kondos

not fixed

ComboFix 12-07-11.03 - kondos 07/11/2012 15:28:33.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.2039.1632 [GMT 2:00] Running from: c:\documents and settings\kondos\My Documents\Downloads\Programs\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\kondos\Local Settings\Application Data\hide.exe c:\windows\iun6002.exe c:\windows\system32\dllcache\dlimport.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 ))))))))))))))))))))))))))))))) . . 2012-07-09 01:25 . 2012-07-09 01:26 -------- d-----w- C:\dat 2012-07-08 01:22 . 2012-07-08 01:26 -------- d-----w- C:\xampp 2012-07-07 15:28 . 2012-07-07 15:28 -------- d-----w- C:\ATI . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 13:19 . 2004-08-04 00:56 97304 ----a-w- c:\windows\system32\cdm.dll 2012-04-23 11:26 . 2012-06-07 06:18 108448 ----a-w- c:\windows\system32\drivers\idmtdi.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-07 3491264] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\PES6\\PES6.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6/7/2012 8:18 AM 108448] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/7/2012 4:59 PM 257696] S3 ALSysIO;ALSysIO;\??\c:\docume~1\kondos\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\kondos\LOCALS~1\Temp\ALSysIO.sys [?] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/10/2012 2:07 PM 40776] . Contents of the 'Scheduled Tasks' folder . 2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 12:05] . . ------- Supplementary Scan ------- . IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update Trusted Zone: windowsupdate.com\download TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-DkZ Studio0.9.0 - c:\windows\iun6002.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-11 15:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-839522115-1229272821-2147200963-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3CFCEFE4-3AEC-05F6-ABB2-65A096F7126E}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iamihapbjkefblbhcn"=hex:6a,61,64,6b,6d,69,64,6f,6a,70,61,69,6d,61,6f,62,65,6b, 70,6a,00,fb "hagljchojkaildmi"=hex:6a,61,64,6b,6d,69,64,6f,6a,70,61,69,6d,61,6f,62,65,6b, 70,6a,00,fb . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2012-07-11 15:34:41 ComboFix-quarantined-files.txt 2012-07-11 13:34 . Pre-Run: 6,038,077,440 bytes free Post-Run: 6,163,173,376 bytes free . - - End Of File - - E27036B0C6975508FCFF884FF7F6229D

hmmm the problem is not in router bec when i move the hard drive to another pc it's working perfect!!! i reseted it and the problem still not solved

TPlink TD-8816

yea

yea complete re-installation but my isp told me the problem in my pc because when i move the hard to another pc it's working perfetly

yea

i've installed new windows but the problem didn't solved exeHelper by Raktor Build 20100414 Run at 17:04:03 on 07/07/12 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.07.05 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 kondos :: MANNON [administrator] Protection: Enabled 07/07/2012 04:58:50 م mbam-log-2012-07-07 (16-58-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 180401 Time elapsed: 6 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Hi Maniac I cant download anything when I download anything it's corrupted in rar files it teels me CRC failed in .exe or self extract over than 3MB it's corrupted Log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Mn3m at 5:02:20 on 2012-07-07 Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.2039.1483 [GMT 2:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\netcut\services\AIPS.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.alnaddy.com/?t=eg&babsrc=HP_ss&mntrId=cc9f4c8e00000000000000192191d2d4 mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\internet download manager\IEGetAll.htm IE: تحميل بواسطة Internet Download Manager - c:\program files\internet download manager\IEExt.htm IE: حمل بواسطة البرنامج - file://c:\program files\mipony\browser\IEContext.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341450885359 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341450868546 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C16BE4B1-859D-4C23-AAC4-C31F03E05F79} : DhcpNameServer = 192.168.1.1 Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll . ============= SERVICES / DRIVERS =============== . R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2012-3-17 13616] R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2012-3-17 5632] R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2012-3-17 13616] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-6-7 108448] R2 AIPS;Arp Intelligent Protection Service;c:\program files\netcut\services\aips.exe [2012-7-6 262144] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-6-28 24328] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-9 257696] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-07-06 20:28:57 388096 ----a-r- c:\documents and settings\mn3m\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-07-06 20:28:56 -------- d-----w- c:\program files\Trend Micro 2012-07-06 10:50:43 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240D2.TMP 2012-07-06 10:01:40 2 ----a-w- C:\~AUcache1.tmp 2012-07-06 09:59:44 -------- d-----w- c:\program files\AutoUnpack 2012-07-06 02:52:54 -------- d-----w- c:\program files\WinPcap 2012-07-06 02:52:42 389120 ----a-w- c:\windows\system32\actskn43.ocx 2012-07-06 02:52:41 -------- d-----w- c:\program files\netcut 2012-07-05 17:36:39 8704 ----a-w- c:\windows\system32\kbdjpn.dll 2012-07-05 17:36:39 8192 ----a-w- c:\windows\system32\kbdkor.dll 2012-07-05 17:36:39 6144 ----a-w- c:\windows\system32\kbd106.dll 2012-07-05 17:36:39 6144 ----a-w- c:\windows\system32\kbd101c.dll 2012-07-05 17:36:39 6144 ----a-w- c:\windows\system32\kbd101b.dll 2012-07-05 17:36:39 5632 ----a-w- c:\windows\system32\kbd103.dll 2012-07-05 17:27:58 593920 ------w- c:\windows\system32\ati2sgag.exe 2012-07-05 02:32:13 -------- d-----w- c:\documents and settings\mn3m\local settings\application data\WMTools Downloaded Files 2012-07-05 02:15:50 -------- d-----w- c:\windows\system32\drivers\etc\New Folder 2012-07-05 01:16:01 -------- d-----w- c:\windows\system32\SoftwareDistribution 2012-07-04 15:00:57 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-07-04 15:00:57 -------- d-----w- c:\windows\system32\wbem\Repository 2012-07-04 14:47:27 -------- d-----w- C:\Drivers 2012-07-04 02:32:00 -------- d-----w- c:\documents and settings\mn3m\local settings\application data\PCHealth 2012-07-04 02:25:31 -------- d-----w- c:\documents and settings\mn3m\IECompatCache 2012-07-04 01:56:00 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-07-04 01:48:36 -------- d-----w- c:\documents and settings\mn3m\application data\IDM 2012-07-04 01:48:36 -------- d-----w- c:\documents and settings\mn3m\application data\DMCache 2012-07-04 01:48:29 -------- d-----w- c:\program files\Internet Download Manager 2012-07-03 23:46:09 -------- d-----w- c:\windows\pss 2012-06-28 15:04:14 2560 ----a-w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll 2012-06-27 22:18:03 24328 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys 2012-06-27 22:18:03 -------- d-----w- c:\program files\CPUID 2012-06-27 17:06:21 -------- d-----w- c:\windows\system32\LogFiles 2012-06-26 23:14:32 -------- d-----w- c:\documents and settings\mn3m\application data\Mipony 2012-06-26 23:14:00 -------- d-----w- c:\documents and settings\all users\application data\Babylon 2012-06-26 23:13:59 -------- d-----w- c:\documents and settings\mn3m\application data\Babylon 2012-06-26 04:12:38 -------- d-----w- c:\program files\Yahoo! 2012-06-26 03:20:00 -------- d-----w- c:\program files\VideoLAN 2012-06-25 17:51:59 -------- d-----w- c:\documents and settings\mn3m\application data\edxLabs 2012-06-25 01:08:51 -------- d-----w- c:\documents and settings\mn3m\local settings\application data\Opera 2012-06-24 22:27:38 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2012-06-24 22:27:36 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2012-06-24 17:01:20 -------- d-----w- c:\windows\system32\XPSViewer 2012-06-24 17:00:54 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2012-06-24 17:00:49 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2012-06-24 17:00:46 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2012-06-24 17:00:46 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2012-06-24 17:00:46 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2012-06-24 17:00:46 575488 ------w- c:\windows\system32\xpsshhdr.dll 2012-06-24 17:00:46 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2012-06-24 17:00:46 1676288 ------w- c:\windows\system32\xpssvcs.dll 2012-06-24 17:00:46 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2012-06-24 17:00:46 117760 ------w- c:\windows\system32\prntvpt.dll 2012-06-07 06:18:01 108448 ----a-w- c:\windows\system32\drivers\idmtdi.sys . ==================== Find3M ==================== . 2012-06-26 03:11:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-26 03:11:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-04 15:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-09 13:35:23 3186 ----a-w- c:\windows\system32\presetup.cmd 2012-05-09 13:35:23 28672 ----a-w- c:\windows\system32\setupold.exe 2012-05-09 12:58:15 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2012-05-09 12:47:27 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-09 12:47:27 218624 ----a-w- c:\windows\system32\uxtheme.dll 2012-05-09 12:47:27 140288 ----a-w- c:\windows\system32\sfc_os.dll 2012-05-09 12:47:21 990208 ----a-w- c:\windows\system32\syssetup.dll 2012-05-09 12:47:17 919552 ----a-w- c:\windows\system32\wininet.dll 2012-05-09 12:45:55 339336 ----a-w- c:\windows\system32\msdrm.dll 2012-05-09 12:44:59 206848 ----a-w- c:\windows\system32\unimdm.tsp 2012-05-09 12:43:57 69120 ----a-w- c:\windows\system32\notepad.exe 2012-05-09 12:42:59 81920 ----a-w- c:\windows\system32\isign32.dll 2012-05-09 12:39:39 344064 ----a-w- c:\windows\system32\msvcr71.dll 2012-05-09 12:38:49 26112 ----a-w- c:\windows\system32\idndl.dll 2012-05-09 12:38:49 10240 ----a-w- c:\windows\system32\advpack.dll.mui 2012-05-09 12:38:45 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-05-09 12:38:41 48128 ----a-w- c:\windows\system32\mshtmler.dll 2012-05-09 12:38:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-09 12:38:41 156160 ----a-w- c:\windows\system32\msls31.dll 2012-05-09 12:38:23 45568 ----a-w- c:\windows\system32\mshta.exe 2012-05-09 12:38:16 34816 ----a-w- c:\windows\system32\imgutil.dll 2012-05-09 12:38:14 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-05-09 12:38:07 18944 ----a-w- c:\windows\system32\corpol.dll 2012-05-09 12:38:06 72704 ----a-w- c:\windows\system32\admparse.dll 2012-05-09 12:36:50 286208 ----a-w- c:\windows\system32\wmpdxm.dll . ============= FINISH: 5:02:50.26 =============== attach.rar

i can't download anything all things corrupted why ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:29:11 PM, on 7/6/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\netcut\services\AIPS.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?t=eg&babsrc=HP_ss&mntrId=cc9f4c8e00000000000000192191d2d4 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: حمل بواسطة البرنامج - file://C:\Program Files\MiPony\Browser\IEContext.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341450885359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341450868546 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Arp Intelligent Protection Service (AIPS) - Arcai.com - C:\Program Files\netcut\services\AIPS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 5335 bytes