مشاهدة النسخة كاملة : [تم حل المشكله]فيروس autorun
a.t.f
03-07-2009, 06:51 PM
يااهل الخبرة الحقوني فيروس autorun دخل جهازي وحاس ام الدنيا
فيه طريقة لحذفه من جذوره لان برنامج الافيرا ماطلع لي شي
gaberbkr
03-07-2009, 06:56 PM
حمل هذه الآداة واضغط عليها وأتبع التعليمات
http://gaberbkr.googlepages.com/VirusFix.bat
a.t.f
03-07-2009, 07:11 PM
يعطيك العافية
a.t.f
03-07-2009, 07:30 PM
مازبط البرنامج وش الحل
سفير الدموع
03-07-2009, 07:57 PM
أخوي أنا مش خبير من مرة بس الخبراء دائما يقولون
اعمل الاتي
تقرير هايجاك
حمل هذا البرنامج
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe (http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe)
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
a.t.f
03-07-2009, 07:58 PM
يااهل الخبرة ردوا علي
شيخ النمور
03-07-2009, 08:02 PM
في خطوات بسيطة سوف ننتهي من مشكلة هذا الفيرس المزعج نهائيا ,,
(( 1 )) - قم بتثبيت البرنامج بدبل كليك علية و من ثم اضغط علي الشورت كت الموجود علي سطح
المكتب الذي هو علي شكل قرطاس احمر
(( 2 )) - ستلاحظ ظهور البرنامج جنب الساعة و يقول لك اعمل كليك يمين علية ثم اختر Start
http://www.zyzoom.net/vb_up/uploads/images/zyzoom-ba1d5bbf68.png
كما هو موضح في الصورة التالية ,,
http://www.zyzoom.net/vb_up/uploads/images/zyzoom-e308ef9fc8.png
((3 )) و توجد خيار لاصلاح مشكلة تعطل محرر الريجيستري و التاسك مانجر و الفولدر اوبشن
فقط كليك علي ما تريد اصلاحة و تنتهي المشاكل كلها بهذة الطريقة البسيطة ,,
من هنا التحميل (http://rapidshare.com/files/225841044/Autorun.Eater.2.3.rar)
a.t.f
03-07-2009, 08:09 PM
شيخ النمور حملته يقول معطوب وش السالفة
KoNaMi
03-07-2009, 08:24 PM
اخوي اعمل الاتي
تقرير هايجاك
حمل هذا البرنامج
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe (http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe)
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
الزري2
03-07-2009, 08:34 PM
السلام عليكم ورحمة الله وبركاته
بإمكانك تجربة هذا البرنامج الجيد (برمجة صديق عزيز عليّ جداً :king:)
للتحميل SAK v1.00 (http://www.filesend.net/download.php?f=2844bf0df77cc0fa26d1872cf84d3728)
بمجرد فتح البرنامج قم بعمل Remove and Protect ...
ثم ستأتي بعض الرسائل تابع الضغط على ok ...
ثم سيكون جهازك نظيف بإذن الله :wink:
شيخ النمور
03-07-2009, 08:50 PM
شيخ النمور حملته يقول معطوب وش السالفة
http://www.softpedia.com/get/Security/Secure-cleaning/Autorun-Eater.shtml
حمل مرة اخرى:hh:
a.t.f
03-07-2009, 08:55 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:31:48 م, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\fsproflt.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Downloads\Software\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://voice34.digivoice.net/talk.cab
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://voice34.digivoice.net/ReadUid.CAB
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) - http://76.76.19.33/imscp/talks3n.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: InTouchLock - {C1275D50-432C-4C07-A1F1-0810417B1FD2} - (no file)
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12517 bytes
(هذا التقرير)
المهنـدس
03-07-2009, 08:58 PM
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
http://subs.geekstogo.com/********.exe (http://subs.geekstogo.com/********.exe)
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
ثم
حمل هذا البرنامج
http://www.zyzoom.net/soft/security/...HijackThis.exe (http://www.zyzoom.net/soft/security/tools/Zyzoom_HijackThis.exe)
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
KoNaMi
03-07-2009, 08:59 PM
اوكي اخوي الحين اعمل الاتي
عطل جميع برامج الحمايه
نزل هذه الاداة
http://www.zyzoom1.com//uploads/images/zyzoom-a6501b45a2.gif (http://subs.geekstogo.com/********.exe)
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
a.t.f
03-07-2009, 09:36 PM
******** 09-07-02.02 - User 07/03/2009 21:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2038.1431 [GMT 3:00]
Running from: c:\downloads\Software\********.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-07-03 17:11 . 2009-07-03 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-03 15:30 . 2009-07-03 18:29 -------- d-----w- c:\docume~1\User\APPLIC~1\Free Download Manager
2009-07-03 15:30 . 2009-07-03 15:30 -------- d-----w- c:\program files\Free Download Manager
2009-07-03 15:30 . 2009-07-03 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-07-03 14:23 . 2009-07-03 14:23 -------- d-----w- c:\documents and settings\tazebama.dl_
2009-07-02 19:14 . 2009-07-02 19:14 -------- d-----w- c:\docume~1\User\APPLIC~1\Avira
2009-07-02 16:50 . 2009-05-08 11:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-02 16:50 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-02 16:50 . 2009-02-24 10:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-02 16:50 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-02 16:50 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-02 16:50 . 2009-07-02 16:50 -------- d-----w- c:\program files\Avira
2009-07-01 18:53 . 2009-07-01 18:54 -------- d-----w- c:\program files\Circle Developement
2009-07-01 18:50 . 2009-07-03 16:27 -------- d-----w- c:\documents and settings\User\Tracing
2009-07-01 18:46 . 2009-07-01 18:46 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-01 18:45 . 2009-07-01 18:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-01 18:45 . 2009-07-01 18:45 -------- d-----w- c:\program files\Microsoft
2009-07-01 18:44 . 2009-07-01 18:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-01 18:44 . 2009-07-01 18:49 -------- d-----w- c:\program files\Windows Live
2009-07-01 18:43 . 2009-07-01 18:43 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-30 17:01 . 2009-06-30 17:33 -------- d-----w- c:\program files\USB Disk Security
2009-06-30 15:48 . 2009-06-30 15:48 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Yahoo
2009-06-30 15:48 . 2009-06-30 15:48 262144 ----a-w- C:\ntuser.dat
2009-06-30 15:48 . 2009-07-01 23:07 -------- d-----w- c:\docume~1\User\APPLIC~1\Yahoo!
2009-06-30 15:47 . 2009-05-26 16:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-30 13:09 . 2009-06-30 22:17 -------- d-----w- c:\program files\AutorunRemover
2009-06-28 10:39 . 2009-06-28 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-27 13:54 . 2009-06-27 13:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberScrub
2009-06-27 10:14 . 2009-06-27 10:14 -------- d-----w- c:\windows\system32\embedded
2009-06-27 10:14 . 2009-06-27 10:25 -------- d-----w- c:\program files\Spyware Doctor
2009-06-26 20:51 . 2007-05-10 07:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2009-06-26 15:47 . 2009-06-26 15:58 -------- d-----w- c:\docume~1\User\APPLIC~1\GetRightToGo
2009-06-26 15:16 . 2009-06-27 19:56 -------- d-----w- c:\docume~1\User\APPLIC~1\CyberScrub
2009-06-26 15:16 . 2009-06-26 15:16 -------- d-----w- c:\docume~1\User\APPLIC~1\cleaner
2009-06-25 17:23 . 2009-06-25 17:23 -------- d-----w- c:\docume~1\User\APPLIC~1\Motive
2009-06-25 17:23 . 2009-06-25 17:25 -------- d-----w- c:\program files\Fahess_Activation
2009-06-25 17:22 . 2009-06-25 17:23 -------- d-----w- c:\program files\Common Files\Motive
2009-06-25 17:22 . 2009-06-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-24 17:59 . 2009-06-24 20:31 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-24 17:27 . 2009-06-24 17:27 -------- d-----w- c:\windows\system32\logs
2009-06-24 17:26 . 2009-06-24 20:32 -------- d-----w- c:\program files\BitDefender
2009-06-24 17:26 . 2009-06-24 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-06-24 17:25 . 2009-06-24 17:26 -------- d-----w- c:\windows\system32\URTTemp
2009-06-24 17:14 . 2009-06-24 20:32 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-21 20:35 . 2009-07-03 12:40 -------- d-----w- c:\docume~1\User\APPLIC~1\IDM
2009-06-17 17:59 . 2006-05-21 12:15 966144 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2009-06-17 17:59 . 2006-05-21 12:15 877568 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-06-17 17:59 . 2006-05-21 12:15 634880 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2009-06-17 17:59 . 2006-05-21 12:15 522752 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2009-06-17 17:59 . 2006-05-21 12:15 467968 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-06-17 17:59 . 2006-05-21 12:15 467456 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-06-17 17:59 . 2009-06-17 17:59 -------- d-----w- c:\docume~1\User\APPLIC~1\concept design
2009-06-17 16:07 . 2009-06-17 16:07 -------- d-----w- c:\program files\XeroBank
2009-06-14 17:49 . 2009-06-14 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-14 12:54 . 2009-06-14 12:54 -------- d-----w- c:\docume~1\User\APPLIC~1\gnupg
2009-06-13 19:59 . 2009-06-13 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-06-13 19:59 . 2009-06-13 16:47 24433136 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_ar.exe
2009-06-13 19:59 . 2009-06-13 19:59 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6 Exec.exe
2009-06-13 19:59 . 2009-06-13 19:59 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep. exe
2009-06-13 19:59 . 2009-06-13 19:59 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredi stExec.exe
2009-06-13 19:56 . 2009-06-13 19:56 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-13 19:56 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-13 19:56 . 2009-06-13 19:56 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\docume~1\User\APPLIC~1\TuneUp Software
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-13 19:54 . 2009-06-13 19:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-13 19:52 . 2009-06-13 19:52 -------- d-----w- c:\program files\janusware
2009-06-10 04:50 . 2009-06-27 14:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-10 04:50 . 2009-06-10 04:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-06-10 04:50 . 2009-06-10 04:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-06 19:40 . 2009-06-06 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\The Skins Factory
2009-06-06 19:40 . 2008-10-07 07:44 1277952 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe
2009-06-06 19:40 . 2008-06-25 06:55 888832 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxBaseV.dll
2009-06-06 19:40 . 2008-06-25 06:55 798720 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxXML2V.dll
2009-06-06 19:40 . 2008-06-25 06:55 786432 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxImV.dll
2009-06-06 19:40 . 2008-06-25 06:55 733184 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxJavaScriptV.dll
2009-06-06 19:40 . 2008-06-25 06:55 528384 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxProcV.dll
2009-06-06 19:40 . 2008-06-25 06:55 458752 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxFFV.dll
2009-06-06 19:40 . 2008-06-25 06:55 2105344 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxCmpV.dll
2009-06-06 19:40 . 2008-06-25 06:55 159744 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxZipV.dll
2009-06-06 19:40 . 2008-06-25 06:55 1421312 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxCommonV.dll
2009-06-06 19:39 . 2009-06-06 19:39 -------- d-----w- c:\docume~1\User\APPLIC~1\Skinux
2009-06-06 19:36 . 2009-06-06 19:36 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations
2009-06-05 13:33 . 2009-06-05 13:39 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Hotspot_Shield
2009-06-05 11:23 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-05 11:23 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-05 11:23 . 2008-03-21 10:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-04 21:32 . 2009-06-04 21:34 -------- d-----w- c:\program files\VistaDrives
2009-06-04 21:21 . 2009-06-04 21:21 18599936 ----a-w- c:\windows\system32\videoencode.dll
2009-06-04 21:21 . 2009-06-04 21:21 90112 ----a-w- c:\windows\system32\ssvideo.dll
2009-06-04 21:21 . 2009-06-04 21:21 1128128 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-06-04 21:21 . 2009-06-30 11:29 778240 ----a-w- c:\windows\system32\ALOAudioCompress2.dll
2009-06-04 21:21 . 2009-06-04 21:21 18595840 ----a-w- c:\windows\system32\coredata.dll
2009-06-04 21:21 . 2006-07-28 22:22 51712 ----a-w- c:\windows\system32\coodest.dll
2009-06-04 21:21 . 2003-08-07 12:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-04 21:21 . 2005-05-19 00:17 40960 ----a-w- c:\windows\system32\osenxpsuite2005.dll
2009-06-04 21:20 . 2009-06-04 21:20 -------- d-----w- c:\program files\Ozone
2009-06-04 16:18 . 2009-06-30 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-03 15:28 . 2009-05-16 09:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-03 12:39 . 2009-05-09 16:47 -------- d-----w- c:\docume~1\User\APPLIC~1\DMCache
2009-07-02 23:09 . 2009-05-08 19:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 21:39 . 2009-05-10 20:23 -------- d-----w- c:\program files\CCleaner
2009-07-02 18:33 . 2009-05-11 20:47 -------- d-----w- c:\program files\LtUcx
2009-07-02 16:50 . 2009-05-09 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-02 16:36 . 2009-05-27 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-01 23:17 . 2009-05-09 16:54 -------- d-----w- c:\docume~1\User\APPLIC~1\Skype
2009-07-01 23:07 . 2009-05-10 20:23 -------- d-----w- c:\program files\Yahoo!
2009-07-01 23:03 . 2009-07-01 22:59 -------- d-----w- c:\program files\DivX
2009-07-01 22:59 . 2009-07-01 22:59 -------- d-----w- c:\docume~1\User\APPLIC~1\DivX
2009-07-01 18:53 . 2009-05-09 06:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-01 18:31 . 2009-05-10 20:21 -------- d-----w- c:\program files\BitComet
2009-07-01 16:52 . 2009-07-01 16:52 2678 ----a-w- c:\windows\java\Packages\Data\BVRFTNPR.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\QNTZVVFP.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\HZRDBHBV.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\6TBXR9RH.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\TFLVXV9Z.DAT
2009-06-26 22:10 . 2009-05-08 19:00 101184 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 16:08 . 2009-05-16 05:30 -------- d-----w- c:\program files\مجموعة أفلام
2009-06-26 11:42 . 2009-05-28 16:41 -------- d-----w- c:\program files\UlisesSoft
2009-06-15 23:49 . 2009-05-10 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-13 20:16 . 2009-05-11 15:46 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 20:16 . 2009-05-09 18:37 -------- d-----w- c:\program files\Nokia
2009-06-13 19:59 . 2009-05-09 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-06 18:59 . 2009-05-09 06:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 11:23 . 2009-06-05 11:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-06-05 11:23 . 2009-06-05 11:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-06-03 21:52 . 2009-05-09 16:34 -------- d-----w- c:\program files\معالج الصور
2009-06-02 19:19 . 2009-06-02 19:17 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2009-06-02 19:14 . 2009-06-02 19:09 -------- d-----w- c:\program files\computer4u
2009-06-02 19:00 . 2009-02-01 09:10 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-06-02 18:48 . 2009-05-28 20:36 -------- d-----w- c:\program files\KoolMoves Demo
2009-06-02 18:36 . 2009-06-02 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Laconic Software
2009-06-02 18:35 . 2009-06-02 18:35 -------- d-----w- c:\program files\Free Fire Screensaver
2009-05-31 19:51 . 2009-05-31 19:38 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-31 19:46 . 2009-05-31 19:38 -------- d-----w- c:\program files\Mgutil
2009-05-31 19:38 . 2009-05-31 19:38 -------- d-----w- c:\docume~1\User\APPLIC~1\URSoft
2009-05-30 20:54 . 2009-05-30 20:54 -------- d-----w- c:\program files\Hide Folders 2009
2009-05-30 19:00 . 2009-05-30 19:00 -------- d-----w- c:\program files\SigmaTel
2009-05-30 19:00 . 2009-05-08 19:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-29 20:35 . 2009-05-29 20:05 -------- d-----w- c:\program files\InTouchLock
2009-05-29 20:19 . 2009-05-21 22:22 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-29 20:16 . 2009-05-29 20:00 -------- d-----w- c:\docume~1\User\APPLIC~1\uTorrent
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\docume~1\User\APPLIC~1\ESET
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-28 13:37 . 2009-05-28 13:37 -------- d-----w- c:\program files\microsoft frontpage
2009-05-28 13:24 . 2009-05-28 13:24 -------- d-----w- c:\docume~1\User\APPLIC~1\PC Tools
2009-05-26 19:41 . 2009-05-09 17:00 -------- d-----w- c:\docume~1\User\APPLIC~1\skypePM
2009-05-24 20:30 . 2009-05-08 18:54 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-24 17:05 . 2009-05-24 17:05 -------- d-----w- c:\program files\Conduit
2009-05-22 14:33 . 2009-05-09 18:37 -------- d-----w- c:\docume~1\User\APPLIC~1\Nokia
2009-05-18 20:11 . 2009-05-18 20:09 -------- d-----w- c:\docume~1\User\APPLIC~1\DeskSoft
2009-05-16 18:46 . 2009-05-16 18:46 1172 ----a-w- c:\windows\mozver.dat
2009-05-16 18:07 . 2009-05-16 18:07 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 16:19 . 2009-05-16 16:19 -------- d-----w- c:\program files\Ask Search Assistant
2009-05-15 12:26 . 2009-05-15 12:26 -------- d-----w- c:\docume~1\User\APPLIC~1\Avant Profiles
2009-05-13 19:01 . 2009-05-09 16:53 -------- d-----w- c:\program files\Google
2009-05-11 15:46 . 2009-05-11 15:46 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-11 15:46 . 2009-05-11 15:46 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-11 15:45 . 2009-05-11 15:45 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst CCD.exe
2009-05-11 15:45 . 2009-05-11 15:45 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-05-11 15:45 . 2009-05-11 15:45 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCS.exe
2009-05-11 15:44 . 2009-05-11 15:45 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara.exe
2009-05-10 20:24 . 2009-05-10 20:24 -------- d-----w- c:\program files\Microsoft Works
2009-05-10 20:24 . 2009-05-10 20:24 -------- d-----w- c:\program files\MSBuild
2009-05-10 20:20 . 2009-05-09 21:12 57344 ----a-w- c:\windows\system32\IMSInfo.dll
2009-05-09 21:10 . 2009-05-09 16:35 -------- d-----w- c:\docume~1\User\APPLIC~1\Media Player Classic
2009-05-09 18:39 . 2009-05-09 18:37 -------- d-----w- c:\docume~1\User\APPLIC~1\PC Suite
2009-05-09 18:39 . 2009-05-09 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-09 18:36 . 2009-05-09 18:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\Uninst CCD.exe
2009-05-09 18:36 . 2009-05-09 18:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-05-09 18:36 . 2009-05-09 18:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\Uninst PCS.exe
2009-05-09 17:00 . 2009-05-09 17:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----w- c:\program files\Common Files\Skype
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----r- c:\program files\Skype
