هل جهازي بأمان و لا ؟ ( مرفق تقرير هايجاك ذيس )

ا

العرافة

زيزوومى مبدع
إنضم
13 مارس 2008
المشاركات
1,198
مستوى التفاعل
52
النقاط
640
الإقامة
ZyZoom Land
غير متصل
:q: السلام عليكم و رحمة الله و بركاته

انا كمبيوتري دووم احافظ عليه

استخدم avg internet secuirity و الحمدلله ما صابتني اي مشاكل معاه:ok:

انا عندي بعض البروسسز ما اعرف هل هي ضارة و لا نافعة

و ارفقت للزيزوميين هالتقرير علشان يبشروني بالخير

هل جهازي مريض و لا صاحي ؟


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:50 AM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\D-Link\D-Link Wireless 108G DWA-120\AirPlusCFG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\XPPRESP3.USER\Desktop\IE7-WindowsXP-x86-enu.exe
c:\dd5468307aee24bd6826ed5a90c8\update\iesetup.exe
C:\WINDOWS\system32\mrt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-120] C:\Program Files\D-Link\D-Link Wireless 108G DWA-120\AirPlusCFG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [Applications Driver] svohost.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\RunServices: [Applications Driver] svohost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Torrent2Exe[bcc07cd629855eebe65e0bec040c3738135de0d8]] C:\Documents and Settings\XPPRESP3.USER\Local Settings\Temporary Internet Files\.IE5\5R8XF51H\opHopSetup[1].exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-21-73586283-861567501-725345543-1001\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-21-73586283-861567501-725345543-1001 Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (User '?')
O4 - S-1-5-21-73586283-861567501-725345543-1001 Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe (User '?')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O17 - HKLM\System\CCS\Services\Tcpip\..\{9A7994DA-459C-433F-9FCE-4128FBC98718}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2D4C3A9-3245-4DF0-9D1B-8CBB5A871B79}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB365368-C52A-4261-85FC-689E6BDF01FF}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9082 bytes


ان شا الله صاحي , و ممكن تعلموني شلون اقدر اقرأ التقرير و افهم المشاكل اللي فيه و جي

و لو في برامج تقراه و تخبرني و لا مواقغ انا جاهزة بس علموني و شكرا :ok:
 

توقيع : العرافة
ترتيب حسب التاريخ ترتيب حسب الأصوات
تفضلي زوري هالقسم

واقري المواضيع اللي فيه

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي





والتقرير يفيدونك فيه الاخوان فيه كم شغله بس ماني متاكد

بالتوفيق
 
توقيع : ف ا ر س
تأييد 0
مشكوور اخوي فارس و بالانتظار
 
توقيع : العرافة
تأييد 0
اشوف التقرير وارجع
 
تأييد 0
بالانتظار
 
توقيع : العرافة
تأييد 0
احذفي هذه القيم

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites

R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O17 - HKLM\System\CCS\Services\Tcpip\..\{9A7994DA-459C-433F-9FCE-4128FBC98718}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2D4C3A9-3245-4DF0-9D1B-8CBB5A871B79}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{EB365368-C52A-4261-85FC-689E6BDF01FF}: NameServer = 192.168.1.1


ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png




بعدها اذهبي الى لوحة التحكم ====> اضافة وازالة

واحذفي كل التوبيرات



ثم حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------

( 2 )

واعمل تقرير للهايجاك جديد

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
توقيع : فارس الملاك
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



اسف للتدخل بس مانتبهت حق مشاركتك :b:

تحياتي
 
توقيع : فارس الملاك
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


بس لاتنسى تمر علينا تطل

يمكن نحتاجك ====> مانستغني عنكم

مشكور عزيزي
 
توقيع : فارس الملاك
تأييد 0
التقارير فالصفحة الثانية:ok:
 
توقيع : العرافة
تأييد 0
آسفة عالتأخير و هذول التقريرين

1()

