فايروس SvcHost انتقلت العدوى الى جهازي هل من حل؟؟

بحرجدة · 18 أبريل 2009

السلام عليكم ورحمة الله وبركاته

تحية طيبة

:er::er::er:

جاني احد الاصدقاء ومعه لابتوب به مشكلة Svchost.exe :no: دون ان اعلم

حيث وصف لي المشكلة بانها رسائل تظهر عند تشغيل النت على الجهاز في اي متصفح او ماسنجر

وهي انه حدث مشكلة في البرنامج ويجب اغلاقه :er::er:

وشبكت الجهاز على الشبكة واثناء البحث عن حلول اكتشفت ان Tsk Manager وجود عناصر كثيرة تحمل اسم Svhost

دورت له على حلول ولم اجد :f:

تركته يذهب ووالان رجعت على جهازي ووجدت المصيبة انه انتقل الي :y:

هذه صورة لادارة المهام في جهازي ولا زال صاحبي يعاني منها

مالحل مع هذا الفايرس الخطير :er::er:

مع التحية
:u:

بحرجدة · 18 أبريل 2009

للرفع

مع التحية

Corporation · 18 أبريل 2009

ليست بالضرورة انها فيروسات ,,
هذه ملفات نظآم ولكن قد تكون فيروسات في بعض الاحيان ,,

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

بحرجدة · 18 أبريل 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:36 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PixArt\i-Look110\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Majed\Local Settings\Temporary Internet Files\Content.IE5\K6VMCDC9\Zyzoom_HijackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-602162358-1078081533-1644491937-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Family')
O4 - HKUS\S-1-5-21-602162358-1078081533-1644491937-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ayman')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: EI??? ??C ?? C??I??E - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &EI??? ??C ?? Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 9779 bytes

بحرجدة · 18 أبريل 2009

المعروف ان ملف SVchost ملف واحد يشتغل تحت منصة ويندوز

اما الان 8 ملفات

مع التحية

Corporation · 18 أبريل 2009

عطل برنامج الحمماية لديك ,,

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة

بحرجدة · 18 أبريل 2009

جاتني رسالة وحده وضغط Yes

الجهاز ماعاد تشغيله

جاتني رسالة تقول اانه ال درايف F غير موجود

ضغطت continue

وها التقرير

كود:

ComboFix 09-04-18.05 - Majed 04/18/2009 13:17.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1256.966.1033.18.2039.1405 [GMT 3:00]
Running from: c:\documents and settings\Majed\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090417-0] *On-access scanning disabled* (Updated)
 * Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\test.txt
.
(((((((((((((((((((((((((   Files Created from 2009-03-18 to 2009-04-18  )))))))))))))))))))))))))))))))
.
2009-04-18 01:48 . 2009-04-18 01:48 -------- d-----w c:\documents and settings\Majed\Local Settings\Application Data\RcIncidents
2009-04-16 18:06 . 2009-04-17 06:46 -------- d-----w c:\documents and settings\Family\Local Settings\Application Data\Adobe
2009-04-16 04:47 . 2009-04-16 06:35 -------- d-----w c:\program files\The KMPlayer
2009-04-16 03:39 . 2009-04-16 03:39 -------- d-----w c:\program files\SkinCrafter3
2009-04-16 03:03 . 2009-04-03 18:18 33256 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-04-16 02:52 . 2009-04-16 03:04 -------- d-----w c:\windows\LastGood
2009-04-16 02:52 . 2009-04-16 03:04 -------- d-----w c:\program files\Hotspot Shield
2009-04-16 01:28 . 2009-04-16 01:28 -------- d-----w c:\windows\system32\LogFiles
2009-04-15 09:25 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 06:46 . 2009-04-15 06:49 -------- d-----w c:\program files\abgx360
2009-04-15 06:33 . 2009-04-16 00:38 -------- d-----w c:\program files\lg_fwupdate
2009-04-15 06:33 . 2006-02-17 11:19 16384 ----a-w c:\windows\system32\lgfwunis.exe
2009-04-14 14:03 . 2003-11-04 12:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-04-14 14:03 . 2004-05-14 13:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-04-14 14:03 . 2004-05-14 13:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-04-14 14:03 . 2004-05-14 13:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-04-14 14:03 . 2004-05-14 13:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-04-14 14:03 . 2004-05-14 13:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-04-14 14:03 . 2004-05-14 13:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-04-14 14:03 . 2004-01-11 23:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-04-14 13:51 . 2009-04-17 19:23 -------- d-----w C:\New Folder
2009-04-13 04:16 . 2009-04-13 04:16 -------- d-----w c:\documents and settings\Majed\Application Data\Web Page Maker V2
2009-04-13 04:16 . 2009-04-13 04:16 -------- d-----w c:\program files\Web Page Maker V2
2009-04-13 02:05 . 2009-04-13 07:00 -------- d-----w c:\windows\Majed
2009-04-13 01:54 . 2009-04-13 07:07 -------- d-----w c:\windows\ماجد العوفي
2009-04-13 01:45 . 2009-04-13 01:45 -------- d-----w c:\documents and settings\Majed\Application Data\IndigoRose
2009-04-13 01:43 . 2009-04-13 01:43 0 ----a-w c:\windows\SUF80Design.INI
2009-04-13 01:43 . 2009-04-13 01:48 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-13 01:43 . 2009-04-13 01:43 -------- d-----w c:\documents and settings\All Users\Application Data\IndigoRose
2009-04-13 01:43 . 2009-04-13 01:43 -------- d-----w c:\windows\Setup Factory 8.0 Trial
2009-04-13 01:43 . 2009-04-13 01:46 -------- d-----w c:\program files\Setup Factory 8.0 Trial
2009-04-11 12:55 . 2009-04-11 12:55 -------- d-----w c:\documents and settings\Majed\Local Settings\Application Data\Yahoo
2009-04-11 12:52 . 2009-04-11 12:55 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-11 12:52 . 2009-04-11 12:52 -------- d-----w c:\program files\Yahoo!
2009-04-11 12:24 . 2009-04-11 12:24 -------- d-----w c:\documents and settings\Majed\Application Data\vlc
2009-04-11 12:23 . 2009-04-11 14:24 -------- d-----w c:\program files\VideoLAN
2009-04-11 11:48 . 2009-04-11 11:48 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-11 04:05 . 2009-04-11 04:05 -------- d-----w c:\program files\Microsoft.NET
2009-04-11 03:58 . 2009-04-11 04:01 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-11 03:18 . 2009-04-11 14:24 -------- d-----w c:\program files\WPM
2009-04-11 02:19 . 2009-04-11 12:02 -------- d-----w c:\windows\SxsCaPendDel
2009-04-10 20:35 . 2009-04-10 20:50 57632 ----a-w C:\PA207.DAT
2009-04-10 13:10 . 2009-04-10 13:10 -------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-04-10 13:10 . 2005-05-06 20:00 8704 ----a-w c:\windows\system32\CNMVS7K.DLL
2009-04-10 13:10 . 2005-05-06 20:00 140288 ----a-w c:\windows\system32\CNMLM7K.DLL
2009-04-10 13:10 . 2008-04-13 21:15 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-10 13:10 . 2008-04-13 21:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-10 13:09 . 2009-04-10 13:09 -------- d-----w c:\documents and settings\Majed\Application Data\ScanSoft