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-09 16:35 . 2009-05-09 16:35 -------- d-----w- c:\docume~1\User\APPLIC~1\Windows Search
2009-05-09 16:35 . 2009-05-09 16:35 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-09 16:35 . 2009-05-09 06:42 -------- d-----w- c:\program files\Common Files\Real
2009-05-09 06:46 . 2009-05-09 06:46 -------- d-----w- c:\program files\Alwil Software
2009-05-09 06:42 . 2009-05-09 06:42 -------- d-----w- c:\program files\Real
2009-05-09 06:41 . 2009-05-09 06:41 -------- d-----w- c:\program files\Ahead
2009-05-09 06:41 . 2009-05-09 06:41 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-09 06:35 . 2009-05-09 06:35 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-09 06:35 . 2009-05-09 06:35 172032 ------w- c:\windows\Setup1.exe
2009-05-09 06:35 . 2009-05-09 06:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-09 06:33 . 2009-05-09 06:33 -------- d-----w- c:\docume~1\User\APPLIC~1\vlc
2009-05-09 06:31 . 2009-05-09 06:31 -------- d-----w- c:\program files\VideoLAN
2009-05-09 06:31 . 2009-05-09 06:31 2232 ----a-w- c:\windows\java\Packages\Data\5Z1FRX7F.DAT
2009-05-09 06:31 . 2009-05-09 06:31 155995 ----a-w- c:\windows\java\Packages\IADZ3NPB.ZIP
2009-05-08 19:25 . 2009-05-08 19:25 -------- d-----w- c:\program files\DIFX
2009-05-08 19:24 . 2009-05-08 19:24 -------- d-----w- c:\program files\Intel
2009-05-08 19:22 . 2009-05-08 19:22 -------- d-----w- c:\program files\WIDCOMM
2009-05-08 19:21 . 2009-05-08 19:21 -------- d-----w- c:\program files\CONEXANT
2009-05-08 19:03 . 2009-05-08 18:55 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-08 19:00 . 2009-05-08 19:00 -------- d-----w- c:\docume~1\User\APPLIC~1\Windows Desktop Search
2009-05-08 18:57 . 2009-05-08 18:57 -------- d-----w- c:\program files\Alky for Applications
2009-05-08 18:52 . 2009-05-08 18:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-08 18:51 . 2009-05-08 18:51 -------- d-----w- c:\program files\Windows Desktop Search
2009-03-05 15:08 . 2009-06-24 17:29 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-18 1992928]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-30 121089]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-18 1992928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-01 124928]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Hyperdesk_uninst0.lnk - c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe [2009-6-6 1277952]
c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-5-8 128000]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-01 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\fsproflt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"16417:TCP"= 16417:TCP:BitComet 16417 TCP
"16417:UDP"= 16417:UDP:BitComet 16417 UDP
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [30/05/2009 11:54 م 43792]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.s ys [02/07/2009 07:50 م 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [02/07/2009 07:50 م 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [02/07/2009 07:50 م 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [02/07/2009 07:50 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [02/07/2009 07:50 م 434945]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [30/05/2009 11:54 م 73392]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [13/06/2009 10:56 م 604416]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [02/07/2009 07:50 م 69632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/05/2009 10:35 م 105984]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-07-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free Download Manager تحميل الفيديو بواسطة - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل المحددة بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlselected.htm
IE: تنزيل الكل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlall.htm
IE: تنزيل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dllink.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://voice34.digivoice.net/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.19.33/imscp/talks3n.cab
FF - ProfilePath - c:\docume~1\User\APPLIC~1\Mozilla\Firefox\Profiles \qgl0txdl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 21:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\User\LOCALS~1\Temp\Perflib_Perfdata_2c 4.dat 16384 bytes
scan completed successfully
hidden files: 1
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m chInjDrv]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N TProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2d76479 6-7d9b-4efb-945b-e8e971ed40e6}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a7
"Therad"=dword:00000028
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a, 96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe ,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED6077 9-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4e,09,42,27,2a,c7,41,75,4e,ab,9a,7d,ca,57, 08,bc,1f,3e,70,1e,60,
fc,69,80,f4,c0,33,6f,ae,f8,d9,ac,4a,20,2e,5d,05,aa ,84,4b,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1540)
c:\program files\Spyware Doctor\Tools\swpg.dat
c:\windows\system32\igfxdev.dll
- - - - - - - > 'lsass.exe'(1596)
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\program files\Spyware Doctor\Tools\swpg.dat
- - - - - - - > 'explorer.exe'(324)
c:\program files\Spyware Doctor\Tools\swpg.dat
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(1516)
c:\program files\Spyware Doctor\Tools\swpg.dat
.
Completion time: 2009-07-03 21:32
********-quarantined-files.txt 2009-07-03 18:32
********2.txt 2009-07-03 18:24
Pre-Run: 184,651,403,264 bytes free
Post-Run: 184,641,294,336 bytes free
376
a.t.f
03-07-2009, 10:18 PM
ياكونامي وبعد هالتقرير وش اسوي
البارون
03-07-2009, 10:22 PM
استخدم هالاداة وبعدها تقرير جديد
اداة ATF cleaner
http://www.zyzoom1.com//uploads/images/zyzoom-a6501b45a2.gif (http://www.atribune.org/ccount/click.php?id=1)
a.t.f
03-07-2009, 10:31 PM
سويتها ماطلع اي شي
البارون
03-07-2009, 10:34 PM
سويتها ماطلع اي شي
نظف الجهاز بالاداة من الرد السابق وهات تقرير هايجاك جديد
a.t.f
03-07-2009, 10:42 PM
http://upload.traidnt.net/upfiles/L4Q50049.bmp (http://upload.traidnt.net/)
طلعت لي هالصورة
البارون
03-07-2009, 10:44 PM
طيب ذحين تقرير هايجاك جديد
a.t.f
03-07-2009, 10:52 PM
طيب الفيروس باقي موجود انا ابغى اشيله عن بكرة ابيه
لاني لفيت جميع المنتديات ادور اداة تشيلها وكلها فاشلة وش الحل
اخوي كيف عرفت انه فيروس اتورن ؟
البارون
03-07-2009, 11:02 PM
هات التقرير وبعدين اعلمك
a.t.f
03-07-2009, 11:04 PM
وعندي ملفات في كل مكان (Desktop.ini/Thumbs.db)
موجودة في كل مكان مدري وش الحل ياادراة المنتدى شوفولي حل شكلي بنتحر من هالفيروس
يا خوي ما هو فيروس
اعمل التالي فقط
نزل هذه الأداة
http://www.zyzoom.net/vb_up/extension/rar.gif (http://up2.upload.pk/uploads/1245079476.rar)
فك الضغط عنها وشغلها بدبل كلك
http://www.zyzoomup.com/out.php/i17409_1.png
http://www.zyzoomup.com/out.php/i17412_2.png
وبلغنا النتائج
a.t.f
03-07-2009, 11:10 PM
اخوي ماكس لاني دخلت الفلاش في جهاز ثاني ودخلته في جهازي وهو موجود في قرص c
a.t.f
03-07-2009, 11:13 PM
اخوي ماكس حملتها وسويت تشغيل وماصار شي سوى زي الاعادة ورجع
طيب الملفات التي تقول عنها منتشرة هل ما زالت ؟
اذا نعم اعمل التالي
http://www.zyzoom.net/vb_up/upload/wh_67363828.png
http://www.zyzoom.net/vb_up/upload/wh_20288410.png
ثم اضغط موافق وتختفي هذه الملفات
a.t.f
03-07-2009, 11:17 PM
******** 09-07-02.02 - User 07/03/2009 21:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2038.1431 [GMT 3:00]
Running from: c:\downloads\Software\********.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-07-03 17:11 . 2009-07-03 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-03 15:30 . 2009-07-03 18:29 -------- d-----w- c:\docume~1\User\APPLIC~1\Free Download Manager
2009-07-03 15:30 . 2009-07-03 15:30 -------- d-----w- c:\program files\Free Download Manager
2009-07-03 15:30 . 2009-07-03 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-07-03 14:23 . 2009-07-03 14:23 -------- d-----w- c:\documents and settings\tazebama.dl_
2009-07-02 19:14 . 2009-07-02 19:14 -------- d-----w- c:\docume~1\User\APPLIC~1\Avira
2009-07-02 16:50 . 2009-05-08 11:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-02 16:50 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-02 16:50 . 2009-02-24 10:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-02 16:50 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-02 16:50 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-02 16:50 . 2009-07-02 16:50 -------- d-----w- c:\program files\Avira
2009-07-01 18:53 . 2009-07-01 18:54 -------- d-----w- c:\program files\Circle Developement
2009-07-01 18:50 . 2009-07-03 16:27 -------- d-----w- c:\documents and settings\User\Tracing
2009-07-01 18:46 . 2009-07-01 18:46 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-01 18:45 . 2009-07-01 18:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-01 18:45 . 2009-07-01 18:45 -------- d-----w- c:\program files\Microsoft
2009-07-01 18:44 . 2009-07-01 18:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-01 18:44 . 2009-07-01 18:49 -------- d-----w- c:\program files\Windows Live
2009-07-01 18:43 . 2009-07-01 18:43 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-30 17:01 . 2009-06-30 17:33 -------- d-----w- c:\program files\USB Disk Security
2009-06-30 15:48 . 2009-06-30 15:48 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Yahoo
2009-06-30 15:48 . 2009-06-30 15:48 262144 ----a-w- C:\ntuser.dat
2009-06-30 15:48 . 2009-07-01 23:07 -------- d-----w- c:\docume~1\User\APPLIC~1\Yahoo!
2009-06-30 15:47 . 2009-05-26 16:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-30 13:09 . 2009-06-30 22:17 -------- d-----w- c:\program files\AutorunRemover
2009-06-28 10:39 . 2009-06-28 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-27 13:54 . 2009-06-27 13:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberScrub
2009-06-27 10:14 . 2009-06-27 10:14 -------- d-----w- c:\windows\system32\embedded
2009-06-27 10:14 . 2009-06-27 10:25 -------- d-----w- c:\program files\Spyware Doctor
2009-06-26 20:51 . 2007-05-10 07:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2009-06-26 15:47 . 2009-06-26 15:58 -------- d-----w- c:\docume~1\User\APPLIC~1\GetRightToGo
2009-06-26 15:16 . 2009-06-27 19:56 -------- d-----w- c:\docume~1\User\APPLIC~1\CyberScrub
2009-06-26 15:16 . 2009-06-26 15:16 -------- d-----w- c:\docume~1\User\APPLIC~1\cleaner
2009-06-25 17:23 . 2009-06-25 17:23 -------- d-----w- c:\docume~1\User\APPLIC~1\Motive
2009-06-25 17:23 . 2009-06-25 17:25 -------- d-----w- c:\program files\Fahess_Activation
2009-06-25 17:22 . 2009-06-25 17:23 -------- d-----w- c:\program files\Common Files\Motive
2009-06-25 17:22 . 2009-06-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-24 17:59 . 2009-06-24 20:31 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-24 17:27 . 2009-06-24 17:27 -------- d-----w- c:\windows\system32\logs
2009-06-24 17:26 . 2009-06-24 20:32 -------- d-----w- c:\program files\BitDefender
2009-06-24 17:26 . 2009-06-24 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-06-24 17:25 . 2009-06-24 17:26 -------- d-----w- c:\windows\system32\URTTemp
2009-06-24 17:14 . 2009-06-24 20:32 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-21 20:35 . 2009-07-03 12:40 -------- d-----w- c:\docume~1\User\APPLIC~1\IDM
2009-06-17 17:59 . 2006-05-21 12:15 966144 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2009-06-17 17:59 . 2006-05-21 12:15 877568 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-06-17 17:59 . 2006-05-21 12:15 634880 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2009-06-17 17:59 . 2006-05-21 12:15 522752 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2009-06-17 17:59 . 2006-05-21 12:15 467968 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-06-17 17:59 . 2006-05-21 12:15 467456 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-06-17 17:59 . 2009-06-17 17:59 -------- d-----w- c:\docume~1\User\APPLIC~1\concept design
2009-06-17 16:07 . 2009-06-17 16:07 -------- d-----w- c:\program files\XeroBank
2009-06-14 17:49 . 2009-06-14 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-14 12:54 . 2009-06-14 12:54 -------- d-----w- c:\docume~1\User\APPLIC~1\gnupg
2009-06-13 19:59 . 2009-06-13 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-06-13 19:59 . 2009-06-13 16:47 24433136 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_ar.exe
2009-06-13 19:59 . 2009-06-13 19:59 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6 Exec.exe
2009-06-13 19:59 . 2009-06-13 19:59 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep. exe
2009-06-13 19:59 . 2009-06-13 19:59 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredi stExec.exe
2009-06-13 19:56 . 2009-06-13 19:56 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-13 19:56 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-13 19:56 . 2009-06-13 19:56 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\docume~1\User\APPLIC~1\TuneUp Software
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-13 19:54 . 2009-06-13 19:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-13 19:52 . 2009-06-13 19:52 -------- d-----w- c:\program files\janusware
2009-06-10 04:50 . 2009-06-27 14:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-10 04:50 . 2009-06-10 04:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-06-10 04:50 . 2009-06-10 04:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-06 19:40 . 2009-06-06 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\The Skins Factory
2009-06-06 19:40 . 2008-10-07 07:44 1277952 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe
2009-06-06 19:40 . 2008-06-25 06:55 888832 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxBaseV.dll
2009-06-06 19:40 . 2008-06-25 06:55 798720 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxXML2V.dll
2009-06-06 19:40 . 2008-06-25 06:55 786432 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxImV.dll
2009-06-06 19:40 . 2008-06-25 06:55 733184 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxJavaScriptV.dll
2009-06-06 19:40 . 2008-06-25 06:55 528384 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxProcV.dll
2009-06-06 19:40 . 2008-06-25 06:55 458752 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxFFV.dll
2009-06-06 19:40 . 2008-06-25 06:55 2105344 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxCmpV.dll
2009-06-06 19:40 . 2008-06-25 06:55 159744 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxZipV.dll
2009-06-06 19:40 . 2008-06-25 06:55 1421312 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxCommonV.dll
2009-06-06 19:39 . 2009-06-06 19:39 -------- d-----w- c:\docume~1\User\APPLIC~1\Skinux
2009-06-06 19:36 . 2009-06-06 19:36 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations
2009-06-05 13:33 . 2009-06-05 13:39 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Hotspot_Shield
2009-06-05 11:23 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-05 11:23 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-05 11:23 . 2008-03-21 10:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-04 21:32 . 2009-06-04 21:34 -------- d-----w- c:\program files\VistaDrives
2009-06-04 21:21 . 2009-06-04 21:21 18599936 ----a-w- c:\windows\system32\videoencode.dll
2009-06-04 21:21 . 2009-06-04 21:21 90112 ----a-w- c:\windows\system32\ssvideo.dll
2009-06-04 21:21 . 2009-06-04 21:21 1128128 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-06-04 21:21 . 2009-06-30 11:29 778240 ----a-w- c:\windows\system32\ALOAudioCompress2.dll
2009-06-04 21:21 . 2009-06-04 21:21 18595840 ----a-w- c:\windows\system32\coredata.dll
2009-06-04 21:21 . 2006-07-28 22:22 51712 ----a-w- c:\windows\system32\coodest.dll
2009-06-04 21:21 . 2003-08-07 12:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-04 21:21 . 2005-05-19 00:17 40960 ----a-w- c:\windows\system32\osenxpsuite2005.dll
2009-06-04 21:20 . 2009-06-04 21:20 -------- d-----w- c:\program files\Ozone
2009-06-04 16:18 . 2009-06-30 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-03 15:28 . 2009-05-16 09:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-03 12:39 . 2009-05-09 16:47 -------- d-----w- c:\docume~1\User\APPLIC~1\DMCache
2009-07-02 23:09 . 2009-05-08 19:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 21:39 . 2009-05-10 20:23 -------- d-----w- c:\program files\CCleaner
2009-07-02 18:33 . 2009-05-11 20:47 -------- d-----w- c:\program files\LtUcx
2009-07-02 16:50 . 2009-05-09 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-02 16:36 . 2009-05-27 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-01 23:17 . 2009-05-09 16:54 -------- d-----w- c:\docume~1\User\APPLIC~1\Skype
2009-07-01 23:07 . 2009-05-10 20:23 -------- d-----w- c:\program files\Yahoo!
2009-07-01 23:03 . 2009-07-01 22:59 -------- d-----w- c:\program files\DivX
2009-07-01 22:59 . 2009-07-01 22:59 -------- d-----w- c:\docume~1\User\APPLIC~1\DivX
2009-07-01 18:53 . 2009-05-09 06:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-01 18:31 . 2009-05-10 20:21 -------- d-----w- c:\program files\BitComet
2009-07-01 16:52 . 2009-07-01 16:52 2678 ----a-w- c:\windows\java\Packages\Data\BVRFTNPR.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\QNTZVVFP.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\HZRDBHBV.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\6TBXR9RH.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\TFLVXV9Z.DAT
2009-06-26 22:10 . 2009-05-08 19:00 101184 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 16:08 . 2009-05-16 05:30 -------- d-----w- c:\program files\مجموعة أفلام
2009-06-26 11:42 . 2009-05-28 16:41 -------- d-----w- c:\program files\UlisesSoft
2009-06-15 23:49 . 2009-05-10 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-13 20:16 . 2009-05-11 15:46 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 20:16 . 2009-05-09 18:37 -------- d-----w- c:\program files\Nokia
2009-06-13 19:59 . 2009-05-09 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-06 18:59 . 2009-05-09 06:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 11:23 . 2009-06-05 11:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-06-05 11:23 . 2009-06-05 11:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-06-03 21:52 . 2009-05-09 16:34 -------- d-----w- c:\program files\معالج الصور
2009-06-02 19:19 . 2009-06-02 19:17 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2009-06-02 19:14 . 2009-06-02 19:09 -------- d-----w- c:\program files\computer4u
2009-06-02 19:00 . 2009-02-01 09:10 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-06-02 18:48 . 2009-05-28 20:36 -------- d-----w- c:\program files\KoolMoves Demo
2009-06-02 18:36 . 2009-06-02 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Laconic Software
2009-06-02 18:35 . 2009-06-02 18:35 -------- d-----w- c:\program files\Free Fire Screensaver
2009-05-31 19:51 . 2009-05-31 19:38 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-31 19:46 . 2009-05-31 19:38 -------- d-----w- c:\program files\Mgutil
2009-05-31 19:38 . 2009-05-31 19:38 -------- d-----w- c:\docume~1\User\APPLIC~1\URSoft
2009-05-30 20:54 . 2009-05-30 20:54 -------- d-----w- c:\program files\Hide Folders 2009
2009-05-30 19:00 . 2009-05-30 19:00 -------- d-----w- c:\program files\SigmaTel
2009-05-30 19:00 . 2009-05-08 19:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-29 20:35 . 2009-05-29 20:05 -------- d-----w- c:\program files\InTouchLock
2009-05-29 20:19 . 2009-05-21 22:22 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-29 20:16 . 2009-05-29 20:00 -------- d-----w- c:\docume~1\User\APPLIC~1\uTorrent
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\docume~1\User\APPLIC~1\ESET
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-28 13:37 . 2009-05-28 13:37 -------- d-----w- c:\program files\microsoft frontpage
2009-05-28 13:24 . 2009-05-28 13:24 -------- d-----w- c:\docume~1\User\APPLIC~1\PC Tools
2009-05-26 19:41 . 2009-05-09 17:00 -------- d-----w- c:\docume~1\User\APPLIC~1\skypePM
2009-05-24 20:30 . 2009-05-08 18:54 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-24 17:05 . 2009-05-24 17:05 -------- d-----w- c:\program files\Conduit
2009-05-22 14:33 . 2009-05-09 18:37 -------- d-----w- c:\docume~1\User\APPLIC~1\Nokia
2009-05-18 20:11 . 2009-05-18 20:09 -------- d-----w- c:\docume~1\User\APPLIC~1\DeskSoft
2009-05-16 18:46 . 2009-05-16 18:46 1172 ----a-w- c:\windows\mozver.dat
2009-05-16 18:07 . 2009-05-16 18:07 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 16:19 . 2009-05-16 16:19 -------- d-----w- c:\program files\Ask Search Assistant
2009-05-15 12:26 . 2009-05-15 12:26 -------- d-----w- c:\docume~1\User\APPLIC~1\Avant Profiles
2009-05-13 19:01 . 2009-05-09 16:53 -------- d-----w- c:\program files\Google
2009-05-11 15:46 . 2009-05-11 15:46 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-11 15:46 . 2009-05-11 15:46 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-11 15:45 . 2009-05-11 15:45 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst CCD.exe
2009-05-11 15:45 . 2009-05-11 15:45 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-05-11 15:45 . 2009-05-11 15:45 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCS.exe
2009-05-11 15:44 . 2009-05-11 15:45 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara.exe
2009-05-10 20:24 . 2009-05-10 20:24 -------- d-----w- c:\program files\Microsoft Works
2009-05-10 20:24 . 2009-05-10 20:24 -------- d-----w- c:\program files\MSBuild
2009-05-10 20:20 . 2009-05-09 21:12 57344 ----a-w- c:\windows\system32\IMSInfo.dll
2009-05-09 21:10 . 2009-05-09 16:35 -------- d-----w- c:\docume~1\User\APPLIC~1\Media Player Classic
2009-05-09 18:39 . 2009-05-09 18:37 -------- d-----w- c:\docume~1\User\APPLIC~1\PC Suite
2009-05-09 18:39 . 2009-05-09 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-09 18:36 . 2009-05-09 18:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\Uninst CCD.exe
2009-05-09 18:36 . 2009-05-09 18:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-05-09 18:36 . 2009-05-09 18:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\Uninst PCS.exe
2009-05-09 17:00 . 2009-05-09 17:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----w- c:\program files\Common Files\Skype
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----r- c:\program files\Skype
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-09 16:35 . 2009-05-09 16:35 -------- d-----w- c:\docume~1\User\APPLIC~1\Windows Search
2009-05-09 16:35 . 2009-05-09 16:35 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-09 16:35 . 2009-05-09 06:42 -------- d-----w- c:\program files\Common Files\Real
2009-05-09 06:46 . 2009-05-09 06:46 -------- d-----w- c:\program files\Alwil Software
2009-05-09 06:42 . 2009-05-09 06:42 -------- d-----w- c:\program files\Real
2009-05-09 06:41 . 2009-05-09 06:41 -------- d-----w- c:\program files\Ahead
2009-05-09 06:41 . 2009-05-09 06:41 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-09 06:35 . 2009-05-09 06:35 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-09 06:35 . 2009-05-09 06:35 172032 ------w- c:\windows\Setup1.exe
2009-05-09 06:35 . 2009-05-09 06:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-09 06:33 . 2009-05-09 06:33 -------- d-----w- c:\docume~1\User\APPLIC~1\vlc
2009-05-09 06:31 . 2009-05-09 06:31 -------- d-----w- c:\program files\VideoLAN
2009-05-09 06:31 . 2009-05-09 06:31 2232 ----a-w- c:\windows\java\Packages\Data\5Z1FRX7F.DAT
2009-05-09 06:31 . 2009-05-09 06:31 155995 ----a-w- c:\windows\java\Packages\IADZ3NPB.ZIP
2009-05-08 19:25 . 2009-05-08 19:25 -------- d-----w- c:\program files\DIFX
2009-05-08 19:24 . 2009-05-08 19:24 -------- d-----w- c:\program files\Intel
2009-05-08 19:22 . 2009-05-08 19:22 -------- d-----w- c:\program files\WIDCOMM
2009-05-08 19:21 . 2009-05-08 19:21 -------- d-----w- c:\program files\CONEXANT
2009-05-08 19:03 . 2009-05-08 18:55 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-08 19:00 . 2009-05-08 19:00 -------- d-----w- c:\docume~1\User\APPLIC~1\Windows Desktop Search
2009-05-08 18:57 . 2009-05-08 18:57 -------- d-----w- c:\program files\Alky for Applications
2009-05-08 18:52 . 2009-05-08 18:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-08 18:51 . 2009-05-08 18:51 -------- d-----w- c:\program files\Windows Desktop Search
2009-03-05 15:08 . 2009-06-24 17:29 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-18 1992928]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-30 121089]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-18 1992928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-01 124928]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Hyperdesk_uninst0.lnk - c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe [2009-6-6 1277952]
c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-5-8 128000]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-01 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\fsproflt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"16417:TCP"= 16417:TCP:BitComet 16417 TCP
"16417:UDP"= 16417:UDP:BitComet 16417 UDP
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [30/05/2009 11:54 م 43792]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.s ys [02/07/2009 07:50 م 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [02/07/2009 07:50 م 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [02/07/2009 07:50 م 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [02/07/2009 07:50 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [02/07/2009 07:50 م 434945]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [30/05/2009 11:54 م 73392]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [13/06/2009 10:56 م 604416]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [02/07/2009 07:50 م 69632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/05/2009 10:35 م 105984]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-07-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free Download Manager تحميل الفيديو بواسطة - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل المحددة بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlselected.htm
IE: تنزيل الكل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlall.htm
IE: تنزيل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dllink.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://voice34.digivoice.net/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.19.33/imscp/talks3n.cab
FF - ProfilePath - c:\docume~1\User\APPLIC~1\Mozilla\Firefox\Profiles \qgl0txdl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 21:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\User\LOCALS~1\Temp\Perflib_Perfdata_2c 4.dat 16384 bytes
scan completed successfully
hidden files: 1
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m chInjDrv]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N TProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2d76479 6-7d9b-4efb-945b-e8e971ed40e6}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a7
"Therad"=dword:00000028
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a, 96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe ,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED6077 9-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4e,09,42,27,2a,c7,41,75,4e,ab,9a,7d,ca,57, 08,bc,1f,3e,70,1e,60,
fc,69,80,f4,c0,33,6f,ae,f8,d9,ac,4a,20,2e,5d,05,aa ,84,4b,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1540)
c:\program files\Spyware Doctor\Tools\swpg.dat
c:\windows\system32\igfxdev.dll
- - - - - - - > 'lsass.exe'(1596)
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\program files\Spyware Doctor\Tools\swpg.dat
- - - - - - - > 'explorer.exe'(324)
c:\program files\Spyware Doctor\Tools\swpg.dat
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(1516)
c:\program files\Spyware Doctor\Tools\swpg.dat
.
Completion time: 2009-07-03 21:32
********-quarantined-files.txt 2009-07-03 18:32
********2.txt 2009-07-03 18:24
Pre-Run: 184,651,403,264 bytes free
Post-Run: 184,641,294,336 bytes free
376
(هذا تقرير ********)
البارون
03-07-2009, 11:18 PM
تقرير هايجاك
حمل هذا البرنامج
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe (http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe)
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
a.t.f
03-07-2009, 11:22 PM
اخوي البارون سويتها في الصفحة الاولى وبعدها ثبت ********
وزي الصفحة الثالثة التقرير والفيروس باقي
طيب الملفات التي تقول عنها منتشرة هل ما زالت ؟
اذا نعم اعمل التالي
http://www.zyzoom.net/vb_up/upload/wh_67363828.png
http://www.zyzoom.net/vb_up/upload/wh_20288410.png
ثم اضغط موافق وتختفي هذه الملفات
:smile:
البارون
03-07-2009, 11:25 PM
طيب سوي واحد جديد
a.t.f
03-07-2009, 11:26 PM
ماكس خشمك قسم بالله انك ذيبان ريحتني راح الله يريحك في الجنة واشكر جميع اللي حاولوا يساعدوني
بس ماكس يعني كذا راح الفيروس
البارون
03-07-2009, 11:28 PM
ياخوي من الاول مافيه فايروس ارتاح والاداة اللي عطيتك تنظف الجهاز من بقايا العمل على الكمبيوتر والتصفح
a.t.f
03-07-2009, 11:31 PM
طيب ليش فيه ملف مكتوب autorun وحاس على البرامج
اخوي من الاول مافي فيروس
عندك الملفات المخفية ظاهرة
واحنا اخفيناها
اما المجلد اللي يحمل اسم اتورن هو للحماية من هذه الفيروسات
موفق
البارون
03-07-2009, 11:34 PM
ممكن انت استخدمت برنامج للحماية من الاوتو رن وسوى حماية عندك بوضع هي الملفات في جهازك
وغالبية الاشياء اللي تشبك على الجهاز تكون تحتوى ملفات اوتو رن
vBulletin® v3.8.4, Copyright ©2000-2010, TranZ by Almuhajir