ComboFix 08-06-16.5 - XPPRESP3 2008-06-19 14:54:34.1 - NTFSx86

Running from: C:\Documents and Settings\XPPRESP3.USER\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\XPPRESP3.USER\ravmonlog
C:\Program Files\Common Files\{34B22~1
C:\Program Files\Common Files\{E4B22~1
C:\WINDOWS\system32\bIQAaJjl.ini
C:\WINDOWS\system32\bIQAaJjl.ini2
C:\WINDOWS\system32\BKUuCcfe.ini
C:\WINDOWS\system32\BKUuCcfe.ini2
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\nVwacMoq.ini
C:\WINDOWS\system32\nVwacMoq.ini2
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\SrXGNqss.ini
C:\WINDOWS\system32\SrXGNqss.ini2
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

----- BITS: Possible infected sites -----

hxxp://download.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-19 14:46 . 2008-06-19 14:46 <DIR> d-------- C:\Documents and Settings\XPPRESP3.USER\Application Data\CyberScrub
2008-06-19 14:45 . 2008-06-19 14:45 <DIR> d-------- C:\Documents and Settings\XPPRESP3.USER\Application Data\cleaner
2008-06-18 07:05 . 2008-06-18 07:05 <DIR> d-------- C:\WINDOWS\Logs
2008-06-18 05:13 . 2008-06-18 05:13 <DIR> d-------- C:\Documents and Settings\XPPRESP3.USER\Application Data\Styler
2008-06-18 05:10 . 2008-06-18 05:49 <DIR> d-------- C:\Program Files\Styler
2008-06-18 02:56 . 2008-06-18 02:56 <DIR> d-------- C:\Zyzoom_flash_boot
2008-06-18 01:23 . 2006-03-11 16:12 3,956,547 --------- C:\WINDOWS\YMP.CAB
2008-06-18 01:23 . 2008-06-18 01:23 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-06-18 00:39 . 2008-06-18 00:55 <DIR> d-------- C:\Program Files\Yahoo Pal
2008-06-17 23:01 . 2008-06-17 23:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogMeIn
2008-06-17 07:22 . 2008-06-17 07:22 543 --a------ C:\Documents and Settings\ashouq20021561411080.xml
2008-06-17 06:54 . 2008-06-17 06:54 <DIR> dr------- C:\Documents and Settings\Favorites
2008-06-17 01:55 . 2008-06-17 01:55 <DIR> d-------- C:\Program Files\Mikogo
2008-06-15 12:17 . 2008-06-15 12:39 55,497 --a------ C:\Documents and Settings\samar1990738126642.xml
2008-06-14 10:28 . 2008-06-14 11:10 181,958 --a------ C:\Documents and Settings\amekumo_haseo2659504689.xml
2008-06-14 10:28 . 2008-06-14 10:28 12,164 --a------ C:\Documents and Settings\MessageLog.xsl
2008-06-14 09:35 . 2008-06-15 12:34 <DIR> d-------- C:\Documents and Settings\June 2008\Images
2008-06-14 09:35 . 2008-06-17 07:20 <DIR> d-------- C:\Documents and Settings\June 2008
2008-06-14 07:17 . 2008-06-14 07:17 <DIR> d-------- C:\Documents and Settings\My Chat Logs\June 2008
2008-06-14 07:17 . 2008-06-14 07:17 <DIR> d-------- C:\Documents and Settings\My Chat Logs
2008-06-13 20:17 . 2008-06-13 20:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2008-06-12 00:20 . 2008-06-12 00:20 <DIR> d-------- C:\WINDOWS\Dress Shop Hop
2008-06-10 21:42 . 2008-06-10 21:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Torrent2Exe
2008-06-09 07:02 . 2008-06-09 07:02 30,793 --a------ C:\Documents and Settings\reem 8-6-2008.2rtf.rtf
2008-06-09 03:27 . 2008-06-09 03:27 41,674 --a------ C:\Documents and Settings\reem 8-6-2008.rtf
2008-06-07 23:34 . 2008-06-07 23:34 <DIR> d-------- C:\Program Files\thriXXX
2008-06-07 16:08 . 2008-06-07 16:08 <DIR> d-------- C:\WINDOWS\Virtual Villagers 3 - The Secret City Fixed
2008-06-07 15:29 . 2008-06-07 15:44 110,592 --a------ C:\WINDOWS\system32\msupdte.exe
2008-06-07 01:25 . 2008-06-07 01:25 <DIR> d-------- C:\Program Files\Mojicon
2008-06-07 01:21 . 2008-06-07 01:21 <DIR> d-------- C:\Program Files\Mojicon Installer
2008-06-06 19:10 . 2008-06-17 07:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-06 19:09 . 2008-06-06 19:09 <DIR> d-------- C:\WINDOWS\system32\ar-SA
2008-06-06 18:54 . 2008-06-06 18:54 <DIR> d-------- C:\Program Files\MSBuild
2008-06-06 18:49 . 2008-06-06 19:09 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-06 18:47 . 2008-06-06 18:47 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-06 18:45 . 2008-06-06 18:45 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-06 18:45 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-06 04:15 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-03 22:16 . 2008-06-19 15:03 9 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{EB365368-C52A-4261-85FC-689E6BDF01FF}