2009-04-10 13:09 . 2009-04-10 13:09 -------- d-----w c:\documents and settings\All Users\Application Data\SSScanWizard
2009-04-10 13:09 . 2009-04-10 13:09 -------- d-----w c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2009-04-10 13:09 . 2009-04-10 13:09 532 ----a-w c:\windows\MAXLINK.INI
2009-04-10 13:09 . 2009-04-10 13:09 -------- d-----w c:\program files\Common Files\ScanSoft Shared
2009-04-10 13:09 . 2009-04-10 13:09 -------- d-----w c:\program files\ScanSoft
2009-04-10 13:07 . 2009-04-10 13:07 -------- d-----w c:\program files\ArcSoft
2009-04-10 13:07 . 1995-08-01 01:44 212480 ----a-w c:\windows\PCDLIB32.DLL
2009-04-10 13:01 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-10 13:00 . 2009-04-10 13:00 -------- d-----w c:\windows\StartHtmico
2009-04-10 13:00 . 2009-04-10 13:00 -------- d--h--w c:\windows\system32\CanonMP Uninstaller Information
2009-04-10 13:00 . 2005-08-04 04:13 49152 ----a-w c:\windows\system32\cncisco.dll
2009-04-10 13:00 . 2005-08-04 04:12 221184 ----a-w c:\windows\system32\CNCC150.DLL
2009-04-10 13:00 . 2005-08-04 04:12 69632 ----a-w c:\windows\system32\CNCI150.DLL
2009-04-10 13:00 . 2005-05-30 10:45 139264 ----a-w c:\windows\system32\CNCL150.DLL
2009-04-10 13:00 . 2009-04-10 13:00 -------- d--h--w C:\CanonMP
2009-04-10 12:59 . 2009-04-10 13:01 -------- d-----w c:\program files\Canon
2009-04-09 08:08 . 2009-04-09 08:08 -------- d-----w c:\documents and settings\Majed\Local Settings\Application Data\Adobe
2009-04-08 21:25 . 2009-04-08 21:25 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-08 21:24 . 2009-04-08 21:24 -------- d-----w c:\program files\Common Files\Adobe
2009-04-08 08:11 . 2009-04-08 08:11 -------- d-----w c:\documents and settings\Family\Local Settings\Application Data\Microsoft Help
2009-04-08 08:11 . 2009-04-08 08:11 99496 ----a-w c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 13:12 . 2009-04-07 13:12 8192 --sha-r C:\BOOTSECT.BAK
2009-04-07 13:12 . 2009-03-22 02:14 383112 --sha-r C:\bootmgr
2009-04-07 13:12 . 2009-04-07 13:12 -------- d-sh--w C:\Boot
2009-04-07 02:22 . 2009-04-07 05:03 -------- d-sh--w C:\$RECYCLE.BIN
2009-04-06 21:46 . 2009-04-06 21:46 -------- d-----w c:\program files\Microsoft Virtual PC
2009-04-06 13:36 . 2009-04-06 13:36 -------- d-----w c:\program files\Alcohol Soft
2009-04-06 13:31 . 2009-04-06 13:31 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-06 09:12 . 2009-04-06 09:12 -------- d-----w c:\documents and settings\Majed\Application Data\QuickScan
2009-04-06 07:39 . 2009-04-11 04:07 -------- d-----w c:\program files\Microsoft SQL Server
2009-04-06 07:39 . 2009-04-09 00:00 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-06 07:39 . 2009-04-06 07:39 -------- d-----w c:\program files\Microsoft Synchronization Services
2009-04-06 07:39 . 2009-04-06 07:39 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-06 07:36 . 2009-04-11 02:06 -------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-04-06 07:36 . 2009-04-06 07:36 -------- d-----w c:\program files\Microsoft SDKs
2009-04-06 07:35 . 2009-04-06 13:33 197560 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 07:34 . 2009-04-06 07:34 -------- d-----w c:\windows\system32\XPSViewer
2009-04-06 07:07 . 2009-04-06 07:07 -------- d-----w c:\program files\MSXML 4.0
2009-04-06 07:00 . 2009-04-06 07:00 -------- d-----w c:\windows\Performance
2009-04-06 07:00 . 2009-04-11 14:24 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-04-06 06:11 . 2009-04-16 23:00 1905 ----a-w c:\windows\diagwrn.xml
2009-04-06 06:11 . 2009-04-16 23:00 1905 ----a-w c:\windows\diagerr.xml
2009-04-06 05:02 . 2009-04-06 05:02 -------- d-----w c:\program files\Reference Assemblies
2009-04-06 05:01 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-06 05:01 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-06 05:01 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-06 05:01 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-06 05:01 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-06 05:01 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-06 05:01 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-06 04:22 . 2008-10-16 11:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-06 04:22 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-06 04:22 . 2008-10-16 11:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-05 17:13 . 2009-04-05 17:13 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-05 17:10 . 2009-04-05 17:10 -------- d-----w c:\program files\Common Files\Skype
2009-04-05 17:10 . 2009-04-05 17:10 -------- d-----r c:\program files\Skype
2009-04-05 17:10 . 2009-04-05 17:10 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-05 16:07 . 2009-04-13 12:04 -------- d-----w c:\documents and settings\Ayman
2009-04-05 13:45 . 2009-04-05 13:45 -------- d-----w c:\documents and settings\Majed\Application Data\CyberLink
2009-04-05 13:45 . 2009-04-05 13:45 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-05 13:42 . 2009-04-16 00:38 294 ----a-w c:\windows\lgfwup.ini
2009-04-05 13:34 . 2009-04-16 18:09 -------- d-----w c:\documents and settings\Family\Tracing
2009-04-05 13:22 . 2009-04-05 13:22 -------- d-----w c:\documents and settings\Family\Local Settings\Application Data\BS_Player
2009-04-05 13:22 . 2009-04-05 13:22 -------- d-----w c:\documents and settings\Family\Local Settings\Application Data\Conduit
2009-04-05 13:22 . 2009-04-16 07:17 -------- d-----w c:\documents and settings\Family\Application Data\Orbit
2009-04-05 13:22 . 2009-04-05 13:22 -------- d-----w c:\documents and settings\Family\Application Data\Ahead
2009-04-05 12:59 . 2001-08-23 04:59 57344 ----a-w c:\windows\system32\WMErrAra.dll
2009-04-05 12:59 . 2001-08-19 00:58 34356 ----a-w c:\windows\WMPrfAra.prx
2009-04-05 12:24 . 2009-04-05 12:24 -------- d-----w c:\documents and settings\Majed\Application Data\Webroot
2009-04-05 12:24 . 2009-04-05 12:24 -------- d-----w c:\program files\Common Files\Webroot Shared
2009-04-05 12:24 . 2009-04-05 12:24 -------- d-----w c:\program files\Webroot
2009-04-05 12:24 . 2009-04-05 12:24 -------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-04-05 12:24 . 2007-11-26 11:47 194888 ----a-w c:\windows\Unwash6.exe
2009-04-05 12:07 . 2009-04-05 12:07 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 07:31 . 2009-04-05 11:33 -------- d-----w c:\documents and settings\Majed\Application Data\Orbit
2009-04-16 07:16 . 2009-04-05 09:31 -------- d-----w c:\documents and settings\Majed\Application Data\uTorrent
2009-04-16 00:02 . 2009-04-05 11:18 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 06:33 . 2009-04-05 10:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 07:53 . 2009-04-05 11:50 -------- d-----w c:\documents and settings\Majed\Application Data\BSplayer
2009-04-06 08:03 . 2009-04-05 09:24 99496 ----a-w c:\documents and settings\Majed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 07:34 . 2009-04-05 11:22 -------- d-----w c:\program files\MSBuild
2009-04-05 16:50 . 2009-04-05 09:30 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-05 13:41 . 2009-04-05 10:45 -------- d-----w c:\program files\Common Files\Ahead
2009-04-05 13:00 . 2009-04-05 09:05 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-05 11:50 . 2009-04-05 11:50 -------- d-----w c:\documents and settings\Majed\Application Data\BSplayer Pro
2009-04-05 11:50 . 2009-04-05 11:50 -------- d-----w c:\program files\Webteh
2009-04-05 11:39 . 2009-04-05 11:36 -------- d-----w c:\program files\Windows Live
2009-04-05 11:36 . 2009-04-05 11:36 -------- d-----w c:\program files\Microsoft
2009-04-05 11:36 . 2009-04-05 11:36 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-05 11:36 . 2009-04-05 11:36 -------- d-----w c:\documents and settings\Majed\Application Data\ImgBurn
2009-04-05 11:36 . 2009-04-05 11:36 -------- d-----w c:\program files\ImgBurn
2009-04-05 11:33 . 2009-04-05 11:33 -------- d-----w c:\program files\Orbitdownloader
2009-04-05 11:26 . 2009-04-05 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-05 11:22 . 2009-04-05 11:22 -------- d-----w c:\program files\Microsoft Works
2009-04-05 11:19 . 2009-04-05 11:19 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-05 10:54 . 2009-04-05 10:54 -------- d-----w c:\program files\KYE
2009-04-05 10:48 . 2009-04-05 10:48 -------- d-----w c:\documents and settings\Majed\Application Data\Ahead
2009-04-05 10:47 . 2009-04-05 10:47 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-04-05 10:45 . 2009-04-05 10:45 -------- d-----w c:\program files\Nero
2009-04-05 10:21 . 2009-04-05 10:21 -------- d-----w c:\program files\Common Files\xing shared
2009-04-05 10:21 . 2009-04-05 09:17 -------- d-----w c:\program files\Common Files\Real
2009-04-05 10:14 . 2009-04-05 10:14 -------- d-----w c:\program files\Common Files\Reallusion
2009-04-05 10:14 . 2009-04-05 10:14 -------- d-----w c:\documents and settings\Majed\Application Data\InstallShield
2009-04-05 10:12 . 2009-04-05 10:11 -------- d-----w c:\program files\CyberLink
2009-04-05 10:12 . 2009-04-05 10:12 -------- d-----w c:\program files\Common Files\i-Look 110
2009-04-05 09:41 . 2009-04-05 09:41 -------- d-----w c:\program files\CONEXANT
2009-04-05 09:31 . 2009-04-05 09:31 66996 ----a-w C:\INF.log
2009-04-05 09:31 . 2009-04-05 09:31 -------- d-----w c:\program files\uTorrent
2009-04-05 09:31 . 2009-04-05 09:31 -------- d-----w c:\program files\Intel
2009-04-05 09:17 . 2009-04-05 09:17 -------- d-----w c:\program files\Real
2009-04-05 09:16 . 2009-04-05 09:16 -------- d-----w c:\program files\Alwil Software
2009-04-05 09:06 . 2009-04-05 09:06 -------- d-----w c:\program files\microsoft frontpage
2009-04-05 09:03 . 2009-04-05 09:03 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-23 08:27 . 2009-03-23 08:27 747566 ----a-w c:\windows\system32\abgx360.exe
2009-03-08 01:34 . 2008-04-14 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2008-04-14 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2008-04-14 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2008-04-14 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2008-04-14 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2008-04-14 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2008-04-14 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2008-04-14 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2008-04-14 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2008-04-14 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-21 05:25 . 2009-02-21 05:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-04-14 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-16 03:03 332776 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-05 198160]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-5 1719496]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Majed^Start Menu^Programs^Startup^Reboot.exe]
path=c:\documents and settings\Majed\Start Menu\Programs\Startup\Reboot.exe
backup=c:\windows\pss\Reboot.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 14:10 35696 ----a-w c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2007-07-02 10:29 220544 ----a-w c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 04:00 33648 ----a-w c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-06 04:13 114688 ----a-r c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-06 04:11 98304 ----a-r c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 15:50 4363504 ----a-w c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 12:55 323584 ----a-w c:\windows\PixArt\i-Look110\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:42 1695232 ------w c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 15:53 3885408 ----a-w c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 06:29 729088 ----a-w c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 08:00 49152 ----a-w c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 12:55 323584 ----a-w c:\windows\PixArt\i-Look110\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-06 04:10 94208 ----a-r c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 18:01 71216 ------w c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-05 10:20 198160 ----a-w c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 11:47 1206600 ----a-w c:\program files\Webroot\Washer\wwDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 15:43 69632 ----a-w c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 10:36 14854144 ----a-w c:\windows\RTHDCPL.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-03 364008]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\DRIVERS\HssDrv.sys [2009-04-03 33256]
S3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - HOTSPOTSHIELDSERVICE
*NewlyCreated* - HSSSRV
*NewlyCreated* - RDPWD
*NewlyCreated* - RDSESSMGR
*NewlyCreated* - TDTCP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-17 c:\windows\Tasks\User_Feed_Synchronization-{0E0AFC09-E540-48C6-BFEE-5973C97D3807}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
2009-04-18 c:\windows\Tasks\User_Feed_Synchronization-{496A6147-E108-4A30-A26E-C4FE8AE636B1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
2009-04-17 c:\windows\Tasks\User_Feed_Synchronization-{D468C94A-5D6C-4873-A163-C936B53645CF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-BMISR - c:\program files\KYE\WebMate\BM.exe
MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero 7\InCD\NBHGui.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2009-04-18 13:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...  
scanning hidden autostart entries ... 
scanning hidden files ...  
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\antiwpa.dll
c:\windows\system32\igfxdev.dll
- - - - - - - > 'winlogon.exe'(3816)
c:\windows\system32\antiwpa.dll
c:\windows\system32\igfxdev.dll
- - - - - - - > 'winlogon.exe'(8176)
c:\windows\system32\antiwpa.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-04-18 13:21
ComboFix-quarantined-files.txt  2009-04-18 10:21
Pre-Run: 32,692,092,928 bytes free
Post-Run: 33,430,110,208 bytes free
358 --- E O F --- 2009-04-16 14:19

Corporation · 18 أبريل 2009

تفضل هنا ,,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بحرجدة · 18 أبريل 2009

يعني يوجد فايروس عندي

شكراً لمساعتدك

مع التحية

Corporation · 18 أبريل 2009

لا أعتقد ,,
ولكن طبق الدرس للتأكييد ,,

هل أنت تحس أنك تعاني من مشآكل ؟

بحرجدة · 18 أبريل 2009

الان بدأت المصائب تحل علي

علق الانترنت 8 علي وطلعت رسالة الموت Send
Send dont

مع التحية

بحرجدة · 18 أبريل 2009

الان في جهاز صديقي مشكلة حدث خطأ ويجب اغلاقه لكل برنامج يتصل بالنت

ماحل هذه المشكلة

مع التحية

KoNaMi · 18 أبريل 2009

في البدايه خلينا نركز على مشكله وحده خلينا نبدأ في مشكلتك وبعدين مشكله صاحبك

اعمل الاتي

تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

بحرجدة · 18 أبريل 2009

كود:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:02 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PixArt\i-Look110\Monitor.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Majed\LOCALS~1\Temp\vxb\xxx.exe
C:\Documents and Settings\Majed\Local Settings\Temp\vxb\r.exe
C:\Documents and Settings\Majed\Local Settings\Temporary Internet Files\Content.IE5\0U3BJV3V\Zyzoom_HijackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-602162358-1078081533-1644491937-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Family')
O4 - HKUS\S-1-5-21-602162358-1078081533-1644491937-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Family')
O4 - HKUS\S-1-5-21-602162358-1078081533-1644491937-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ayman')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: EI??? ??C ?? C??I??E - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &EI??? ??C ?? Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [URL]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/URL]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [URL]http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab[/URL]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [URL]http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab[/URL]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [URL]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL]
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - [URL]http://quickscan.bitdefender.com/cab/ActiveQscan.cab[/URL]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 9746 bytes

مع التحية

KoNaMi · 18 أبريل 2009

لاهنت يابعدي انسخ التقرير بدون اكواد

بحرجدة · 18 أبريل 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:05 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PixArt\i-Look110\Monitor.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Majed\LOCALS~1\Temp\vxb\xxx.exe
C:\Documents and Settings\Majed\Local Settings\Temp\vxb\r.exe
C:\Documents and Settings\Majed\Local Settings\Temporary Internet Files\Content.IE5\0U3BJV3V\Zyzoom_HijackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-602162358-1078081533-1644491937-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Family')
O4 - HKUS\S-1-5-21-602162358-1078081533-1644491937-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Family')
O4 - HKUS\S-1-5-21-602162358-1078081533-1644491937-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ayman')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: EI??? ??C ?? C??I??E - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &EI??? ??C ?? Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 9746 bytes

تفضل

مع التحية

بحرجدة · 18 أبريل 2009

الا استخدم هذا البرنامج

اخترت فحص مالفرق بين فحص وتنظيف

طول يفحص الان

مع التحية

KoNaMi · 18 أبريل 2009

اعمل الاتي يالغلا

استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعدين اعمل الاتي

حمل هذه الاداة من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد تنزيل الاداة دبل كلك ستظهر لديك مثل هذه النافذة خذ صورة لها وارفقها بردك القادم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

KoNaMi · 18 أبريل 2009

بحرجدة قال:
الا استخدم هذا البرنامج

اخترت فحص مالفرق بين فحص وتنظيف

طول يفحص الان

مع التحية

فحص بس تطلع لك الفيروسات بدون تنظيف لكن

اختر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة

بحرجدة · 18 أبريل 2009

هذا الناتج بعد الفحص

Engine Version : 5300.2777
Engine Load Time : 18000 milliseconds
AV DAT Version : 5492.0000 488805 detections Built Sunday, January 11, 2009
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\Ayman\NTUSER.DAT : Scan Failed
c:\Documents and Settings\Ayman\NTUSER.DAT.LOG : Scan Failed
c:\Documents and Settings\Ayman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Ayman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Family\NTUSER.DAT : Scan Failed
c:\Documents and Settings\Family\NTUSER.DAT.LOG : Scan Failed
c:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Majed\NTUSER.DAT : Scan Failed
c:\Documents and Settings\Majed\NTUSER.DAT.LOG : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{187CA6EA-2C09-11DE-B950-001921DE10E9}.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{187CA6EB-2C09-11DE-B950-001921DE10E9}.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{187CA6ED-2C09-11DE-B950-001921DE10E9}.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{187CA6EF-2C09-11DE-B950-001921DE10E9}.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{187CA6F1-2C09-11DE-B950-001921DE10E9}.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{187CA6F5-2C09-11DE-B950-001921DE10E9}.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{187CA6F7-2C09-11DE-B950-001921DE10E9}.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C9219D62-2C0E-11DE-B950-001921DE10E9}.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F751CA48-2C10-11DE-B950-001921DE10E9}.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Windows Live Contacts\{e767f0c0-6f95-4eb9-be82-05c1d164677b}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Windows Live Contacts\{e767f0c0-6f95-4eb9-be82-05c1d164677b}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Windows Live Contacts\{e767f0c0-6f95-4eb9-be82-05c1d164677b}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Application Data\Microsoft\Windows Live Contacts\{e767f0c0-6f95-4eb9-be82-05c1d164677b}\DBStore\LogFiles\edbtmp.log : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\Perflib_Perfdata_2118.dat : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DF15AE.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DF233D.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DF2399.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DF3A19.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DF3CEA.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DF4000.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DF4348.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DF6B7F.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DFC842.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DFC939.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DFE0AC.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DFE0E4.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DFE159.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DFE16B.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DFE1B5.tmp : Scan Failed
c:\Documents and Settings\Majed\Local Settings\Temp\~DFE1C7.tmp : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_750.dat : Scan Failed
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf : Scan Failed
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf : Scan Failed
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf : Scan Failed
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf : Scan Failed
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf : Scan Failed
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf : Scan Failed
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf : Scan Failed
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf : Scan Failed
File : c:\Program Files\Setup Factory 8.0 Trial\Data\IndigoRose Setup Factory 8.1.1000.0 - Bidjan.exe : contains "Trojan" called "Generic.dx" (No Action Taken )
c:\Program Files\Setup Factory 8.0 Trial\Data\IndigoRose Setup Factory 8.1.1000.0 - Bidjan.exe : No action taken
File : c:\System Volume Information\_restore{0AA0CBF3-5538-4916-8DA0-D6101922DE03}\RP44\A0008906.exe : contains "Trojan" called "Generic.dx" (No Action Taken )
c:\System Volume Information\_restore{0AA0CBF3-5538-4916-8DA0-D6101922DE03}\RP44\A0008906.exe : No action taken
File : c:\WINDOWS\system32\antiwpa.dll : contains "Trojan" called "Generic.dx" (No Action Taken )
c:\WINDOWS\system32\antiwpa.dll : No action taken
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\Temp\Perflib_Perfdata_56c.dat : Scan Failed
c:\WINDOWS\Temp\_avast4_\Webshlock.txt : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 62801
FilesScanned : 38031
FilesNotScanned : 24770

ObjectsFound : 123003
ObjectsInfected : 3
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 3
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 3:16:52 PM Saturday, April 18, 2009
Ended at : 3:43:29 PM Saturday, April 18, 2009
Duration : 26 minutes 37 seconds
5346 MB scanned in 1597 seconds = 3 MB/s
Engine Version : 5300.2777
Engine Load Time : 18922 milliseconds
AV DAT Version : 5492.0000 488805 detections Built Sunday, January 11, 2009
Extra DAT : 0 detections

Summary :-
FilesFound : 5108
FilesScanned : 3072
FilesNotScanned : 2036

ObjectsFound : 5425
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 3:43:49 PM Saturday, April 18, 2009
Ended at : 3:45:20 PM Saturday, April 18, 2009
Duration : 1 minutes 30 seconds
771 MB scanned in 90 seconds = 8 MB/s
Engine Version : 5300.2777
Engine Load Time : 19547 milliseconds
AV DAT Version : 5492.0000 488805 detections Built Sunday, January 11, 2009
Extra DAT : 0 detections

Summary :-
FilesFound : 80598
FilesScanned : 35921
FilesNotScanned : 44677

ObjectsFound : 91217
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 3:45:53 PM Saturday, April 18, 2009
Ended at : 4:13:23 PM Saturday, April 18, 2009
Duration : 27 minutes 29 seconds
4699 MB scanned in 1649 seconds = 2 MB/s

الان راح استخدم تنظيف

مع التحية

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : Corporation

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : Corporation

زيزوومي نشيط

زيزوومى فضى

توقيع : Corporation

زيزوومي نشيط

زيزوومى فضى

توقيع : Corporation

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : KoNaMi

زيزوومي نشيط

زيزوومى فضى

توقيع : KoNaMi

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : KoNaMi

زيزوومى فضى

توقيع : KoNaMi

زيزوومي نشيط