The Volume is dirty .... ارجو الحل المشكلة

amralfar · 5 يونيو 2009

السلام عليكم

يظهر لي check disk كل ما يفتح الجهاز ويقعد لمدة طويلة

استخدمت برنامج Hijkack this وها هو ملف اللوق

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:57:21 م, on 05/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\DU Meter\DUMeterSvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\system32\WebUpdateSvc4.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\alg.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Documents and Settings\Amr Elfar\Application Data\advantage\AdVantage.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cmd.exe
D:\Program Files\SpeedFan\speedfan.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\TuneUp Utilities 2009\Integrator.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\AMRELF~1\LOCALS~1\Temp\Rar$EX00.547\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = "http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Interner Explorer DanCe Edition (Master.ZizO)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [AdVantage] D:\Documents and Settings\Amr Elfar\Application Data\advantage\AdVantage.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - D:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - D:\WINDOWS\system32\WebUpdateSvc4.exe

--
End of file - 8181 bytes

ارجو سرعة الاستجابة

king_man · 5 يونيو 2009

اخى قم بحذف القيم التاليه :

O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)

O4 - HKCU\..\Run: [AdVantage] D:\Documents and Settings\Amr Elfar\Application Data\advantage\AdVantage.exe

D:\Documents and Settings\Amr Elfar\Application Data\advantage\AdVantage.exe

طريقة الحذف

بعدها

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

عطل برنامج الحمايه واستخدم اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

ثم قم بعمل تقرير هايجاك جديد

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

MAAX · 5 يونيو 2009

عن اذن اخون الكينج
اعمل هذا التقرير اولاا

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

amralfar · 5 يونيو 2009

شكرا لك اخي King_Man

MAAX ها هو التقرير

ComboFix 09-06-05.02 - Amr Elfar 06/05/2009 21:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.2046.1476 [GMT 3:00]
Running from: d:\documents and settings\Amr Elfar\My Documents\Downloads\Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\Drivers\sptd.sys
d:\windows\system32\msconfig.exe
E:\desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 10:36 . 2009-06-05 10:38 -------- d-----w- d:\program files\SpeedFan
2009-06-04 15:39 . 2009-06-04 15:45 -------- d-----w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\Adobe
2009-06-04 15:39 . 2009-06-04 15:39 -------- d-----w- d:\program files\Common Files\Adobe
2009-06-04 13:00 . 2009-06-04 13:00 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA
2009-06-03 09:59 . 2008-05-30 11:19 507400 ----a-w- d:\windows\system32\XAudio2_1.dll
2009-06-03 09:58 . 2009-06-03 09:59 -------- d-----w- d:\windows\Logs
2009-06-03 09:58 . 2009-06-03 09:58 -------- d-----w- d:\program files\AGEIA Technologies
2009-06-03 09:58 . 2009-06-03 09:58 -------- d-----w- d:\windows\system32\AGEIA
2009-06-03 09:58 . 2009-06-03 09:58 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-06-03 09:40 . 2009-06-03 09:40 -------- d-----w- d:\program files\Activision
2009-06-03 09:38 . 2009-06-03 09:38 -------- d-sh--w- d:\windows\ftpcache
2009-06-02 15:47 . 2009-06-02 15:47 207872 ----a-w- d:\documents and settings\Amr Elfar\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-06-02 15:47 . 2009-06-02 15:47 207872 ----a-w- d:\documents and settings\Amr Elfar\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-06-02 15:47 . 2009-06-02 15:47 207872 ----a-w- d:\documents and settings\Amr Elfar\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-06-02 15:47 . 2009-06-02 15:47 207872 ----a-w- d:\documents and settings\Amr Elfar\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-06-01 16:23 . 2009-06-01 16:23 -------- d-----w- d:\program files\FLV Player
2009-05-31 22:51 . 2009-05-31 22:51 -------- d--h--w- d:\windows\PIF
2009-05-31 10:04 . 2007-12-26 14:30 679936 ----a-w- d:\windows\system32\D3DX81ab.dll
2009-05-31 10:04 . 2007-12-26 14:30 1970176 ----a-w- d:\windows\system32\d3dx9.dll
2009-05-31 10:04 . 2009-06-04 15:24 -------- d-----w- d:\program files\Cheat Engine
2009-05-30 21:55 . 2009-05-30 21:55 312320 ----a-w- d:\documents and settings\Amr Elfar\Application Data\Thinstall\Photoshop cs4\1000000600002i\svchost.exe
2009-05-30 21:54 . 2009-05-30 21:54 312320 ----a-w- d:\documents and settings\Amr Elfar\Application Data\Thinstall\Photoshop cs4\1000000b00002i\rundll32.exe
2009-05-30 21:54 . 2009-05-30 21:54 -------- d-----w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\Thinstall
2009-05-30 21:54 . 2009-05-30 21:54 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\Thinstall
2009-05-29 19:17 . 2009-05-29 19:20 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\Mp3tag
2009-05-29 19:14 . 2009-05-29 19:14 -------- d-----w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\GlobalSCAPE
2009-05-29 19:14 . 2009-05-29 19:14 -------- d-----w- d:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-05-29 19:14 . 2009-05-29 19:14 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\GlobalSCAPE
2009-05-29 19:14 . 2009-05-29 19:14 -------- d-----w- d:\program files\GlobalSCAPE
2009-05-29 19:11 . 2009-05-29 19:11 -------- d-----w- d:\program files\Mp3tag
2009-05-28 14:36 . 2009-05-28 14:36 47624 ----a-w- d:\windows\system32\wuwuninst.exe
2009-05-28 14:36 . 2009-05-28 14:36 -------- d-----w- d:\program files\Video Fun Box 2 DEMO
2009-05-27 12:04 . 2009-05-27 12:03 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-05-27 00:33 . 2009-05-27 12:03 152576 ----a-w- d:\documents and settings\Amr Elfar\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-26 08:59 . 2009-05-31 15:26 -------- d-----w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\Deployment
2009-05-26 08:20 . 2009-05-26 08:21 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\PE Explorer
2009-05-24 16:19 . 2009-06-03 18:38 -------- d-----w- d:\program files\Data
2009-05-24 16:18 . 2008-10-23 16:12 56105 ----a-w- d:\program files\PhotoshopCS4.exe
2009-05-24 16:18 . 2008-11-06 21:35 -------- d-----w- d:\program files\App
2009-05-22 18:30 . 2009-05-31 22:21 -------- d-----w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\WMTools Downloaded Files
2009-05-20 23:35 . 2009-05-22 19:22 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\Datalayer
2009-05-20 23:35 . 2009-05-22 19:22 -------- d-----w- d:\documents and settings\Amr Elfar\Phone Browser
2009-05-20 23:35 . 2009-05-20 23:35 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\Nokia
2009-05-20 23:09 . 2009-05-20 23:09 -------- d-----w- d:\program files\DIFX
2009-05-20 23:08 . 2009-05-20 23:08 -------- d-----w- d:\program files\Common Files\Nokia
2009-05-20 23:08 . 2009-05-20 23:09 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\PC Suite
2009-05-20 23:07 . 2009-05-20 23:09 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Suite
2009-05-20 23:07 . 2009-05-20 23:08 -------- d-----w- d:\program files\Common Files\PCSuite
2009-05-20 23:07 . 2006-05-29 05:26 13312 ----a-w- d:\windows\system32\drivers\nmwcdcm.sys
2009-05-20 23:07 . 2006-05-29 05:26 13312 ----a-w- d:\windows\system32\drivers\nmwcdcj.sys
2009-05-20 23:07 . 2006-05-29 05:26 8704 ----a-w- d:\windows\system32\drivers\nmwcdc.sys
2009-05-20 23:07 . 2006-05-29 05:26 127488 ----a-w- d:\windows\system32\drivers\nmwcd.sys
2009-05-20 23:07 . 2006-05-29 05:26 30720 ----a-w- d:\windows\system32\nmwcdcocls.dll
2009-05-20 23:07 . 2006-05-29 05:26 4608 ----a-w- d:\windows\system32\nmwcdlog.dll
2009-05-20 23:07 . 2006-05-29 05:26 50688 ----a-w- d:\windows\system32\nmwcdcls.dll
2009-05-20 23:07 . 2009-05-20 23:08 -------- d-----w- d:\program files\Nokia
2009-05-20 23:07 . 2009-05-20 23:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Downloaded Installations
2009-05-20 15:34 . 2009-05-20 15:37 -------- d-----w- d:\program files\Common Files\LightScribe
2009-05-20 15:32 . 2009-05-20 15:37 -------- d-----w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\Ahead
2009-05-20 15:30 . 2009-05-20 15:37 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\Ahead
2009-05-20 15:21 . 2009-05-20 15:21 -------- d-----w- d:\program files\Nero
2009-05-20 15:21 . 2009-05-20 15:21 -------- d-----w- d:\documents and settings\All Users\Application Data\Nero
2009-05-20 15:21 . 2009-05-20 15:33 -------- d-----w- d:\program files\Common Files\Ahead
2009-05-19 21:26 . 2009-05-19 21:26 198064 ----a-w- d:\documents and settings\Amr Elfar\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-19 18:29 . 2009-05-19 18:33 -------- d-----w- d:\program files\Microsoft SQL Server
2009-05-19 18:29 . 2009-05-19 18:29 -------- d-----w- d:\program files\Microsoft Device Emulator
2009-05-19 18:28 . 2009-05-19 18:28 -------- d-----w- d:\program files\Microsoft SQL Server 2005 Mobile Edition
2009-05-19 18:22 . 2009-05-19 18:22 -------- d-----w- d:\program files\MSBuild
2009-05-19 18:18 . 2009-05-19 18:31 -------- d-----w- d:\program files\Microsoft.NET
2009-05-19 18:18 . 2009-05-19 18:22 -------- d-----w- d:\program files\HTML Help Workshop
2009-05-19 18:18 . 2009-05-19 18:20 -------- d-----w- d:\program files\Common Files\Business Objects
2009-05-19 18:18 . 2009-05-19 18:18 -------- d-----w- d:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-05-19 18:18 . 2009-05-19 18:18 -------- d-----w- d:\windows\Symbols
2009-05-19 18:18 . 2009-05-19 18:18 -------- d-----w- d:\program files\CE Remote Tools
2009-05-19 18:18 . 2009-05-19 18:22 -------- d-----w- d:\program files\Common Files\Merge Modules
2009-05-19 18:17 . 2009-05-19 18:17 -------- d-----w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\Microsoft Help
2009-05-19 18:17 . 2009-05-19 18:27 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-19 18:17 . 2009-05-19 18:22 -------- d-----w- d:\program files\Microsoft Visual Studio 8
2009-05-17 21:41 . 2009-05-17 21:41 -------- d-----w- d:\windows\system32\xircom
2009-05-17 21:41 . 2009-05-17 21:41 -------- d-----w- d:\windows\system32\wbem\snmp
2009-05-17 21:41 . 2009-05-17 21:41 -------- d-----w- d:\windows\srchasst
2009-05-17 21:41 . 2009-05-17 21:41 -------- d-----w- d:\program files\microsoft frontpage
2009-05-16 22:24 . 2008-12-11 05:38 159600 ----a-w- d:\windows\system32\drivers\pctgntdi.sys
2009-05-16 22:23 . 2009-04-03 08:18 130936 ----a-w- d:\windows\system32\drivers\PCTCore.sys
2009-05-16 22:23 . 2008-12-18 09:16 73840 ----a-w- d:\windows\system32\drivers\PCTAppEvent.sys
2009-05-16 22:23 . 2009-05-16 22:38 -------- d-----w- d:\program files\Common Files\PC Tools
2009-05-16 22:23 . 2008-12-10 08:36 64392 ----a-w- d:\windows\system32\drivers\pctplsg.sys
2009-05-16 22:23 . 2009-05-17 05:04 -------- d-----w- d:\program files\Spyware Doctor
2009-05-16 22:23 . 2009-05-16 22:23 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\PC Tools
2009-05-16 22:23 . 2009-05-16 22:23 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Tools
2009-05-16 21:57 . 2009-05-27 13:15 -------- d-----w- d:\program files\Anti Trojan Elite
2009-05-16 14:41 . 2009-05-16 14:42 -------- d-----w- d:\program files\Allok 3GP PSP MP4 iPod Video Converter
2009-05-16 14:41 . 2007-04-12 11:19 129024 ----a-w- d:\windows\system32\AVERM.dll
2009-05-16 14:41 . 2006-09-26 10:57 28672 ----a-w- d:\windows\system32\AVEQT.dll
2009-05-16 14:15 . 2009-05-16 14:15 -------- d-----w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\Identities
2009-05-15 14:03 . 2009-05-15 15:32 848 --sha-w- d:\windows\system32\KGyGaAvL.sys
2009-05-15 13:55 . 2009-05-15 13:55 -------- d-----w- d:\program files\PowerQuest
2009-05-14 11:42 . 2009-05-19 10:26 -------- d-----w- d:\program files\Total Vedio Converter
2009-05-13 00:21 . 2009-05-13 00:21 -------- d-----w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\Yahoo
2009-05-13 00:19 . 2009-05-13 00:21 -------- d-----w- d:\documents and settings\All Users\Application Data\Yahoo!
2009-05-13 00:19 . 2008-09-19 13:41 607472 ----a-w- d:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-13 00:19 . 2009-05-13 00:19 -------- d-----w- d:\program files\Yahoo!
2009-05-11 17:50 . 2009-06-05 19:12 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-05-11 17:50 . 2009-05-17 02:41 -------- d-----w- D:\Fraps
2009-05-11 17:30 . 2009-05-11 17:30 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\Ubisoft
2009-05-11 17:30 . 2009-05-11 17:30 -------- d-----w- d:\documents and settings\All Users\Application Data\Ubisoft
2009-05-11 06:28 . 2009-05-11 06:28 51200 ----a-w- d:\documents and settings\Amr Elfar\Application Data\Mozilla\Firefox\Profiles\vee9ejzz.default\extensions\{283ab26b-d939-41f3-924f-3044ed3e195a}\components\FFExternalAlert.dll
2009-05-11 06:28 . 2009-05-11 06:28 114688 ----a-w- d:\documents and settings\Amr Elfar\Application Data\Mozilla\Firefox\Profiles\vee9ejzz.default\extensions\{283ab26b-d939-41f3-924f-3044ed3e195a}\components\npmozax.dll
2009-05-10 00:48 . 2009-05-21 19:09 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-09 20:41 . 2009-05-23 21:56 -------- d-----w- d:\program files\Messenger Plus! Live
2009-05-09 20:39 . 2009-06-05 19:12 -------- d-----w- d:\documents and settings\Amr Elfar\Tracing
2009-05-09 20:30 . 2009-05-09 20:30 -------- d-----w- d:\program files\Microsoft
2009-05-09 20:30 . 2009-05-09 20:30 -------- d-----w- d:\program files\Windows Live SkyDrive
2009-05-09 20:29 . 2009-05-09 20:30 -------- d-----w- d:\program files\Windows Live
2009-05-09 06:39 . 2008-04-14 02:42 26624 ----a-w- d:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-09 06:34 . 2009-05-09 06:34 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\Media Player Classic
2009-05-08 22:09 . 2009-05-08 22:09 604416 ----a-w- d:\windows\system32\TUProgSt.exe
2009-05-08 22:09 . 2009-04-27 11:21 28928 ----a-w- d:\windows\system32\uxtuneup.dll
2009-05-08 22:09 . 2009-05-08 22:09 361216 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2009-05-08 22:09 . 2009-05-08 22:09 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\TuneUp Software
2009-05-08 22:08 . 2009-05-08 22:08 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-08 22:08 . 2009-05-08 22:50 -------- d-----w- d:\program files\TuneUp Utilities 2009
2009-05-08 22:06 . 2009-05-08 22:06 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 19:12 . 2009-05-08 20:52 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\DMCache
2009-06-05 19:12 . 2009-05-08 20:15 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\DAEMON Tools
2009-06-05 19:01 . 2009-05-08 20:20 52204 --sha-w- d:\windows\system32\drivers\fidbox.idx
2009-06-05 19:01 . 2009-05-08 20:20 4772 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2009-06-05 19:01 . 2009-05-08 20:20 466976 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2009-06-05 19:01 . 2009-05-08 20:20 6275616 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-06-05 18:45 . 2009-05-08 20:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-05 18:45 . 2009-05-08 20:17 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\advantage
2009-06-05 10:36 . 2009-05-08 20:52 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\IDM
2009-06-04 12:55 . 2009-05-08 19:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-03 09:54 . 2009-05-08 19:37 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-06-02 15:51 . 2009-05-08 19:47 -------- d-----w- d:\program files\SystemRequirementsLab
2009-06-02 15:48 . 2009-05-08 19:47 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\SystemRequirementsLab
2009-06-01 13:30 . 2009-05-08 19:02 21904 ----a-w- d:\documents and settings\Amr Elfar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 19:14 . 2009-05-08 19:36 -------- d-----w- d:\program files\Common Files\InstallShield
2009-05-28 21:25 . 2009-05-08 20:18 -------- d-----w- d:\program files\Anti Keylogger Elite
2009-05-27 12:03 . 2009-05-08 19:01 -------- d-----w- d:\program files\Java
2009-05-22 22:30 . 2009-05-08 20:21 94643 ----a-w- d:\windows\system32\drivers\klick.dat
2009-05-22 22:30 . 2009-05-08 20:21 105395 ----a-w- d:\windows\system32\drivers\klin.dat
2009-05-19 21:24 . 2009-05-08 20:52 -------- d-----w- d:\program files\Internet Download Manager
2009-05-08 21:27 . 2009-05-08 21:26 -------- d-----w- d:\program files\DU Meter
2009-05-08 21:26 . 2009-05-08 21:26 -------- d-----w- d:\documents and settings\All Users\Application Data\Hagel Technologies
2009-05-08 21:26 . 2008-01-29 14:29 33808 ----a-w- d:\windows\system32\drivers\klbg.sys
2009-05-08 21:25 . 2009-05-08 21:25 206088 ----a-w- d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-08 21:25 . 2009-05-08 21:25 33808 ----a-w- d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-08 21:25 . 2009-05-08 21:25 226832 ----a-w- d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-08 21:18 . 2009-05-08 21:18 -------- d-----w- d:\program files\Common Files\Windows Live
2009-05-08 20:20 . 2009-05-08 20:20 -------- d-----w- d:\program files\Kaspersky Lab
2009-05-08 20:19 . 2009-05-08 20:15 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-05-08 20:17 . 2009-05-08 20:17 93032 ----a-w- d:\documents and settings\Amr Elfar\Application Data\advantage\AdVUninst.exe
2009-05-08 20:17 . 2009-05-08 20:17 204208 ----a-w- d:\documents and settings\Amr Elfar\Application Data\advantage\AdVantage.exe
2009-05-08 20:15 . 2009-05-08 20:15 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-08 19:47 . 2009-05-08 19:29 664 ----a-w- d:\windows\system32\d3d9caps.dat
2009-05-08 19:47 . 2009-05-08 19:47 552 ----a-w- d:\windows\system32\d3d8caps.dat
2009-05-08 19:47 . 2009-05-08 19:47 290816 ----a-w- d:\documents and settings\Amr Elfar\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-05-08 19:47 . 2009-05-08 19:47 290816 ----a-w- d:\documents and settings\Amr Elfar\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-05-08 19:47 . 2009-05-08 19:47 290816 ----a-w- d:\documents and settings\Amr Elfar\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-05-08 19:47 . 2009-05-08 19:47 290816 ----a-w- d:\documents and settings\Amr Elfar\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-05-08 19:40 . 2009-05-08 19:40 -------- d-----w- d:\program files\Intel
2009-05-08 19:37 . 2009-05-08 19:37 -------- d-----w- d:\program files\Realtek
2009-05-08 19:36 . 2009-05-08 19:36 -------- d-----w- d:\program files\Marvell
2009-05-08 19:36 . 2009-05-08 19:35 14656 ----a-w- d:\windows\gdrv.sys
2009-05-08 19:31 . 2009-05-08 19:31 0 ----a-w- d:\windows\nsreg.dat
2009-05-08 19:03 . 2009-05-08 19:03 -------- d-----w- d:\program files\PowerMenu
2009-05-08 19:03 . 2009-05-08 19:03 -------- d-----w- d:\program files\Unlocker
2009-05-08 19:03 . 2009-05-08 19:03 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\Desktopicon
2009-05-08 19:03 . 2009-05-08 19:03 -------- d-----w- d:\program files\Foxit Software
2009-05-08 19:02 . 2009-05-08 19:02 -------- d-----w- d:\program files\Paint.NET
2009-05-08 19:02 . 2009-05-08 19:02 -------- d-----w- d:\program files\K-Lite Codec Pack
2009-05-08 19:02 . 2009-05-08 19:02 -------- d-----w- d:\program files\Winamp
2009-05-08 19:02 . 2009-05-08 19:02 -------- d-----w- d:\documents and settings\Amr Elfar\Application Data\Winamp
2009-05-08 19:01 . 2009-05-08 19:01 -------- d-----w- d:\program files\Common Files\Java
2009-05-08 19:01 . 2009-05-08 19:01 -------- d-----w- d:\program files\Spybot
2009-05-08 18:53 . 2009-05-08 18:53 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-05-08 18:52 . 2009-05-08 18:52 -------- d-----w- d:\program files\System
2009-05-08 18:52 . 2009-05-08 18:52 -------- d-----w- d:\program files\Windows Media Connect 2
2009-05-08 18:51 . 2009-05-08 18:51 -------- d-----w- d:\program files\Microsoft Games
2009-03-26 15:35 . 2009-04-29 12:20 210352 ----a-w- d:\windows\system32\idmmbc.dll
2008-11-06 21:07 . 2009-05-24 16:18 745 ----a-w- d:\program files\VERY IMPORTANT ABOUT CS4.txt
2009-05-08 20:18 . 2009-05-08 20:18 227696 ----a-w- d:\program files\mozilla firefox\components\AdVComponent.dll
.

------- Sigcheck -------

[-] 2008-10-06 10:58 2163712 D51499FD565AD1DBA2AC096D7C454EFE d:\windows\system32\ntkrnlpa.exe

[-] 2008-10-16 19:03 2285056 8C61CF9D1FBDB1250ED3CB638714EDE1 d:\windows\system32\ntoskrnl.exe

[-] 2008-08-30 12:37 950784 631BF8F2F35A44C3A41AD379CB3A5A4A d:\windows\explorer.exe

[-] 2008-10-03 08:33 1614848 362BC5AF8EAF712832C58CC13AE05750 d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]
"MsnMsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DU Meter"="d:\program files\DU Meter\DUMeter.exe" [2008-06-08 2645528]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-04-29 2799024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="d:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="d:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ISTray"="d:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2008-06-23 124928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\\000,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\program files\Spybot\TeaTimer.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"PcSync"=d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe"
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=d:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"PCSuiteTrayApplication"=d:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Activision\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [17/05/2009 01:23 ص 130936]
R1 vcdrom;Virtual CD-ROM Device Driver;d:\program files\System\CPL Bonus\vcdrom.sys [08/05/2009 09:52 م 8576]
R2 DUMeterSvc;DU Meter Service;d:\program files\DU Meter\DUMeterSvc.exe [09/05/2009 12:26 ص 1386008]
R2 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [17/05/2009 01:23 ص 348752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;d:\windows\system32\TUProgSt.exe [09/05/2009 01:09 ص 604416]
R2 WebUpdate4;Web Update Wizard Service V4;d:\windows\system32\WebUpdateSvc4.exe [15/10/2007 06:32 م 237784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S2 AKEProtect;AKEProtect;\??\d:\program files\Anti Keylogger Elite\AKEProtect.sys --> d:\program files\Anti Keylogger Elite\AKEProtect.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\d:\program files\Anti Trojan Elite\ATEPMon.sys --> d:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 GPU-Z;GPU-Z;\??\d:\docume~1\AMRELF~1\LOCALS~1\Temp\GPU-Z.sys --> d:\docume~1\AMRELF~1\LOCALS~1\Temp\GPU-Z.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 ص 2799808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - VCDROM
*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = "hxxp://www.daemon-search.com/startpage
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - d:\documents and settings\Amr Elfar\Application Data\Mozilla\Firefox\Profiles\vee9ejzz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.eg/
FF - component: d:\documents and settings\Amr Elfar\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: d:\documents and settings\Amr Elfar\Application Data\Mozilla\Firefox\Profiles\vee9ejzz.default\extensions\{283ab26b-d939-41f3-924f-3044ed3e195a}\components\FFExternalAlert.dll
FF - component: d:\program files\Mozilla Firefox\components\AdVComponent.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-05 22:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="d:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\LightScribe\LSSrvc.exe
d:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
d:\windows\system32\nvsvc32.exe
d:\program files\Spyware Doctor\pctsSvc.exe
.
**************************************************************************
.
Completion time: 2009-06-05 22:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 19:14

Pre-Run: 13,919,805,440 bytes free
Post-Run: 15,159,500,800 bytes free

328

MAAX · 5 يونيو 2009

الان اعمل تقرير هايجاك جديد

amralfar · 8 يونيو 2009

تفضا اخي معذر على التاخير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:35:21 م, on 08/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\DU Meter\DUMeterSvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\AMRELF~1\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = "http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - D:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - D:\WINDOWS\system32\WebUpdateSvc4.exe

--
End of file - 6765 bytes

MAAX · 8 يونيو 2009

كيف الاوضاع الان ؟

king_man · 9 يونيو 2009

MAAX قال:
عن اذن اخون الكينج

خد راحتك حبيب قلبي :q:

The Volume is dirty .... ارجو الحل المشكلة

amralfar

زيزوومي جديد

king_man

زيزوومى متألق

توقيع : king_man

MAAX

عضوشرف

amralfar

زيزوومي جديد

MAAX

عضوشرف

amralfar

زيزوومي جديد

MAAX

عضوشرف

king_man

زيزوومى متألق

توقيع : king_man

NTLite Business 2025.8.10552 X64