2008-06-03 14:03 . 2008-06-03 14:03 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-06-03 14:03 . 2008-06-03 14:03 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-06-02 00:50 . 2008-06-02 00:50 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-06-02 00:50 . 2008-06-02 00:50 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-06-01 23:04 . 2008-06-01 23:04 <DIR> d-------- C:\Documents and Settings\XPPRESP3.USER\Application Data\Ludia
2008-06-01 23:04 . 2008-06-01 23:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ludia
2008-06-01 23:03 . 2008-06-01 23:03 <DIR> d-------- C:\WINDOWS\Hell's Kitchen
2008-05-31 18:13 . 2008-05-31 18:18 <DIR> d-------- C:\Documents and Settings\XPPRESP3.USER\Application Data\ALLCapture
2008-05-31 18:04 . 2008-05-31 19:04 <DIR> d-------- C:\Program Files\ALLCapture 3.0 Trial
2008-05-31 03:44 . 2001-05-22 21:13 68,578 --a------ C:\tarawin.bmp
2008-05-28 23:34 . 2008-05-29 05:43 0 --a------ C:\WINDOWS\system32\fscflist.ini.tmp
2008-05-28 23:33 . 2008-05-28 23:33 77,824 --a------ C:\WINDOWS\system32\nod.dll
2008-05-28 23:33 . 2008-05-30 10:18 0 --a------ C:\WINDOWS\system32\PDBOXGame.html
2008-05-28 23:32 . 2008-05-29 05:43 92 --a------ C:\WINDOWS\system32\fscflist.ini
2008-05-28 23:32 . 2008-05-29 05:43 78 --a------ C:\WINDOWS\system32\fscagent.ini.tmp
2008-05-28 23:32 . 2008-05-29 05:43 73 --a------ C:\WINDOWS\system32\fscagent.ini
2008-05-28 07:38 . 2008-05-28 07:38 <DIR> d-------- C:\Program Files\PandoBar
2008-05-28 04:08 . 2008-05-28 04:23 <DIR> d-------- C:\Program Files\DC++
2008-05-27 13:14 . 2002-09-20 11:53 235,100 --a------ C:\WINDOWS\system32\drivers\MidiSyn.sys
2008-05-27 12:50 . 2007-07-26 16:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-05-27 12:48 . 2002-10-15 00:00 101,431 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys
2008-05-27 12:48 . 2002-10-15 00:00 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll
2008-05-27 12:48 . 2002-10-15 00:00 13,891 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys
2008-05-27 12:41 . 2008-05-27 12:42 <DIR> d-------- C:\WINDOWS\USB-IrDA
2008-05-27 12:41 . 2001-08-17 13:49 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys
2008-05-27 12:27 . 2008-05-27 12:27 <DIR> d-------- C:\WINDOWS\SiS
2008-05-27 12:27 . 2004-02-19 02:46 352,256 --a------ C:\WINDOWS\system32\sistray.exe
2008-05-27 12:27 . 2004-02-19 02:43 176,128 --------- C:\WINDOWS\system32\SiSApCom.dll
2008-05-27 12:27 . 2003-06-13 05:09 118,784 --------- C:\WINDOWS\system32\SiSlib.dll
2008-05-27 12:27 . 2004-02-19 02:47 106,496 --------- C:\WINDOWS\system32\TVModeLib.dll
2008-05-27 12:27 . 2002-12-12 11:43 1,663 --------- C:\WINDOWS\system32\SiSlib.ini
2008-05-27 12:26 . 2004-03-08 16:41 121,181 --a------ C:\WINDOWS\VGAsetup.ini
2008-05-27 12:23 . 2004-02-19 03:34 1,862,329 --a------ C:\WINDOWS\system32\sisgl.dll
2008-05-27 12:23 . 2004-02-19 02:43 258,048 --a------ C:\WINDOWS\system32\SiSParse.dll
2008-05-27 12:23 . 2004-02-19 02:44 176,128 --a------ C:\WINDOWS\system32\SiSInst.dll
2008-05-27 12:23 . 2004-02-19 02:43 49,152 --a------ C:\WINDOWS\system32\SiSBase.dll
2008-05-27 12:23 . 2004-02-19 02:54 49,152 --a------ C:\WINDOWS\system32\sis740.bin
2008-05-27 12:23 . 2004-02-19 02:54 49,152 --a------ C:\WINDOWS\system32\sis650.bin
2008-05-27 12:23 . 2004-02-19 02:44 5,632 --a------ C:\WINDOWS\system32\instFunc.dll
2008-05-27 12:19 . 2008-05-27 12:28 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.57.53
2008-05-27 12:19 . 2002-07-29 14:20 65,536 --a------ C:\WINDOWS\system32\sis315.bin
2008-05-27 12:18 . 2008-05-27 12:27 <DIR> d-------- C:\WINDOWS\system32\trayres
2008-05-27 12:18 . 2008-05-27 12:28 105,109 --a------ C:\WINDOWS\system32\VGAunistlog.ini
2008-05-27 08:57 . 2008-06-12 00:21 <DIR> d-------- C:\Documents and Settings\XPPRESP3.USER\Application Data\PlayFirst
2008-05-27 08:57 . 2008-06-12 00:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
2008-05-27 08:55 . 2008-06-01 23:04 <DIR> d-------- C:\Program Files\Hometown Hero
2008-05-26 23:47 . 2008-05-26 23:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fugazo
2008-05-26 23:45 . 2008-05-27 04:27 <DIR> d-------- C:\Program Files\Cooking Academy
2008-05-26 23:21 . 2008-05-26 23:21 <DIR> d-------- C:\WINDOWS\Supermarket Mania
2008-05-25 22:48 . 2008-06-12 20:28 <DIR> d-------- C:\sysresete
2008-05-25 16:05 . 2008-05-25 16:05 <DIR> d-------- C:\Program Files\ImageShackToolbar
2008-05-23 15:50 . 2008-05-23 15:50 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 15:50 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-23 15:49 . 2008-05-23 15:49 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-21 00:52 . 2008-05-21 00:55 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{73C8DCB7-F280-4534-937E-592778746E5F}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 03:45 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\uTorrent
2008-06-19 03:32 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\Babylon
2008-06-18 22:13 --------- d-----w C:\Program Files\Trend Micro
2008-06-18 20:16 --------- d-----w C:\Program Files\LogMeIn
2008-06-18 15:07 --------- d-----w C:\Program Files\Opera
2008-06-18 01:47 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-18 00:05 --------- d-----w C:\Program Files\MSECACHE
2008-06-18 00:01 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-06-17 21:30 --------- d-----w C:\Program Files\Yahoo!
2008-06-16 07:56 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\tor
2008-06-16 04:37 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\TeamViewer
2008-06-16 00:00 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\Vidalia
2008-06-13 16:17 --------- d-----w C:\Program Files\TechSmith
2008-06-13 15:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 11:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 14:46 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-06-06 05:21 --------- d-----w C:\Program Files\Registry Fast
2008-06-06 00:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\eboostr
2008-06-03 10:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-27 09:12 --------- d-----w C:\Program Files\Intel Desktop Board Audio Driver
2008-05-27 09:06 --------- d-----w C:\Program Files\Driver Magician
2008-05-27 08:48 --------- d-----w C:\Program Files\Intel
2008-05-24 10:12 --------- d--h--w C:\Program Files\mIRC
2008-05-24 09:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-20 20:55 --------- d-----w C:\Program Files\uTorrent
2008-05-18 18:39 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-05-18 17:56 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\Moyea
2008-05-18 16:24 8,960 ----a-w C:\WINDOWS\system32\drivers\uphcleanhlp.sys
2008-05-16 09:09 --------- d-----w C:\Program Files\HideWindowPlus
2008-05-15 10:14 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\AVGTOOLBAR
2008-05-14 09:47 --------- d-----w C:\Program Files\HydraIRC
2008-05-14 09:13 --------- d-----w C:\Program Files\Quicksys
2008-05-14 08:28 --------- d-----w C:\Program Files\TeamViewer3
2008-05-13 01:29 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-13 00:17 12,424 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-13 00:15 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-12 23:20 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\Comodo
2008-05-12 22:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\comodo
2008-05-12 15:27 --------- d-----w C:\Program Files\D-Link
2008-05-12 05:34 --------- d-----w C:\Program Files\Registry Shower 2007
2008-05-11 12:55 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\GPass-3
2008-05-11 11:24 --------- d-----w C:\Program Files\zillasoft.ws
2008-05-11 09:59 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\Hide IP NG
2008-05-10 17:02 161 ----a-w C:\Delme.bat
2008-05-09 14:27 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\SUPERAntiSpyware.com
2008-05-09 12:22 --------- d-----w C:\Program Files\AVG
2008-05-09 11:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-05-06 16:25 --------- d-----w C:\Program Files\Alien Skin
2008-05-05 19:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-05 07:03 --------- d-----w C:\Program Files\DAP Premium
2008-05-05 06:14 --------- d-----w C:\Program Files\FlashGet
2008-05-05 04:56 --------- d-----w C:\Program Files\Orbitdownloader
2008-05-05 04:56 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\Orbit
2008-05-05 04:50 --------- d-----w C:\Program Files\Hand-Crafted Software
2008-05-05 04:43 --------- d-----w C:\Program Files\Free Download Manager
2008-05-05 04:42 --------- d-----w C:\Program Files\Asprate
2008-05-04 15:11 1,676 ----a-w C:\odvxt.exe
2008-05-04 15:11 1,676 ----a-w C:\ccccpqw.exe
2008-05-04 15:11 1,676 ----a-w C:\ahorto.exe
2008-05-04 15:11 1,674 ----a-w C:\pvgsntt.exe
2008-05-04 15:11 1,674 ----a-w C:\hifwtwp.exe
2008-05-04 15:11 1,670 ----a-w C:\xghli.exe
2008-04-30 20:54 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\GTunnel
2008-04-28 11:15 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\Thinstall
2008-04-26 19:38 --------- d-----w C:\Program Files\Foxit Software
2008-04-26 18:34 2,014 ---h--r C:\WINDOWS\system32\drivers\hosts
2008-04-26 18:31 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-26 15:09 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\Malwarebytes
2008-04-26 15:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-24 22:22 --------- d-----w C:\Program Files\Bersirc 2.2
2008-04-24 03:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-24 01:47 --------- d-----w C:\Program Files\Total Video Converter
2008-04-23 19:34 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\Media Player Classic
2008-04-22 16:38 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-21 01:34 --------- d-----w C:\Documents and Settings\XPPRESP3.USER\Application Data\GeoVid
2008-04-20 22:59 --------- d-----w C:\Program Files\Video-AVI to Flash-SWF Converter
2008-04-20 16:13 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 15:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-01-31 17:52 38,232 ----a-w C:\Documents and Settings\XPPRESP3.USER\Application Data\GDIPFONTCACHEV1.DAT
2007-12-12 08:20 1,024 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\imgpdf2.dll
2007-11-29 03:53 64,512 ---ha-w C:\Documents and Settings\XPPRESP3.USER\Application Data\dach100.dll
2007-11-11 17:21 142,976,320 ----a-w C:\Documents and Settings\Keira\MADLAX OST 1.zip
2007-10-23 12:26 1,024 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\imgdoc2.dll
2007-08-28 16:16 1,445,888 ----a-w C:\Documents and Settings\XPPRESP3.USER\WinsockxpFix.exe
2007-07-19 21:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab
2007-07-19 21:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab
2007-07-19 21:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab
2007-07-19 21:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-07-19 21:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab
2007-07-19 21:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab
2007-07-19 21:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab
2007-06-06 20:41 1,445,888 -c--a-w C:\Documents and Settings\XPPRESP3.USER\wisock.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"Torrent2Exe[bcc07cd629855eebe65e0bec040c3738135de0d8]"="C:\Documents and Settings\XPPRESP3.USER\Local Settings\Temporary Internet Files\.IE5\5R8XF51H\opHopSetup[1].exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link Wireless 108G DWA-120"="C:\Program Files\D-Link\D-Link Wireless 108G DWA-120\AirPlusCFG.exe" [2007-05-10 16:24 1662976]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-19 04:28 1177368]
"Microsoft WinUpdate"="C:\WINDOWS\system32\msupdte.exe" [2008-06-07 15:44 110592]
"Applications Driver"="svohost.exe" []
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Applications Driver"="svohost.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]

C:\Documents and Settings\XPPRESP3.USER\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 16:31:46 118784]
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe [2006-01-21 15:41:56 118784]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe [2008-05-15 16:49:44 6822728]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-05-27 12:27:04 352256]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoSearch"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"MSVideo"= CSvidcap.dll
"wave"= DrvTrNTm.dll
"mixer"= DrvTrNTm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^eBoostr Control Panel.lnk]
backup=C:\WINDOWS\pss\eBoostr Control Panel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^GhostSurf proxy.lnk]
backup=C:\WINDOWS\pss\GhostSurf proxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^SnagIt 9.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SnagIt 9.lnk
backup=C:\WINDOWS\pss\SnagIt 9.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
backup=C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^XPPRESP3.USER^Start Menu^Programs^Startup^Scheduler.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckRegDefragService]
--a------ 2004-09-22 23:18 299520 C:\PROGRA~1\RECD81~1\rbcs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClubBox]
-ra------ 2008-04-01 18:07 1531904 C:\WINDOWS\system32\clubbox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostSurf Reminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mikogo]
--a------ 2008-06-17 01:55 2285568 C:\Program Files\Mikogo\Mikogo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-07-27 13:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2008-03-25 07:04 3878980 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MSConfig"=C:\WINDOWS\system32\msconfig.exe /auto
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"F:\\Documents and Settings\\Admin\\Desktop\\123\\uTorrentPortable\\App\\utorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57287:TCP"= 57287:TCP:Pando P2P TCP Listening Port
"57287:UDP"= 57287:UDP:Pando P2P UDP Listening Port
"58932:TCP"= 58932:TCP:Pando P2P TCP Listening Port
"58932:UDP"= 58932:UDP:Pando P2P UDP Listening Port


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{109dd30d-d944-11db-935a-00e020131730}]
\Shell\AutoRun\command - wscript.exe VirusRemoval.vbs
\Shell\open\Command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{803cf6de-dd3f-11db-936d-00e020131730}]
\Shell\AutoRun\command - G:\Programs\nu2menu\nu2menu.exe

.
s of the 'Scheduled Tasks' folder
"2008-06-19 11:02:15 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2008-06-19 15:03:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\TechSmith\SnagIt 9\TscHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\SnagItEditor.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-19 15:13:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 11:13:06

Pre-Run: 10,169,286,656 bytes free
Post-Run: 10,288,164,864 bytes free

412







======
)2(



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:26 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless 108G DWA-120\AirPlusCFG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-120] C:\Program Files\D-Link\D-Link Wireless 108G DWA-120\AirPlusCFG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [Applications Driver] svohost.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunServices: [Applications Driver] svohost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Torrent2Exe[bcc07cd629855eebe65e0bec040c3738135de0d8]] C:\Documents and Settings\XPPRESP3.USER\Local Settings\Temporary Internet Files\.IE5\5R8XF51H\opHopSetup[1].exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-21-73586283-861567501-725345543-1001\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-21-73586283-861567501-725345543-1001 Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (User '?')
O4 - S-1-5-21-73586283-861567501-725345543-1001 Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe (User '?')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8439 bytes​




و عندي سؤال : ما هي البروسس : svohost.exe و هل هي ضارة؟​
 
توقيع : العرافة
تأييد 0

اعتذر اختي عن التاخيير بسبب الاختبارات

احذفي هذه القيم

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites

R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O4 - HKCU\..\Run: [Torrent2Exe[bcc07cd629855eebe65e0bec040c3738135de0d8]] C:\Documents and Settings\XPPRESP3.USER\Local Settings\Temporary Internet Files\.IE5\5R8XF51H\opHopSetup[1].exe

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')


طريقة الحذف


mg%20(3).png



mg%20(4).png


نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



wh_15149054.png




ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png



واختي ترى اشفتك حذفي التولبيرات

ياليت تحذفيها

بعدها اذهبي الى لوحة التحكم ====> اضافة وازالة

واحذفي كل التوبيرات


ياليت يتم تطبيق جميع الخطوات بدقه

وبعد ماتنتهي من كل شي سوي لي تقرير جديد

تحياتي
 
توقيع : فارس الملاك
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


هذا تطبيق هام جدا من تطبيقات الجهاز

ولكن في بعض الفيروسات لها نفس الاسم svohost.exe لكن توجد في مسارات مختلفة

وفي انتظار الاجابة
 
توقيع : فارس الملاك
تأييد 0
اخي تم تطبيق كل شيء بدقة كما طلبت من قبل و لا املك اي تولبار غير تولبار ميغا ابلود لاستطيع التحميل من موقعهم و يمكنني تصوير صورة متحركة لقسم البرامج الخاص بي و ارسالها لك لتتأكد

وواجهتني مشكلة في تنظيف الملقات

upload2world_43e29.gif



و هذي صور للهايجاك


f_yum_40a70ec.png


f_zyum_444b775.png


للقيم المحذوفة


و هذا التقرير الجديد



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:31 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\D-Link\D-Link Wireless 108G DWA-120\AirPlusCFG.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-120] C:\Program Files\D-Link\D-Link Wireless 108G DWA-120\AirPlusCFG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [Applications Driver] svohost.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunServices: [Applications Driver] svohost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-21-73586283-861567501-725345543-1001\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-21-73586283-861567501-725345543-1001 Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (User '?')
O4 - S-1-5-21-73586283-861567501-725345543-1001 Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe (User '?')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7690 bytes
 
توقيع : العرافة
تأييد 0

طيب اختي الحين كل شي تمام

اذا تواجهين مشكله اطرحيها واحنا في الخدمة

سلاااااااام
 
توقيع : فارس الملاك
تأييد 0
شكرا اخي الكريم....تعبتك وياي
 
توقيع : العرافة
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى