[ تم حل المشكله ]جهازي مصاب بفايروس غريب مرفق بالتقرير

[ALA39000]

هل الجهاز مصاب

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:22, on 09-04-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\S.ALA\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - J:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Magic BHO - {D525F71D-88D6-4D35-A84F-9E4B9DBE5F1B} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O3 - Toolbar: Password Magic - {0737414E-52F0-4E56-9205-E3A83C749107} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - J:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - J:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - J:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {7B6826A5-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra 'Tools' menuitem: Secure Notes... - {7B6826A5-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra button: (no name) - {7B6826AA-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra 'Tools' menuitem: Web Logins... - {7B6826AA-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra button: (no name) - {7B6826B4-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra 'Tools' menuitem: Options... - {7B6826B4-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra button: (no name) - {7B6826B7-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra 'Tools' menuitem: Generate Password... - {7B6826B7-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra button: Save Form... - {7B6826B9-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra 'Tools' menuitem: Save Form... - {7B6826B9-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra button: Fill Form... - {7B6826BE-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra 'Tools' menuitem: Fill Form... - {7B6826BE-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra button: (no name) - {7B6826C1-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra 'Tools' menuitem: Logoff - {7B6826C1-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PasswordShield - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PasswordShield - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 9940 bytes

 

[ابـــو عــبــد الــلــه]

اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 

[ALA39000]

و هذا التقرير و مشكورين سلفا اخواني


ComboFix 09-04-04.01 - S.ALA 04/09/2009 19:26:07.2 - NTFSx86
Running from: c:\documents and settings\S.ALA\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090405-0] *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\gbrfk.nia
.
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 17:29 --------- d-----w c:\program files\cFosSpeed
2009-04-09 17:29 --------- d-----w c:\documents and settings\S.ALA\Application Data\Orbit
2009-04-09 17:29 --------- d-----w c:\documents and settings\S.ALA\Application Data\nView_Wallpaper
2009-04-09 16:35 --------- d-----w c:\documents and settings\S.ALA\Application Data\Skype
2009-04-09 16:18 --------- d-----w c:\documents and settings\S.ALA\Application Data\skypePM
2009-04-09 13:58 --------- d-----w c:\documents and settings\S.ALA\Application Data\cleaner
2009-04-07 02:00 --------- d-----w c:\documents and settings\S.ALA\Application Data\uTorrent
2009-04-06 01:00 --------- d-----w c:\program files\Java
2009-04-05 22:00 --------- d-----w c:\program files\RealArcade
2009-04-05 12:40 --------- d-----w c:\program files\Dream Aquarium
2009-04-05 00:24 --------- d-----w c:\program files\Yahoo!
2009-04-05 00:24 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-31 12:07 --------- d-----w c:\program files\Canon
2009-03-31 10:40 --------- d-----w c:\program files\Google
2009-03-30 10:40 --------- d-----w c:\documents and settings\S.ALA\Application Data\Wyzo
2009-03-30 09:34 --------- d-----w c:\documents and settings\S.ALA\Application Data\.wyzo
2009-03-29 22:25 737,280 ----a-w c:\windows\iun6002.exe
2009-03-29 21:22 --------- d-----w c:\documents and settings\S.ALA\Application Data\Thinstall
2009-03-28 15:21 --------- d-----w c:\program files\DVBViewerTE
2009-03-28 12:09 --------- d-----w c:\program files\TechniSat DVB
2009-03-28 12:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 17:04 --------- d-----w c:\program files\Skype
2009-03-24 16:52 --------- d-----w c:\documents and settings\S.ALA\Application Data\ArcSoft
2009-03-23 00:20 --------- d-----w c:\program files\Common Files\ArcSoft
2009-03-23 00:19 --------- d-----w c:\program files\ArcSoft
2009-03-23 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2009-03-18 12:13 --------- d-----w c:\program files\3DWebButton
2009-03-18 11:14 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-17 19:21 --------- d-----w c:\documents and settings\S.ALA\Application Data\DMCache
2009-03-17 13:39 --------- d-----w c:\documents and settings\S.ALA\Application Data\IDM
2009-03-16 12:27 --------- d-----w c:\documents and settings\All Users\Application Data\Technisat
2009-03-16 12:27 --------- d-----w c:\documents and settings\All Users\Application Data\CMUV
2009-03-16 12:26 --------- d-----w c:\program files\MainConcept
2009-03-16 11:04 2,855 ----a-w c:\windows\magnify.PIF
2009-03-16 03:12 --------- d-----w c:\documents and settings\S.ALA\Application Data\Apple Computer
2009-03-15 22:24 --------- d-----w c:\documents and settings\S.ALA\Application Data\Media Player Classic
2009-03-15 22:04 --------- d-----w c:\documents and settings\S.ALA\Application Data\Avant Profiles
2009-03-12 15:04 --------- d-----w c:\program files\Circle Developement
2009-03-12 14:55 --------- d-----w c:\program files\Microsoft
2009-03-12 14:54 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-12 14:54 --------- d-----w c:\program files\Windows Live
2009-03-12 13:49 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-12 03:28 15,781 ----a-w c:\windows\system32\drivers\mdc8021x.sys
2009-03-12 03:13 --------- d-----w c:\program files\zyzoom
2009-02-20 10:47 965,336 ----a-w c:\windows\system32\drivers\cfosspeed.sys
2008-08-24 17:12 13,622 ----a-w c:\documents and settings\S.ALA\STARTUP.reg
2008-09-30 12:31 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-30 12:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-09-30 12:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008093020081001\index.dat
2008-09-30 12:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
03/20/2008 08:36 PM 578560 f92d8964b5286de225bd2b6bf89764be c:\windows\system32\user32.dll
04/28/2008 11:24 AM 547328 a55b8899d2ea2e800061bcfd456e34dc c:\windows\system32\winlogon.exe
08/18/2008 08:17 PM 1616384 4a90f51b778fa0157f60d206e8b37d2a c:\windows\explorer.exe
04/28/2008 11:22 AM 25088 b5e8782d4af1b3756f38e11e7c157bbe c:\windows\system32\ctfmon.exe
03/20/2008 08:36 PM 989696 9a8d604748d9fe73b66021e5782a4a3c c:\windows\system32\kernel32.dll
.
((((((((((((((((((((((((((((( snapshot@2009-03-24_15.35.40.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-09 06:34:32 94,208 ----a-w c:\windows\Dream Aquarium.scr
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2009-03-27 11:06:46 12,288 ----a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-27 11:06:46 282,624 ----a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2009-03-27 11:06:46 135,168 ----a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-27 11:06:46 27,136 ----a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-27 11:06:46 4,096 ----a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\Nircmd.exe
+ 2009-04-03 11:01:38 171,308 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2009-04-03 11:01:38 171,308 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat.bak
- 2009-01-13 03:00:28 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-04-07 18:44:19 166,455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2009-01-13 03:00:28 2,850 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-04-07 18:44:21 5,322 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2005-03-22 15:00:00 135,168 ----a-w c:\windows\system32\CNAB4EMU.DLL
+ 2005-03-22 15:00:00 28,672 ----a-w c:\windows\system32\CNAB4LMK.DLL
+ 2005-03-22 15:00:00 28,672 ----a-w c:\windows\system32\CNAB4PTU.DLL
+ 2005-03-22 15:00:00 57,344 ----a-w c:\windows\system32\CNAB4RPK.EXE
+ 2005-03-22 15:00:00 65,536 ----a-w c:\windows\system32\CNAB4SMK.DLL
+ 2009-04-07 12:35:02 344,064 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-04-06 01:01:06 410,984 ----a-w c:\windows\system32\deploytk.dll
+ 2008-04-13 15:17:38 25,856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
+ 2008-11-20 19:19:06 9,072 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2008-11-20 19:19:06 9,200 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2008-11-20 19:19:06 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2008-04-13 15:17:38 25,856 ----a-w c:\windows\system32\drivers\usbprint.sys
+ 2009-03-20 18:50:06 3,358,720 ----a-w c:\windows\system32\GPhotos.scr
+ 2009-04-06 01:01:08 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-04-06 01:01:08 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-04-06 01:01:09 148,888 ----a-w c:\windows\system32\javaws.exe
- 2009-03-16 03:15:00 40,436 ---ha-w c:\windows\system32\mlfcache.dat
+ 2009-03-31 18:23:43 78,676 ---ha-w c:\windows\system32\mlfcache.dat
- 2009-03-24 13:43:00 40,128 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-30 01:26:25 40,128 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-24 13:43:00 311,740 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-30 01:26:25 311,740 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-20 19:19:06 588,272 ------w c:\windows\system32\px.dll
+ 2008-11-20 19:19:06 543,216 ------w c:\windows\system32\pxdrv.dll
+ 2008-11-20 19:19:06 72,176 ------w c:\windows\system32\pxhpinst.exe
+ 2008-11-20 19:19:06 186,864 ------w c:\windows\system32\pxmas.dll
+ 2008-11-20 19:19:06 379,376 ------w c:\windows\system32\pxwave.dll
+ 2009-04-09 11:38:38 931,944 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2005-03-22 15:00:00 1,135,616 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4809.DLL
+ 2005-03-22 15:00:00 135,168 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4EMU.DLL
+ 2005-03-22 15:00:00 45,056 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4LAK.EXE
+ 2005-03-22 15:00:00 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4LMK.DLL
+ 2005-03-22 15:00:00 534,016 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4M.DLL
+ 2005-03-22 15:00:00 1,006,080 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4MUI.DLL
+ 2005-03-22 15:00:00 225,280 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4PMU.DLL
+ 2005-03-22 15:00:00 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4PTU.DLL
+ 2005-03-22 15:00:00 57,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4RPK.EXE
+ 2005-03-22 15:00:00 65,536 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4SMK.DLL
+ 2005-03-22 15:00:00 98,304 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4STU.DLL
+ 2005-03-22 15:00:00 409,600 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4SWK.EXE
+ 2005-03-22 15:00:00 372,736 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNAB4UN.EXE
+ 2004-09-22 08:39:00 106,496 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNACCM32.DLL
+ 2004-11-04 00:38:00 996,352 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNXP0RSW.DLL
+ 2004-08-19 05:26:00 243,712 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNXP0RSX.DLL
+ 2004-09-09 01:22:00 221,184 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNXPCP32.DLL
+ 2002-09-11 05:20:00 90,112 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNXPTN32.DLL
+ 2000-10-04 00:36:00 77,824 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CNXPVT32.DLL
+ 2004-11-04 19:07:00 524,288 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CPC10DA4.EXE
+ 2004-11-04 19:07:00 577,536 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CPC10EA4.DLL
+ 2004-11-04 19:07:00 880,640 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CPC10QA4.EXE
+ 2004-11-04 19:07:00 115,712 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CPC10SA4.DLL
+ 2004-11-04 19:07:00 450,560 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CPC10VA4.EXE
+ 2004-11-04 19:07:00 446,464 ----a-w c:\windows\system32\spool\drivers\w32x86\3\CPC1UKA4.DLL
+ 2004-03-14 15:00:00 442,427 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UCS32P.DLL
+ 2005-03-22 15:00:00 1,135,616 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4809.DLL
+ 2005-03-22 15:00:00 135,168 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4EMU.DLL
+ 2005-03-22 15:00:00 45,056 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4LAK.EXE
+ 2005-03-22 15:00:00 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4LMK.DLL
+ 2005-03-22 15:00:00 534,016 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4M.DLL
+ 2005-03-22 15:00:00 1,006,080 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4MUI.DLL
+ 2005-03-22 15:00:00 225,280 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4PMU.DLL
+ 2005-03-22 15:00:00 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4PTU.DLL
+ 2005-03-22 15:00:00 57,344 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4RPK.EXE
+ 2005-03-22 15:00:00 65,536 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4SMK.DLL
+ 2005-03-22 15:00:00 98,304 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4STU.DLL
+ 2005-03-22 15:00:00 409,600 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4SWK.EXE
+ 2005-03-22 15:00:00 372,736 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNAB4UN.EXE
+ 2004-09-22 08:39:00 106,496 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNACCM32.DLL
+ 2004-11-04 00:38:00 996,352 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNXP0RSW.DLL
+ 2004-08-19 05:26:00 243,712 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNXP0RSX.DLL
+ 2004-09-09 01:22:00 221,184 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNXPCP32.DLL
+ 2002-09-11 05:20:00 90,112 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNXPTN32.DLL
+ 2000-10-04 00:36:00 77,824 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CNXPVT32.DLL
+ 2004-11-04 19:07:00 524,288 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CPC10DA4.EXE
+ 2004-11-04 19:07:00 577,536 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CPC10EA4.DLL
+ 2004-11-04 19:07:00 880,640 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CPC10QA4.EXE
+ 2004-11-04 19:07:00 115,712 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CPC10SA4.DLL
+ 2004-11-04 19:07:00 450,560 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CPC10VA4.EXE
+ 2004-11-04 19:07:00 446,464 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\CPC1UKA4.DLL
+ 2004-03-14 15:00:00 442,427 ----a-w c:\windows\system32\spool\drivers\w32x86\canonlbp2900287a\UCS32P.DLL
+ 2008-11-20 19:19:06 88,560 ------w c:\windows\system32\vxblock.dll
+ 2009-04-09 17:28:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_14c.dat
+ 2009-04-09 17:28:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_40c.dat
+ 2009-04-09 17:29:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_ce4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3aaa6ede-0f45-43da-8b81-608a1d8108a2}"= "c:\program files\zyzoom\tbzyz1.dll" [04/02/2009 11:57 AM 1883672]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
04/02/2009 11:57 AM 1883672 --a------ c:\program files\zyzoom\tbzyz1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3aaa6ede-0f45-43da-8b81-608a1d8108a2}"= "c:\program files\zyzoom\tbzyz1.dll" [04/02/2009 11:57 AM 1883672]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3AAA6EDE-0F45-43DA-8B81-608A1D8108A2}"= "c:\program files\zyzoom\tbzyz1.dll" [04/02/2009 11:57 AM 1883672]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/28/2008 11:22 AM 25088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [02/06/2009 07:53 PM 3885408]
"Messenger (Yahoo!)"="d:\program files\Yahoo!\Messenger\YahooMessenger.exe" [03/18/2009 06:50 PM 4363504]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [09/02/2007 08:58 AM 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [11/26/2008 07:18 PM 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [04/19/2007 08:26 AM 7700480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [01/04/2009 03:43 PM 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [04/06/2009 03:01 AM 148888]
"nwiz"="nwiz.exe" [04/19/2007 08:26 AM 1626112 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [12/21/2008 01:15 AM 124928 c:\windows\system32\advpack.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - d:\program files\Orbitdownloader\orbitdm.exe [2008-10-05 1719496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^S.ALA^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk]
path=c:\documents and settings\S.ALA\Start Menu\Programs\Startup\Need for Speed™ Undercover Registration.lnk
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^S.ALA^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\S.ALA\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^S.ALA^Start Menu^Programs^Startup^Vienna Navigator.lnk]
path=c:\documents and settings\S.ALA\Start Menu\Programs\Startup\Vienna Navigator.lnk
backup=c:\windows\pss\Vienna Navigator.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnalogClock]
--a------ 11/05/2005 08:10 AM 480256 c:\program files\Windows7\Analog Clock\AnalogClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
-ra------ 02/20/2009 12:47 PM 876248 c:\program files\cFosSpeed\cfosspeed.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 04/28/2008 11:22 AM 25088 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 08/22/2004 12:05 PM 81920 d:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a--c--- 05/13/2007 04:57 PM 5308416 d:\program files\emule0.49\eMule\emule.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KRun]
--a------ 04/06/2007 04:15 PM 518656 c:\program files\Windows7\RunMe\RunMe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 03/18/2009 06:50 PM 4363504 d:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 02/06/2009 07:53 PM 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 05:50 AM 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 04/19/2007 08:26 AM 7700480 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PasswordShieldAdmin]
--a------ 08/13/2007 10:53 AM 315392 c:\program files\SecureDataSoftware\PasswordShield\adminpp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pie Dock]
--a------ 09/02/2007 08:12 AM 586240 c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 01/04/2009 03:43 PM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
--a------ 06/01/2005 05:41 PM 65536 c:\program files\Windows7\TransBar\TransBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
--a------ 05/21/2006 05:43 AM 180224 c:\program files\Windows7\UberIcon\UberIcon Manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus]
--a------ 09/23/2008 05:21 PM 798720 d:\program files\USB Disk Security\USBGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viena Explorer]
--a------ 11/18/2006 12:31 PM 581632 c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Visual Task Tips]
--a------ 09/05/2007 07:20 PM 36352 c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 05/03/2005 12:43 PM 69632 c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 04/19/2007 08:26 AM 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 04/19/2007 08:26 AM 1626112 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 11/14/2006 11:21 AM 16270848 c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 05/16/2006 12:04 PM 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"= d:\\Program Files\\Orbitdownloader\\orbitnet.exe
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\GRAW\\GRAW.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"h:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"d:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=
"d:\\Program Files\\emule0.49\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-30 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-30 20560]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2009-03-16 510992]
S0 fvdscsi;fvdscsi;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S1 archlp;archlp; [x]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual Camera;c:\windows\system32\drivers\mr97310v.sys [2009-03-18 114105]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - N:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{0398404B-AEDC-4261-8BB4-5136CCFD5A9A}.job
- c:\windows\system32\msfeedssync.exe [04/26/2008 05:44 AM]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-ITBar7Layout - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.dz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
IE: تحميل الكل بـ إنترنت داونلود مانيجر - j:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - j:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - j:\program files\Internet Download Manager\IEGetVL.htm
IE: {{7B6826A5-18C2-11DA-8001-000D88227F64} - {7B6826A5-18C2-11DA-8001-000D88227F64} - c:\program files\SDI\Password Magic\sdipwm.dll
IE: {{7B6826AA-18C2-11DA-8001-000D88227F64} - {7B6826AA-18C2-11DA-8001-000D88227F64} - c:\program files\SDI\Password Magic\sdipwm.dll
IE: {{7B6826B4-18C2-11DA-8001-000D88227F64} - {7B6826B4-18C2-11DA-8001-000D88227F64} - c:\program files\SDI\Password Magic\sdipwm.dll
IE: {{7B6826B7-18C2-11DA-8001-000D88227F64} - {7B6826B7-18C2-11DA-8001-000D88227F64} - c:\program files\SDI\Password Magic\sdipwm.dll
IE: {{7B6826B9-18C2-11DA-8001-000D88227F64} - {7B6826B9-18C2-11DA-8001-000D88227F64} - c:\program files\SDI\Password Magic\sdipwm.dll
IE: {{7B6826BE-18C2-11DA-8001-000D88227F64} - {7B6826BE-18C2-11DA-8001-000D88227F64} - c:\program files\SDI\Password Magic\sdipwm.dll
IE: {{7B6826C1-18C2-11DA-8001-000D88227F64} - {7B6826C1-18C2-11DA-8001-000D88227F64} - c:\program files\SDI\Password Magic\sdipwm.dll
FF - ProfilePath - c:\documents and settings\S.ALA\Application Data\Mozilla\Firefox\Profiles\7bgymmgw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1654009&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1654009&SearchSource=2&q=
FF - component: c:\documents and settings\S.ALA\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\S.ALA\Application Data\Mozilla\Firefox\Profiles\7bgymmgw.default\extensions\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}\components\FFAlert.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-09 19:29:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):76,97,6f,76,1f,f5,1f,e6,aa,7e,de,05,cb,83,9c,a2,5a,1e,9f,cb,fa,
e1,9c,86,12,53,0b,e8,5f,4f,94,24,da,09,c3,63,4c,6a,97,29,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5f1237d9-c0f8-4b84-b65a-ed580d976065}]
@Denied: (Full) (Everyone)
"Model"=dword:00000007
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1684)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1740)
c:\windows\system32\setupapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\program files\cFosSpeed\spd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\CNAB4RPK.EXE
d:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 04/09/2009 19:31:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 17:31:28
Pre-Run: 3,996,495,872 bytes free
Post-Run: 3,965,755,392 bytes free
407 --- E O F --- 2009-03-16 19:41:20
​

 

[ابـــو عــبــد الــلــه]

طبق مثل الموجود في الشرح ...:d:​

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 

[ALA39000]

كلش تمام بس وش كانت المشكلة - للعلم بالشيء لا اكتر -

 

[ALA39000]

وليش قمت بإيقاف استعادة النضام

 

[ابـــو عــبــد الــلــه]

جهازك كان مصاب ... وانا طلبت منك ايقاف نقطة استعادة النظام لكي يتم تنظيف جهازك بالكامل ومسح آثاره ... وعمل تشيك على جهازك ايضا باستخدام اداة المكافي ... بعد عمل الفحص المطلوب تقدر تعمل نقطة استعادة جديدة ..

ربي يوفقك​

 

[ALA39000]

شكرا اخي

 

[techno]

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

k:
[ تم حل المشكله ]
​