جنني هالتروووجان فكوني منه يرحم والديكم

[1080p]

السلام عليكم ورحمة الله وبركاته

كيفكم شباب وكل عام وانتم بالف خير

عندي مشكلة في الالعاب وبرنامج الافيرا
كل ما اشغل لعبة يطلع لي نفس الفايرس ويوم احذفه تقفل اللعبة وعلى هالحال
مادري من وين جاني هالتروجان صرت كل ما اشغل لعبة يطلع تنبية من برنامج الحماية
واول ما احذفه تقفل اللعبة...المشكلة انه افيرا مايحذف التروجان !!!
لاني ارجع افتح اللعبة ويرجع يطلع مره ثانيه :cr:

خايف لا اسويله ignore واروح فيها :q:
شو الحل؟
صورة الرسالة

​

 

[format]

اعمل سكان لكل جهازك

 

[format]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[tamer87]

أخي اللعبة أكيد فيها فايروس
ابعد عنها وما تشغلها افضل لجهازك
​

 

[ahmadnour_555]

اعمل سكان لكل جهازك

k:k:k:

 

[رياق]

اختر خيار حذف

 

[kamy0023]

أخي اعمل delete ثم أوكي وليس deny access

 

[1080p]

سكان كامل ومالقى شي
وانا اصلا اسويله حذف
ولكن يوم اشغلها مره ثانيه اشوف نفس الرساله التحذيرية

 

[shrbiny]

اوقف استعاده النظام اولا ثم سكان على الجهاز

 

[Mr.Najem]

السلام عليكم ورحمة الله وبركاته

على ما اظن ايجابية كاذبة و اكتشاف خاطئ فى اللعبة
ارسل الملف المكتشف الى الافيرا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[Natalya]

ركب العملاق النود وارتاح من كل شئ :king:

 

[kasper2009]

السلام عليكم ورحمة الله وبركاته

على ما اظن ايجابية كاذبة و اكتشاف خاطئ فى اللعبة
ارسل الملف المكتشف الى الافيرا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

k:k:
واذا كان رد الشركه لاسامح الله بأنه فايروس
جرب تنزيل برنامج حمايه حسب رغبتك انت
​

 

[Spec-Ops]

ComboFix 09-11-28.04 - Qodon 11/29/2009 18:53.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2046.1645 [GMT 4:00]
Running from: c:\documents and settings\Qodon\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Qodon\Application Data\.#
c:\documents and settings\Qodon\Application Data\.#\MBX@1B24@B241A8.###
c:\documents and settings\Qodon\Application Data\.#\MBX@1B24@B241D8.###
c:\documents and settings\Qodon\Application Data\.#\MBX@1B24@B24208.###
c:\program files\NetMeeting\secedit.exe

c:\windows\System32\Drivers\d347prt.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-29 12:50 . 2009-11-29 12:50 2 --shatr- c:\windows\winstart.bat
2009-11-29 12:50 . 2009-11-29 13:05 -------- d-----w- c:\program files\UnHackMe
2009-11-28 12:45 . 2009-11-28 12:45 -------- d-----w- c:\program files\PowerISO
2009-11-28 12:42 . 2009-11-28 12:42 -------- d-----w- c:\program files\MagicISO
2009-11-28 12:41 . 2009-11-28 12:41 -------- d-----w- c:\program files\Sony Setup
2009-11-28 10:19 . 2009-11-28 10:19 -------- d-----w- C:\Fraps
2009-11-27 16:05 . 2009-11-27 16:24 -------- d-----w- c:\documents and settings\Qodon\DoctorWeb
2009-11-26 15:21 . 2009-11-26 15:21 -------- d-----w- c:\program files\Java
2009-11-25 10:15 . 2009-11-25 10:28 -------- d-----w- C:\Games
2009-11-25 06:10 . 2009-11-26 15:21 152576 ----a-w- c:\documents and settings\Qodon\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 06:10 . 2009-11-26 15:20 79488 ----a-w- c:\documents and settings\Qodon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-18 18:58 . 2009-11-18 18:58 -------- d-----w- c:\program files\Microsoft
2009-11-14 16:35 . 2009-11-14 16:35 -------- d-----w- c:\documents and settings\Qodon\Local Settings\Application Data\Blizzard Entertainment
2009-11-14 12:25 . 2009-11-14 12:25 -------- d-----w- c:\program files\uTorrent
2009-11-11 21:38 . 2009-11-28 10:59 -------- d-----w- C:\Warhammer Online - Age of Reckoning
2009-11-11 21:35 . 2009-11-11 21:35 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-11-11 12:31 . 2009-11-11 12:31 45056 ----a-r- c:\documents and settings\Qodon\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe1_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-11 12:31 . 2009-11-11 12:31 45056 ----a-r- c:\documents and settings\Qodon\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-11 12:31 . 2009-11-11 12:31 10134 ----a-r- c:\documents and settings\Qodon\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\ARPPRODUCTICON.exe
2009-11-04 14:42 . 2009-11-04 14:42 -------- d-----w- c:\program files\Gpotato
2009-11-04 13:54 . 2009-11-29 14:49 -------- d-----w- c:\documents and settings\Qodon\Local Settings\Application Data\PMB Files
2009-11-04 13:54 . 2009-11-11 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-11-04 13:53 . 2009-11-04 13:53 -------- d-----w- c:\program files\Pando Networks
2009-10-31 21:40 . 2009-10-31 21:40 -------- d-----w- c:\program files\GameHi_USA
2009-10-31 16:58 . 2009-10-31 16:58 -------- d-----w- c:\documents and settings\Qodon\Local Settings\Application Data\Kamuse

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 14:50 . 2009-09-28 21:01 -------- d-----w- c:\documents and settings\Qodon\Application Data\DNA
2009-11-29 13:04 . 2009-07-10 15:00 -------- d-----w- c:\documents and settings\Qodon\Application Data\DMCache
2009-11-29 13:04 . 2009-06-29 13:48 -------- d-----w- c:\documents and settings\Qodon\Application Data\uTorrent
2009-11-29 13:03 . 2009-07-10 21:46 -------- d-----w- c:\program files\Steam
2009-11-29 13:03 . 2009-09-28 21:01 -------- d-----w- c:\program files\DNA
2009-11-28 17:49 . 2009-09-04 15:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-28 12:56 . 2009-10-02 19:59 -------- d-----w- c:\documents and settings\Qodon\Application Data\dvdcss
2009-11-28 10:32 . 2009-06-30 03:48 138936 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-28 10:31 . 2009-06-30 03:47 214504 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-27 13:26 . 2009-10-17 15:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-27 13:12 . 2009-06-27 14:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-27 06:31 . 2009-07-06 13:31 -------- d-----w- c:\documents and settings\Qodon\Application Data\LimeWire
2009-11-26 15:21 . 2009-07-04 09:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-25 06:49 . 2009-06-27 17:42 -------- d-----w- c:\program files\KalOnlineEng
2009-11-21 10:01 . 2009-10-17 15:27 117760 ----a-w- c:\documents and settings\Qodon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-18 18:59 . 2009-07-18 21:42 -------- d-----w- c:\program files\Windows Live
2009-11-08 12:16 . 2009-06-27 14:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-30 14:03 . 2009-10-30 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-30 14:02 . 2009-10-30 14:02 -------- d-----w- c:\program files\Microsoft SDKs
2009-10-27 17:33 . 2009-10-27 17:33 -------- d-----w- c:\program files\WinAVI MP4 Converter
2009-10-23 10:28 . 2009-10-23 10:28 22777 ----a-w- c:\documents and settings\Qodon\267404.zip
2009-10-21 04:04 . 2009-10-21 03:38 -------- d-----w- c:\program files\Webzen
2009-10-19 12:30 . 2009-06-27 20:27 43688 ----a-w- c:\documents and settings\Qodon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-17 15:26 . 2009-10-17 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 15:26 . 2009-10-17 15:26 -------- d-----w- c:\documents and settings\Qodon\Application Data\SUPERAntiSpyware.com
2009-10-17 15:25 . 2009-06-27 15:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-16 11:33 . 2009-07-31 11:33 -------- d-----w- c:\program files\Pirate King Online
2009-10-16 11:31 . 2009-09-09 06:36 -------- d-----w- c:\program files\Silkroad
2009-10-12 16:45 . 2009-10-03 04:35 256 ----a-w- c:\windows\system32\pool.bin
2009-10-03 04:57 . 2009-10-03 04:36 -------- d-----w- c:\documents and settings\Qodon\Application Data\Roxio
2009-10-03 04:36 . 2009-10-03 04:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-10-03 04:35 . 2009-10-03 04:35 -------- d-----w- c:\documents and settings\Qodon\Application Data\Research In Motion
2009-10-03 04:29 . 2009-09-09 05:37 -------- d-----w- c:\documents and settings\Qodon\Application Data\InstallShield
2009-10-03 04:28 . 2009-10-03 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-10-03 04:28 . 2009-10-03 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-10-03 04:28 . 2009-10-03 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-10-03 04:27 . 2009-10-03 04:25 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-03 04:26 . 2009-10-03 04:26 -------- d-----w- c:\program files\Roxio
2009-10-03 04:26 . 2009-10-03 04:26 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-10-03 04:26 . 2009-06-27 14:23 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-03 04:21 . 2009-10-03 04:20 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-03 04:20 . 2009-10-03 04:20 -------- d-----w- c:\program files\Research In Motion
2009-10-02 00:47 . 2009-06-29 13:08 -------- d-----w- c:\program files\EA Games
2009-10-02 00:36 . 2009-10-02 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-10-02 00:28 . 2009-10-02 00:28 -------- d-----w- c:\program files\Microsoft Games
2009-09-23 13:42 . 2009-10-21 04:04 53616 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2009-09-23 13:42 . 2009-10-21 04:04 53616 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2009-09-23 13:42 . 2009-10-21 04:04 364912 ----a-w- c:\windows\system32\CMStarterCore.exe
.

------- Sigcheck -------

[-] 2009-06-29 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-06-29 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-15 2606512]
"Steam"="c:\program files\steam\steam.exe" [2009-11-13 1217808]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-04 2923192]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-28 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-07-28 209153]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-26 149280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-11-06 200704]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-05-24 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-05-24 18944]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-02-13 16857600]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-11-20 1826816]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2006-05-04 2808832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\Qodon\Start Menu\Programs\Startup\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-3-5 5349888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-4-25 11057664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 11:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Qodon\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57697:TCP"= 57697:TCPando Media Booster
"57697:UDP"= 57697:UDPando Media Booster

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/2/2009 3:52 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/2/2009 3:52 PM 5248]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [7/28/2009 5:33 PM 97608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [7/28/2009 5:33 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/28/2009 5:33 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/28/2009 5:33 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/28/2009 5:33 PM 434945]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [7/28/2009 5:33 PM 69632]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [5/29/2009 5:13 PM 234864]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ae/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = proxy1.emirates.net.ae:8080
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://174.37.178.29/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://174.37.212.114/imscp/talks3n.cab
FF - ProfilePath - c:\documents and settings\Qodon\Application Data\Mozilla\Firefox\Profiles\dgxs9mg1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ae/
FF - prefs.js: network.proxy.ftp - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy1.emirates.net.ae
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\Qodon\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Command & Conquer - c:\program\EA GAMES\Uninstal.exe
AddRemove-GoldWave v5.10 - c:\program files\GoldWave\unstall.exe GoldWave v5.10
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe steam://uninstall/440



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-11-29 19:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A027D68]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb7f59cb8
\Driver\atapi -> 0x8a027d68
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Realtek PCIe GBE Family Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7de0ba0
PacketIndicateHandler -> NDIS.sys @ 0xb7dedb21
SendHandler -> NDIS.sys @ 0xb7dcb87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ea,ea,35,d6,c1,c8,57,da,20,b7,95,84,d8,65,2f,9a,c8,e5,29,98,d7,
64,03,96,c6,95,82,86,f7,0e,b9,15,a7,69,6c,25,a7,49,99,5f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d2cdf0c2-efe4-4610-baa0-1464f8496619}]
@Denied: (Full) (Everyone)
"Model"=dword:00000107
"Therad"=dword:00000012
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,37,ce,5f,33,19,69,0a,25,20,75,35,e9,8c,75,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Qodon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1084)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-11-29 19:06
ComboFix-quarantined-files.txt 2009-11-29 15:06

Pre-Run: 11,335,671,808 bytes free
Post-Run: 14,420,971,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4CBC3012554F8C251629D0B72FC4CFC6

 

[Spec-Ops]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:06 PM, on 11/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O24 - Desktop Component 1: MGC GamerCard -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

--
End of file - 10081 bytes

 

[format]

وهذه اقوى اعدادات اله >>
شرح افضل الاعدادت للدكتر ويب
Dr.web

للتحميل البرنامج اضغط على صوره

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي