdins"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\WINDOWS\\System32\\fxsclnt.exe"=
"e:\\BIGAMES\\Counter-Strike\\HL.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\outlook.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\onenote.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"g:\\Future Games\\WarcrafIII\\Warcraft III.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sfdrv02;FrontLine Environment Driver (v2);c:\windows\system32\drivers\sfdrv02.sys [2006-09-11 67960]
R0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows\system32\drivers\sfsync05.sys [2006-08-11 59776]
R1 is-G3O4Ddrv;is-G3O4Ddrv;c:\windows\system32\drivers\37020511.sys [2008-10-21 148496]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2007-02-04 289280]
R2 FPMCNT;FPMCNT;c:\windows\system32\drivers\fpmcnt.sys [2008-11-13 72912]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2008-11-13 73296]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2007-02-04 26880]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [2005-04-22 72478]
S1 NtFsLdf20;NtFsLdf20; [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 gmxfwsvc;Onlineeye Firewall Service;"c:\program files\Onlineeye\gmxffcsrv.exe" -service --> c:\program files\Onlineeye\gmxffcsrv.exe [?]
S2 Parclass;Parclass;c:\windows\system32\drivers\parclass.sys [2008-08-15 19824]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [2005-04-20 72192]
S3 Ine24kmv;Ine24kmv; [x]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2008-11-14 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2008-11-14 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2008-11-14 21081]
S4 Btapnpwh;Btapnpwh;c:\windows\system32\drivers\MSKSSRV.sys [2005-04-20 7552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\User_Feed_Synchronization-{FA309DCC-7DD7-48FB-B9B6-A7F80624C5E5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.net.sy:3128
uInternet Settings,ProxyOverride = local
LSP: c:\progra~1\ALOOLA~1\sliplsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\المعري\Application Data\Mozilla\Firefox\Profiles\t6n9cz33.default\
FF - prefs.js: keyword.URL - hxxp://alasma.com/Alasma/trans.php?site=FireFox&name=
FF - prefs.js: network.proxy.ftp - proxy.net.sy
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - proxy.net.sy
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - proxy.net.sy
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy.net.sy
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy.net.sy
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-31 21:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*2*\Attributes]
"Vendor"="Microsoft"
"Technology"="MMSys"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*2*\UI\AudioProperties]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*2*\UI\AudioVolume]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*3*\Attributes]
"Vendor"="Microsoft"
"Technology"="MMSys"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*3*\UI\AudioProperties]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\ *3,JD *.7 *'DEH/E *#*3*\UI\AudioVolume]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*2*\Attributes]
"Vendor"="Microsoft"
"Technology"="MMSys"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*2*\UI\AudioVolume]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*3*\Attributes]
"Vendor"="Microsoft"
"Technology"="MMSys"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\ B1'!) *.7 *'DEH/E *#*3*\UI\AudioVolume]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"

[HKEY_USERS\S-1-5-21-606747145-1844823847-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,ed,f2,58,bd,96,3a,62,b2,82,d2,fd,1c,e5,a4,22,1f,97,0d,81,10,
63,72,b4,94,5c,c9,35,9c,04,18,56,8b,bd,88,8a,5d,0c,93,bc,2a,a3,19,f3,f3,e0,\
"rkeysecu"=hex:5b,4b,c3,f3,4b,78,82,21,bd,70,ed,27,1b,46,dd,45

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4f4193cb-8774-4def-808a-6da965edf984}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ce
"Therad"=dword:00000031
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,a8,a5,91,e0,f3,36,42,6b,b5,66,4a,d0,23,02,d0,61,fc,5a,e1,75,44,d7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5f,f7,0d,aa,f6,d5,26,67,aa,8a,ab,f8,01,06,33,34,0d,c9,2a,df,11,
25,5d,c9,c8,4b,36,d9,ec,84,28,08,a7,7d,9b,7a,89,10,1e,eb,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{616597cf-47e0-46ab-bbed-1fbdd15d89cb}]
@Denied: (Full) (Everyone)
"Model"=dword:00000130
"Therad"=dword:00000015
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,09,2f,52,82,03,ac,78,2f,54,b9,4e,67,bc,c7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):51,54,82,a9,10,7a,f0,7a,a9,74,c3,33,2b,52,9f,03,76,82,cb,78,29,
b9,f9,8e,dc,d4,7e,36,87,b7,c4,69,f7,0b,dd,f2,e0,85,9e,14,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3724)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\progra~1\ALOOLA~1\sliplsp.dll
c:\windows\sliprt.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Nokia\PC Suite for N-Gage QD\eccopyhook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-31 21:34
ComboFix-quarantined-files.txt 2009-05-31 19:34

Pre-Run: 6,354,583,552 bytes free
Post-Run: 6,335,856,640 bytes free

501

السّاجد لله · 1 يونيو 2009

ابو ريما قال:
ارفع التقرير مرة اخرى دون التعديل عليه

اسف اخوي ابو ريما ما شفت دك :q:

الجامعي12 · 1 يونيو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16, on 2009-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\JetAudio\JetAudio.exe
G:\ghost\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.net.sy:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FBCF5AA-DB89-469D-A15A-8CB0FEBB8A72}: NameServer = 192.168.2.14 192.168.2.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Onlineeye Firewall Service (gmxfwsvc) - Unknown owner - C:\Program Files\Onlineeye\gmxffcsrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ine24kmv - Unknown owner - (no file)
O23 - Service: MySQL - Unknown owner - C:\Amazing\MySQL\bin\mysqld-max-nt.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe (file missing)

--
End of file - 7837 bytes

ابـــو عــبــد الــلــه · 1 يونيو 2009

hesham77 قال:
اسف اخوي ابو ريما ما شفت دك :q:

انت تامر امر ... :king:

ابـــو عــبــد الــلــه · 1 يونيو 2009

1- احذف برنامج StyleXP

2- احذف اي تول بار موجود عندك

....

شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

الجامعي12 · 1 يونيو 2009

SmitFraudFix v2.417

Scan done at 1:38:14.88, Mon 06/01/2009
Run from C:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

وعبعذبك معي

ابـــو عــبــد الــلــه · 1 يونيو 2009

هل الرسالة مازالت تظهر

الجامعي12 · 1 يونيو 2009

ابـــو عــبــد الــلــه · 1 يونيو 2009

الحمد لله

زيزوومي جديد

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

زيزوومي جديد

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

زيزوومي VIP

توقيع : PrinceOfPersia

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

زيزوومي جديد

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

زيزوومي جديد

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

زيزوومي جديد

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

زيزوومي جديد

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه