• بادئ الموضوع بادئ الموضوع third
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,015
الحالة
مغلق و غير مفتوح للمزيد من الردود.

third

زيزوومي جديد
إنضم
4 سبتمبر 2007
المشاركات
78
مستوى التفاعل
24
النقاط
90
الإقامة
الرياض
غير متصل
السلام عليكم ورحمة الله وبركاته

لما اسجل خروج من نظامي بيطلع لي الشاشه صينية او كورية مدري وش وضعها وعطلت علي

لغة الداونلود منجر IDM فاتمنى جل جذري وهذا تقرير الهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



PHP:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:38:37 ص, on 05/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\tiger\TiGeR-Firewall.EXE
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.52:80
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TiGeR-Firewall] C:\Program Files\tiger\TiGeR-Firewall.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acunetix WVS Scheduler v6 (AcuWVSSchedulerv6) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 6142 bytes
 

توقيع : third
اولا
عطل برامج الحماية لديك

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثانيا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني
 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
و عليكم السلام و رحمة الله و بركته ...

حياك الله ...

تم التحرير :) ...

و يعطيك العافية هشام ...
 
توقيع : MMA_LORD_735
هذا تقرير الكمبو اخوي هشام 77

PHP:
ComboFix 09-06-03.01 - DX 06/05/2009  2:19.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1256.966.1033.18.2045.1719 [GMT 7:00]
Running from: e:\تجاربي\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090603-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spy Emergency *enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Mylist.dll
c:\windows\system32\logondll.dll
c:\windows\system32\tmp.reg
.
(((((((((((((((((((((((((   Files Created from 2009-05-04 to 2009-06-04  )))))))))))))))))))))))))))))))
.
2009-06-04 17:13 . 2009-06-04 17:13 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-06-04 17:13 . 2009-06-04 17:13 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-06-04 17:13 . 2009-06-04 17:13 -------- d-----w- c:\program files\Prevx
2009-06-04 17:13 . 2009-06-04 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-06-04 17:05 . 2009-06-04 17:05 -------- d-----w- c:\program files\SpywareBlaster
2009-06-04 17:03 . 2009-06-04 17:03 -------- d-----w- c:\documents and settings\DX\Application Data\INAC
2009-06-04 17:02 . 2009-06-04 17:02 -------- d-----w- c:\documents and settings\dxx\Application Data\INAC
2009-06-04 17:02 . 2009-06-04 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\INAC
2009-06-04 15:43 . 2009-06-04 15:45 -------- d-----w- c:\program files\Anti Trojan Elite
2009-06-04 15:42 . 2009-06-04 16:56 67645 ----a-w- c:\windows\system32\drivers\pshook11.sys
2009-06-04 15:41 . 2009-06-04 15:41 -------- d-----w- c:\program files\INAC
2009-06-04 15:40 . 2009-06-04 15:42 -------- d-----w- c:\program files\Spyware Nuker
2009-06-04 15:37 . 2009-06-04 15:37 -------- d-----w- c:\program files\procces
2009-06-04 15:37 . 2009-06-04 15:37 -------- d-----w- c:\program files\tiger
2009-06-02 19:49 . 2008-10-25 13:23 480832 ----a-w- c:\windows\system32\elnour.exe
2009-06-02 02:56 . 2009-06-02 02:56 -------- d-----w- c:\documents and settings\DX\Local Settings\Application Data\Native Instruments
2009-06-02 02:56 . 2009-06-02 02:56 -------- d-----w- c:\program files\Common Files\Digidesign
2009-06-02 02:56 . 2009-06-02 02:56 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-06-02 02:56 . 2009-06-02 02:56 -------- d-----w- c:\program files\Native Instruments
2009-06-01 22:55 . 2008-07-30 10:20 33792 ------w- c:\windows\system32\drivers\busbwdm.sys
2009-06-01 22:54 . 2008-07-30 10:20 352256 ------w- c:\windows\system32\drivers\BUSB2902.sys
2009-06-01 22:51 . 2006-01-12 03:18 22752 ----a-w- c:\windows\system32\drivers\bumxmidi.sys
2009-06-01 15:57 . 2009-06-01 15:57 16299862 ------w- C:\Persi0.sys
2009-06-01 15:57 . 2009-06-01 15:57 -------- d-----w- c:\program files\Faronics
2009-06-01 15:10 . 2009-06-01 15:55 -------- d-----w- c:\program files\temp
2009-06-01 15:03 . 2009-06-01 15:03 -------- d-----w- c:\program files\Windows Doctor
2009-06-01 14:45 . 2009-06-01 14:45 -------- d-----w- C:\Sandbox
2009-06-01 14:43 . 2009-06-01 16:07 -------- d-----w- c:\program files\APV
2009-06-01 14:40 . 2009-06-01 14:40 -------- d-----w- c:\program files\Sandboxie
2009-06-01 01:25 . 2009-06-01 01:25 -------- d-----w- C:\Temp
2009-06-01 00:07 . 2009-06-01 00:07 -------- d-----w- c:\program files\No-IP
2009-05-31 23:40 . 2009-05-31 23:40 -------- d-----w- c:\documents and settings\dxx\Application Data\Media Player Classic
2009-05-31 23:15 . 2009-05-31 23:21 -------- d-----w- c:\documents and settings\dxx\Application Data\vlc
2009-05-31 23:15 . 2009-05-31 23:15 -------- d-----w- c:\documents and settings\dxx\Application Data\dvdcss
2009-05-31 21:37 . 2009-06-01 11:55 -------- d-----w- C:\SignatureZero [xXxDr.hkorxXx]
2009-05-31 21:06 . 2009-05-31 21:06 -------- d-----w- c:\documents and settings\dxx\Application Data\CrypTool
2009-05-31 21:02 . 2009-05-31 21:02 -------- d-----w- c:\documents and settings\dxx\Application Data\PE Explorer
2009-05-31 16:09 . 2009-06-04 19:40 -------- d-----w- c:\windows\system32\CatRoot2
2009-05-31 15:45 . 2009-05-31 15:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-05-31 15:29 . 2009-05-31 15:29 -------- d-----w- c:\program files\CodeStuff
2009-05-31 15:29 . 2009-06-01 22:53 -------- d-----w- c:\windows\system32\dllcache
2009-05-31 15:06 . 2009-06-01 01:28 -------- d-----w- c:\program files\Common Files\delet
2009-05-31 14:28 . 2009-05-31 14:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2009-05-31 14:18 . 2009-05-31 14:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\AvaFind Data
2009-05-29 21:27 . 2009-05-29 21:27 -------- d-----w- C:\sql
2009-05-29 16:29 . 2009-06-04 18:44 28672 ----a-w- c:\documents and settings\DX\Application Data\IDM\NP_IDM6.dll
2009-05-29 15:55 . 2008-04-13 22:42 1033728 ----a-w- c:\windows\explorer.exe
2009-05-29 14:02 . 2009-05-29 14:18 -------- d-----w- c:\program files\a-squared Free
2009-05-29 12:35 . 2009-05-29 12:35 -------- d-----w- c:\program files\Steinberg
2009-05-27 03:05 . 2005-03-24 01:26 491520 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-27 03:05 . 2009-05-27 03:05 -------- d-----w- c:\program files\LUXONIX
2009-05-26 21:05 . 2005-05-09 13:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2009-05-26 21:05 . 2002-11-25 07:46 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2009-05-26 21:05 . 2004-05-10 17:58 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2009-05-26 21:05 . 2002-11-25 10:36 45056 ----a-w- c:\windows\system32\Synsopos.exe
2009-05-26 21:05 . 2009-05-26 21:05 -------- d-----w- c:\program files\Syncrosoft
2009-05-26 21:05 . 2005-01-31 21:34 700416 ----a-w- c:\windows\system32\SYNSOACC.dll
2009-05-26 21:05 . 2001-04-09 07:03 17784 ----a-w- c:\windows\system32\drivers\NSynas32.sys
2009-05-26 20:31 . 2009-05-26 21:15 -------- d-----w- c:\documents and settings\DX\Application Data\Steinberg
2009-05-26 20:19 . 2009-05-26 20:23 -------- d-----w- c:\program files\Antares Audio Technologies
2009-05-26 20:18 . 2003-06-20 05:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2009-05-26 20:16 . 2009-05-26 20:16 -------- d-----w- c:\program files\ASIO4ALL v2
2009-05-26 20:16 . 2009-06-02 02:56 -------- d-----w- c:\program files\VstPlugins
2009-05-26 20:16 . 2006-06-20 08:56 225280 ------w- c:\windows\system32\rewire.dll
2009-05-26 20:16 . 2009-05-26 20:16 -------- d-----w- c:\program files\Outsim
2009-05-26 20:14 . 2009-05-26 20:16 -------- d-----w- c:\program files\Image-Line
2009-05-26 20:07 . 2009-05-26 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SRS Labs
2009-05-24 23:22 . 2009-05-24 23:40 -------- d-----w- c:\program files\Vulnerability Scanner IN PHP
2009-05-24 23:22 . 2009-05-24 23:22 -------- d-----w- c:\windows\Vulnerability Scanner IN PHP
2009-05-23 09:34 . 2009-05-23 09:34 -------- d-----w- c:\documents and settings\dxx\Application Data\Passolo 2009
2009-05-22 10:38 . 2009-05-22 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-05-22 10:37 . 2009-05-22 10:37 -------- d-----w- c:\windows\symbols
2009-05-22 10:33 . 2009-05-22 10:38 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-05-22 10:33 . 2009-05-22 10:33 -------- d-----w- c:\program files\CE Remote Tools
2009-05-22 10:19 . 2009-05-22 11:17 -------- d-----w- C:\Skinns
2009-05-22 10:17 . 2009-05-22 11:07 -------- d-----w- C:\Reflector
2009-05-22 09:36 . 2009-05-22 10:03 -------- d-----w- C:\eSkins1
2009-05-22 09:09 . 2009-05-22 09:09 -------- d-----w- c:\documents and settings\DX\Application Data\Passolo 2009
2009-05-22 09:09 . 2009-05-22 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Passolo 2009
2009-05-22 09:08 . 2009-05-22 09:08 -------- d-----w- c:\program files\SafeNet Sentinel
2009-05-22 09:08 . 2009-05-22 09:08 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2009-05-22 09:07 . 2007-10-18 14:17 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-05-22 09:07 . 2009-05-22 09:08 -------- d-----w- c:\program files\appTranslator Pro
2009-05-22 09:07 . 2009-05-22 09:09 -------- d-----w- c:\program files\SDL Passolo 2009
2009-05-22 08:34 . 2009-05-22 08:34 -------- d-----w- c:\documents and settings\DX\Application Data\PE Explorer
2009-05-22 07:52 . 2009-05-22 07:52 -------- d-----w- c:\documents and settings\DX\.webrenderer
2009-05-18 20:13 . 2009-05-18 20:13 639938 ----a-w- C:\eSkins v1.1.zip
2009-05-18 15:33 . 2009-05-22 08:33 -------- d-----w- C:\eSkins
2009-05-18 11:04 . 2009-05-18 11:04 296448 ----a-w- c:\windows\system\midas.dll
2009-05-18 09:38 . 2009-05-18 09:38 -------- d-----w- c:\documents and settings\DX\Application Data\Pegasys Inc
2009-05-18 09:06 . 2009-05-18 09:06 -------- d-----w- c:\documents and settings\DX\Application Data\LEAPS
2009-05-18 08:55 . 2009-05-18 09:38 -------- d-----w- c:\program files\Pegasys Inc
2009-05-17 13:36 . 2004-07-14 03:51 19968 ----a-w- c:\windows\system32\PortIO32.dll
2009-05-16 22:50 . 2009-05-16 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-05-16 22:48 . 2008-04-13 10:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-05-16 22:48 . 2008-04-13 10:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-05-16 22:48 . 2008-04-13 10:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-05-16 22:48 . 2008-04-13 10:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-05-16 22:48 . 2008-04-13 10:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-16 22:48 . 2008-04-13 10:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-16 22:48 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-05-16 22:46 . 2009-05-16 22:46 -------- d-----w- c:\program files\IVT Corporation
2009-05-16 19:49 . 2009-05-16 19:50 -------- d-----w- c:\documents and settings\DX\Application Data\vlc
2009-05-16 17:41 . 2009-05-16 17:41 -------- d-----w- c:\documents and settings\dm500\Application Data\AvaFind Data
2009-05-16 13:27 . 2009-05-16 13:33 1732608 ----a-w- c:\documents and settings\DX\Application Data\Xbins\xbinsftp.exe
2009-05-16 13:27 . 2009-05-16 13:27 -------- d-----w- c:\documents and settings\DX\Application Data\Xbins
2009-05-16 09:06 . 2009-06-04 18:44 28672 ----a-w- c:\documents and settings\DX\Application Data\IDM\NP_IDM5.dll
2009-05-16 09:06 . 2009-06-04 18:44 28672 ----a-w- c:\documents and settings\DX\Application Data\IDM\NP_IDM4.dll
2009-05-16 09:06 . 2009-06-04 18:44 28672 ----a-w- c:\documents and settings\DX\Application Data\IDM\NP_IDM3.dll
2009-05-16 09:06 . 2009-06-04 18:44 28672 ----a-w- c:\documents and settings\DX\Application Data\IDM\NP_IDM2.dll
2009-05-16 09:06 . 2009-06-04 18:44 28672 ----a-w- c:\documents and settings\DX\Application Data\IDM\NP_IDM1.dll
2009-05-13 13:10 . 2009-05-13 13:25 -------- d-----w- C:\speed
2009-05-12 22:09 . 2009-05-12 22:09 -------- d-----w- c:\documents and settings\DX\Local Settings\Application Data\Opera
2009-05-12 22:09 . 2009-06-02 02:57 -------- d-----w- c:\program files\Opera
2009-05-12 19:48 . 2000-08-06 04:51 274489 ----a-w- c:\windows\system32\ntwdblib.dll
2009-05-12 19:48 . 2009-05-12 19:48 -------- d-----w- c:\program files\Common Files\Safety-lab
2009-05-12 19:48 . 2009-05-12 19:48 -------- d-----w- c:\program files\Safety-lab
2009-05-12 09:06 . 2009-05-12 09:06 -------- d-----w- c:\program files\AutoIt3
2009-05-11 08:02 . 2009-05-11 08:02 -------- d-----w- c:\program files\[u]0[/u]x90.org
2009-05-11 05:41 . 2009-05-31 22:25 -------- d-----w- c:\documents and settings\dxx\Application Data\AvaFind Data
2009-05-11 05:24 . 2009-05-11 05:25 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-11 05:23 . 2009-05-11 05:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-11 04:31 . 2009-06-04 16:56 -------- d-----w- c:\documents and settings\dxx\Tracing
2009-05-11 04:31 . 2009-06-01 17:44 140208 ----a-w- c:\documents and settings\dxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 14:26 . 2009-05-10 14:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Notepad++
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 19:02 . 2009-03-25 20:10 5600 -csha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-04 19:02 . 2009-03-25 20:10 5254176 -csha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-04 19:02 . 2009-03-25 20:10 43176 -csha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-04 19:02 . 2009-03-25 20:10 1015840 -csha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-04 19:00 . 2009-03-25 14:10 -------- d-----w- c:\documents and settings\DX\Application Data\DMCache
2009-06-04 18:44 . 2009-03-25 14:10 -------- d-----w- c:\documents and settings\DX\Application Data\IDM
2009-06-04 18:35 . 2009-03-25 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-04 17:10 . 2009-05-09 15:01 -------- d-----w- c:\documents and settings\DX\Application Data\cleaner
2009-06-04 16:59 . 2009-03-27 02:59 -------- d-----w- c:\program files\DynDNS Updater
2009-06-02 20:23 . 2009-03-25 13:59 -------- d-----w- c:\documents and settings\DX\Application Data\AvaFind Data
2009-06-01 23:18 . 2009-03-25 13:46 140208 ----a-w- c:\documents and settings\DX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 17:48 . 2009-03-27 04:37 -------- d-----w- c:\program files\Nmap
2009-06-01 17:47 . 2009-03-27 04:37 -------- d-----w- c:\program files\Metasploit
2009-06-01 12:54 . 2009-03-25 13:21 2048 --s-a-w- c:\windows\bootstet.dat
2009-05-31 23:53 . 2009-05-02 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-31 23:39 . 2009-03-30 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-31 15:44 . 2009-04-10 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-05-31 14:23 . 2009-04-10 16:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2009-05-29 11:29 . 2009-03-30 10:00 -------- d-----w- c:\documents and settings\DX\Application Data\uTorrent
2009-05-28 13:39 . 2009-04-12 04:18 -------- d-----w- c:\program files\DkZ Studio
2009-05-22 10:41 . 2009-03-30 14:53 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-05-22 10:41 . 2009-03-30 14:53 774592 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-05-22 10:38 . 2009-03-25 13:40 -------- d-----w- c:\program files\MSBuild
2009-05-20 09:24 . 2009-03-25 20:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 09:24 . 2009-03-25 20:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-18 19:05 . 2009-03-26 22:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 22:46 . 2009-03-25 14:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-16 19:45 . 2009-05-05 00:03 -------- d-----w- c:\program files\Dreambox Movies From PC By TunisiaSat
2009-05-14 16:13 . 2009-04-22 02:43 -------- d-----w- c:\program files\abgx360
2009-05-13 11:25 . 2009-03-26 22:24 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-12 23:28 . 2009-02-24 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-05-12 23:27 . 2009-05-12 23:27 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-05-12 23:17 . 2009-04-01 04:28 -------- d-----w- c:\documents and settings\DX\Application Data\Thinstall
2009-05-10 14:19 . 2009-04-10 16:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-05-10 12:18 . 2009-03-25 13:46 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-05-10 11:58 . 2009-04-10 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-10 07:13 . 2009-04-01 04:24 -------- d-----w- c:\program files\Microsoft Works
2009-05-10 06:33 . 2009-03-30 15:00 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-10 04:27 . 2009-03-31 09:09 -------- d-----w- c:\program files\Torque
2009-05-09 11:23 . 2009-05-02 03:10 -------- d-----w- c:\program files\Spyware Doctor
2009-05-09 08:36 . 2009-03-26 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-07 10:10 . 2009-04-12 04:18 720896 ----a-w- c:\windows\iun6002.exe
2009-05-05 21:43 . 2009-03-25 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-05 03:51 . 2009-05-05 03:50 -------- d-----w- c:\program files\Total Video Converter
2009-05-05 01:43 . 2009-05-05 01:43 -------- d-----w- c:\documents and settings\dm500\Application Data\Notepad++
2009-05-05 01:34 . 2009-05-05 01:34 -------- d-----w- c:\documents and settings\dm500\Application Data\Yahoo!
2009-05-05 01:33 . 2009-03-25 13:17 -------- d-----w- c:\program files\Unlocker
2009-05-05 01:27 . 2009-05-05 01:11 15000000 ----a-w- c:\documents and settings\DX\Application Data\WSS.exe
2009-05-05 01:27 . 2009-05-05 01:11 15000000 ----a-w- c:\documents and settings\DX\Application Data\WSS.exe
2009-05-05 00:04 . 2009-05-05 00:04 -------- d-----w- c:\program files\VideoLAN
2009-05-04 22:57 . 2009-05-04 22:57 -------- d-----w- c:\program files\vlc-0.9.9
2009-05-04 22:31 . 2009-03-26 23:46 -------- d-----w- c:\documents and settings\DXsurf\Application Data\DMCache
2009-05-02 07:32 . 2009-05-02 07:32 -------- d-----w- c:\program files\microsoft frontpage
2009-05-02 03:10 . 2009-05-02 03:10 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-02 03:10 . 2009-05-02 03:10 -------- d-----w- c:\documents and settings\DX\Application Data\PC Tools
2009-05-02 03:10 . 2009-05-02 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-04-30 09:13 . 2009-04-30 09:13 -------- d-----w- c:\program files\WinASO
2009-04-30 01:27 . 2009-04-30 01:27 1865064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\ProcessWatch.exe
2009-04-30 01:26 . 2009-04-30 01:26 109920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\SO.dll
2009-04-30 01:26 . 2009-04-30 01:26 432984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\AutoStart Manager.exe
2009-04-30 01:26 . 2009-04-30 01:26 131072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapi3.dll
2009-04-30 01:26 . 2009-04-30 01:26 131072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\pcre.dll
2009-04-30 01:26 . 2009-04-30 01:26 348160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\msvcr71.dll
2009-04-30 01:26 . 2009-04-30 01:26 11776 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\libavll.dll
2009-04-30 01:26 . 2009-04-30 01:26 192512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\libaprutil-1.dll
2009-04-30 01:25 . 2009-04-30 01:25 139264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\libapr-1.dll
2009-04-30 01:25 . 2009-04-30 01:25 102400 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\avpal.dll
2009-04-30 01:25 . 2009-04-30 01:25 102772 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aevdf.dll
2009-04-30 01:25 . 2009-04-30 01:25 315770 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aescript.dll
2009-04-30 01:25 . 2009-04-30 01:25 119156 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aescn.dll
2009-04-30 01:25 . 2009-04-30 01:25 418165 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aerdl.dll
2009-04-30 01:25 . 2009-04-30 01:25 364917 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aepack.dll
2009-04-30 01:25 . 2009-04-30 01:24 192890 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aeoffice.dll
2009-04-30 01:24 . 2009-04-30 01:24 1388918 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aeheur.dll
2009-04-30 01:24 . 2009-04-30 01:24 115063 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aehelp.dll
2009-04-30 01:24 . 2009-04-30 01:24 315764 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aegen.dll
2009-04-30 01:24 . 2009-04-30 01:24 430452 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aeemu.dll
2009-04-30 01:24 . 2009-04-30 01:24 172406 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aecore.dll
2009-04-30 01:24 . 2009-04-30 01:24 53617 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aebb.dll
2009-04-30 01:24 . 2009-04-30 01:24 2133360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe
2009-04-30 01:23 . 2009-04-30 01:23 299352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-04-30 01:23 . 2009-04-30 01:23 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-04-30 01:23 . 2009-04-30 01:23 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-04-30 01:23 . 2009-04-04 15:46 15688 -c--a-w- c:\windows\system32\lsdelete.exe
2009-04-30 01:23 . 2009-04-30 01:23 165728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-04-30 01:23 . 2009-04-30 01:23 343888 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-04-30 01:23 . 2009-04-30 01:23 289632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-04-30 01:23 . 2009-04-30 01:23 82784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-04-30 01:22 . 2009-04-30 01:22 1629024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-04-30 01:21 . 2009-04-30 01:21 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-04-30 01:21 . 2009-04-30 01:21 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-04-30 01:21 . 2009-04-30 01:21 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-30 01:21 . 2009-04-04 15:42 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-30 01:21 . 2009-04-30 01:21 632680 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-04-30 01:19 . 2009-04-30 01:19 539512 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-04-30 01:19 . 2009-04-30 01:19 552808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-04-30 01:19 . 2009-04-30 01:19 2324808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-04-30 01:19 . 2009-04-30 01:19 626000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-04-30 01:19 . 2009-04-30 01:19 516440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-04-30 01:19 . 2009-04-30 01:19 953168 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2002-07-31 12:55 . 2009-04-03 10:46 106 -csh--w- c:\windows\WSYS049.SYS
.
------- Sigcheck -------
[-] 2009-02-24 12:00 578048 894B313C52589628BB996E175B581E3A c:\windows\system32\user32.dll
[-] 2009-05-12 23:28 361600 A02BF7E8C036A2A8587F70A038922449 c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-02-24 12:00 557056 C64E97CC32E4662F2972FE7E8FA9B6CE c:\windows\system32\winlogon.exe
[-] 2009-02-24 12:00 40448 C1D50243355A290CB3AA684FD8B38170 c:\windows\system32\ctfmon.exe
[-] 2009-02-24 12:00 295424 56F4867BAE6FD78E5365A3A7AFA59C82 c:\windows\system32\termsrv.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2009-02-24 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TiGeR-Firewall"="c:\program files\tiger\TiGeR-Firewall.EXE" [2002-01-02 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-25 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-24 40448]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 05:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk /k:C /k:D /k:E /k:F /k:G /k:H /k:I /k:J *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"SentinelProtectionServer"=2 (0x2)
"SentinelKeysServer"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"mi-raysat_3dsMax2009_32"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"DynDNS_Updater_Service"=2 (0x2)
"DCPFLICS"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\dreamBox\\dcc295\\DCC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\dmmy\\dreamUp_DM500\\dreamUp_DM500.exe"=
"d:\\dreamBox\\dreamset220\\Dreamset.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\netcat\\nc.exe"=
"c:\\AppServ\\Apache2.2\\bin\\httpd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [11/02/2009 04:36 م 151192]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04/04/2009 10:42 م 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [02/05/2009 10:10 ص 130936]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [05/06/2009 12:13 ص 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [05/06/2009 12:13 ص 27656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/05/2009 07:30 م 114768]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [29/03/2009 10:51 ص 3026]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 11:33 ص 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 11:33 ص 72944]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [25/03/2009 08:17 م 8576]
R2 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [04/05/2009 12:05 م 994952]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/05/2009 06:37 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/05/2009 06:37 م 432897]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [18/01/2008 12:37 ص 24635]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/05/2009 07:30 م 20560]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [05/06/2009 12:13 ص 4368440]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [01/06/2008 02:13 م 34064]
R3 BCUMXMIDI;BCUMXMIDI;c:\windows\system32\drivers\bumxmidi.sys [02/06/2009 05:51 ص 22752]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [27/05/2009 04:05 ص 33792]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [28/05/2009 08:32 م 108032]
S3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [04/06/2009 10:43 م 5969]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\22.tmp --> c:\windows\system32\22.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 06:03 م 7808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 11:33 ص 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [02/05/2009 10:10 ص 348752]
S4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [10/05/2009 06:37 م 194817]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19/01/2009 04:34 ص 953168]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 12:04 ص 65536]
S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11/07/2008 01:02 ص 328992]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - VCDROM
.
Contents of the 'Scheduled Tasks' folder
2009-05-29 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 10:04]
2009-06-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 10:04]
2009-06-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-10 15:18]
.
- - - - ORPHANS REMOVED - - - -
Notify-DfLogon - LogonDll.dll
 
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 212.116.219.52:80
uInternet Settings,ProxyOverride = <local>
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 02:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...  
scanning hidden autostart entries ... 
scanning hidden files ...  
 
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\22.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{630a4a02-c44f-461a-b1eb-39b0bece3364}]
@Denied: (Full) (Everyone)
"Model"=dword:00000093
"Therad"=dword:00000007
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
   df,1c,2f,3b,8a,0a,32,11,89,01,b5,42,c4,76,2e,10,9e,2a,82,27,b0,02,59,25,a3,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5b,00,30,de,bc,ed,db,9b,b3,48,fa,b3,1f,84,d3,6b,df,a6,89,c3,68,
   67,4d,3f,2e,f1,5f,14,be,42,9d,e4,fe,db,c3,01,f9,4c,d5,76,00,00,00,00,00,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Completion time: 2009-06-04  2:45 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-04 19:45
ComboFix2.txt  2009-05-29 15:44
Pre-Run: 5,936,398,336 bytes free
Post-Run: 3,707,936,768 bytes free
420 --- E O F --- 2009-05-10 06:34

وهذا الهايجاك

PHP:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:49:17 ص, on 05/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\tiger\TiGeR-Firewall.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.52:80
O4 - HKLM\..\Run: [TiGeR-Firewall] C:\Program Files\tiger\TiGeR-Firewall.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acunetix WVS Scheduler v6 (AcuWVSSchedulerv6) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 6330 bytes

والله يجزاكم الف خير
 
توقيع : third
اخوي لاهنت ممكن تصور الرساله كامله ...
وهل الرساله تتطلعلك عند تشغيل الويندوز ؟؟؟؟؟
 
توقيع : KoNaMi
شباب الحمد لله تم حل المشكلة بعد ماسويت كلام اخوي هشام الله يوفقكم جميعا
 
توقيع : third
الحمد لله على انتهاء المشكله

:. يغلق للانتهاء .:
 
توقيع : KoNaMi
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى