وجود تروجان GameThief ومشاكل أخرى

  • بادئ الموضوع بادئ الموضوع NadeeeM
  • تاريخ البدء تاريخ البدء
  • المشاهدات 630
N

NadeeeM

زيزوومي جديد
إنضم
26 ديسمبر 2008
المشاركات
10
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم

أخواني أخواتي كيف حالكم

المشكلة أو المعضلة اللي امر فيها حالياً:q: أن الجهاز دخلت فيه فلاش ميموري ولسوء الحظ لم اعمل له فحص وللأسف الشديد الشديد انه أصاب جهازي بتروجان أو بأشياء لا أعرفها

فالكاسبر يعطيني هذه الإشارة

i15599_11061430115952.jpg


وتخرج لي أوامر عندما أريد أن أفتح برنامج الـ ريل بلاير أو الفوتوشوب يعطيني أمر مثل كذا

i15600_12061430121506.jpg


وأي برنامج حماية أشغله يعمل له إشارات غريبة مثل وكأنك تغط على الماوس بالسريع نقر سريع وبعض المرات يعطيك إعادة الجهاز أو يحولك على الآدمن

أيضاً حملت أنا أداة الكاسبر للتنظيف وحفظت التقرير لكن ماهو راضي يفتح لي ويعلق الجهاز بالمرة

ملاحظة : أي برنامج أريد أفتحه على النوته مايفتحها بتاتا إلى أن تذهب هذه الإشارة

i15600_12061430121506.jpg



فماذا تقولون فيما يجري من هذه الأمور

وشكراً لكم:b:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اعمل التالي وانا اخوك


حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم


 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:02 ص, on 05/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\anoooos\Internet Download Manager\IDMan.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\anoooos\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHotKeys] "C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" -STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\anoooos\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: is-CQEDT.lnk = C:\Documents and Settings\B\Desktop\Virus Removal Tool\is-CQEDT\startup.exe
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11673 bytes
 
تأييد 0
اولا
3.gif

عطل برامج الحماية لديك

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
 بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
 انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

 ثانيا
3.gif


حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني

 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
ComboFix 09-06-04.06 - B 06/05/2009 11:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.3582.2753 [GMT 3:00]
Running from: c:\documents and settings\B\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\B\Start Menu\Programs\Uninstall.lnk
C:\icxpa.cmd
c:\windows\system32\msvcsv60.dll
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
D:\Autorun.inf
D:\icxpa.cmd
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys

((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-04 21:35 . 2009-06-04 21:35 -------- d-----w- c:\program files\Trend Micro
2009-06-04 20:20 . 2009-06-04 20:20 -------- d-----w- C:\Zyzoom_AVG_Anti-Spyware_Plus_7.5.1.43_Portable
2009-06-04 20:17 . 2009-06-04 20:17 -------- d-----w- C:\TechSmith
2009-06-04 17:23 . 2008-07-08 11:54 148496 ----a-w- c:\windows\system32\drivers\30764492.sys
2009-06-04 14:48 . 2009-06-04 15:48 -------- d-----w- c:\program files\temp
2009-06-02 20:02 . 2003-11-04 12:11 159744 ----a-w- c:\windows\system32\lfpng13n.dll
2009-06-02 20:02 . 2003-05-22 13:31 55808 ----a-w- c:\windows\system32\lfpsd13n.dll
2009-06-02 20:01 . 2003-11-04 12:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-02 20:01 . 2004-05-14 13:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-06-02 20:01 . 2004-05-14 13:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-06-02 20:01 . 2004-05-14 13:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-06-02 20:01 . 2004-05-14 13:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-02 20:01 . 2004-05-14 13:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-06-02 20:01 . 2004-01-11 23:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-02 19:58 . 2004-05-14 13:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-05-28 08:09 . 2009-05-28 08:09 -------- d-----w- c:\documents and settings\B\Application Data\Sony Corporation
2009-05-28 08:07 . 2006-03-17 02:20 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2009-05-28 08:07 . 2006-06-12 00:30 89264 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2009-05-28 08:07 . 2006-03-17 05:35 5660 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2009-05-28 08:07 . 2009-05-28 08:07 -------- d-----w- c:\windows\system32\DLA
2009-05-28 08:07 . 2006-06-13 02:20 94263 ----a-w- c:\windows\DLA.EXE
2009-05-28 08:07 . 2006-06-13 02:20 61500 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2009-05-28 08:07 . 2006-03-17 05:34 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2009-05-28 08:07 . 2009-05-28 08:07 -------- d-----w- c:\program files\Sonic
2009-05-28 08:03 . 2009-05-28 08:03 10134 ----a-r- c:\documents and settings\B\Application Data\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
2009-05-28 08:02 . 2009-05-28 08:02 -------- d-----w- c:\program files\Sony
2009-05-28 08:01 . 2009-05-28 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-05-27 14:07 . 2009-05-27 14:38 -------- d-----w- c:\program files\SlySoft
2009-05-27 13:46 . 2009-05-27 13:46 -------- d-----w- c:\documents and settings\B\Application Data\WtmCopyProtect
2009-05-27 13:46 . 2009-05-27 13:46 -------- d-----w- c:\program files\Wtm Copy Protection
2009-05-27 12:46 . 2003-12-14 13:47 692224 ----a-w- c:\windows\system32\ciaResSvr20.dll
2009-05-27 12:46 . 2003-12-12 14:41 53248 ----a-w- c:\windows\system32\ciaXPRegSvr20.DLL
2009-05-27 12:46 . 2003-02-23 21:45 40960 ----a-w- c:\windows\system32\ciaSubClsSvr.DLL
2009-05-27 12:46 . 1998-04-23 21:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-05-27 12:46 . 2009-05-27 12:46 -------- d-----w- c:\program files\Smart DVD CD Burner
2009-05-27 12:27 . 2005-07-14 21:00 57344 ----a-w- c:\windows\system32\WNASPINT.DLL
2009-05-27 12:27 . 2009-05-27 12:27 -------- d-----w- c:\program files\CDRWIN
2009-05-27 12:10 . 2009-05-27 12:09 716800 ----a-w- c:\windows\iun6002ev.exe
2009-05-27 12:10 . 2009-05-27 12:45 -------- d-----w- c:\program files\TZ Copy Protection
2009-05-27 11:53 . 2009-05-27 11:53 -------- d-----w- C:\CD-Lock Work Folders
2009-05-27 11:49 . 2009-05-27 11:49 3982 ----a-w- c:\windows\87t98.sys
2009-05-27 11:49 . 2009-05-27 11:54 -------- d-----w- c:\program files\CD-Lock
2009-05-22 22:15 . 2009-05-22 22:15 -------- d--h--w- c:\windows\PIF
2009-05-22 17:09 . 2003-11-10 20:07 249856 ------w- c:\windows\system32\fppmon2.dll
2009-05-22 17:09 . 2003-11-02 13:16 114688 ------w- c:\windows\system32\fppr232.dll
2009-05-21 15:29 . 2001-08-17 10:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-21 15:29 . 2001-08-17 10:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-17 23:38 . 2009-05-17 23:38 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-05-17 23:38 . 2009-05-17 23:38 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-05-17 23:38 . 2009-05-17 23:38 21256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-05-17 23:37 . 2009-05-17 23:38 861448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2009-05-17 23:37 . 2009-05-17 23:37 83208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-05-17 23:37 . 2009-05-17 23:37 62728 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-05-17 23:37 . 2009-05-17 23:37 43784 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-05-17 23:37 . 2009-05-17 23:37 365832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-05-17 23:37 . 2009-05-17 23:37 201992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-05-17 23:09 . 2009-05-20 13:13 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-17 23:09 . 2009-05-20 13:13 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-17 23:08 . 2009-06-05 08:22 581664 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-17 23:08 . 2009-06-05 08:22 4175392 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-17 23:08 . 2009-06-05 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-17 23:08 . 2009-05-17 23:08 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-16 19:11 . 2009-05-28 08:28 16 ----a-w- c:\windows\msocreg32.dat
2009-05-16 19:11 . 2009-05-16 19:11 -------- d-----w- c:\program files\Common Files\DigiDesign
2009-05-16 19:11 . 2009-05-16 19:11 -------- d-----w- c:\program files\IK Multimedia
2009-05-16 19:11 . 2009-05-16 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IK Multimedia
2009-05-16 18:43 . 2009-05-16 18:43 -------- d-----w- c:\program files\ASIO4ALL v2
2009-05-16 18:43 . 2009-05-16 20:20 -------- d-----w- c:\program files\VstPlugins
2009-05-16 18:43 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-05-16 18:42 . 2009-05-16 18:42 -------- d-----w- c:\program files\Outsim
2009-05-16 18:41 . 2009-05-16 18:43 -------- d-----w- c:\program files\Image-Line
2009-05-16 18:13 . 2008-02-15 12:12 101120 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2009-05-16 18:13 . 2008-02-15 12:12 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
2009-05-16 18:13 . 2009-05-16 18:15 -------- d-----w- c:\program files\Mobily Connect Card
2009-05-09 22:08 . 2008-04-14 02:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-09 22:08 . 2008-04-13 21:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-09 22:08 . 2008-04-13 21:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-09 22:08 . 2001-08-17 19:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 08:27 . 2009-04-01 12:07 -------- d-----w- c:\documents and settings\B\Application Data\DMCache
2009-06-05 08:24 . 2009-04-02 00:56 -------- d-----w- c:\program files\DNA
2009-06-05 08:24 . 2009-04-02 00:56 -------- d-----w- c:\documents and settings\B\Application Data\DNA
2009-06-05 08:22 . 2009-05-17 23:08 5164 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-05 08:22 . 2009-05-17 23:08 41036 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-05 08:22 . 2009-04-01 16:09 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000000-00001102-00000004-20021102}.dat
2009-06-05 08:22 . 2009-04-01 16:09 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000004-20021102}.dat
2009-06-05 08:21 . 2009-04-02 00:57 -------- d-----w- c:\documents and settings\B\Application Data\BitTorrent
2009-06-04 20:09 . 2009-04-04 13:05 -------- d-----w- c:\program files\Cicle Developement
2009-06-03 17:44 . 2009-04-14 13:52 -------- d-----w- c:\documents and settings\B\Application Data\CoreFTP
2009-05-28 08:08 . 2009-04-01 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 13:27 . 2009-03-31 11:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-27 11:49 . 2009-05-27 11:49 6693 ----a-w- c:\windows\system32\drivers\15KP9.s38
2009-05-22 18:07 . 2009-05-01 16:55 -------- d-----w- c:\program files\Kelk 2000
2009-05-21 18:13 . 2009-04-01 15:01 143284 ----a-w- c:\windows\HPHins13.dat
2009-05-17 23:38 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-15 21:13 . 2009-04-01 12:15 445248 ----a-w- c:\documents and settings\B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 15:00 . 2009-04-01 15:27 112446 ----a-w- c:\windows\hpoins07.dat
2009-05-02 14:24 . 2009-04-02 09:17 -------- d-----w- c:\program files\DivX
2009-05-02 14:24 . 2009-05-02 14:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-27 16:51 . 2009-04-27 16:51 -------- d-----w- c:\documents and settings\B\Application Data\Printer Info Cache
2009-04-27 16:51 . 2009-04-27 16:51 -------- d-----w- c:\documents and settings\B\Application Data\Image Zone Express
2009-04-26 21:54 . 2009-04-26 21:54 179 ----a-w- C:\handle.dat
2009-04-24 15:29 . 2009-04-24 15:29 -------- d-----w- c:\program files\Recuva
2009-04-16 11:59 . 2009-04-16 11:59 -------- d-----w- c:\program files\MSECache
2009-04-14 14:09 . 2009-04-12 22:04 -------- d-----w- c:\documents and settings\B\Application Data\FileZilla
2009-04-14 13:51 . 2009-04-14 13:51 -------- d-----w- c:\program files\CoreFTP
2009-04-12 22:03 . 2009-04-12 22:03 -------- d-----w- c:\program files\FileZilla FTP Client
2009-04-10 22:52 . 2009-03-29 15:02 -------- d-----w- c:\program files\ObjectRescue Pro
2009-04-08 21:02 . 2009-04-08 21:02 -------- d-----w- c:\documents and settings\B\Application Data\Nero
2009-04-08 15:35 . 2009-04-03 17:43 -------- d-----w- c:\program files\LooksBuilder
2009-04-07 23:58 . 2009-04-07 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-04-07 23:51 . 2009-04-07 23:51 -------- d-----w- c:\documents and settings\B\Application Data\GlobalSCAPE
2009-04-07 23:51 . 2009-04-07 23:51 -------- d-----w- c:\program files\GlobalSCAPE
2009-04-07 16:36 . 2009-04-07 16:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-07 16:36 . 2009-03-29 13:59 -------- d-----w- c:\program files\Java
2009-04-07 16:31 . 2009-04-07 16:31 152576 ----a-w- c:\documents and settings\B\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-06 17:05 . 2009-04-06 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-01 16:13 . 2009-04-01 16:13 124 ----a-w- c:\documents and settings\B\Local Settings\Application Data\fusioncache.dat
2009-04-01 12:34 . 2009-04-01 12:34 184 ----a-w- c:\windows\system32\e000001.dat
2009-04-01 12:24 . 2009-04-01 12:19 16376 ----a-w- c:\windows\gdrv.sys
2009-04-01 12:22 . 2009-04-01 12:22 315392 ----a-w- c:\windows\HideWin.exe
2009-04-01 12:07 . 2009-04-01 12:07 120240 ----a-w- c:\documents and settings\B\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-04-01 12:01 . 2009-04-01 12:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-01 12:01 . 2009-04-01 12:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-03-29 14:01 . 2009-03-29 14:01 115698 ------w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-03-29 14:01 . 2009-03-29 13:54 166455 ------w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 14:01 . 2009-03-29 14:01 114340 ------w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1025.dat
2009-03-29 13:52 . 2009-03-29 13:52 21640 ------w- c:\windows\system32\emptyregdb.dat
2009-03-24 15:33 . 2009-03-24 15:33 237264 ----a-w- c:\documents and settings\B\Application Data\Mozilla\plugins\npgoogletalk.dll
.
------- Sigcheck -------
[-] 2008-11-05 12:41 1614848 5504EFF23CE88A875C98B4C55487FF1D c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\anoooos\Internet Download Manager\IDMan.exe" [2008-09-01 2606512]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\GO\CTCMSGo.exe" [2003-08-12 131072]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-02 321344]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-04-04 190024]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
"Google Update"="c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-17 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-02 198160]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\QTTask.exe" [2008-05-27 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 81920]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTHotKeys"="c:\program files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" [2005-08-18 446464]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-17 201992]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2003-11-10 385024]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-08-13 123904]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-08-13 123904]
c:\documents and settings\B\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
is-CQEDT.lnk - c:\documents and settings\B\Desktop\Virus Removal Tool\is-CQEDT\startup.exe [2009-6-4 65536]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-28 333088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-5-15 6822728]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi8"= CtPmMidi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\B\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\B\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [05/11/2008 03:40 م 124928]
R1 is-CQEDTdrv;is-CQEDTdrv;c:\windows\system32\drivers\30764492.sys [04/06/2009 08:23 م 148496]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [01/04/2009 03:31 م 15840]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
S3 CD-Lock;CD-Lock;c:\progra~1\CD-Lock\cdm.sys [06/03/2007 03:42 ص 29056]
S3 CtPmFilt;CtPmFilt;c:\windows\system32\drivers\CtPmFilt.sys [01/04/2009 05:49 م 18176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 14:57]
2009-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-515967899-1801674531-1003.job
- c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 13:00]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-procexp90.Sys
SafeBoot-AVG Anti-Spyware Guard

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\anoooos\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\anoooos\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\anoooos\Internet Download Manager\IEGetVL.htm
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-05 11:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6cd69da3-6351-441f-aa73-03be2ff8b704}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009a
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,9c,24,d3,00,a9,cf,c2,89,e5,a6,c5,a8,fe,be,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):73,ee,56,9f,9f,ec,8a,cf,d5,47,e7,5f,df,98,1c,28,d8,07,76,ed,ba,
8b,8a,fb,0b,65,99,39,9e,99,69,b9,94,bb,0e,e9,7f,fd,38,00,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\Crypserv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\TechSmith\SnagIt 9\TscHelp.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\TechSmith\SnagIt 9\SnagPriv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-05 11:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 08:29
Pre-Run: 67,574,005,760 bytes free
Post-Run: 68,134,383,616 bytes free
325 --- E O F --- 2009-04-01 17:21
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:36:41 م, on 05/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\anoooos\Internet Download Manager\IDMan.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\anoooos\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHotKeys] "C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" -STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\anoooos\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: is-CQEDT.lnk = C:\Documents and Settings\B\Desktop\Virus Removal Tool\is-CQEDT\startup.exe
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10525 bytes
 
تأييد 0
هل انتهت المشكلة ام ماذا ؟
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى